1: A and B
2: A and B
The wizard will decline all updates that meet all the following criteria:
3. D
It is because the cached domain credential doesn't match the credential on the domain controller (password changed). To enable autommatic wireless connection, you must set up computer certificate for the mobile computer and use Group Policy to configure mobile computers to connect to the wireless network.
4. D
32-22=10 (bits).
1024-2=1022
5. B
Your lab has total 16 computers.
32-5=27
6. C
The IP address and Default gateway are not in the same network.
7. A
8. A
A global address can access IPv6-only host on Internet.
9. C
Unique local addresses support routing but cannot be reached from Internet.
10.
When it cannot answer a query with its own cached or authoritative data.
11. A
12. D
13. C
Both "Computer and User" and Computer restrict communications for domain-joined computers. Linux computers are not part of the domain. You must select Advanced configuration and use the computer certificates from acommon certificate authority.
14. D
Ocsetup command is case-sensitive.
15. A
Both SSTP and L2TP needs computer certificate, even though Microsoft RRAS can set up shared password for L2TP.
16. C
Clients always connect to DFS servers at their local site first. If no local DFS server is available, the Lowest Cost ordering method should be selected.
"Clients Fall Back to Preferred Targets" --when the DFS servers at local site are offline, clients connect to DFS servers of another site with lowest cost; when the local DFS servers are online, clients connect to the local DFS servers.
17. B,D
In event viewer, you can attach a task to a log.
In task scheduler, you can create a task with action to send e-mail triggered by an event.
18. D
19. A,B
You cannot select the Details button for a folder.
20. A and C
21. A
22. A and E
23. C
24. A and C
25. A
26. A, D
27. D
You can initiate a manual backup to a writeable DVD or a shared folder, but scheduled backups do not support these media types. Windows Server Backup does not support writing to a backup tape for any backup scenario.
28. B
29. A
30. D
31. C
32. C and D
WSUS requires SQL Server 2005 with Service Pack 1 or later. WSUS supports only Windows authentication and cannot be used with SQL authentication.
33. D
34. B
35. C
The Microsoft: Secured Password (EAP-MSCHAP v2) authentication method allows users to authenticate with domain credentials.
Microsoft: Protected EAP (PEAP) and Microsoft: Smart Card Or Other Certificate each require the client computer to have a certificate issued by a trusted certification authority (CA).
36. C
37. D
38. D
The computer will have a perfect System Stability Index of 10 because the System Stability Index uses only data from the last 28 days. Therefore, although the System Stability Index would have fallen below 10 after the applications were installed, 28 days later it would have risen back to 10.
39. B and C
40.D
41. C
42. B,D
43.B,C,D
The http://update.microsoft.com and http://windowsupdate.microsoft.com URLs are used only by users who interactively connect to Microsoft Update. WSUS does not require them.
44. B,C
45. B
Active Directory-integrated zones rely on the Active Directory directory service for replication. Therefore, replication-related problems are recorded in the Directory Service event log.
46. B,C,F
47. C
You can enable IP conflict detection using the Advanced tab of the IPv4 Properties dialog box. Simply set the Conflict Detection Attempts box to a number greater than zero.
48. D
49. C
50.B
51. C
52.B,C,D
53.C
Network policies allow you to specify operating system as a criterion. Because NAP evaluates network policies when a client connects, you can create a network policy that allows clients with Windows XP to bypass the health check.
54.A
Run the Dnscmd command on a zone's primary DNS server with the /ZoneResetSecondaries parameter to configure whether zone transfers are allowed. The /NoXfr parameter specifies that all zone transfers are blocked.
55. C, D
56. A
57. B
58. B,C
59. C
60. A
61. B,C,D
Windows Vista includes the Previous Versions Client, and it is installed as part of Windows XP Service Pack 2. You can download the Previous Versions Client for Windows 2000 from the Microsoft Download Center.
There is no Previous Versions Client for Windows 98.
