TS: Windows Server 2008 Network Infrastructure, Configuring

Number: 70-642
Passing Score: 800
Time Limit: 120 min
File Version: 1.0

Microsoft 70-642

TS: Windows Server 2008 Network Infrastructure, Configuring

256 Q&A

Version 3.0

By Jarod The Pretender

Version Date: 09/09/2009

Exam A

QUESTION 1
You work as the IT professional in an international company which is named Wiikigo. You are experienced
in implementing and administering a network operating system. You are specialized in configuring IP
Addressing and Services, configuring name resolution and network access and so on. There is a server
named S01 in your company. S01 runs a Server Core installation of Windows Server 2008, and the DNS
Server server role. S01 has one network interface named Local Area Connection. The static IP address of
the network interface is configured as 10.0.0.1. Now you receive an order from the company management,
you are asked to create a DNS zone named local.wiikigo.com on S01.
Which command should be used?

A. dnscmd Server1 /ZoneAdd local.wiikigo.com /DSPrimary should be used.

B. ipconfig /registerdns:local.wiikigo.com should be used.
C. netsh interface ipv4 set dnsserver name=local.wiikigo.com static 10.0.0.1 primary should be used.
D. dnscmd Server1 /ZoneAdd local.wiikigo.com /Primary /file local.wiikigo.com.dns should be used.

Answer: D
Section: (none)

Explanation/Reference:

QUESTION 2
You work as the IT professional in an international company which is named Wiikigo. You are experienced
in implementing and administering a network operating system. You are specialized in configuring IP
Addressing and Services, configuring name resolution and network access and so on. There is an Active
Directory domain named ad.contoso.com in your company. Windows Vista is run by all client computers.
Recently your company has purchased a company that has an Active Directory domain named ad.luxware.
com. A two-way forest trust is established between the ad.luxware.com domain and the ad.wiikigo.com
domain. According to the company requirement, you have to edit the ad.wiikigo.com domain Group Policy
object (GPO) to enable users in the ad.wiikigo.com domain to access resources in the ad.luxware.com
domain.
So what action should you perform?

A. The Primary DNS Suffix option should be configured to ad.wiikigo.com, ad.luxware.com. The Primary
DNS Suffix Devolution option should be configured to False.
B. The DNS Suffix Search List option should be configured to ad.wiikigo.com, ad.luxware.com.
C. The Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries option should be configured
to True.
D. The Primary DNS Suffix option should be configured to ad.wiikigo.com, ad.luxware.com. The Primary
DNS Suffix Devolution option should be configured to True.

Answer: B
Section: (none)

Explanation/Reference:

QUESTION 3
On the corporate network of Hi-Tech Company the Network Access Protection (NAP) is configured. You
have configured the 802.1x authentication to all the access points that will be used to access
to the corporate network using wireless computers to ensure secure wireless access. Which of the following
options would you choose to ensure that all the client computers that try to access the corporate network
are evaluated by NAP?

A. Configure a Connection Request Policy having EAP-TLS as the only available authentication method
B. Configure all access points as RADIUS clients to the Remediation Servers.
C. Configure a Network Policy having the Remote Access Server as the only available authentication
method
D. Configure all access points as RADIUS clients to the Network Policy Server (NPS).

Answer: A
Section: (none)

Explanation/Reference:

QUESTION 4
What's "Allow Full Network Access for a Limited Time"?

Click here to input the answer.

A.
B.
C.
D.

Answer:
Section: (none)

Explanation/Reference:
Allow Full Network Access For A Limited Time Grants full access up to a specific date and then restricts
access to the selected Remediation Server Group. Use this option during the initial NAP deployment if you
want to offer a grace period for noncompliant computers. When selecting this option, click the Configure
button to select a remediation server group and specify a troubleshooting URL. If you select this option
when using VPN enforcement, VPN clients are disconnected when the expiration time is reached.

QUESTION 5
You are an enterprise administrator for Hi-Tech Company. The company has a head office and 15 branch
offices. The corporate network of the company consists of a single Active Directory domain, where all
servers run Windows Server 2008. The branch office computers use VPN connections to connect to the
head office computers.
Which of the following options would you choose to ensure that users cannot access the VPN server
remotely from 21:00 to 06:00?

