Exam : 70-642 TS: Windows Server 2008 Network Infrastructure, Configuring

Demo Version

To Access Full Version, Please go to www.itexamworld.com

QUESTION 1: You are an enterprise administrator for Itexamworld . The corporate network of the company consists of servers that run Windows Server 2008 in an Active Directory domain. The domain consists of two servers named Itexamworld Server1 and Itexamworld Server2. You need to configure event subscription on the servers so that events from Itexamworld Server2 can be collected and transferred to Itexamworld Server1. You configure the required subscriptions by selecting the normal option for the event delivery optimization setting and using the HTTP protocol. However, you noticed that none of the subscriptions work. Which of the following three options would you choose to ensure that the servers support event collectors? (Each correct answer presents part of the solution) A. Run the wecutil qc command on Itexamworld Server1 B. Run the wecutil qc command on Itexamworld Server2 C. Run the winrm quickconfig command on Itexamworld Server1 D. Run the winrm quickconfig command on Itexamworld Server2 E. Add the Itexamworld Server2account to the administrators group on Itexamworld Server1 F. Add the Itexamworld Server1account to the administrators group on Itexamworld Server2

Answer: A, D, F

Explanation: To collect events from Itexamworld Server2 and transfer them to Itexamworld Server1, you need to first run the wecutil qc command on Itexamworld Server1. This command enables you to create and manage subscriptions to events that are forwarded from remote computers. Then you need to run the winrm quickconfig command on Itexamworld Server2. WinRM is required by Windows Event Forwarding as WS-Man is the protocol used by WS-Eventing. Group Policy can be used to enable and configure Windows Remote Management (WinRM or WS-Man) on the Source Computers. With WinRM, Group Policy can be used to configure Source Computers (Clients) to forward events to a collector (or set of collectors). Finally, you need to add the Itexamworld Server1 account to the administrators group on Itexamworld Server2 so that access rights can be granted to the collector system on f the forwarding computer. Reference: uick and Dirty Large Scale Eventing for Windows http://blogs.technet.com/otto/archive/2008/07/08/quick-and-dirty-enterprise-eventing-for-windows.aspx Reference: Collect Vista Events http://www.prismmicrosys.com/newsletters_june2007.php

QUESTION 2:

You are an enterprise administrator for Itexamworld . The corporate network of the company consists of 100 servers that run Windows Server 2008 in an Active Directory domain. You have recently installed Windows Server 2008 on a new server and named it Itexamworld Server1. You installed Web Server (IIS) role on it. The Itexamworld Server1 has no Reliability Monitor data currently, and the system stability share has never been updated. Which of the following options would you choose to configure the Itexamworld Server1 to collect the reliability monitor data? A. On the Itexamworld Server1, run the perfmon.exe /sys command. B. On the Itexamworld Server1Configure the Task scheduler service to start automatically. C. On the Itexamworld Server1, configure the Remote Registry service to start automatically. D. On the Itexamworld Server1, configure the Secondary Login service to start automatically.

E. None of the above. Answer: B

Explanation: To configure the Itexamworld Server1 to collect the reliability monitor data, you need to configure the Task scheduler service to start automatically. Reliability Monitor uses data provided by the RACAgent scheduled task, a pre-defined task that runs by default on a new installation of Windows Vista. The seamless integration between the Task Scheduler user interface and the Event Viewer allows an event-triggered task to be created with just five clicks. In addition to events, the Task Scheduler in Windows Vista / Server 2008 supports a number of other new types of triggers, including triggers that launch tasks at machine idle, startup, or logon. Because you need Task Scheduler to collect reliability monitor data, you need to you need to configure the Task scheduler service to start automatically. Reference: Network Monitor 3.1 OneClick ... now what? / Task Scheduler Changes in Windows Vista and Windows Server 2008 - Part One http://blogs.technet.com/askperf/ Reference: What allows the Reliability Monitor to display data? http://www.petri.co.il/reliability_monitor_windows_vista.htm