62.C
63. B
64. D
65. D
66. A
67. A
68. A
69. D
70. D,F
Both MS-CHAP v2 and EAP-TLS provide mutual authentication.
71. A
By default, WSUS clients check for updates every 17 to 22 hours.
72. A, B
73. A,C
74. B
75. A
76. D
77. A
78. B
79. B
Reliability Monitor computes the System Stability Index based on information stored in databases located at %ProgramData%\Microsoft\RAC\Published Data and %ProgramData%\Microsoft\RAC\StateData.
80. A
81. A,B,D
82. D
83. B
When Fabrikam.com adds or removes a DNS server, stub zone will automatically know the change. For a secondary zone, you have to manually modify the configuration.
84. B, D
You can modify the IP address to bypass the DHCP NAP enforcement. VPN connections are not required in this scenario. You can configure IPSec to allow connections only from healthy computers and configure the requirement on a port-to-port basis. 802.1x enforcement requires client computers to have a health check before accessing a VLAN that would connect to the Web servers.
85.B
86. D
87. D
88. A,F,G
89. C
90. A
91. E
92.B,C
When you back up to a DVD, you can restore only entire volumes (either using the Windows Server Backup graphical tool or Windows Recovery Tools).
93. B
94. D
95. D
96. A,C
97. C
98. A,C, E
99. B
100. B,C,F
101. A
102. A and C
Go to Action Center and Maintenance
103. A
104. A and C
HRA requires a certification authority running Windows Server 2008 Certificate Services, which can be an existing CA or a new CA. For a Windows Server 2003-based CA, you must manually create a System Health Authentication certificate template so that members of the IPsec exemption group can autoenroll a long-lived health certificate.
105. A
106. D
107. B
108. A,C, D, E
109. A
110. A
111. A
112. B
113. B
114.A
115. A
VPN servers add events to the Windows Logs\System event log.
116. C
Server-to-server rules can require IPsec connections between specific endpoints. In this case you want to require security between the different tiers. Therefore, you could list the IP addresses of all three tiers for each set of endpoints to require the connection security rule.
117. B.C.D
118. A
119. A
120. B
121. D
122. D
123. A, C
Windows Server Backup tool restores files from the backup set not shadow copy.
124. A,B,D,F,I
You cannot enable SSL for all virtual roots because doing so would prevent the Windows Update client from functioning.
125. C
126. B
127. A, B,D
Wireless Single Sign-On in Windows Vista® lets you specify that IEEE 802.1X authentication for Wi-Fi Protected Access 2 (WPA2)-Enterprise, WPA-Enterprise, and 802.1X authentication with Wireless Equivalency Privacy (WEP) occur before the user logon process.
This question would apply to wireless routers with wireless network password.
128. C
es (enum-subscription) List existent subscriptions.
gs (get-subscription) Get subscription configuration.
gr (get-subscriptionruntimestatus) Get subscription runtime status.
ss (set-subscription) Set subscription configuration.
cs (create-subscription) Create new subscription.
ds (delete-subscription) Delete subscription.
rs (retry-subscription) Retry subscription.
qc (quick-config) Configure Windows Event Collector service.
129. C
130. C
131. A,B
132. A
133. A
Only PEAP supports fast reconnect, which allows a computer to roam between different wireless access points, maintaining continuous wireless network connectivity without reauthenticating the user. The user will still be prompted for authentication if the wireless access point uses a different RADIUS server.
134. B
135. A
136. C
137. A
138. B
139. B
140. A, D
On the NAP server you can use the Windows Logs\Security event log to view NPS events. These events will reveal which NAP clients are not compliant. On Windows Vista and Windows Server 2008 NAP clients, examine the Applications And Services Logs\Microsoft\Windows\Network Access Protection\Operational log.
141. D
Deleting or disabling the connection that sends changes from Server2 to Server1 would allow only one-way replication in the replication group.
