Microsoft TS: Upgrading MCSE on Windows Server 2003 to Windows Server 2008 Technology Specialist Exam
Version No.: V1.0
Correction: 20 Questions & Answers.
Uploaded By: Admin.
Uploaded By: Admin.
Next Release: No update received. "Click Here To Report New Update"
Dumps, Free Dumps, VCP5 Dumps| VMware Dumps, VCP Dumps, VCP4 Dumps, VCAP Dumps, VCDX Dumps, Cisco Dumps, CCNA, CCNA640-802, CCNA Dumps, CCNP Dumps, CCIE Dumps, ITIL, Exin Dumps, ITIL Dumps, ITIL3 Dumps, ITIL4 Dumps, ITIL 2012 Dumps, CWNP Dumps, PW0-050, PW0-070, Microsoft, Microsoft Dumps, MCTS Dumps, MCP Dumps, MCSA Dumpe, MCITP Dumps, 70-640, 70-642, 70-643, Oracle, Oracle Dumps, CompTIA, Sun Dumps, RedHat Dumps, Other Dumps, Novell Dumps, Other Dumps, Citrix Dumps, 1Y0-A19, 1Y0-A20 ITIL V3,
-->
-->
Exam B
QUESTION 1
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a Routing and Remote Access computer
named ABC- SR01 running Network Access
Protection.
How should you configure ABC-SR01 to ensure
Point-to-Point (PP) authentication is used?
A. By using the Microsoft Challenge Handshake Authentication Protocol
(MS-CHAP) protocol.
B. By using the Secure Shell (SSH) protocol.
C. By using the Extensible Authentication Protocol (EAP) protocol.
D. By using the Kerberos v5 protocol.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To configure the Point-to-Point Protocol (PPP)
authentication method on ABC-SR01, you need to configure
Extensible Authentication Protocol (EAP) authentication
method. Microsoft Windows uses EAP to authenticate
network access for Point-to-Point Protocol (PPP)
connections. EAP was designed as an extension to PPP to
be able to use newer authentication methods such as
one-time passwords, smart cards, or biometric
techniques. Reference: Making sense of remote access
protocols in Windows / DIAL-UP AUTHENTICATION
http://articles.techrepublic.com.com/5100-10878_11-1058239.html
QUESTION 2
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR01 using the
default security settings to run Remote Desktop.
How would you configure the Remote Desktop connection to
ensure secure connections between ABC-SR01
and accessing clients?
A. By configuring Windows Firewall to block communications via port 110 on
the firewall.
B. By obtaining user certificates from the internal certificate
authority.By allowing connections to Remote
Desktop client computers that use Network Level
Authentication only.
C. By configuring Windows Firewall to block communications via port 443 on
the firewall.
D. By obtaining user certificates from the external certificate
authority.By allowing connections to Remote
Desktop client computers that use Network Level
Authentication only.
E. By configuring Windows Firewall to block communications via port 1423 on
the firewall.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
To ensure the RDP connections are as secure as possible,
you need to first acquire user certificates from the
internal certificate authority and then configure each
server to allow connections only to Remote Desktop client
computers that use Network Level Authentication.
In the pre-W2008 Terminal Server, you used to enter the
name of the server and a connection is initiated to its
logon screen. Then, at that logon screen you attempt to authenticate.
From a security perspective, this isn't a
good idea. Because by doing it in this manner, you're
actually getting access to a server prior to authentication
the access you're getting is right to a session on that
server and that is not considered a good security practice.
NLA, or Network Level Authentication, reverses the order
in which a client attempts to connect.
The new RDC 6.0 client asks you for your username and
password before it takes you to the logon screen. If
you're attempting to connect to a pre -W2008 server, a
failure in that initial logon will fail back to the old way of
logging in. It shines when connecting to Windows Vista
computers and W2008 servers with NLA configured it
prevents the failback authentication from ever occurring,
which prevents the bad guys from gaining accessing
your server without a successful authentication.
Reference: Server 2008 Terminal Services Part 2: NLA
Network Level Authentication
http://www.realtime-windowsserver.com/tips_tricks/2007/06/server_2008_terminal_services_2.htm
QUESTION 3
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR18 configured
to host the Internet Information Services (IIS)
Web server role and SMTP gateway role.
