70-642 Exam
Tactics to 70-642 windows server 2008 network infrastructure
Act now and download your Microsoft 70-642 test today! Do not waste time for the worthless Microsoft 70-642 tutorials. Download Latest Microsoft TS: Windows Server 2008 Network Infrastructure, Configuring exam with real questions and answers and begin to learn Microsoft 70-642 with a classic professional.
2021 Aug ebook for 70-642:
Q101. - (Topic 3)
Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS).
The company's remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees.
You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection.
What should you do?
A. Install the Network Policy Server (NPS) server role on RAS1.
B. Create a remote access policy that requires users to authenticate by using SPAP.
C. Create a remote access policy that requires users to authenticate by using EAP-TLS.
D. Create a remote access policy that requires users to authenticate by using MS-CHAP v2.
Answer: C
Explanation:
EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is wellsupported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles' heel. EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards.[4] This is because there is no way to steal a certificate's corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.[5] There are client and server implementations of EAP-TLS in 3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2
Q102. - (Topic 3)
Your network contains an Active Directory domain. Your company provides VPN access for multiple organizations.
You need to configure Network Policy Server (NPS) to forward authentication requests to the appropriate organization.
What should you configure on the NPS server?
A. the RADIUS Accounting accounting provider
B. the Windows Accounting accounting provider
C. remediation server groups
D. health policies
E. connection request policies
F. the RADIUS Authentication authentication provider
G. the Windows Authentication authentication provider
H. system health validators (SHVs)
I. Group Policy preferences
J. IKEv2 client connections
Answer: E
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting. Ref: http://technet.microsoft.com/en-us/library/cc753603.aspx
Q103. - (Topic 1)
Your network contains two separate subnets named Subnet1 and Subnet2. Subnet1 contains a Windows
Server Update Services (WSUS) server named Server1.
Computers on Subnet1 can access resources on the Internet. Subnet2 is an isolated subnet.
You deploy a new WSUS server named Server2 in Subnet2.
You need to replicate the metadata from Server1 to Server2.
What should you do on Server1?
A. Run wbadmin.exe and specify the start backup parameter.
B. Run wbadmin.exe and specify the start systemstatebackup parameter.
C. Run wsusutil.exe and specify the move content parameter.
D. Run wsusutil.exe and specify the export parameter.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc720437%28WS.10%29.aspx
Q104. - (Topic 2)
Your network contains a single Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 and Server2 are namespace servers for the \\contoso.com\DFS1 namespace.
You need to ensure that users only connect to the \\contoso.com\DFS1 namespace on Server1 if Server2 is unavailable.
How should you configure the \\contoso.com\DFS1 namespace?
A. From the properties of the \\contoso.com\DFS1 namespace, modify the referrals settings.
B. From the properties of the \\contoso.com\DFS1 namespace, modify the advanced settings.
C. From the properties of the \\SERVER1\DFS1 namespace servers entry, modify the advanced settings.
D. From the properties of the \\SERVER2\DFS1 namespace servers entry, modify the advanced settings.
Answer: D
Q105. - (Topic 1)
Your network contains a file server named Server1 that runs Windows Server 2008 R2.
You enable IPSec on Server1.
You need to identify which client computers have active IPSec associations to Server1.
Which administrative tool should you use to achieve this task?
A. Share and Storage Management
B. Windows Firewall with Advanced Security
C. Performance Monitor
D. Event Viewer
Answer: B
Rebirth 70-642 in pdf:
Q106. - (Topic 2)
Your network contains a server named Server1 that runs Windows Server 2008 R2.
You have a user named User1.
You need to ensure that User1 can schedule Data Collector Sets (DCSs) on Server1. The solution must minimize the number of rights assigned to User1.
What should you do?
A. Add User1 to the Performance Log Users group.
B. Add User1 to the Performance Monitor Users group.
C. Assign the Profile single process user right to User1.
D. Assign the Bypass traverse checking user right to User1.
Answer: A
Explanation:
Both A and B are valid users group but: Performance Log users group : Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer Performance Monitor users group : Members of this group can access performance counter data locally and remotely. Hence answer is "A".
Q107. - (Topic 2)
Your network contains a Network Policy Server (NPS) named Server1. You need to configure a network policy for a VLAN.
Which RADIUS attributes should you add?
A. •Login-LAT-Service •Login-LAT-Node •Login-LAT-Group •NAS-Identifier
B. •Tunnel-Assignment-ID •Tunnel-Preference •Tunnel-Client-Auth-ID •NAS-Port-Id
C. •Tunnel-Client-Endpt •Tunnel-Server-Endpt •NAS-Port-Type •Tunnel-Password
D. •Tunnel-Medium-Type •Tunnel-Pvt-Group-ID •Tunnel-Type •Tunnel-Tag
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc754422(v=ws.10).aspx
Q108. - (Topic 2)
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has several custom inbound rules and connection security rules.
You need to duplicate the Windows Firewall rules from Server1 to Server2.
What should you do on Server1?
A. At the Command Prompt, run netsh.exe firewall dump.
B. At the Command Prompt, run netsh.exe firewall show > firewall.txt.
C. From the Windows Firewall with Advanced Security console, click Export policy.
D. From the Windows Firewall with Advanced Security console, click the Connection Security Rules node, and then click Export List.
Answer: C
Q109. - (Topic 2)
Your network contains an Active Directory domain. The domain contains two print servers named Server1 and Server2 that run Windows Server 2008 R2.
Server1 has a printer named Printer1. Server2 has a printer named Printer2. Both printers use the same driver.
The print device for Printer1 fails.
You need to ensure that the print jobs in the Printer1 queue are printed. What should you do?
A. Modify the Ports settings of Printer1.
B. Modify the Sharing settings of Printer1.
C. Run the Printer Migration tool.
D. Run the Remove-Job and Copy-Item cmdlets.
Answer: A
Q110. - (Topic 4)
You need to mount a VHD file that was created by using Windows Server Backup. Which tool should you use?
A. Diskpart
B. Share and Storage Management
C. New-PSDrive
D. imagex
Answer: B