QUESTION 3:

You are an Enterprise administrator for Itexamworld .com. You have deployed a file server on the corporate network on a server that runs Windows Server 2008. You configured a shared folder on the server so that users can access shared files on the file server. However, the users reported that they are unable to access the shared files. The TCP/IP properties for the file server showed that it is configured to obtain IP address automatically and the users computers were configured with IP addresses and subnet masks. You need to ensure that users are able to access the shared files. How should you configure the TCP/IP properties on the file server? A. Configure the DNS server address. B. Configure the default gateway on the file server. C. Configure the file server with static IP address. D. Add the domain to the DNS suffix on the network interface.

Answer: C

Explanation: To ensure that users are able to access the shared files, you need to configure a static IP address on the file server because In order for both PC's to be able to communicate together, the Ethernet adapters will need to be configured with a static IP address and a common Subnet mask. As an example, assign one PC an IP address of 192.198.0.1 and assign the second PC an IP address of 192.198.0.2. Both machines should use the Subnet mask 255.255.255.0.

Reference: need help to setup a lan connection between 2 http://en.kioskea.net/forum/affich-2335-need-help-to-setup-a-lan-connection-between-2

QUESTION 4:

You are an Enterprise administrator for Itexamworld .com. The corporate network of the

company consists of a single Active Directory domain. All the servers on the corporate network run Windows Server 2008. The company has a server named Itexamworld FS1 that hosts the domain-based DFS namespace named \\ Itexamworld .com\dfs. All domain users store their data in subfolders within the DFS namespace. Which of the following options would you choose to prevent all users, except administrators, from creating new folders or new files at the root of the \\ Itexamworld .com\dfs share? A. On Itexamworld FS1, first configure the NTFS permissions for the C:\DFSroots\dfs folder and then set the Create folders/append data special permission to Deny for the Authenticated Users group and set the Full Control permission to Allow for the Administrators group. B. On Itexamworld FS1, start the Delegate Management Permissions Wizard for the DFS namespace named \\ Itexamworld .com\dfs and then remove all groups that have the permission type Explicit except the Administrators group. C. Configure the \\ Itexamworld FS1\dfs shared folder permissions by setting the permissions for the Authenticated Users group to Reader and the Administrators group to Co-owner. D. Run the dfscmd.exe \\ Itexamworld FS1\dfs /restore command on Itexamworld FS1. E. None of the above

Answer: C

Explanation: To prevent all users, except administrators, from creating new folders or new files at the root of the \\ Itexamworld .com\dfs share, you need to configure the \\ Itexamworld FS1\dfs shared folder permissions by setting the permissions for the Authenticated Users group to Reader and the Administrators group to Co-owner Reader is allowed to only view the files and folders and a Co-owner is allowed viewing, adding, changing, and deleting all files. Reference: Managing Files and Folders in Windows Vista http://www.informit.com/articles/article.aspx?p=698129&seqNum=29 QUESTION 5:

You are an enterprise administrator for Itexamworld . The corporate network of Itexamworld consists of a single Active Directory domain called Itexamworld .com. The domain consists of a file server that runs Windows Server 2008. A network users of the company started restoring a critical large file by using the Previous Versions tab. The users wanted to view the progress of the file restoration. Which of the following options would you choose to view the progress of the file restoration? A. Click on Sessions under the Shared Folders node in the Computer Management. B. Click on Open Files under the Shared Folders node in the Computer Management C. Run vssadmin.exe query reverts on the command prompt. D. Run shadow.exe /v on the command prompt. E. None of the above

Answer: C Explanation: To view the progress of the file restoration, you need to run vssadmin.exe query reverts from the command prompt. The Windows Server 2003 Volume Shadow Copy Service can also be administered from the command line by using the VSSAdmin tool that is included with Windows Server 2003. This tool replicates the features of the Shadow Copies tab of the volume Properties screen

and can be called from batch files and scripts. VSSAdmin does not follow the typical "Command /switch" form, but instead uses a list of fixed commands to guide its function. Query Reverts queries the status of in-progress revert operations.