ABC.com has a Marketing division using ABC-SR18 to send
and receive e-mail from the Internet. The ABC.
com Marketing division accesses the Internet using the
SMTP gateway on port 25.
How would you configure ABC-SR18 to send e-mail to
Internet recipients after configuring the SMTP gateway
to relay messages?
A. By creating an SRV record for the SMTP gateway on an internal DNS
server.
B. By creating a host (A) record for the SMTP gateway on an internal DNS
server.
C. By configuring the SMTP email feature for the website on ABC-SR18.
D. By creating a CNAME record for the SMTP gateway on an internal DNS
server.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
You need to configure the SMTP email feature for the
website on ABC-SR18. The Simple Message Transfer
Protocol allows the emails to be sent to a specific
address.
Reference: http://technet2.microsoft.com/windowsserver2008/en/library/4ade618d-ff7a-4359-
b6ba-
4982f0bdf4a51033.mspx?mfr=true
QUESTION 4
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR15 configured
to host the Active Directory Lightweight
Directory Services (AD LDS) service.
How would you replicate Active Directory Lightweight
Directory Services (AD LDS) to a newly deployed server?
A. By using the ADSI Edit Snap-in to replicate the AD LDS instance.
B. By creating and installing a replica of AD LDS running the AD LDS Setup
wizard on ABC-SR15
C. By using the xcopy command to copy the entire AD LDS instance.
D. By using Active Directory Sites and Services to replicate the AD LDS
instance.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
You need to run the AD LDS setup wizard on the computer
in the lab to create and install a replica of AD LDS.
In the AD LDS setup wizard there will be an option to
replicate the AD LDS instance on another computer.
QUESTION 5
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR01 configured
to host
virtualization role service and virtual machines
installed with the KingSales application.
How would you configure the virtual machines to be
recovered to the original state if installation of KingSales
fails?
A. By using an Automated System Recovery (ASR) disk on the virtual machine
when the application fails.
B. By installing and configuring third party backup software on Virtual
machine.
C. By creating a snapshot of the virtual machine through the Virtualization
Management Console.
D. By using the Windows Backup utility to backup the Virtual machines.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
To ensure that you can restore the Virtual machine to its
original state if an application installation fails, you
should create a snapshot of the virtual machine using the
Virtualization Management Console. You can always
restore the virtual machines in its original state by
using the snapshot you created.
QUESTION 6
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has two computers configured as follows:
ABC-DC01 configured as a domain controller.
ABC-DC02 configured as a Read-Only Domain Controller
(RODC).
ABC.com Marketing division members makes use of ABC-DC01
to log onto the domain.
How would you ensure that ABC-DC02 can be used by the
Marketing division to log onto the domain?
A. By deploying a computer running Active Directory Certificate Services
(AD CS).
B. By using a Password Replication Policy on the RODC.
C. By installing and configuring an Active Directory Federation Services
(AD FS) front-end server.
D. By deploying a computer running Active Directory Lightweight Directory
Services (AD LDS) and Active
Directory Domain Services (AD DS).
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
You should use the Password Replication Policy on the
RODC. This will allow the users at the Dallas office to
log on to the domain with RODC.
RODCs don't cache any user or machine passwords.
QUESTION 7
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR21 in the
default Web site running WSUS for updates.
How would you configure a group policy with the port and
intranet update location to ensure the Secure
Sockets Layer (SSL) is used on ABC-SR21?
A. By using https://ABC-sr21: 80 to indicate the default port and intranet
update location.
B. By using https://ABC-sr21 to indicate the default port and intranet
update location.
C. By using http://ABC-sr21: 1073 to indicate the default port and intranet
update location.
D. By using http://ABC-sr21: 110 to indicate the default port and intranet
update location.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
You need to use https://ABC-sr21 to configure a group
policy object (GPO) that specifies the intranet update
locations on a default port. You also need a URL for a
secure port that the WSUS server is listening on. You
should make use of a URL that specifies HTTPS. This will
secure the client computer channel. However, if you
are using any port other than 443 for SSL, you need to
include that port in the URL, too.