A. Create a network policy for VPN connections and configure the Day and time restrictions accordingly
B. Configure the Logon Hours for the default domain policy by enabling the Force logoff when logon hours
expire option
C. Create a network policy for VPN connections and apply an IP filter to deny access to the corporate
network.
D. Configure the Logon hours for all user objects by specifying only the VPN server on the Computer
restrictions option.

Answer: A
Section: (none)

Explanation/Reference:
Exam B

QUESTION 1
On the corporate network of Hi-Tech.com, you deployed a Windows Server 2008 VPN server behind the
firewall. The firewall is configured to allow only secured Web communications. Most of the remote users
that connect to the corporate network through VPN use portable computers that run Windows Vista with the
latest service pack.
Which of the following type of connection would you create to enable remote users to connect to the
corporate network as securely as possible without opening ports on the firewall?

A. L2TP VPN connection

B. SSTP VPN connection
C. IPsec tunnel
D. PPTP VPN connection

Answer: B
Section: (none)

Explanation/Reference:

QUESTION 2
You are working with a server running the RRAS that is configured for the Windows authentication provider.
You have administered several policies from RRAS to the server. Which of the following
connection settings cannot be validated before authorization occurs by the policies you set up?

A. Advanced conditions such as access server identity, access client phone number, or MAC address.
B. Remote access permission
C. Whether user account dial-in properties are ignored
D. None of the above

Answer: D
Section: (none)

Explanation/Reference:

QUESTION 3
You are an enterprise administrator for Hi-Tech.com. The company consists of a head office and a Branch
office. The corporate network of the company consists of a single Active Directory domain.
All the servers in the domain run Windows Server 2008.
You have been assigned the task to configure the server in the head office as a VPN server. Which of the
following roles would you install on the server to accomplish the given task? (Select two.
Each correct answer will form a part of the answer)

A. Network Policy and Access Services role

B. Routing and Remote Access Services role service
C. Windows Deployment Services role
D. Deployment Transport Role Service
E. Host Credential Authorization Protocol role service
F. Deployment Server role service

Answer: AB
Section: (none)

Explanation/Reference:
QUESTION 4
You work as the IT professional in an international company which is named Wiikigo. You are experienced
in implementing and administering a network operating system. You are specialized in configuring IP
Addressing and Services, configuring name resolution and network access and so on. Network Access
Protection (NAP) has been deployed by your company. You configure secure wireless access to the
network by using 802.1X authentication from any access point. According to the company requirement, you
have to make sure that all client computers that access the network are evaluated by NAP.
So what action should you perform?

A. All access points should be configured as RADIUS clients to the Network Policy Server (NPS).
B. All access points should be configured as RADIUS clients to the Remediation Servers.
C. A Network Policy that specifies EAP-TLS as the only available authentication method should be created.
D. A Network Policy that defines Remote Access Server as a network connection method should be
created.

Answer: A
Section: (none)

Explanation/Reference:

QUESTION 5
You need to expand your network and create a new subnet for a new research project. You want the traffic
for the research group to remain local to the subnet. None of the computers for the research project are
installed yet. What's the fastest and easiest way to go about creating this subnet and keeping local traffic
local?

A. Add the computers to the network, assign them a different subnet mask, enable IPsec through Group
Policy, and assign it to the research project subnet
B. Create a scope on the DHCP server that will provide addresses to just those computers, install a router,
assign it a static IP address, and use that router as the default gateway for the computers on that subnet
C. Install a new router and configure it as the DHCP Relay Agent for the existing scope using a static IP
address. Then, connect the new computers to the network through the new router.
D. Modify the existing scope options on the DHCP server so that the subnet addresses for the new
research subnet are excluded from the scope. Install a new router and configure it with a static IP
address from the same range as the excluded IP addresses. Last, connect the new computers to the
subnet and check that they are configured to automatically get IP configuration data

Answer: B
Section: (none)

Explanation/Reference:
Exam C

QUESTION 1
You are an Enterprise administrator for Hi-tech.com. The corporate network of the company consists of a
single Active Directory domain. All computers are members of the Active Directory domain. All the servers
on the corporate network run Windows Server 2008 and all client computers run Windows Vista.
The domain consists of a server called Server01 on which the Secure Server (Require Security) IPSec
policy is assigned by using a GPO. However, after this assignment, the network users reported that they fail
to connect to Server01. Which of the following options would you choose to ensure that users can connect
to Server01 and all connections to Server01 must be encrypted?

