70-642 Exam
Where to find 70-642 second shot
It is more faster and easier to pass the Microsoft 70-642 exam by using Tested Microsoft TS: Windows Server 2008 Network Infrastructure, Configuring questuins and answers. Immediate access to the Rebirth 70-642 Exam and find the same core area 70-642 questions with professionally verified answers, then PASS your exam with a high score now.
2021 Oct itfreetraining 70-642:
Q71. - (Topic 3)
You perform a security audit on a server named Server1. You install the Microsoft Network Monitor 3.0 application on Server1.
You find that only some of the captured frames display host mnemonic names in the Source column and the Destination column. All other frames display IP addresses.
You need to display mnemonic host names instead of IP addresses for all the frames.
What should you do?
A. Create a new display filter and apply the filter to the capture.
B. Create a new capture filter and apply the filter to the capture.
C. Populate the Aliases table and apply the aliases to the capture.
D. Configure the Network Monitor application to enable the Enable Conversations option. Recapture the data to a new file.
Answer: C
Q72. - (Topic 3)
Your network contains an Active Directory domain named contoso.com.
An administrator named Admin1 plans to install the Routing and Remote Access service (RRAS) role service on a server named Server1. Admin1s user account is not a member of the Domain Admins group.
You need to ensure that Server1 can authenticate users from Active Directory by using Windows authentication.
What should you do?
A. Install the Active Directory Lightweight Directory Services (AD LDS) role on Server1.
B. Add the computer account for Server1 to the RAS and IAS Servers group.
C. Install the Network Policy Server (NPS) role service on a domain controller.
D. Add the computer account for Server1 to the Windows Authorization Access Group.
Answer: B
Explanation:
Not sure if I am right on this one, since not all question is shown ;)) But I guess that after adding the role by the Admin1 it says that he is not in Domain Admins group and RRAS server wont be added automatically to the RAS and IAS group, so it has to be added manually by a member of that group so server could authenticate users.
Q73. - (Topic 1)
Your network contains an Active Directory domain named fabrikam.com. The domain contains five domain controllers named DC1, DC2, DC3, DC4, and DC5. All domain controllers run Windows Server 2008 R2 and have the DNS server role installed.
On DC5, you create a new Active Directory-integrated DNS zone named adatum.com.
You need to ensure that the adatum.com DNS zone is only replicated to DC5 and DC2.
The solution must ensure that all zone replication traffic is encrypted.
What should you do first?
A. Create an application directory partition.
B. Create a primary zone.
C. Modify the zone transfer settings.
D. Change the zone replication scope.
Answer: A
Q74. - (Topic 4)
Your network contains an Active Directory forest named contoso.com. The forest contains a server named Server1 that runs Windows Server 2008 R2 Service Pack 1 (SP1) Standard.
The forest contains a server named Server2 that runs Windows Server 2008 R2 SP1 Enterprise. Server1 and Server2 have the Print and Document Services server role installed.
You need to migrate the print queues, printer settings, printer ports, and language monitors from Server1 to Server2.
Which tool should you use?
A. Print Management
B. Printmig
C. Active Directory Users and Computers
D. Printui
Answer: A
Explanation:
To migrate print servers by using Print Management Open Print Management. In left pane, click Print Servers, right-click the print server that contains the printer queues that you want to export, and then click Export printers to a file. This starts the Printer Migration Wizard. On the Select the file location page, specify the location to save the printer settings, and then click Next to save the printers. Right-click the destination computer on which you want to import the printers, and then click Import printers from a file. This launches the Printer Migration Wizard. On the Select the file location page, specify the location of the printer settings file, and then click Next. On the Select import options page, specify the following import options: Import mode. Specifies what to do if a specific print queue already exists on the destination computer. List in the directory. Specifies whether to publish the imported print queues in the Active Directory Domain Services. Convert LPR Ports to Standard Port Monitors. Specifies whether to convert Line Printer Remote (LPR) printer ports in the printer settings file to the faster Standard Port Monitor when importing printers. Click Next to import the printers. OR To migrate print servers by using a command prompt To open a Command Prompt window, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. Type: CD %WINDIR%\System32\Spool\Tools Printbrm -s \\<sourcecomputername> -b -f <filename>.printerExport Type: Printbrm -s \\<destinationcomputername> -r -f <filename>.printerExport http://technet.microsoft.com/en-us/library/cc722360.aspx
Q75. - (Topic 1)
Your network contains an Active Directory domain named contoso.com. The domain contains two DNS servers named DC1 and Server1. DC1 is a domain controller. Server1 is member server.
On Server1, you create a primary zone named fabrikam.com.
You need to create a copy of the fabrikam.com zone on DC1.
What should you do? (Each correct answer presents part of the solution. Choose two.)
A. Create a new secondary zone on DC1.
B. Run the New Delegation Wizard on DC1.
C. Create a new Active Directory-integrated stub zone on DC1.
D. Run the New Delegation Wizard on Server1.
E. Modify the Name Servers list for the fabrikam.com zone.
F. Modify the start of authority (SOA) record of the fabrikam.com zone.
Answer: A,E
Explanation: http://technet.microsoft.com/en-us/library/dd197427(v=ws.10).aspx
A DNS database can be partitioned into multiple zones. A zone is a portion of the DNS database that contains the resource records with the owner names that belong to the contiguous portion of the DNS namespace. Zone files are maintained on DNS servers. A single DNS server can be configured to host zero, one, or multiple zones.
The new zone fabrikam.com is a totally new domain and zone and is thus in no way related to contoso.com.
This is allowed as DNS servers are capable of hosting multiple, unrelated zones.