Reference: WSUS SSL Client Configuration
http://www.techsupportforum.com/microsoft-support/windows-nt-2000-2003-server/115983-wsus-
ssl-client-
configuration.html
QUESTION 8
You are employed as an enterprise administrator at
ABC.com. The ABC.com has a domain named ABC.com.
All servers on the domain run Microsoft Windows Server
2008 and all client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR20 that hosts
the Internet Information Services (IIS) Web
Server role though being configured not to utilize the
Windows Performance and Reliability Monitor. During the
course of the day ABC.com instructs you to install and
configure Reliability Monitor.
How can you ensure ABC-SR20 collects reliability
information keeping the system stability share current?
A. By configuring the Remote Access Auto Connection Manager service to start
automatically on the ABC-
SR20.
B. By configuring the Net Logon service to start automatically on the
ABC-SR20.
C. By configuring the Task scheduler service to start automatically on the
ABC-SR20.
D. By configuring the Error Reporting Services service to start
automatically on the ABC-SR20.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
To configure the ABC-SR20 to collect the reliability
monitor data, you need to configure the Task scheduler
service to start automatically.
Reliability Monitor uses data provided by the RACAgent
scheduled task, a pre-defined task that runs by default
on a new installation of Windows Vista. The seamless
integration between the Task Scheduler user interface
and the Event Viewer allows an event-triggered task to be
created with just five clicks.
In addition to events, the Task Scheduler in Windows
Vista / Server 2008 supports a number of other new
types of triggers, including triggers that launch tasks
at machine idle, startup, or logon. Because you need Task
Scheduler to collect reliability monitor data, you need
to you need to configure the Task scheduler service to
start automatically.
Reference: Network Monitor 3.1 OneClick ... now what? /
Task Scheduler Changes in Windows Vista and
Windows Server 2008 Part One
http://blogs.technet.com/askperf/
Reference: What allows the Reliability Monitor to display
data?
http://www.petri.co.il/reliability_monitor_windows_vista.htm
QUESTION 9
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has three computers configured as follows:
ABC-SR11 configured with Event Log subscription
monitoring
ABC-SR12 configured as a domain controller.
ABC-SR13 configured as a domain controller.
During the course of the day ABC.com instructs you to
create the subscription using ABC-SR12 or ABC-SR13
which fails as the operation does not complete.
How would you ensure that the subscription can be created
using either ABC-SR12 or ABC- SR13? (Choose
two)
A. By running the command wecutil cs subscription.xml on ABC-SR11.
B. By creating subscription.xml custom view on ABC-SR11.
C. By running the wecutil qc command on ABC-SR12.
D. By running the winrm connect command on ABC-SR13.
E. By running the winrm allow command on ABC-SR13
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
To configure a subscription on ABC-SR11, you need to
first create an event collector subscription configuration
file and Name the file subscription.xml. You need to then
run the wecutil cs subscription.xml command on
ABC-SR11.
This command enables you to create and manage
subscriptions to events that are forwarded from remote
computers, which support WS- Management protocol. wecutil
cs subscription.xml command will create a
subscription to forward events from a Windows Vista
Application event log of a remote computer at ABC.com
to the ForwardedEvents log.
Reference: Wecutil
http://technet2.microsoft.com/windowsserver2008/en/library/0c82a6cb-d652-429c-9c3d-
0f568c78d54b1033.
mspx?mfr=true
QUESTION 10
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR11 configured
to run Internet Information Services (IIS) Web
server role hosting confidential company information.
ABC.com has a Marketing division accessing the
confidential information which loads excessively slow. During
the course of the maintenance you discovered ABC-SR11
uses a high percentage of processor time.
How would you gather information regarding the processor
utilizing high percentages of processor time?
A. By using Windows Reliability and Performance Monitor to check percentage
of processor capacity.
B. By using a counter log to track the processor usage.
C. By using the Performance Logs and Alerts.
D. By checking the security log for Performance events.
E. By checking the error log for performance events.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
To gather additional data to diagnose the cause of the
problem, you need to use the Resource View in
Windows Reliability and Performance Monitor to see the
percentage of processor capacity used by each
application.