A. Assign the Client (Respond Only) IPSec policy to all client computers.
B. Assign the Server (Request Security) IPSec policy to Server01.
C. Assign the Client (Respond Only) IPSec policy to Server01.
D. Restart the IPSec Policy Agent service on Server01

Answer: A
Section: (none)

Explanation/Reference:

QUESTION 2
You've asked Justin, a junior member of your IT staff, to install Windows Server 2008 on a spare computer
in the lab and set up the DHCP role so you can teach a class on what's new in DHCP. Justin hesitates and
asks how he should set the scope settings so it doesn't take the network down. What should you tell Justin?

A. DHCP in Windows Server 2008 cannot be installed on a computer attached to a network with a live
DHCP server. Remove the server's network connection before installing DHCP
B. Only one DHCP can exist on a network. He should configure the server as a DHCP relay agent instead.
C. A new DHCP server must be authorized in AD before it can perform the DHCP role.
D. Adding a new DHCP server could not take the network down.

Answer: C
Section: (none)

Explanation/Reference:

QUESTION 3
You are an enterprise administrator for Hi-Tech Company. The corporate network of the company consists
of a single Active Directory domain. All the servers in the domain run Windows Server 2008.
The domain consists of a DHCP server named Server01, which is used to lease IP addresses to all the
computers in the domain. The DHCP server contains only one scope. Besides this an application server
named Server02 runs in the domain.
Which of the following options would you choose to ensure that Server02 always receives the same IP
address? You also need to make sure that the Server02 must always receive its DNS settings and its WINS
settings from DHCP server.

A. Assign a static IP address to Server02

B. Create a DHCP reservation in the DHCP scope of Server01
C. Create an exclusion range in the DHCP scope of Server01.
D. Create a multicast scope in Server01.

Answer: B
Section: (none)
Explanation/Reference:

QUESTION 4
You are an Enterprise administrator for Hi-tech.com. The company consists of a single Active Directory
domain where all the servers on the corporate network run Windows Server 2008. The company consists of
10 servers that perform as Web servers. One of the web servers called Server01 has FTP service installed.
The server stores all the confidential files of the company. According to the company's security policy all the
confidential data of the company must be transmitted over the network in the most secure manner.
However, when during a routine security check, you found that the confidential files stored on Server01
server are being transmitted over the network without encryption.
Which of the following options would you choose to ensure that encryption is always used when the
confidential files on the Server01 server are transmitted over the network? (Select all that apply)

A. Use NTLM authentication methods on the Server01 server

B. Publish the confidential files on Server01 using IIS and then activate SSL on the ISS server
C. Use IPSec encryption between the Server01 server and the other network computers where the files
need to be transmitted
D. Use the Server Message Block (SMB) signing between the Server01 server and the other network
computers where the files need to be transmitted.
E. Activate offline files for the confidential files that are stored on the Server01 server and select the
Encrypt contents to secure data option in the Folder Advanced Properties dialog box

Answer: BC
Section: (none)

Explanation/Reference:

QUESTION 5
Your company's president comes to you and says that he understands IPv6 is fully supported in Windows
Server 2008. He will approve your IT budget if it includes plans to transition to Windows Server 2008 and
IPv6. However, he wants to know how quickly you can transition to IPv6. What should you tell him?

A. There is no fast and easy way to transition to IPv6. Much of the Internet's backbone is running on IPv4,
so transitional technologies will be required. You'd recommend setting up IPv6 segments and using a
tunneling protocol for the transition to begin
B. The transition to IPv6 on the Internet backbone has been completed and as soon as the company
upgrades to Windows Server 2008 and replaces its routers, you're good to go
C. There is no reasonable way to transition to IPv6 for this organization since all hardware and software
would have to be replaced to run Windows Server 2008 or Windows Vista. The cost would be prohibitive
and is therefore not recommended
D. The transition to IPv6 requires the installation of new hardware and software on all subnets using IPv6
exclusively. In the meantime, IPv4 can be used on older subnets and IPv6 can be used on newer
subnets and a specific IPv4 to IPv6 router can be installed to bridge the two.

Answer: A
Section: (none)

Explanation/Reference: