2015 Latest 70-642 Real exam questions to master and practice upon! Braindump2go Offers the New Updated Microsoft 70-642 448 Exam Questions in PDF & VCE files that can also be downloaded on every mobile device for preparation!
Vendor: Microsoft
Exam Code: 70-642
Exam Name: TS: Windows Server 2008 Network Infrastructure, Configuring
Keywords: 70-642 Exam Dumps,70-642 Practice Tests,70-642 Practice Exams,70-642 Exam Questions,70-642 Dumps,70-642 PDF,70-642 VCE,70-642 Study Guide
QUESTION 41
Your network has Network Access Protection (NAP) policies deployed.
You need to identify the health agent compliance status of a client computer.
Which command should you run?
A. net config workstation
B. net statistics workstation
C. netsh nap client show config
D. netsh nap client show state
Answer: D
Explanation:
netsh nap client show state-Displays state information, including client access restriction state, the state of installed enforcement clients and system health agents, and the client compliance and remediation results.
http://technet.microsoft.com/en-us/library/cc732873(v=ws.10).aspx#BKMK_29
QUESTION 42
Your company has a domain controller named Server1 that runs Windows Server 2008 R2.
Server1 has the DNS Server server role installed.
You need to configure the DNS server to resolve IP addresses to host names.
Which record should you create?
A. Pointer (PTR)
B. Host Info (HINFO)
C. Service Location (SRV)
D. Canonical Name (CNAME)
Answer: A
Explanation:
Pointer (PTR) resource records support the reverse lookup process, based on zones that are created and rooted in the in-addr.arpa domain. These records locate a computer by its IP address and resolve this information to the DNS domain name for that computer
QUESTION 43
Your company has a main office and a branch office.
The main office has a domain controller named DC1 that hosts a DNS primary zone.
The branch office has a DNS server named SRV1 that hosts a DNS secondary zone.
All client computers are configured to use their local server for DNS resolution.
You change the IP address of an existing server named SRV2 in the main office.
You need to ensure that SRV1 reflects the change immediately.
What should you do?
A. Restart the DNS Server service on DC1.
B. Run the dnscmd command by using the /zonerefresh option on DC1.
C. Run the dnscmd command by using the /zonerefresh option on SRV1.
D. Set the refresh interval to 10 minutes on the Start of Authority (SOA) record.
Answer: C
Explanation:
dnscmd ServerName /zonerefresh ZoneName – Forces a secondary DNS zone to update from the master.
Parameters ServerName: Specifies the DNS server the administrator plans to manage, represented by IP address, FQDN, or Host name. If omitted, the local server is used.
ZoneName: Specifies the name of the zone to be refreshed.
Remarks:
The zonerefresh operation forces a check of the version number in the master’s SOA record.
If the version number on the master is higher than the secondary’s version number, then a zone transfer is initiated, updating the secondary server.
If the version number is the same, no zone transfer occurs.
The forced check occurs by default every 15 minutes.
To change the default, use the dnscmd config refreshinterval operation.
http://technet.microsoft.com/en-us/library/cc772069(v=ws.10).aspx#BKMK_30
QUESTION 44
Your company has a single Active Directory domain.
The company has a main office and a branch office.
Both the offices have domain controllers that run Active Directory-integrated DNS zones.
All client computers are configured to use the local domain controllers for DNS resolution.
The domain controllers at the branch office location are configured as Read-Only Domain Controllers (RODC).
You change the IP address of an existing server named SRV2 in the main office.
You need the branch office DNS servers to reflect the change immediately.
What should you do?
A. Run the dnscmd /ZoneUpdateFromDs command on the branch office servers.
B. Run the dnscmd /ZoneUpdateFromDs command on a domain controller in the main office.
C. Change the domain controllers at the branch offices from RODCs to standard domain
controllers.
D. Decrease the Minimum (default) TTL option to 15 minutes on the Start of Authority (SOA)
record for the zone.
Answer: A
Explanation:
dnscmd /zoneupdatefromds-Updates an Active Directory–integrated zone with data from Active Directory Domain Services (AD DS).
http://technet.microsoft.com/en-us/library/cc772069(v=ws.10).aspx
QUESTION 45
Your company has a single Active Directory domain.
The company has a main office and three branch offices.
The domain controller in the main office runs Windows Server 2008 R2 and provides DNS for the main office and all of the branch offices.
Each branch office contains a file server that runs Windows Server 2008 R2.
Users in the branch offices report that it takes a long time to access network resources.
You confirm that there are no problems with WAN connectivity or bandwidth.
You need to ensure that users in the branch offices are able to access network resources as quickly as possible.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure a standard primary zone in each of the branch offices.
B. Configure forwarders that point to the DNS server in the main office.
C. Configure a secondary zone in each of the branch offices that uses the main office DNS
server as a master.
D. Install DNS servers in each of the branch offices.
Answer: CD
QUESTION 46
Your company has a server named Server1 that runs Windows Server 2008 R2.
Server1 runs the DHCP Server server role and the DNS Server server role.
You also have a server named ServerCore that runs a Server Core installation of Windows Server 2008 R2.
All computers are configured to use only Server1 for DNS resolution.
The IP address of Server1 is 192.168.0.1.
The network interface on all the computers is named LAN. Server1 is temporarily offline.
A new DNS server named Server2 has been configured to use the IP address 192.168.0.254.
You need to configure ServerCore to use Server2 as the preferred DNS server and Server1 as the alternate DNS server.
What should you do?
A. Run the netsh interface ipv4 add dnsserver “LAN” static 192.168.0.254 index=1 command.
B. Run the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.254 192.168.0.1 both
command.
C. Run the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.254 primary command and
the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.1 both command.
D. Run the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.254 primary command and
the netsh interface ipv4 add dnsserver “LAN” static 192.168.0.1 index=1 command.
Answer: A
QUESTION 47
Your network contains an Active Directory forest named contoso.com.
Contoso.com contains three domain controllers that run Windows Server 2008 R2 and three domain controllers that run Windows Server 2003.
All domain controllers are configured as DNS servers.
You configure the contoso.com zone to use DNSSEC.
You need to ensure that the zone only replicates to DNS servers that support DNSSEC.
What should you do first?
A. Modify the Notify settings of the contoso.com zone.
B. Create an application directory partition.
C. Move the contoso.com zone to the ForestDnsZones application directory partition.
D. Add a server certificate to the Windows Server 2003 DNS servers.
Answer: B
QUESTION 48
Your company has a single Active Directory domain.
The company network is protected by a firewall.
Remote users connect to your network through a VPN server by using PPTP.
When the users try to connect to the VPN server, they receive the following error message:
“Error 721: The remote computer is not responding.”
You need to ensure that users can establish a VPN connection.
What should you do?
A. Open port 1423 on the firewall.
B. Open port 1723 on the firewall.
C. Open port 3389 on the firewall.
D. Open port 6000 on the firewall.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc757501(v=ws.10).aspx
QUESTION 49
Your company has a single Active Directory domain.
The domain has servers that run Windows Server 2008 R2.
You have a server named NAT1 that functions as a NAT server.
You need to ensure that administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP).
What should you do?
A. Configure NAT1 to forward port 389 to RDP1.
B. Configure NAT1 to forward port 1432 to RDP1.
C. Configure NAT1 to forward port 3339 to RDP1.
D. Configure NAT1 to forward port 3389 to RDP1.
Answer: D
QUESTION 50
Your company has a main office and 15 branch offices.
The company has a single Active Directory domain.
All servers run Windows Server 2008 R2.
You need to ensure that the VPN connections between the main office and the branch offices meet the following requirements:
– All data must be encrypted by using end-to-end encryption.
– The VPN connection must use computer-level authentication.
– User names and passwords cannot be used for authentication.
What should you do?
A. Configure an IPsec connection to use tunnel mode and preshared key authentication.
B. Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.
C. Configure a L2TP/IPsec connection to use the EAP-TLS authentication.
D. Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.
Answer: C
Explanation:
EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is well supported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP TLS provides excellent security, the overhead of client-side certificates may be its Achilles’ heel. EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAPTLS its authentication strength and illustrates the classic convenience vs. security trade-off.
A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards.[4] This is because there is no way to steal a certificate’s corresponding private key from a smart card without stealing the card itself.
It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed.
Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.[5] There are client and server implementations of EAP-TLS in 3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2
All Braindump2go 70-642 Exam Dumps are Promised One Year Free Updation — We will inform you when your products have new questions and Answers updation! Download Microsoft 70-642 Practice Tests Questions Full Version Now – Pass 70-642 100% One Time!