The Resource View window of Windows Reliability and
Performance Monitor provides a real-time graphical
overview of CPU, disk, network, and memory usage. By
expanding each of these monitored elements, system
administrators can identify which processes are using
which resources. In previous versions of Windows, this
real-time process-specific data was only available in
limited form in Task Manager
Reference: Windows Reliability and Performance Monitor
http://technet.microsoft.com/en-us/library/cc755081.aspx
QUESTION 11
You are employed as an enterprise administrator at
ABC.com. The ABC.com has a domain named ABC.com.
All servers on the domain run Microsoft Windows Server
2008 and all client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-DC01 which
utilizes Network Monitor 3.0. ABC.com has recently
enabled Network Monitor to use P-mode for capturing
traffic to and from the DHCP server.
ABC.com has ABC-DC01 and ABC-WS123 configured as follows:
ABC-DC01 Mac Address: 00-15-5E-CD-3E-83, IP Address: 192.168.25.84
ABC-WS123 Mac Address: 00-15-F2-CD-2A-FB, IP Address: 169.108.20.1
During the course of the day while using ABC-WS123 you
determined that the IP configuration used is not
obtained from ABC-DC01.
How would you capture DHCP related traffic between
ABC-DC01 and ABC-WS123?
Note: ABC-DC01 is the DHCP server.
A. By using the IPv4. Address == 192.168.25.84 && DHCP to build a
filter in Network Monitor.
B. By using the IPv4 address == 169.108.20.1 && DHCP to build a
filter in Network Monitor.
C. By using the Ethernet Address == 0x00155ECD3E83 & DHCP to build a
filter in Network Monitor.
D. By using the Ethernet Address == 0x0015F2CD2AFB & DHCP to build a
filter in Network Monitor.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
To build a filter in the Network application to capture
the DHCP traffic between ABC- DC01and ABC-WS123,
you need to use IPv4.Address == 192.168.15.84 &&
DHCP.
To define a filter, you need to specify IPv4, period,
SourceAddress then the equal mark (twice) and the IP
address (source). In order to fine tune a specific
filter, you can combine several conditions in a specific filter
using the AND (&&) and OR (||) logical operators.
In this question you need to find the traffic originating from
192.168.15.84 that is DHCP related. Therefore you would
use 192.168.15.84 && DHCP.
Reference: A Guide to Network Monitor 3.1 / Building a
complex filter (or defining several conditions)
http://blogs.microsoft.co.il/blogs/erikr/archive/2007/08/29/A-Guide-to-Network-Monitor-3.1.aspx
QUESTION 12
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has two computers configured as follows:
ABC-SR01 configured as a domain File server.
ABC-SR02 configured as a domain File server.
ABC.com has recently deployed and configured an iSCSI
Storage Area Network (SAN) for ABC- SR01 and
ABC-SR02 for storage purposes.
How would you configure the iSCSI san to ensure the most
secure security solution is used for traffic related to
the Storage Area Network?
A. By implementing IPSec security on the properties of iSCSI Initiator. By
configuring Windows Firewall to use
inbound and outbound rules.
B. By using Extensible Authentication Protocol Transport Layer Security
(EAP TLS) authentication in iSCSI
Initiator Properties.
C. By implementing Kerberos v5 authentication on the properties of iSCSI
Initiator. By configuring Windows
Defender to use inbound and outbound rules.
D. By using Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2)
authentication in iSCSI
Initiator Properties.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
In order to implement the highest security available for
communication to and from an iSCSI SAN, you need to
implement IPSec security. You can access the IPSec
security by opening the iSCSI Initiator Properties. After
that you need to set inbound and outbound rules by using
Windows Firewall.
QUESTION 13
You are employed as the network administrator at ABC.com.
The ABC.com network has a domain named
ABC.com. All servers on the domain run Windows Server
2008 and all client computers run Windows Vista.
ABC.com makes use of two WSUS servers named ABC-SR01 and
ABC-SR02 configured in a WSUS
hierarchy.