Reference: Rapid Recovery with the Volume Shadow Copy Service / Command-Line Management http://technet.microsoft.com/en-us/magazine/cc196308.aspx

QUESTION 6:

You are an enterprise administrator for Itexamworld . The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008. A member server Called Itexamworld Server1 has a SaleRecords folder created on it on the D: drive. The D:\ SaleRecords folder is corrupted. The most recent backup version is 01/28/2008-09:00. Which of the following options would you choose to restore all the files in the D:\ SaleRecords folder back to the most recent backup version, without affecting other folders on the server? A. Run the Wbadmin start recovery -version: 01/28/2008-09:00-itemType:File -items:d:\SaleRecords -overwrite -recursive -quiet command. B. Run the Wbadmin start recovery -backuptarget:D: -version: 01/28/2008-09:00-overwrite -quiet command. C. Run the Recover d:\ SaleRecords command. D. Run the Wbadmin restore catalog -backuptarget:D: -version: 01/28/2008-09:00-quiet command.

Answer: A Explanation: To restore all the files in the D:\ SaleRecords folder back to the most recent backup version without affecting other folders on the server, you need to run the Wbadmin start recovery -version:10/29/2007-09:00 -itemType:File -items:d:\ SaleRecords-overwrite -recursive -quiet command. Wbadmin start recovery runs a recovery based on the parameters that are specified. In the above query, the -version 10/29/2007-09:00 specifies the version identifier of the backup to recover, -itemtype:File specifies type of items to recover. In this case it is the file that needs to be recovered. The -items:d:\SaleRecords specifies that d:\SaleRecords folder needs to be recovered. -Overwrite causes Windows Server Backup to overwrite the existing file with the file from the backup. -recursive will only recover files which reside directly under the specified folder. And -quiet runs the subcommand with no prompts to the user.

Reference: Wbadmin start recovery http://technet2.microsoft.com/windowsserver2008/en/liBRary/52381316-a0fa-459f-b6a6- 01e31fb216121033.msp

QUESTION7: As an administrator at Itexamworld .com, you install a member server named ebms1 that has Windows Server 2008 as its primary operating system. The Terminal Services role is installed on the ebms1. The Terminal Server user profiles are in a folder named as UPT on a server called CKTS. On CKTS3, a home folder is placed for each user. As you monitor CKTS, you find out that there is only 5% of hard disk space remaining because the users are saving their files on their profiles on CKTS instead of using their home folders. You have to limit the amount of disk space allocated to each user to 200 MB. What

should you do to achieve that? A. On the ebms1, configure a group policy object. Configure a default quota limit to 200 MB and set a warning level policy B. Create a new group policy object and link it to the CKTS. Configure the UPT folder to limit the disk space quota to allocate 200 MB to all users. C. Configure the disk quotas for the volume that hosts UPT folder. Limit the users to use only 200 MB of space. D. Configure each profile by activating disk quota on each profile. Apply folder redirection settings to redirect the users to save their files on CKTS3 E. None of the above

Answer: C

Explanation: To limit the amount of disk space allocated to each user to 200 MB, you need to configure the disk quotas for the volume that hosts UPT folder and then limit the users to use only 200 MB of space. Configuring a quota limit through group policy will not help in Terminal services scenario. Also disk quotas cannot be configured for each user profile rather it is configured on a volume or a folder.