Avant-garde 70-642 in pdf:
Q76. - (Topic 3)
You deploy a Windows Server 2008 R2 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows 7.
The firewall is configured to allow only secured Web communications.
You need to enable remote users to connect as securely as possible.
You must achieve this goal without opening any additional ports on the firewall.
What should you do?
A. Create an IPsec tunnel.
B. Create an SSTP VPN connection.
C. Create a PPTP VPN connection.
D. Create an L2TP VPN connection.
Answer: B
Explanation:
Secure Socket Tunneling Protocol (SSTP) is a tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAP-TLS. SSL provides transport-level security with enhanced key negotiation, encryption, and integrity checking. Although it is closely related to SSL, a direct comparison can not be made between SSL and SSTP as SSTP is only a tunneling protocol unlike SSL. Many reasons exist for choosing SSL and not IPSec as the basis for SSTP. IPSec is directed at supporting site- to-site VPN connectivity and thus SSL was a better base for SSTP development, as it supports roaming. http://technet.microsoft.com/en-us/library/dd469817(v=ws.10).aspx
Q77. - (Topic 2)
Your network contains a Windows Server Update Services (WSUS) server named Server1. Server1 provides updates to client computers in two sites named Site1 and Site2. A WSUS computer group named Group1 is configured for automatic approval.
You need to ensure that new client computers in Site2 are automatically added to Group1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a new automatic approval update rule.
B. Modify the Computers Options in the Update Services console.
C. Modify the Automatic Approvals options in the Update Services console.
D. Configure a Group Policy object (GPO) that enables client-side targeting.
Answer: B,D
Reference: http://technet.microsoft.com/en-us/library/cc720433(WS.10).aspx
Explanation:
WSUS enables you to target updates to groups of client computers. This capability can help you ensure that specific computers get the right updates at the most convenient times on an ongoing basis. For example, if all computers in one department of your organization have a specific configuration (such as all computers in the Accounting team), you can determine what updates those computers get, at what time, and then use WSUS reporting features to evaluate the success of update activity for that computer group.
By default, each computer is already assigned to the All Computers group. Computers will also be assigned to the Unassigned Computers group until you assign them to another group.
Regardless of the group you assign a computer to, it will also remain in the All Computers group. A computer can be in only one other group in addition to the All Computers group.
You can assign computers to computer groups by using one of two methods, server-side targeting or client side targeting, depending on whether or not you want to automate the process. With server-side targeting, you use the Move the selected computer task on the Computers page to move one or more client computers to one computer group at a time. With client-side targeting, you use Group Policy or edit the registry settings on client computers to enable those computers to automatically add themselves into the computer groups. You must specify which method you will use by selecting one of the two options on the Computers Options page.
Note
If your WSUS server is running in replica mode, you will not be able to create computer groups on that server, you will only inherit the computer groups created on the administration server from which your server inherits its settings. For more information about replica mode, see Running in Replica Mode.
Server-side Targeting With server-side targeting, you use the WSUS console to both create groups and then assign computers to the groups. Server-side targeting is an excellent option if you do not have many client computers to update and you want to move client computers into computer groups manually.
To enable server-side targeting on your WSUS server, click the Use the Move computers task in Windows Server Update Services option on the Computers Options page.
Client-side Targeting With client-side targeting, you enable client-computers to add themselves to the computer groups you create in the WSUS console. You can enable client-side targeting through Group Policy (in an Active Directory network environment) or by editing registry entries (in a non-Active Directory network environment) for the client computers. When the client computers connect to the WSUS server, they will add themselves into the correct computer group. Client-side targeting is an excellent option if you have many client computers and want to automate the process of assigning them to computer groups. To enable client-side targeting on your WSUS server, click the Use Group Policy or registry settings on client computers option on the Computers Options page.
Q78. - (Topic 4)
Your network contains a DNS domain named contoso.com.
An administrator installs an FTP server on a server named server2.contoso.com.
You open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that users can access the FTP server by using the URL ftp://ftp.contoso.com.
Which type of DNS record should you add?
A. text (TXT)
B. well known service (WKS)
C. host (A)
D. pointer (PTR)
E. service location (SRV)
Answer: C
Q79. - (Topic 3)
Your network contains a Windows Server Update Services (WSUS) server named Server1.
You discover that certain updates listed in the WSUS administrative console are unavailable on Server1.
You need to ensure that all of the updates listed in the WSUS administrative console are available on Server1.
What should you do on Server1?
A. Restart the Update Services service.
B. Run wsusutil.exe and specify the reset parameter.
C. Run wsusutil.exe and specify the deleteunneededrevisions parameter.
D. Run wuauclt.exe and specify the /detectnow parameter.
Answer: B
Explanation:
wsusutil /reset: Checks that every update metadata row in the database has corresponding update files stored in the file system. If update files are missing or have been corrupted, WSUS downloads the update files again. http://technet.microsoft.com/en-us/library/cc720466%28WS.10%29.aspx
Q80. - (Topic 2)
Your company has a main office and a branch office.
The network contains two DNS servers named DNS1 and DNS2.
DNS1 is located in the main office. DNS1 hosts a primary standard zone named contoso.com. The contoso.com zone is configured to use DNSSEC.
DNS2 is located in the branch office. DNS2 is a caching-only DNS server.
You need to ensure that client computers in the branch office can receive authoritative responses to queries for contoso.com if a WAN link fails. DNSSEC security must be maintained.
What should you configure on DNS2 for contoso.com?
A. a conditional forwarder
B. a secondary zone
C. a zone delegation
D. an Active Directory-integrated stub zone
Answer: B