142. B
143. D
After creating the Remote RADIUS Server Group for each company, create at least one connection request policy for each company. The connection request policies should use the criteria to forward the Contoso company's authentication request to the Contoso Remote RADIUS Server Group and forward the Lithium company's authentication request to the Lithium Remote RADIUS Server Group.
144.B,D
145. A,B
146. B
147. D
EAP-MS-CHAP v2 allows authentication using domain credentials and is the easiest to deploy when users have Active Directory credentials.
EAP-TLS uses certificates for authentication. EAP-TLS requires deploying a PKI and configuring client computers with certificates.
148. A,B
149. B
apply IPsec rules requiring health certificates to all computers that should be protected and not apply any IPsec rules to the remediation servers. As long as the remediation servers accept connections from clients that do not support IPsec, they will be accessible as remediation servers.
VLANs are used when configuring 802.1X NAP enforcement. ACLs are used when configuring 802.1X NAP enforcement.
Remediation Server Group lists are used only for DHCP and VPN enforcement.
150. A
151. C, D, A, B
152. A,B
Active Directory replication is always encrypted.
153. A,B
You cannot use Kerberos authentication for wireless access.
154. A
Windows Server 2008 stores RADIUS authentication information in both Windows Logs\Security and %SystemRoot%\system32\LogFiles. However, only %SystemRoot%\system32\LogFiles uses a standards-based, text format that the analysis software would be able to process.
155. A
156. C
Each incoming IPsec connection would create a main mode security association, which would be visible at the Monitoring\Security Associations\Main Mode node.
157. A
Although all of the statements about ACLs are true, the only advantage of ACLs over VLANs is that ACLs can prevent noncompliant client computers from communicating with each other. VLANs cannot do this, which can allow a noncompliant computer infected with a worm to spread the worm to other noncompliant computers.
158. A
159. A
160. A
161. A
162. A,C
6to4, an IPv6 transition technology, is completely incompatible with NAT. However, you might be able to use Teredo to connect to the IPv6 Internet instead, depending on the capabilities of the NAT server.
163. B
164. A,E
dnscmd /Config contoso.msft /Aging 1 -----Enable aging and scavenging
168 hours is equal to one week.
165. A,D
You can use the RepAdmin command with the /replicate parameter to immediately begin Active Directory replication. Because Active Directory-integrated zones rely on Active Directory replication, this will also replicate DNS updates.
You can use DnsCmd with the /ZoneRefresh parameter to force the DNS server to update data from the Active Directory.
166. A
Conditional forwarding would improve name resolution response times and minimize the zone transfer traffic, but it would not allow you to keep an updated list of remote name servers.
167. C
168. B
167.
On each computer of 192.168.1.0/24 subnet, run this command.
route -p add 192.168.2.0/24 192.168.1.2
168. A
169. C
170. C
171. A, D
Answer C will be expensive solution upfront.
172. C, D, E, F
173. B
174. B
175. A, C
176. D
177. A
Setting NAP Enforcement to Allow Limited Access limits the client to the remediation servers you list. If you do not list any remediation servers, clients will be completely denied network access.
Setting the Access Permission to Deny Access will prevent clients from performing a health check. Therefore, both compliant and noncompliant clients will be blocked.
178. B,C
NAP VPN connection request policy:
NAP DHCP connection request policy: no PEAP required.
You can have several network policies, such as compliant, noncompliant, and NAP-noncapable.
Non NAP-capable computers do not have Health Policy.
179. A,B
For NAP DHCP enforcement, the DHCP server must have NPS installed but no conection request policy and network policy defined. You define the connection request policy and network policy in another NPS server. These configurations mean that your network has two or more DHCP servers. You must configure the NPS on the DHCP server as RADIUS proxy as follows:
180. D
181. B
182. A,B,D
183. D
The Update Detailed Status will show which computers have successfully installed an update.
184. B,C
185.A
186.B,C
187. A
188. A
Shadow copies maintain a maximum of 64 copies of a file. The copy schedule directly affects the amount of time that passes before the oldest copies are deleted.
189. B
190. A,C
191. B,D