Reference: Working with Quotas http://technet2.microsoft.com/windowsserver2008/en/liBRary/31790148-eaf1-4115-8a50-4ce7a4503d211033.msp Reference: Setting Up File Sharing Services http://safari.phptr.com/9780596514112/setting_up_file_sharing_services QUESTION 8:

Network Access Protection (NAP) is configured on the Itexamworld Corporate network with the default settings. You need to deploy an application that is mandatory to use for all the employees of the company and needs to be installed to all the client computers running Windows Vista. The application connects to a remote databaseat the backend. However, when you tried to deploy the application, it failed to run on client computers. On investigating the problem, you discovered that the anti-spyware software running on the client computers is creating problems because it is not compatible with the application that you are trying to install. To correct the problem, you disabled the anti-spyware on the client computers, but application still failed to run on the client computers. Which of the following options would you choose to ensure that all the client computers could run the new application? A. Disable the An anti-spyware application is on setting on the Windows Security Health Validator dialog box B. Disable the Anti-spyware is up to date setting on the Windows Security Health Validator dialog box C. Configure the Error code resolution setting for the System Health agent failure option to Healthy D. Configure the Windows Defender service to the Manual Startup type on the client computers. Re-start the Windows Defender Service. E. None of the above

Answer: A Explanation:

The application failed even after disabling the anti-spyware on the client computers because the client computers are supposed to be using anti-spyware application according to Windows Security Health Validator (SHV) policy that is configured on the client computers through NAP. To resolve the problem, you need to disable the anti-spyware application is on setting on the Windows Security Health Validator dialog box Disabling the Anti-spyware is up to date setting on the Windows Security Health Validator dialog box will not help if anti-spyware application is on setting on because the Anti-spyware is up to date setting will not ensure that the client is not using an anti-spyware application. Configuring the Windows Defender service or configuring the Error code resolution setting for the System Health agent failure option will not help because neither Windows defender nor System Health agent is creating problem in his case. Reference: An Introduction to Network Access Protection (Part 4) http://www.windowsnetworKing.com/articles_tutorials/Introduction-Network-Access-Protection-Part4.html

QUESTION 9:

The corporate network of Itexamworld consists of servers that have Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on them. A number of mobile users connect to the network wirelessly. You have NAP policies configured for these users. Which of the following options would you choose to ensure that NAP policies are enforced on portable computers that use a wireless connection to access the network? What should you do? A. Use MS-CHAP v2 authentication on all portable computers. B. Disable the Prevent connections to infrastructure networks option in the wireless Group Policy settings in the Group Policy Management Console. C. Use 802.1X authentication to on all access points. D. Enable the Prevent connections to infrastructure networks option in the wireless Group Policy settings in the Group Policy Management Console. E. None of the above

Answer: C

Explanation: To ensure that NAP policies are enforced on portable computers that use a wireless connection to access the network, you need to configure all access points to use 802.1X authentication. 802.1X enforcement enforce health policy requirements every time a computer attempts an 802.1X-authenticated network connection. 802.1X enforcement also actively monitor the health status of the connected NAP client and applies the restricted access profile to the connection if the client becomes noncompliant. Reference: Microsoft Improves Security Policy Compliance with Network Access Protection http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000983

QUESTION 10:

On the corporate network of Itexamworld the Network Access Protection (NAP) is configured. Some users connect to the corporate network remotely. The remote computers

can cause security problems to the corporate network Which of the following options would you choose to ensure that data transmissions between remote client computers and the corporate network are as secure as possible? A. Use MS-CHAP v2 authentication for all VPN connections. B. Configure a NAP policy for 802.1x wireless connections. C. Restrict DHCP clients by using NAP. D. Apply an IPSec NAP policy. E. None of the above

Answer: B

Explanation: To ensure that NAP policies are enforced on portable computers that use a wireless connection to access the network, you need to configure all access points to use 802.1X authentication. 802.1X enforcement enforce health policy requirements every time a computer attempts an 802.1X-authenticated network connection. 802.1X enforcement also actively monitor the health status of the connected NAP client and applies the restricted access profile to the connection if the client becomes noncompliant.

Reference: Microsoft Improves Security Policy Compliance with Network Access Protection http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000983

QUESTION 11:

As a network administrator for Itexamworld , you have installed Windows 2008 Server on all the server computers of the company and Windows XP Professional Service Pack 2 and Windows Vista on all the client computers in the company. The company now wants all the computers to join the corporate network but wants to restrict non-compliant computers from communicating on the network. The computers must meet the system health requirements as stated in the corporate security policy. Which of the following roles service you should install to achieve this? A. Network policy and Access services B. Routing and Remote Access services C. Terminal Services licensing D. Terminal Services gateway E. None of the above

Answer: A

Explanation: The Network Access Protection (NAP) is a component of the Network policy and Access services that allow protecting network resources by enforcing compliance with system health requirements. Reference: Security and Policy Enforcement http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx

QUESTION 12:

Itexamworld uses Routing and Remote Access Service (RRAS) for remote users access on their corporate network, which uses Active directory domain. The remote user computers are not part of domain members. The remote user's computers are source of virus infection on internal member servers. As a desktop support technician for Itexamworld , which of the following options would you choose to ensure that the corporate network of the company does not get infected with the virus infections that the remote computers might be infected with. A. Deploy anti-virus software on RRAS server and configure automatic updates for anti-virus software B. Configure a network health policy which ensures that anti-virus software is running and the anti-virus application is up to date C. Configure a network health policy which enforces an anti-spy ware application and that the anti-spy ware application is up to date D. Create a separate OU for remote users. Deploy anti-virus software on OU by using a group policy object (GPO) E. None of the above

Answer: B

Explanation: To protect the network from virus infections transmitted via remote users, you need to configure a network health policy which enforces that anti-virus software is running and the anti-virus application is up to date. A network health policy can be configured by implementing NAP. Deploying anti-virus software on RRAS server will not ensure the implementation of NAP, which is important to ensure that the client computers on a private network meet administrator-defined requirements for system health. A network health policy which enforces that an anti-spy ware application is running and is up to date will not help because the anti-spyware software does not give protection from virus infections. Reference: SolutionBase: Introducing Network Access Protection for Windows http://techrepublic.com.com/2415-1035_11-177853.html Reference: Network Access Protection http://technet2.microsoft.com/windowsserver2008/en/liBRary/40dcd5ed-1cb9-4f29-8470- f6b4548c8e121033.msp

QUESTION 13:

The corporate network of Itexamworld consists of a Windows Server 2008 single Active Directory domain, All servers in the domain run Windows Server 2008. A domain server called Itexamworld 3 functions as a NAT server. Which forward port would you configure on Itexamworld 3 to Itexamworld 7 to ensure that administrators can access the server, Itexamworld 7 by using Remote Desktop Protocol (RDP). A. forward port 1432 to Itexamworld 7 B. forward port 389 to Itexamworld 7 C. forward port 3339 to Itexamworld 7 D. forward port 3386 to Itexamworld 7 E. None of the above

Answer: C

Explanation:

To ensure that administrators can access the server, Itexamworld 7 by using Remote Desktop Protocol (RDP), you need to configure the Itexamworld 3 to forward port 3339 to Itexamworld 7 The Remote Desktop Protocol is designed to work across TCP port 3389.If you are attempting to connect to a remote machine that sits behind a firewall, then the firewall must allow traffic to flow through TCP port 3389. Reference: Troubleshooting Remote Desktop / The Remote Computer Cannot be Found http://www.windowsnetworKing.com/articles_tutorials/Troubleshooting-Remote-Desktop.html

QUESTION 14: On the corporate network of Itexamworld , you deployed a Windows Server 2008 VPN server behind the firewall. The firewall is configured to allow only secured Web communications. Most of the remote users that connect to the corporate network through VPN use portable computers that run Windows Vista with the latest service pack. Which of the following type of connection would you create to enable remote users to connect to the corporate network as securely as possible without opening ports on the firewall? A. L2TP VPN connection B. SSTP VPN connection C. IPsec tunnel D. PPTP VPN connection E. None of the above

Answer: C

Explanation: To enable remote users to connect to the corporate network as securely as possible without opening ports on the firewall, you need tocreate an IPsec tunnel, which does not require a firewall to open ports for secure communication. Reference: 14.10 VPN over IPsec http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html