Chapter 10. Practice Exam 2

You are a team member who has been picked to work on setting up and configuring a new DNS deployment. You are working on the design and selection of the required DNS zones.

Your design requirements call for using a certain type of zone. Your remote location is not as secure as it should be, so you need to use a read-only copy of the DNS zone as a precaution. The design requires having an entire copy of the zone data and interoperation of the DNS server and the chosen zone with BIND “based DNS servers.

Which type of zone should be set up at this location?

• A. Standard Primary zone

• B. Standard Secondary zone

• C. Active Directory “integrated zone

• D. Stub zone

You are a team member who has been picked to work on setting up and configuring a new DNS deployment. You are working on the design and selection of the required DNS zones.

Your design requirements call for the use of a zone, where you need to use secure dynamic updates; you must also have interoperation of the DNS server and the chosen zone with BIND “based DNS servers and to have an entire copy of the zone data.

Which type of zone should be set up at this location?

• A. Standard Primary zone

• B. Standard Secondary zone

• C. Active Directory “integrated zone

• D. Stub zone

You are a team member who has been picked to work on setting up and configuring a new DNS deployment. You are working on the design and selection of the required DNS zones.

Your design requirements call for the use of a zone, where you need to configure the clients to use an authoritative DNS server across noncontiguous namespaces.

Which type of zone should be set up at this location?

• A. Standard Primary zone

• B. Standard Secondary zone

• C. Active Directory “integrated zone

• D. Stub zone

You are working as a network administrator for gunderville.com . A newly deployed print server named PSERVER1 has network communication problems. A user on the third floor reports that he cannot print to the server and cannot PING it from his location. He gives you the following machine information:

 Physical Address : 02-51-BC-F4-A5-91 DHCP Enabled       Yes IP address         199.254.15.11 Subnet Mask        255.255.255.0 Default Gateway    199.254.15.1 

You are in the server area and have verified that all cables are properly attached to PSERVER1. You type Ipconfig /all at a command prompt from the print server and get the following printout:

 Physical Address : 00-50-BA-F8-B5-93 DHCP Enabled       No IP address         10.67.35.10 Subnet Mask        255.0.0.0 

You decide to verify whether you can reach the print server, so you PING PSERVER1.gunderville.com from PSERVER1 and get the expected reply. You then PING SERVER01 , which is a Windows Server 2003 system on this subnet, from PSERVER1 and receive the expected response. You decide to PING PSERVER1 from SERVER01 and receive the following reply:

 Pinging PSERVER1 [10.67.35.10] with 32 bytes of data: Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Ping statistics for 10.67.35.10:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milliseconds: Minimum = 0ms, Maximum =  0ms, Average =  0ms 

You then PING localhost from PSERVER1 and receive the following reply

 D:\>ping localhost Pinging PSERVER1 [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Ping statistics for 127.0.0.1:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milliseconds:     Minimum = 0ms, Maximum =  0ms, Average =  0ms 

What appears to be the cause of the network communication problem?

• A. The subnet mask on the user's workstation is incorrect.

• B. The default gateway on the user's workstation is incorrect.

• C. PSERVER1 is configured with two IP addresses which is causing intermittent failures.

• D. No default gateway is configured on the printer.

You are working as a network administrator for gunderville.com . A newly deployed print server named PSERVER1 has network communication problems. A user on the third floor reports that he cannot print to the server and cannot PING it from his location. He gives you the following machine information:

 Physical Address : 02-51-BC-F4-A5-91 DHCP Enabled       No IP address         199.254.15.35 Subnet Mask        255.255.255.240 Default Gateway    199.254.15.1 

You are in the server area and have verified that all cables are properly attached to PSERVER1. You type Ipconfig /all at a command prompt from the print server itself and you get the following print out:

 Physical Address : 00-50-BA-F8-B5-93 DHCP Enabled       No IP address         10.67.35.10 Subnet Mask        255.0.0.0 Default Gateway    10.33.77.254 

You decide to verify you can reach the print server, so you PING PSERVER1. gunderville.com from PSERVER1 and you get the expected reply. You then PING SERVER01 which is a Windows Server 2003 system on this subnet from PSERVER1 and you receive the expected response. You then PING PSERVER1 from SERVER01 and you receive the following reply:

 Pinging PSERVER1 [10.67.35.10] with 32 bytes of data: Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Ping statistics for 10.67.35.10:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milliseconds:     Minimum = 0ms, Maximum =  0ms, Average =  0ms 

You then PING localhost from PSERVER1 and you receive the following reply:

 D:\>ping localhost Pinging PSERVER1 [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Ping statistics for 127.0.0.1:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milliseconds:     Minimum = 0ms, Maximum =  0ms, Average =  0ms 

What appears to be the cause of the network communication problem? (Choose three.)

• A. The subnet mask on the user's workstation is incorrect.

• B. The default gateway on the user's workstation is incorrect.

• C. PSERVER1 is configured with two IP addresses, which is causing intermittent failures.

• D. The default gateway on PSERVER1 is incorrect.

• E. The IP address on the user's workstation is incorrect.

• F. The subnet mask on PSERVER1 is incorrect.

• G. The IP address on PSERVER1 is incorrect.

You are working as a network administrator for gunderville.com . A newly deployed print server named PSERVER1 on the "10" network has network communication problems. Recently, ROUTER1 with an IP address of 10.99.35.1 was not responding and needed to be rebooted. You have verified that it is now online and functioning properly. A user on the third floor with an IP address of 199.254.1546 reports that he cannot print to the server and cannot PING it from his location. He gives you the following machine information:

 Physical Address : 02-51-BC-F4-A5-91 DHCP Enabled       No IP address         199.254.15.46 Subnet Mask        255.255.255.240 Default Gateway    199.254.15.32 

You are in the server area and have verified that all cables are properly attached to PSERVER1. You type Ipconfig /all at a command prompt from the print server itself and you get the following printout:

 Physical Address : 00-50-BA-F8-B5-93 DHCP Enabled       No IP address         10.67.35.10 Subnet Mask        255.255.255.0 Default Gateway    10.99.35.1 

You decide to verify you can reach the print server so you PING PSERVER1. gunderville.com from PSERVER1 and you get the expected reply. You then PING SERVER01 which is a Windows Server 2003 system on this subnet from PSERVER1 and you receive the expected response. You then PING PSERVER1 from SERVER01 and you receive the following reply:

 Pinging PSERVER1 [10.67.35.10] with 32 bytes of data: Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Reply from 10.67.35.10: bytes=32 time<10ms TTL=128 Ping statistics for 10.67.35.10:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milliseconds:     Minimum = 0ms, Maximum =  0ms, Average =  0ms 

You then PING localhost from PSERVER1 and you receive the following reply:

 D:\>ping localhost Pinging PSERVER1 [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Ping statistics for 127.0.0.1:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milliseconds:     Minimum = 0ms, Maximum =  0ms, Average =  0ms 

What appears to be the cause of the network communication problem?

• A. The subnet mask on the user's workstation is incorrect.

• B. The default gateway on the user's workstation is incorrect.

• C. PSERVER1 is configured with two IP addresses, which is causing intermittent failures.

• D. The subnet mask on PSERVER1 is incorrect.

You are the domain administrator for gunderville.com , which has sites in New York, Boston, Hartford, and Wallingford. Clients in your domain consist of Windows 98, Windows Me, Windows 2000, and Windows XP Professional systems.

You have been asked to secure all IP traffic between the Hartford and Wallingford locations. You must also configure a lower-than-standard level of data encryption because of backward-compatibility issues.

Which of the following options is best suited to meet all the needs for your scenario? (Choose two.)

• A. Use Layer Two Tunneling Protocol (L2TP) and IP Security (IPSec).

• B. Use Layer Two Tunneling Protocol (L2TP) and Microsoft Point-to-Point Encryption (MPPE).

• C. Use Point-to-Point Tunneling Protocol (PPTP) and IP Security (IPSec).

• D. Install an RRAS server at the Hartford and Wallingford locations.

• E. Install a VPN server at the Hartford and Wallingford locations.

• F. Install a VPN server at the Hartford and Wallingford locations.

You are the domain administrator for gunderville.com , which has small sites in New York, Boston, Hartford, and Wallingford. Clients in your domain consist of Windows 98, Windows Me, Windows 2000, and Windows XP Professional systems.

You have been asked to configure and secure the IP traffic from the Hartford location to the remote office in Wallingford. You need to devise a solution for all clients that supports header encryption and tunnel authentication and provides data encryption.

Your primary objective is to secure the IP traffic that leaves your network traversing an untrusted network and the solution provided must support all the clients in the environment. Your secondary objectives are to carry out these actions with the least amount of administrative effort and to support the necessary header compression, tunnel authentication, and encryption requirements.

What do you need to do to meet all the objectives? (Choose three.)

• A. The Microsoft L2TP/IPSec VPN client must be installed on systems running Windows 98, Windows 2000, and Windows Me.

• B. The Microsoft L2TP/IPSec VPN client must be installed on systems running Windows 98 and Windows Me.

• C. Implement L2TP and IPSec running in Transport mode.

• D. Configure a local security policy to require security.

• E. Configure a domain security policy to require security.

• F. Configure a local security policy to request security.

• G. Configure a domain security policy to request security.

You are the domain administrator for gunderville.com , which has sites in New York, Boston, Hartford, and Wallingford. Clients in your domain consist of Windows 98, Windows Me, Windows 2000, and Windows XP Professional systems.

You have been asked to configure and secure the IP traffic from the Hartford location to the remote office in Wallingford and install an RRAS server at each location. You need to devise a solution for all clients that supports header encryption and tunnel authentication and provides data encryption.

Your primary objective is to secure the IP traffic that leaves your network traversing an untrusted network, and the solution must support all clients in the environment. Your secondary objectives are to carry out these actions with the least amount of administrative effort and to support the necessary header compression, tunnel authentication, and encryption requirements.

What do you need to do to meet all the objectives? (Choose two.)

• A. The Microsoft L2TP/IPSec VPN client must be installed on systems running Windows 98 and Windows Me.

• B. Implement L2TP and IPSec running in Tunnel mode.

• C. Configure a local security policy on the clients to require security.

• D. Configure a domain security policy to require security.

• E. Configure a domain security policy to request security.

• F. Configure a local security policy on the RRAS servers to require security.

You are the domain administrator for gunderville.com , which has sites in New York, Boston, Hartford, and Wallingford. Systems in use consist of Windows 2000 Professional, Windows 2000 Server, Windows Server 2003, and Windows XP Professional.

You have been asked to configure systems in your environment to use Remote Assistance so that local help desk users can log on to the local end users' systems as needed. All Windows XP client systems are running Internet Connection Firewall (ICF).

Your primary objective is to enable Remote Assistance for all client systems in your environment. Your secondary objectives are to meet your goals with the least amount of administrative effort and to not affect (alter) the level of security on the LAN unless you need to.

You open port 3389 on the external firewall for the Remote Assistance traffic and you also open port 3389 on the Windows XP client systems that are running Internet Connection Firewall (ICF).

What is the result of your actions?

• A. The primary objective and both secondary objectives have been met.

• B. The primary objective and one Secondary objective have been met.

• C. The primary objective has not been met. However, both secondary objectives have been met.

• D. Only one secondary objective has been met.

• E. None of the objectives has been met.

You are the domain administrator for gunderville.com , which has sites in New York, Boston, Hartford, and Wallingford. Systems in use consist of Windows 2000 Professional, Windows 2000 Server, Windows Server 2003, and Windows XP Professional.

The subnet addressing schemes in each location are as follows :

Boston uses 177.25.0.128 with a subnet mask of 255.255.255.192.

Hartford uses 177.25.0.192 with a subnet mask of 255.255.255.192.

New York uses 177.25.1.0 with a subnet mask of 255.255.255.192.

Wallingford uses 177.25.1.64 with a subnet mask of 255.255.255.192.

How many host addresses are available per subnet?

• A. 30

• B. 62

• C. 14

• D. 126

• E. 254

You are the domain administrator for gunderville.com , which has sites in New York, Boston, Hartford, and Wallingford. Systems in use consist of Windows 2000 Professional, Windows 2000 Server, Windows Server 2003, and Windows XP Professional.

The subnet addressing schemes in each location are as follows:

Boston uses 177.25.0.128 with a subnet mask of 255.255.255.192.

Hartford uses 177.25.0.192 with a subnet mask of 255.255.255.192.

New York uses 177.25.1.0 with a subnet mask of 255.255.255.192.

Wallingford uses 177.25.1.64 with a subnet mask of 255.255.255.192.

Which routing protocols are available for your internal Windows Server 2003 network? (Choose two.)

• A. RIP version 1 (RIPv1)

• B. RIP version 2 (RIPv2)

• C. Open Shortest Path First (OSPF)

• D. Border Gateway Protocol (BGP)

You are the domain administrator for gunderville.com , which has sites in New York, Boston, Hartford, and Wallingford. Systems in use consist of Windows 2000 Professional, Windows 2000 Server, Windows Server 2003, and Windows XP Professional.

The subnet addressing schemes in each location is as follows:

Boston uses 177.25.0.128 with a subnet mask of 255.255.255.192. All hosts are internally interconnected by hubs. Their external connection is through an RRAS server.

Hartford uses 177.25.0.192 with a subnet mask of 255.255.255.192. All the hosts are internally interconnected by hubs. Their external connection is through an RRAS server.

New York uses 177.25.1.0 with a subnet mask of 255.255.255.192. All the hosts are internally interconnected by hubs. Their external connection is through an RRAS server.

Wallingford uses 177.25.1.64 with a subnet mask of 255.255.255.192. All the hosts are internally interconnected by hubs. Their external connection is through an RRAS server.

Based on this information, which of the following statements are accurate? (Choose two.)

• A. Each location is part of its own broadcast domain.

• B. All locations are part of the same broadcast domain.

• C. All locations are part of the same collision domain.

• D. Each location is part of its own collision domain.

You are reviewing some network traces that outline the traffic between a Windows 2000 member server and a Windows Server 2003 domain controller. You need to resolve an in-house application and connectivity inconsistency between the two systems.

You have decided to review the DNS resolution of the application and some subsequent routing information on the subnet, and then prepare a report for management. For the purposes of your report, you need to explain which layer of the TCP/IP architecture you are testing.

At which layer of the TCP/IP architecture will you find the protocol that provides the necessary information for review?

• A. Application

• B. Host-to-host transport

• C. Internet

• D. Network interface

You are reviewing some network traces that outline the traffic between some Windows 2000 client systems in your Windows Server 2003 domain. You are having problems with in-house application and network connectivity inconsistencies, so you have decided to review a cross section of the TCP traffic on the subnet and prepare a report for management. For the purposes of your report, you need to explain which layer of the TCP/IP architecture you are testing.

At which layer of the TCP/IP architecture will you find the protocol that provides the necessary information for review?

• A. Application

• B. Host-to-host transport

• C. Internet

• D. Network interface

You are reviewing some network traces for an issue with in-house application and network connectivity inconsistencies between some Windows XP Professional client systems in your Windows Server 2003 domain. You have decided to review a cross section of the IP traffic on the subnet and create a report for management. For the purposes of your report, you need to explain which layer of the OSI architecture you are testing.

Which layer of the OSI model will you list in your report?

• A. Application

• B. Presentation

• C. Session

• D. Transport

• E. Network

You are the domain administrator for gunderville.com . You have been tasked with reviewing some network access logs for your Windows Server 2003 environment to troubleshoot recent network connectivity inconsistencies between some Windows XP Professional client systems connecting to the network via dial-up connections.

Which of the following logs is the best place to begin your review?

• A. Windows Authentication logs

• B. Point-to-Point Protocol logs

• C. Internet Authentication Service logs

• D. Audit logs

You are the domain administrator for gunderville.com . You have been tasked with reviewing network access logs for your Windows Server 2003 environment to troubleshoot recent network connectivity inconsistencies between some Windows XP Professional client systems connecting to the network.

You believe that the problem is with systems connecting to the network with L2TP connections and IPSec encryption because this setup was recently enabled on the network. Which of the following logs is the best place to begin your review?

• A. Windows Authentication logs

• B. Point-to-Point Protocol logs

• C. Internet Authentication Service logs

• D. Audit logs

You are the network administrator for gunderville.com and you have been tasked with troubleshooting problems in the domain with users not being able to log on to systems and access resources.

Your investigation into the logon issue for a summer intern has taken you to the security logs on one of the domain controllers, where you are encountering a number of entries showing the event ID 532, indicating failed logon attempts. What is the most likely reason for the failed logon attempts?

• A. A logon attempt was made with an unknown username or a known username with an invalid password.

• B. A logon attempt was made by a user who violated his or her account logon time restriction.

• C. A logon attempt was made using an expired account.

• D. A logon attempt was made using a disabled account.

You are a desktop administrator for >gunderville.com and have been asked to handle a trouble ticket for a new user who just started work today. The user claims that she had a user account and password set up, but she has not been able to log in.

You call HR and find out that the account has been created; however, when you attempt to use the supplied information, the logon fails. Further investigation shows a number of event ID 531 errors in the event logs. What is the most likely reason for the failed logon attempt?

• A. A logon attempt was made with an unknown username or a known username with an invalid password.

• B. A logon attempt was made by a user who violated his or her account logon time restriction.

• C. A logon attempt was made using an expired account.

• D. A logon attempt was made using a disabled account.

You are the server administrator for your company's DMZ environment, and you need to delete the persistent static route of 192.168.1.0/24 to your internal subnet of 111.0.0.0 /8 on the internal NIC only. The server is using an internal IP address of 203.11.4.225 and an external address of 19.10.112.72.

What would you need to enter at the command prompt to remove this current persistent entry?

• A. route delete -p 192.168.1.0 mask 255.255.255.0 203.11.4.225

• B. route delete 192.168.1.0 mask 255.255.255.0 203.11.4.225

• C. route delete -p 192.168.1.0/24 203.11.4.225

• D. route delete 192.168.1.0/24 203.11.4.225

You are reviewing some documentation for your new network namespace design. A couple of entries are not clearly defined, and management has asked you to review and update certain sections.

One section in the documentation outlines the definition of a new forest to be deployed. You need to update the currently written section with a better definition of a forest. Which of the following choices is the best definition for this purpose?

• A. A forest is a collection of Active Directory domain trees that are part of a contiguous namespace.

• B. A forest is a collection of Active Directory domain trees that are never part of a contiguous namespace.

• C. A forest is a collection of Active Directory domain trees that may or may not be part of a contiguous namespace.

• D. A forest is a collection of Active Directory domain trees that are never part of a contiguous namespace when the domain functional level is set to Windows 2000 native.

You are reviewing some documentation for the new DHCP deployment for your network. You need to define and outline at the highest level the four main planning, design, and implementation steps for upper management. Which of the following outlines includes these steps? (Choose four.)

• A. An outline of the proposed DHCP design

• B. An outline of the proposed DHCP design and its integration with existing services

• C. An outline of the proposed scope configuration for the domain

• D. An outline of the proposed implementation of the DHCP solution

• E. An outline of the proposed hardware implementation for your DHCP solution

• F. An outline of the proposed exclusion ranges for your DHCP scopes

You are reviewing some documentation for your new DNS deployment for the gunderville.com domain. You need to define and outline at the design level the memory requirements and size calculations to be considered for your design. Under typical design usage, what are the memory requirements for a DNS server? (Choose three.)

• A. When a DNS server is started without any zones, 4MB of RAM is the minimum.

• B. When a DNS server is started without any zones, 8MB of RAM is the minimum.

• C. The DNS server uses additional RAM for each DNS zone added to the server.

• D. The DNS server does not use additional RAM for each DNS zone added to the server.

• E. For each resource record added to the server's DNS zones, 100 bytes of additional system memory is used.

• F. For each resource record added to the server's DNS zones, 1KB of additional system memory is used.

You are reviewing some documentation for your new DNS deployment for the gunderville.com domain. You need to define and outline the placement of new Windows Server 2003 systems running DNS for remote locations across your enterprise.

You need to provide a DNS solution for your Wallingford office, which has a limited amount of network bandwidth. Although there are plans in the works for increasing the amount of available bandwidth for this location, it will not be in place until the next fiscal year.

The client systems must always be able to resolve DNS queries, and there should be no single point of failure on this site for name resolution.

Which DNS role type is best suited for this location under these conditions?

• A. Two caching-only DNS servers should be in use.

• B. Two non-recursive DNS servers should be in use.

• C. Two forward-only DNS servers should be in use.

• D. Two conditional-forwarder DNS servers should be in use.

You are reviewing some documentation for your new DNS deployment for the gunderville.com domain. You need to define and outline the placement of new Windows Server 2003 systems running DNS for remote locations across your enterprise.

You need to provide a DNS solution for your Wallingford site to allow those client systems to resolve DNS queries for your domain, but you also need to prevent client systems on the Internet from using your DNS server for name resolution.

The client systems must always be able to resolve their DNS queries for gunderville.com , and there should be no single point of failure on this site for name resolution.

Which DNS role type is best suited for this location under these conditions?

• A. Two caching-only DNS servers should be in use.

• B. Two non-recursive DNS servers should be in use.

• C. Two forward-only DNS servers should be in use.

• D. Two conditional-forwarder DNS servers should be in use.

You are designing a security configuration for your Windows Server 2003 DNS deployment. Which of the following choices are configuration specifications for a low-level security standard DNS deployment? (Choose three.)

• A. All DNS servers permit zone transfers to any server.

• B. UDP and TCP/IP port 53 is open on your network firewall for both source and destination addresses.

• C. DNS zones are Active Directory integrated.

• D. Zone transfers are limited to only the servers listed in the name server (NS) resource records.

• E. Dynamic updating is allowed for all DNS zones.

• F. Discretionary access control lists (DACL) are in use on the DNS Server service so that only specific accounts can perform administrative tasks on the DNS server.

• G. Secure dynamic updates are enabled for DNS zones, except the top-level and root zones.

You are designing a security configuration for your Windows Server 2003 DNS deployment. Which of the following choices are configuration specifications for a medium-level security standard DNS deployment? (Choose three.)

• A. All DNS servers permit zone transfers to any server.

• B. UDP and TCP/IP port 53 is open on your network firewall for both source and destination addresses.

• C. DNS zones are Active Directory integrated.

• D. Zone transfers are limited to only the servers listed in the name server (NS) resource records.

• E. Dynamic updating is allowed for all DNS zones.

• F. Cache pollution prevention is enabled.

• G. Secure dynamic updates are not enabled for DNS zones.

You are designing a security configuration for your Windows Server 2003 DNS deployment for gunderville.com , and you need to review naming standards for child domains.

All child domains must be accessible from the Internet, follow standard domain naming conventions for acceptable characters , and be part of the contiguous domain namespace.

Which of the following child domain names is not acceptable? (Choose three.)

• A. u.s.a.gunderville.com

• B. usagunderville.com

• C. usa_gunderville.com

• D. usa.internal.gunderville.com

• E. usa.external.gunderville.com

• F. usainternal.gunderville.com

• G. usa-one.gunderville.com

• H. usa#1.gunderville.com

• I. u.s.a-one.gunderville.com

You are designing a security configuration for your Windows Server 2003 DNS deployment for gunderville.com , usa.gunderville.com , and connecticut.usa.gunderville.com . Each domain has two sites. The connecticut.usa.gunderville.com has the Wallingford and NH sites; the usa.gunderville.com domain has the Connecticut and New England sites; and the gunderville.com domain has the HQ and BU sites. Each site has two DNS servers for each DNS namespace.

All DNS servers are configured to use standard DNS zones. How many DNS servers total are deployed in the gunderville forest?

• A. 6

• B. 12

• C. 18

• D. 36

You are designing a security configuration for your Windows Server 2003 DNS deployment for gunderville.com, usa.gunderville.com , and connecticut.usa.gunderville.com . Each domain has two sites. The connecticut.usa.gunderville.com has the Wallingford and NH sites; the usa.gunderville.com domain has the Connecticut and New England sites; and the gunderville.com domain has the HQ and BU sites. Each site has two DNS servers for each DNS namespace.

All DNS servers are configured to use standard DNS zones. How many Standard Primary zones total are deployed in the gunderville.com forest?

• A. 3

• B. 6

• C. 12

• D. 24

You are designing a security configuration for your Windows Server 2003 DNS deployment for gunderville.com, usa.gunderville.com , and connecticut.usa.gunderville.com . Each domain has two sites. The connecticut.usa.gunderville.com has the Wallingford and NH sites; the usa.gunderville.com domain has the Connecticut and New England sites; and the gunderville.com domain has the HQ and BU sites. Each site has two DNS servers for each DNS namespace, and all DNS servers store zone information.

All DNS servers are configured to use standard DNS zones, and all DNS servers for each domain are autonomous for their DNS zones. This means that DNS servers with zone information for connecticut.usa.gunderville.com have only those DNS zones (and none of the other domains' DNS zones) as Standard Secondary zones.

How many Standard Secondary zones total are deployed in the gunderville.com forest?

• A. 3

• B. 6

• C. 24

• D. 33

You are designing a security configuration for your Windows Server 2003 DNS deployment for gunderville.com, usa.gunderville.com , and connecticut.usa.gunderville.com . Each domain has two sites. The connecticut.usa.gunderville.com has the Wallingford and NH sites; the usa.gunderville.com domain has the Connecticut and New England sites; and the gunderville.com domain has the HQ and BU sites. Each site has two DNS servers for each DNS namespace, and all DNS servers store zone information.

All DNS servers are configured to use standard DNS zones, and all DNS servers for each domain are autonomous for their DNS zones. This means that DNS servers with zone information for connecticut.usa.gunderville.com have only those DNS zones (and none of the other domains' DNS zones) as Standard Secondary zones.

How many Standard Secondary zones total are deployed in the gunderville.com domain?

• A. 1

• B. 2

• C. 3

• D. 11

You are designing a security configuration for your Windows Server 2003 DNS deployment for gunderville.com, usa.gunderville.com , and connecticut.usa.gunderville.com . Each domain has two sites. The connecticut.usa.gunderville.com has the Wallingford and NH sites; the usa.gunderville.com domain has the Connecticut and New England sites; and the gunderville.com domain has the HQ and BU sites. Each site has two DNS servers for each DNS namespace: a Windows Server 2003 DNS server and a BIND DNS server.

All Windows DNS servers are configured to use Active Directory “integrated DNS zones, and all BIND DNS servers contain Standard Secondary DNS zones for each domain. All domains are autonomous for their DNS zones. This means that DNS servers with zone information for connecticut.usa.gunderville.com have only those DNS zones (and none of the other domains' DNS zones) as Standard Secondary zones.

How many Standard Secondary zones total are deployed in the gunderville.com forest?

• A. 6

• B. 9

• C. 12

• D. 18

You are designing a security configuration for your Windows Server 2003 DNS deployment for gunderville.com, usa.gunderville.com , and connecticut.usa.gunderville.com . Each domain has two sites. The connecticut.usa.gunderville.com has the Wallingford and NH sites; the usa.gunderville.com domain has the Connecticut and New England sites; and the gunderville.com domain has the HQ and BU sites. Each site has two DNS servers for each DNS namespace: a Windows Server 2003 DNS server and a BIND DNS server.

You are deciding between Active Directory “integrated zones and Standard Primary zones. Which of the following are features of both Standard Primary zones and Active Directory “integrated zones? (Choose three.)

• A. IETF specifications for domain namespaces

• B. Stores zone information in Active Directory

• C. Support for incremental zone transfers

• D. Allows read/write access to the DNS namespace for all DNS servers

• E. Allows fault tolerance for DNS updates, regardless of which DNS server fails

• F. Allows fault tolerance for name resolution, regardless of which DNS server fails

You are designing a DNS configuration for your Windows Server 2003 DNS deployment for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

A number of different clients are in use in the domain, including Windows 98, Windows NT 4 Workstation, Windows 2000, and Windows XP. There are three workgroup configurations of Windows NT 4 Workstation, Windows 2000 Professional, and Windows XP Professional systems that are not members of the domain.

You are deciding whether to use the DHCP server for dynamic DNS updates or allow clients to do it themselves . What considerations must be made for the different clients in use on the network? (Choose three.)

• A. Windows 98 clients in the domain cannot update DNS dynamically.

• B. Windows NT 4 clients in the domain cannot update DNS dynamically.

• C. Windows NT 4 clients in the workgroup cannot update DNS dynamically.

• D. Windows 2000 Professional clients in the domain cannot update DNS dynamically.

• E. Windows 2000 Professional clients in the workgroup cannot update DNS dynamically.

• F. Windows XP clients in the domain cannot update DNS dynamically.

You are designing a DNS configuration for your Windows Server 2003 DNS deployment for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

A number of different clients are in use in the domain, including Windows 98, Windows NT 4 Workstation, Windows 2000, and Windows XP. There are three workgroup configurations of Windows NT 4 Workstation, Windows 2000 Professional, and Windows XP Professional systems that are not members of the domain.

You are deciding whether to use the DHCP server for dynamic DNS updates or allow clients to do it themselves. What catalyst is the major breakpoint of this design? (Choose two.)

• A. Windows 98 clients can update DNS dynamically.

• B. Windows NT 4 clients can update DNS dynamically.

• C. Windows NT 4 clients in the workgroup can update DNS dynamically.

• D. No clients in the domain can update DNS dynamically because of the zones in use and the security implemented in the DNS design.

• E. No clients in the workgroups can update DNS dynamically because of the zones in use and the security implemented in the DNS design.

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

The network has a number of different DNS servers, which include Windows Server 2003 DNS, Windows 2000 Server DNS, Windows NT 4 DNS, BIND DNS version 8.2.1, and BIND DNS version 4.9.7.

How will these different DNS implementations affect your domain's DNS configuration for dynamic updates? (Choose three.)

• A. Windows Server 2003 DNS supports dynamic updates.

• B. Windows 2000 Server DNS supports dynamic updates.

• C. Windows NT 4 DNS supports dynamic updates.

• D. BIND DNS version 8.2.1 supports dynamic updates.

• E. BIND DNS version 4.9.7 supports dynamic updates.

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

The network has a number of different DNS servers, including Windows Server 2003 DNS, Windows 2000 Server DNS, Windows NT 4 DNS, BIND DNS version 8.2.1, and BIND DNS version 4.9.7.

Which of the following does not affect your domain's DNS configuration for incremental zone transfers?

• A. Windows Server 2003 DNS supports incremental zone transfers.

• B. Windows 2000 Server DNS supports incremental zone transfers.

• C. Windows NT 4 DNS supports incremental zone transfers.

• D. BIND DNS version 8.2.1 supports incremental zone transfers.

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

The network has a number of different DNS servers, including Windows Server 2003 DNS, Windows 2000 Server DNS, Windows NT 4 DNS, BIND DNS version 8.2.1, and BIND DNS version 4.9.7.

How will these different DNS implementations affect your domain's DNS configuration for WINS and WINS-R lookups? (Choose three.)

• A. Windows Server 2003 DNS supports WINS and WINS-R lookups.

• B. Windows 2000 Server DNS supports WINS and WINS-R lookups.

• C. Windows NT 4 DNS supports WINS and WINS-R lookups.

• D. BIND DNS version 8.2.1 supports WINS and WINS-R lookups.

• E. BIND DNS version 4.9.7 supports WINS and WINS-R lookups.

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

You need to configure your DNS servers so that they provide DNS resolutions in which the DNS server returns the best possible answer based on its local cache or stored zone data without forwarding the query to another DNS server.

What type of DNS query and lookup request does the DNS server perform when a client is trying to connect to http://www.gunderville.com ? (Choose two.)

• A. Forward DNS lookup

• B. Reverse DNS lookup

• C. Iterative DNS query

• D. Recursive DNS query

• E. WINS query

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

You need to configure your DNS servers so that they provide DNS resolutions in which the DNS server assumes the full workload and responsibility for supplying a complete answer to the DNS query.

What type of DNS query and lookup request does the DNS server perform when a client is trying to connect to http://www.gunderville.com ? (Choose two.)

• A. Forward DNS lookup

• B. Reverse DNS lookup

• C. Iterative DNS query

• D. Recursive DNS query

• E. WINS query

• F. WINS-R query

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

Each domain has six sites, and each site has two DNS servers: a Windows Server 2003 DNS server and a Windows 2000 DNS server. The Windows 2000 Server systems deployed with the DNS service are DNS1.gunderville.com through DNS6.gunderville.com , and the Windows Server 2003 DNS systems are DNS7.gunderville.com through DNS12.gunderville.com .

You need to configure your DNS servers so that they provide DNS resolutions in which the DNS server assumes the full workload and responsibility for supplying a complete answer to the DNS query.

You do not want any DNS servers in your enterprise to contain pointer information to root servers on the Internet, except for one designated DNS server. All servers should forward DNS requests for Internet resources to the DNS1.gunderville.com DNS server.

Keeping security design and deployment best practices in mind, what steps are required to perform this successfully? (Choose four.)

• A. Configure all DNS servers, DNS1.gunderville.com through DNS12.gunderville.com , as forwarders.

• B. Configure all the Windows 2000 DNS servers, DNS1.gunderville.com through DNS6.gunderville.com , as forwarders.

• C. Configure all the Windows Server 2003 DNS servers, DNS7.gunderville.com through DNS12.gunderville.com , with root hints.

• D. Configure all the DNS servers, DNS2.gunderville.com through DNS12.gunderville.com , as forwarders.

• E. Configure DNS1.gunderville.com with the root hints file.

• F. Configure the firewall rules to allow DNS queries from the internal network to the Internet for resolution.

• G. Configure the firewall rules to allow DNS1.gunderville.com queries from the internal network to the Internet for resolution.

• H. Remove root hints from DNS2.gunderville.com through DNS12.gunderville.com .

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones.

Each domain has six sites, and each site has two DNS servers: a Windows Server 2003 DNS server and a Windows 2000 DNS server. The Windows 2000 Server systems deployed with the DNS service are DNS1.gunderville.com through DNS6.gunderville.com , and the Windows Server 2003 DNS systems are DNS7.gunderville.com through DNS12.gunderville.com .

You need to configure your DNS servers so that they are updated more often because the DNS information in your enterprise is very dynamic. Where is the best place to make these changes if you want to adjust the time interval a secondary DNS server waits before querying for updated zone information?

• A. Retry interval on the Start of Authority (SOA) tab of the forward lookup zone

• B. Refresh interval on the Start of Authority (SOA) tab of the forward lookup zone

• C. The TTL (time to live) for this record on the Start of Authority (SOA) tab of the forward lookup zone

• D. Minimum (default) TTL on the Start of Authority (SOA) tab of the forward lookup zone

• E. Expires After settings on the Start of Authority (SOA) tab of the forward lookup zone

You are designing upgrades to your DNS configuration for gunderville.com and plan to use Standard Primary and Standard Secondary DNS zones.

Each domain has six sites, and each site has two DNS servers: a Windows Server 2003 DNS server and a Windows 2000 DNS server. The Windows 2000 Server systems deployed with the DNS service are DNS1.gunderville.com through DNS6.gunderville.com , and the Windows Server 2003 DNS systems are DNS7.gunderville.com through DNS12.gunderville.com .

You need to configure your DNS servers so that they are not providing old or out-of-date name resolution information. Where is the best place to make these changes if you want to shorten the amount of elapsed time before a secondary server stops responding to DNS queries because of failures for zone updates?

• A. Retry interval on the Start of Authority (SOA) tab of the forward lookup zone

• B. Refresh interval on the Start of Authority (SOA) tab of the forward lookup zone

• C. The TTL (time to live) for this record on the Start of Authority (SOA) tab of the forward lookup zone

• D. Minimum (default) TTL on the Start of Authority (SOA) tab of the forward lookup zone

• E. Expires After settings on the Start of Authority (SOA) tab of the forward lookup zone

You are designing upgrades to your DNS configuration for gunderville.com . The DNS design will use Standard Primary and Standard Secondary DNS zones, and no DNS clients need to resolve DNS names on the Internet.

Each domain has six sites, and each site has two DNS servers: a Windows Server 2003 DNS server and a Windows 2000 DNS server. The Windows 2000 Server systems deployed with the DNS service are DNS1.gunderville.com through DNS6.gunderville.com , and the Windows Server 2003 DNS systems are DNS7.gunderville.com through DNS12.gunderville.com .

You need to prevent your DNS servers from communicating with other DNS servers to resolve queries outside your domain. What is the simplest way to do this?

• A. Configure the DNS servers as forwarders.

• B. Disable recursion on the DNS servers.

• C. Update root hints on the DNS servers.

• D. Disable round- robin rotation for multiple- homed names.

You are designing a NetBIOS name resolution solution for your small Windows Server 2003 domain that will alleviate the need for resolving names by broadcast. The domain consists of two domain controllers, one of which doubles as a file server and the other is also used as a print server. Both servers are Pentium III 500MHz systems with 192MB of RAM and run the DNS service. An additional Windows 2000 Server is being used as a development system. DHCP is not in use, and all client systems have static IP addresses.

The domain has 14 client systems, all running Windows XP Professional. No business growth is expected this year, and the number of clients and servers is almost always static.

What is the simplest way to deploy a NetBIOS name resolution solution for your small Windows Server 2003 domain? (Choose two.)

• A. Configure one domain controller with the additional role of a WINS server.

• B. Configure both domain controllers with the additional role of a WINS server.

• C. Update the LMHOSTS file and place copies of it on all clients.

• D. Update the LMHOSTS file and place copies of it on all servers and domain controllers.

• E. Configure the DNS servers to resolve WINS names.

You are configuring specific clients on your network to run on a restricted segment, as they are all connected directly to the Internet.

You are performing port filtering on these clients and have disallowed all ports except 25, 53, 67, 68, 80, 443, and 3389.

What traffic and network services will clients be able to use, assuming that no default ports have been changed? (Choose three.)

• A. FTP

• B. SMTP

• C. DNS

• D. LDAP

• E. Terminal Services

You are an enterprise administrator for gunderville.com . Client systems in use are Windows 2000 Professional and Windows XP Professional. You have been tasked with enabling a password policy for the sales.gunderville.com child domain and have set the Password Must Meet Complexity Requirements policy at the domain level. You have also set the minimum password length to five characters.

Some users have called the help desk complaining that they cannot set passwords for their user accounts according to the instructions they were issued, which stated that passwords must be at least five characters.

The help desk has traced the problem to five-character passwords. All passwords longer than five characters work, but those that are exactly five characters are not accepted.

What is the main reason this problem is occurring?

• A. Having the Password Must Meet Complexity Requirements policy enabled is causing the problem with the minimum password length.

• B. The minimum password length is set to five characters, which means passwords need to be longer than five characters.

• C. Both policies are linked at the domain level and are conflicting with each other.

• D. Computer policies are conflicting with user policies.

You are configuring clients on your Windows Server 2003 network to use a NetBIOS name server as their only means of resolving NetBIOS names. These systems are said to be configured in which mode?

• A. P-node (peer-to-peer) configured clients

• B. B-node (broadcast) configured clients

• C. M-node (mixed) configured clients

• D. H-node (hybrid) configured clients

Your network is set up in two remote locations, each containing a Windows 2000 Server and a mix of 50 Windows 2000 Professional and Windows XP Professional systems. The two servers are set up as software routers, but the two routers are not directly connected to each other; they are connected by a third hardware router.

Users in both locations want to provide multicast-based virtual meetings to the other site instead of having staff travel from one site to the other. You add Internet Group Management Protocol (IGMP) to both servers. The hardware router does not support multicast forwarding or routing.

How should you configure the network to allow IP multicast traffic between the two locations? (Choose three.)

• A. Create an IP-in-IP interface between the servers.

• B. Assign the interface to the IGMP routing protocol.

• C. Run the interface in IGMP proxy mode.

• D. Run the interface in IGMP point-to-point mode.

• E. Run the interface in IGMP router mode.

• F. Run the interface in IGMP proxy mode.

You are the network administrator for your Windows 2003 domain. Systems in use in your domain include Windows 2000 Professional and Windows XP Professional. Two systems are configured as Windows Server 2003 domain controllers; four servers in the server room are running WINS, DHCP, and DNS; and one system has been configured as a Web server.

You want to configure the Internet Information Services (IIS) ports on your Windows 2000 server as follows:

Open port 80 on the IIS server.

Block port 119 on the IIS server.

Block port 110 on the IIS server.

Open port 25 on the IIS server.

Open port 443 on the IIS server.

What are the results of these actions if no default ports have been changed? (Choose three.)

• A. The IIS service is configured correctly, so all clients can use HTTP.

• B. The IIS service is configured correctly, so all clients can use POP3.

• C. The IIS service is configured correctly, so all clients can use FTP.

• D. The IIS service is configured correctly, so all clients can use SMTP.

• E. The IIS service is configured correctly, so all clients can use HTTPS.

• F. The IIS service is configured correctly, so all clients can use NetBIOS communications.

You are the network administrator for your Windows 2003 domain. Systems in use in your domain include Windows 2000 Professional and Windows XP Professional. Two systems are configured as Windows Server 2003 domain controllers; four servers in the server room are running WINS, DHCP, and DNS; and one system has been configured as a Web server.

You want to create an outline for management describing the similarities and differences between L2TP and PPTP. What are some key differences between these protocols? (Choose three.)

• A. PPTP can be used only in a IP-based network. L2TP requires only that the tunnel media provide packet-oriented, point-to-point connectivity.

• B. L2TP can be used only in a IP-based network. PPTP requires only that the tunnel media provide packet-oriented, point-to-point connectivity.

• C. PPTP supports header compression; L2TP does not.

• D. L2TP supports header compression; PPTP does not.

• E. PPTP uses PPP encryption. L2TP requires IPSec for encryption

• F. PPTP uses IPSec encryption. L2TP requires PPP for encryption

You are the domain administrator for gunderville.com . Your enterprise has 15 Windows Server 2003 systems, 5 of which are installed as domain controllers.

Clients in your domain consist of 22 Windows 95 systems, 177 Windows 98 systems, 314 Windows NT 4 workstations, 829 Windows 2000 Professional systems, 89 Windows 2000 Server systems, and 279 Windows XP Professional systems.

You have been asked to analyze as many desktop systems in your environment as possible with Microsoft Baseline Security Analyzer (MBSA) and report which systems could not be scanned.

You are performing all scans remotely from a single console. What is the total number of desktop systems that can be scanned successfully across the network?

• A. 1,422

• B. 1,437

• C. 1,459

• D. 1,638

You are the domain administrator for gunderville.com . Your enterprise has 15 Windows Server 2003 systems, 5 of which are installed as domain controllers.

Clients in your domain consist of 22 Windows 95 systems, 177 Windows 98 systems, 314 Windows NT 4 workstations, 829 Windows 2000 Professional systems, 89 Windows 2000 Server systems, and 279 Windows XP Professional systems.

For application compatibility reasons, File and Print Sharing is not enabled on any desktop systems, except the Windows NT 4 workstations. All member servers and domain controllers have File and Print Sharing disabled.

All systems connect to the Internet via an Internet Security and Acceleration (ISA) server at the company's headquarters. You have been asked to perform a security analysis of systems in your environment.

You need to be able to run application vulnerability checks on Microsoft Office 2000 and Windows XP for all systems in your enterprise. You also need to scan all systems remotely with the least amount of administrative effort and without altering the current network configuration or client setup.

You install MBSA version 1.1.1, which supports local and remote scanning on a Windows Server 2003 server in your domain. On which operating systems will you not be able to perform these actions with the current system configuration? (Choose four.)

• A. Windows 95

• B. Windows 98

• C. Windows NT 4

• D. Windows 2000 Professional

• E. Windows 2000 Server

• F. Windows XP Professional

• G. Windows Server 2003

You are the domain administrator for gunderville.com . Your enterprise has 15 Windows Server 2003 systems, 5 of which are installed as domain controllers.

Clients in your domain consist of 22 Windows 95 systems, 177 Windows 98 systems, 314 Windows NT 4 workstations, 829 Windows 2000 Professional systems, 89 Windows 2000 Server systems, and 279 Windows XP Professional systems.

You have been asked to develop a single software update solution for all systems in the enterprise for security updates. This solution must allow administrative approval of all updates before they are deployed to any systems and support scheduling the installation of downloaded content.

You decide to deploy automated updates via the Windows Update site, using the Automatic Update client. Update scheduling will be configured via GPOs linked at the domain level and at the Domain Controllers OU.

What is the result of your actions? (Choose three.)

• A. The solution allows administrative approval of all updates before they are deployed to any systems.

• B. The solution does not allow administrative approval of all updates before they are deployed to any systems.

• C. The solution supports scheduling the installation of downloaded content.

• D. The solution does not support scheduling the installation of downloaded content.

• E. The solution allows you to configure a software update solution for all clients in your environment.

• F. The solution does not allow you to configure a software update solution for all clients in your environment.

You are the domain administrator for gunderville.com . Your enterprise has 15 Windows Server 2003 systems, 5 of which are installed as domain controllers.

Clients in your domain consist of 22 Windows 95 systems, 177 Windows 98 systems, 314 Windows NT 4 workstations, 829 Windows 2000 Professional systems, 89 Windows 2000 Server systems, and 279 Windows XP Professional systems.

You have been asked to configure a software update solution for your environment that allows all security updates and fixes to be installed for all systems in your enterprise and that provides downloads of the latest Windows operating system and IE service packs .

All downloads are required to have administrative approval before they are deployed to any systems. You decide to deploy automated updates via the Windows Update site, using the Automatic Update client. Update scheduling will be configured via GPOs linked at the domain level and at the Domain Controllers OU.

What is the result of your actions? (Choose four.)

• A. The solution allows administrative approval of all updates before they are deployed to any systems.

• B. The solution does not allow administrative approval of all updates before they are deployed to any systems.

• C. The solution supports scheduling the installation of downloaded content.

• D. The solution does not support scheduling the installation of downloaded content.

• E. The solution allows you to configure a software update solution for all the clients in your environment.

• F. The solution does not allow you to configure a software update solution for all the clients in your environment.

• G. The solution allows you to provide downloads of the latest Windows operating system and IE service packs.

• H. The solution does not allow you to provide downloads of the latest Windows operating system and IE service packs.

You are the domain administrator for gunderville.com . Clients in your domain consist of Windows 98, Windows Me, Windows 2000, and Windows XP Professional systems.

You have been asked to configure and secure the IP traffic traveling from your headquarters to remote offices over an untrusted network. Your solution must be able to be used on an IP network, be available to all clients in use, support header encryption and tunnel authentication, and provide encryption.

You need to secure IP traffic traversing an untrusted network in a manner that supports all clients in the environment. You decide to implement a strategy using L2TP and IPSec running in Tunnel mode between the RRAS server at headquarters and the server installed at the remote office in New York. You will enforce this security setting via the local security policies of those two servers. For legacy client systems to use this security solution, you will install the Microsoft L2TP/IPSec VPN client on the Windows 98, Me, and NT 4 systems.

What is the result of your actions? (Choose four.)

• A. All IP traffic traveling from your network over an untrusted network will be secured.

• B. All IP traffic traveling from your network over an untrusted network will not be secured.

• C. All clients in the environment will be supported under this solution.

• D. All clients in the environment will not be supported under this solution.

• E. The Microsoft L2TP/IPSec VPN client does not need to be installed on legacy systems.

• F. The Microsoft L2TP/IPSec VPN client does need to be installed on legacy systems.

• G. Header encryption and tunnel authentication are provided in this solution.

• H. Header encryption and tunnel authentication are not provided in this solution.

You are the domain administrator for gunderville.com . You have decided to use public key certificates as the authentication method to be used with your IPSec policy.

What are the main characteristics of an environment that normally needs to use public key certificates? (Choose four.)

• A. Systems need to be manually configured.

• B. All subject systems are members of the same Active Directory domain.

• C. Legacy clients before Windows 2000 are used.

• D. Client systems are authenticating over the Internet.

• E. Client systems are not members of your domain.

• F. Client systems are connecting to your network via an extranet.

You are the domain administrator for gunderville.com . The systems in use at your main office and branch offices are as follows:

Branch one has four Windows XP Professional workstations, two Windows 2000 Professional workstations, and one Windows Server 2003 system connected locally by one Windows Server 2003 system running RRAS. All clients use manually assigned IP addresses.

Branch two has five Windows 2000 Professional workstations, six Windows XP Professional workstations, and one Windows 2000 server. These systems are also connected locally by one Windows Server 2003 system running RRAS. All clients use manually assigned IP addresses.

Branch three has four Windows 2000 Professional workstations, three Windows XP Professional workstations, two Windows 2000 servers, one Windows Server 2003 system, and two Windows NT 4 Servers running SP6a. These systems are also connected locally by one Windows Server 2003 system running RRAS. All clients use manually assigned IP addresses.

The main office has six Windows 2000 Professional workstations, six Windows XP Professional workstations, two Windows 2000 servers, and three Windows Server 2003 systems. These systems are also connected locally by one Windows Server 2003 system running RRAS. All clients use manually assigned IP addresses.

You need to provide the most secure connection possible for all systems between your main office and your branch offices. This connection must always be available and work on all clients in all locations with the least amount of administrative effort.

You have decided to use L2TP and IPSec encryption in its default mode to provide the necessary security for your environment. All communications will be set to "require" security.

What are the results of your efforts? (Choose three.)

• A. Your solution provides a secure connection for all systems between your main office and your branch offices.

• B. Your solution does not provide a secure connection for all systems between your main office and your branch offices.

• C. Communications are set to "require" security, but it's not the most secure setting; "request" security should be used.

• D. Your solution works for all operating systems in use on the network.

• E. Communications are set to "require" security because it is the most secure setting.