On ABC-SR01, how can you make sure that updates can be
received from ABC-SR02?
A. By configuring ABC-SR01 in replica mode.
B. By creating a new computer group for ABC-SR01.
C. By opening Control Panel from the Start Menu and configuring Windows
Update Settings on ABC-SR01 in
the domain group policy.
D. By opening Control Panel from the Start Menu and configuring Windows
Update Settings on ABC-SR01 in
the local group policy.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
In order to configure WSUS on ABC-SR01 so it can receive
updates from ABC- SR02, your first step should be
to link the servers by configuring ABC-SR01 as downstream
server and ABC-SR02 as upstream server. When
you link WSUS servers together, there is an upstream WSUS
server and a downstream WSUS server.
Because an upstream WSUS server shares updates, you need
to configure and ABC-SR02 as upstream
server. There are two ways to link WSUS servers together,
Autonomous mode and Replica mode. So you can
configure ABC-SR01 in Replica mode.
Reference: Choose a Type of WSUS Deployment/ WSUS server
hierarchies
http://technet2.microsoft.com/windowsserver/en/library/12b665bc-07fa-4a4e-aed8-f970efe80c4c1033.mspx?
mfr=true
QUESTION 14
You work as an enterprise administrator at ABC.com. The
ABC.com network consists has a domain named
ABC.com. All servers on the domain run Microsoft Windows
Server 2008 and all client computers run Microsoft
Windows Vista. ABC.com has a computer named ABC-SR12
which has a SAN with multiple logical disk drives
which use a Data Collector Set.
You are in the process of creating script to archive date
whenever free space is running low.
How would you ensure the archiving script executes
automatically when free space is below 5%?
A. By using a Resource View to view the free space of the physical disks in
Windows Reliability and
Performance Monitor and executing the archiving script.
B. By creating an alert which is triggered when free disk space falls below
30% and executes the archiving
script.
C. By adding the Performance counter alert to the Data Collector Set.
D. By creating a counter log to track disk space usage in Performance
console.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
To automatically run a data archiving script if the free
space on any of the logical drives is below 30 percent
and to automate the script execution by creating a new
Data Collector Set, you need to add the Performance
counter alert.
The Performance counter alert creates an alert if a
performance counter reaches a threshold that you specify.
You can configure your data collector set to
automatically run at a scheduled time, to stop running after a
number of minutes, or to launch a task after running. You
can also configure your data collector set to
automatically run on a scheduled basis. This is useful
for proactively monitoring computers.
Reference: Creating a Snapshot of a Computer's
Configuration with Data Collector Sets in Vista / How to
Create Custom Data Collector Sets
http://www.biztechmagazine.com/article.asp?item_id=241
QUESTION 15
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a member server named ABC-SR08
configured to host Active Directory Federation
Services (AD FS).
ABC.com has a Marketing division which uses Active
Directory Federation Services (ADFS).
How would you configure ABC-SR08 to pass Federation
Services tokens with data from the domain?
A. By creating and configuring a new account store.
B. By opening a browser window to type the Federation Service URL for
ABC-SR08.
C. By checking Event Viewer applications and Event ID columns for the ID
674 event.
D. By deploying and installing Active Directory Domain Services (AD DS)
configured as a new resource
partner.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
In order to configure the AD FS trust policy to populate
AD FS tokens with employee's information from Active
directory domain, you need to add and configure a new
account store.
AD FS allows the secure sharing of identity information
between trusted business partners across an extranet.
When a user needs to access a Web application from one of
its federation partners, the user's own
organization is responsible for authenticating the user
and providing identity information in the form of "claims"
to the partner that hosts the Web application. The
hosting partner uses its trust policy to map the incoming
claims to claims that are understood by its Web
application, which uses the claims to make authorization
decisions. Because claims originate from an account
store, you need to configure account store to configure
the AD FS trust policy.
Reference: Active Directory Federation Services
http://msdn2.microsoft.com/en-us/library/bb897402.aspx
QUESTION 16
You work as an enterprise administrator at ABC.com. The
ABC.com has a domain named ABC.com. All
servers on the domain run Microsoft Windows Server 2008
and all client computers run Microsoft Windows
Vista. ABC.com has two computers named ABC-SR22 and
ABC-SR23 configured as follows:
ABC-SR22 hosts the WSUS service
ABC-SR23 hosts the WSUS service
During the course of the day you receive instruction to
configure ABC-SR23 to obtain and download updates
via ABC-SR22.
How can you ensure that updates are received by ABC-SR23
from ABC-SR22?
A. By configuring ABC-SR22 as a proxy server.
B. By opening Control Panel from the Start Menu and configuring Windows
Update Settings on ABC-SR22 in
the domain group policy.
C. By configuring ABC-SR22 as an upstream server.
D. By opening Control Panel from the Start Menu and configuring Windows
Update Settings on ABC-SR22 in
the local group policy.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
To configure WSUS on ABC-SR22 so that the ABC-SR23
receives updates from ABC-SR22, you need to
configure ABC-SR22 as an upstream server. The WSUS
hierarchy model allows a single WSUS server to act
as an upstream server and impose its configuration on
those servers configured as downstream servers below
it.
A WSUS hierarchy supports two modes, autonomous mode and
replica mode. In replica mode, the upstream
server is the only WSUS server that downloads its updates
from Microsoft Update. It is also the only server that
an administrator has to manually configure computer
groups and update approvals on. All information
downloaded and configured on to an upstream server is
replicated directly to all of the devices configured as
downstream servers.
Reference: Deploying Microsoft Windows Server Update
Services / WSUS in a Large LAN
http://www.windowsnetworking.com/articles_tutorials/Deploying-Microsoft-Windows-Server-
Update-Services.
html
QUESTION 17
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR02 used for FTP
communications.
How would you configure the Windows Firewall to block
communications taking place on port 25?
A. By making use of X.25 protocols communicating on the ports.
B. By creating an outbound rule using the Advanced Security snap-in of
Windows Firewall.
C. By adding an IPv4 address exception.
D. By adding an IPv6 address exception.
E. By creating an inbound rule using the Advanced Security snap-in of
Windows Firewall.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
To prevent ABC-SR02 from establishing communication
sessions to other computers by using TCP port 25,
you need to create an outbound rule from the Windows
Firewall with Advanced Security snap-in.
By default, inbound network traffic to a computer that
does not match a rule is blocked, but nothing prevents
outbound traffic from leaving a computer. To block the
network traffic for prohibited programs, you must create
an outbound rule that blocks traffic with specific
criteria from passing through Windows Firewall with Advanced
Security
Reference: Creating Rules that Block Unwanted Outbound
Network Traffic / Step 1: Blocking Network Traffic
for a Program by Using an Outbound Rule
http://technet2.microsoft.com/windowsserver2008/en/library/c3bb5b29-b6a8-4fd4-a66d-
ddb39767b2ea1033.
mspx?mfr=true
QUESTION 18
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR10 configured
to host the Internet Information Services (IIS)
Web server role and a public web site.
ABC.com has a Marketing division which accesses the
public web site from the Internet.
How would you configure the web site in IIS to provide
traffic statistics?
A. By having the IIS server manager's website logging enabled to filter the
source IP address logs.
B. By using a third-party traffic analysis utility to view the source IP
address of the traffic.
C. By running the net session at command on ABC-SR10.
D. By running the net stat/all command to view the traffic statistics
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
The best option is to enable website logging which will
filter the logs for the source IP address. With this you
can see the people who visited the website. You will also
find lots of other information.
QUESTION 19
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-TS05 running
Terminal Services Gateway role.
ABC.com has a Marketing division which requires access to
ABC-TS05.
How would you determine if a specific network user
attempted to access a network client computer through
ABC-TS05?
A. By viewing the Windows Server 2008 Event Viewer for TS Gateway
connections.
B. By viewing the Event Viewer system log.
C. By viewing the Event Viewer Terminal Services-gateway log.
D. By viewing the Event Viewer Internet Explorer log.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
To determine whether a group of users ever connected to
their workstations remotely through TS Gateway
Server, you need check the Event View Terminal
Services-gateway log. You can access the Event Viewer
Terminal Services-gateway log through the Windows Event
Viewer. The log will tell you about the connections
made to the workstation through TS Gateway server.
QUESTION 20
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR25 configured
to host the Internet Information Services (IIS)
Web server role and a secure web site.
ABC.com has a Marketing division which accesses the
secured web site.
How would you configure ABC-SR25 to ensure the Marketing
division use user certificates instead of their
usernames and passwords?
A. By configuring Windows and IIS Manager Credentials using Management
Services.
B. By configuring the use of Integrated Windows Authentication (IWA) for the
secured web site.
C. By configuring the Client Certificate settings to Require SSL Settings
for the secured website.
D. By configuring the Authentication feature for the secured website.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
To adhere to the new ABC.com security policy, you need to
change the Client Certificate settings to Require on
SSL Settings for the secured website. By default, client
certificates are ignored. If you want the clients to verify
their identity before they access the content of a
website, you need to configure client certificates.
Reference: IIS 7.0: Specify Whether to Use Client
Certificates
http://technet2.microsoft.com/windowsserver2008/en/library/5adc0029-8875-4390-a717-
e5eb2eba97781033.
mspx?mfr=true
QUESTION 21
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR01 configured
to hosts the Web Server role and the secure
test.com web site.
The ABC.com Marketing division network users has
self-signed certificates to access the secure test.com web
site.
How would you configure ABC-SR01 to ensure error messages
are not displayed when accessing the secured
test.com web site?
A. By having the anonymous authentication module disabled.
B. By making changes to the Site web.config file.
C. By using the Certificates console to access the certificate. By
exporting the self-signed certificate to a Test.
com.cer file and linking the Test.com.cer file via the
domain.
D. By using Forms Authentication with the default settings.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
You need to the self-signed certificate to a Test.com.cer
file. This will allow the employees to connect to Test.
com. The client computers that make use of the website
should then have the Test.com.cer file installed. The
users account will be authenticated through the
certificate. The .cer file is an internet security certificate
extension which confirms the authenticity of a website
installed on a server.
QUESTION 22
You work as an enterprise administrator at ABC.com. The
ABC.com has a domain named ABC.com. All
servers on the domain run Microsoft Windows Server 2008
and all client computers run Microsoft Windows
Vista. ABC.com makes use of two computers named ABC-DC01
and ABC- DC02 configured with a default
subscription between the computers. During the course of
the day ABC.com configures the subscription to
configure Event forwarding.
How can we view the system event for ABC-DC02?
A. By reviewing the Error log on ABC-DC02
B. By reviewing the Internet Explorer log on ABC-DC01.
C. By using the Forwarded Events log on ABC-DC01.
D. By reviewing the Error log on ABC-DC01.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To review the system events for ABC-DC02, you need to
view the Forwarded Events log on ABC-DC01, which
is configured to centrally manage events. The Event
Collector service can automatically forward event logs to
other remote systems, running Windows Vista or Windows
Server 2008 on a configurable schedule. Event logs
can also be remotely viewed from other computers or
multiple event logs can be centrally logged and
monitored agentlessly and managed from a single computer.
Reference: Event Viewer
http://en.wikipedia.org/wiki/Event_Viewer
QUESTION 23
You work as an enterprise administrator at ABC.com. The
ABC.com has a domain named ABC.com. All
servers on the domain run Microsoft Windows Server 2008
and all client computers run Microsoft Windows
Vista. ABC.com has configured ABC-SR12 and ABC-SR13 with
event subscription to forward the events to
ABC-SR12. During the course of the day ABC.com configures
the event subscription to utilize the HTTP
protocol using the normal delivery optimization settings.
How will you ensure that the servers support event
collectors?
A. By running the wecutil qc command on ABC-SR12. And then the winrm
quickconfig command on ABC-
SR13. By adding the ABC-SR12 account to the Network
Configuration Operators group on ABC-SR12 to
ABC-SR13.
B. By running the wecutil qc command on ABC-SR12. By adding the ABC-SR12
account to the Remote
Desktop Users group on ABC-SR12 to ABC- SR13.
C. By running the wecutil qc command on ABC-SR12. And then the winrm
quickconfig command on ABC-
SR13. By adding the ABC-SR12 account to the
administrators group on ABC-SR12 to ABC-SR13.
D. By running the winrm quickconfig command on ABC-SR13. By adding the
ABC-SR13 account to the
administrators group on ABC-SR13 to ABC-SR12.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
To collect events from ABC-SR13 and transfer them to
ABC-SR12, you need to first run the wecutil qc
command on ABC-SR12. This command enables you to create
and manage subscriptions to events that are
forwarded from remote computers.
Then you need to run the winrm quickconfig command on
ABC-SR13. WinRM is required by Windows Event
Forwarding as WS-Man is the protocol used by WS-Eventing.
Group Policy can be used to enable and
configure Windows Remote Management (WinRM or WS-Man) on
the Source Computers. With WinRM,
Group Policy can be used to configure Source Computers
(Clients) to forward events to a collector (or set of
collectors).
Finally, you need to add the ABC-SR12 account to the
administrators group on ABC-SR13 so that access
rights can be granted to the collector system on f the
forwarding computer.
Reference: Quick and Dirty Large Scale Eventing for
Windows
http://blogs.technet.com/otto/archive/2008/07/08/quick-and-dirty-enterprise-eventing-for-
windows.aspx
Reference: Collect Vista Events
http://www.prismmicrosys.com/newsletters_june2007.php
QUESTION 24
You work as the enterprise administrator at ABC.com.
ABC.com has a domain named ABC.com. The ABC.
com network servers run Microsoft Windows Server 2008 and
the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-SR01 configured
to host Windows Server virtualization service
and hosts a virtual machine using the physical network
interface card (NIC).
ABC.com has a Marketing division which uses the virtual
machines to access physical network resources.
How would you configure the virtual host, when unable to
access physical network resources using the virtual
machine?
A. By installing the Windows Server virtualization Guest Integration
Components on the virtual machine.
B. By installing the Virtual Machine Additions feature installed on
ABC-SR01.
C. By installing the MS loopback adapter installed on the virtual machine
and ABC-SR01.
D. By installing the Virtual Machine Additions feature installed on the
virtual machine.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
To ensure that the virtual host can connect to the
physical network, you need to install Windows Server
virtualization Guest Integration Components on the
virtual machine.
The network adapter in the VM ported from Virtual Server
to Windows Server is no longer recognized. The
workaround is to add a legacy network adapter to the VM.
The network adapter seen by the guest OS is not an
emulated device (DEC/Intel 21140 Ethernet adapter). It is
an entirely new, high performance, purely synthetic
device available as part of the Windows Server
virtualization Integration Components call Microsoft VMBus
Network Adapter
Reference: Archive for the `Virtual
Server/PC/WSv/Hyper-V' Category / Windows Server 2008 Common FAQ
(condensed)
http://www.leedesmond.com/weblog/index.php?cat=6&paged=3
QUESTION 25
You work as the enterprise administrator at ABC.com. The
ABC.com network servers run Microsoft Windows
Server 2008 and the client computers run Microsoft Windows
Vista. ABC.com has a computer named ABC-
SR15 configured as follows:
ABC-SR15 configured to host the Active Directory
Lightweight Directory Services (AD LDS) service.
How would you create Organizational Units for the network
divisions in the Active Directory Lightweight
Directory Services (AD LDS) application directory
partition?
A. By using Active Directory Sites and Services.
B. By using the ADSI Edit Snap-in on the AD LDS application directory
partition.
C. By running the Dsmgmt command.
D. By using Active Directory Domains and Trusts snap-in .
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
You need to use the ADSI Edit snap-in to create new OUs
in the AD LDS application directory partition. You
also need to add the snap-in in the Microsoft Management
Console (MMC).
-->
- VCAP DCA 5 Dumps & Training Latest available
- VCAP DCD 5 Dumps Latest available
- ITIL V3 Dumps Latest available
- CCNA Dumps. Latest available
- MCITP Dumps. Latest available
- Upload the latest dumps.
- Request for New Dumps.
- Become a part of 01world Family.
- Interview questions & answers.
-->