| | |
| Question 1 | Answer B is correct. By configuring an IP demand-dial filter, you can specify which types of IP traffic can initiate the connection. The IP demand-dial filter must be configured for port 80 . Answers A and C are incorrect because RIP route filters are used to control routing table updates. Answer D is incorrect because there is no such option as a connection filter. |
| | |
| Question 2 | Answer C is correct. By selecting the Master Key Perfect Forward Secrecy option, session key information will not be reused. Therefore, answers B and D are incorrect. Answer A is incorrect because there is no such option available. |
| | |
| Question 3 | Answer D is correct. Install a DHCP server on Subnet C and configure it with a scope for remote access clients. The scope should assign the clients the IP address of the DHCP server. Configure RRAS to use DHCP and configure it as a relay agent. This ensures remote users are assigned the IP address of the DNS server. Therefore, answers A, B, and C are incorrect. |
| | |
| Question 4 | Answer B is correct. To authorize DHCP servers throughout the forest, the user account you log on with must be a member of the Enterprise Admins group . Therefore, answers A, C, and D are incorrect. |
| | |
| Question 5 | Answer A is correct. The capability for users to encrypt files can be removed by deleting the Encrypted Data Recovery Agents container within the Active Directory Users and Computers snap-in and initializing the empty policy. Therefore, answers B, C, and D are incorrect. |
| | |
| Question 6 | Answer B is correct. To allow B-node broadcasts to be resolved across the network, a WINS proxy agent must be configured on each subnet. The WINS proxy agent listens for B-node broadcasts and passes the requests to a WINS server on another subnet, resolving the name on behalf of the client. Therefore, answers A, C, and D are incorrect. |
| | |
| Question 7 | Answers A, B, and C are correct. Fault tolerance is provided for the zone because a secondary server is configured with a copy of the zone information. Name resolutions are cached because this is the default behavior of DNS servers. Clients can resolve names locally because each location has a DNS server providing name resolution services. Answer D is incorrect because secure updates must be enabled to specify which users and groups are permitted to perform dynamic updates. |
| | |
| Question 8 | Answer C is correct. To configure a client to use a NAT server, configure the properties of TCP/IP on the workstation so the IP address of the default gateway is pointing to the internal IP address of the NAT server. Therefore, answers B and D are incorrect. Answer A is incorrect because additional software is not required. |
| | |
| Question 9 | Answer A is correct. For users to authenticate with the Windows NT remote access server in a native mode domain, permissions must be compatible with pre “Windows 2000 servers. This grants the Everyone group read access to Active Directory objects. Therefore, answers B, C, and D are incorrect. |
| | |
| Question 10 | Answer B is correct. Burst handling allows an administrator to increase the number of registration requests that a WINS server can accept without actually registering them in the WINS database. Answer A is incorrect because persistent connections are used for replication. Answer C is incorrect because although a second WINS server can be configured, it is less costly to configure burst handling. Answer D is incorrect because there is no such refresh interval in WINS. |
| | |
| Question 11 | Answer C is correct. The default publishing interval for the CRL is once a week. To change the value, you edit the properties of the Revoked Certificates container within the Certificate Authorities snap-in. This makes answers A, B, and D incorrect. |
| | |
| Question 12 | Answer C is correct. By configuring the Idle time before hanging up option, you can specify how long the connection must be idle before the connection is terminated . Answer A is incorrect because the dial-out hours determine when the connection can be used. Answer B is incorrect because the redial attempts option specifies the number of times the number should be automatically redialed. Answer D is incorrect because the maximum session time determines how long a client can remain connected to a server. If a client exceeds that time, it will be disconnected automatically, which could cause data loss. |
| | |
| Question 13 | Answer D is correct. Because there is an existing 004 WINS/NBNS option configured at the scope level with the old IP address of the WINS server, it is overwriting the new one configured at the server level. DHCP options configured at the scope level override those configured at the server level. Therefore, answers A and B are incorrect. Answer C is incorrect because configuring this option defines how the client will resolve NetBIOS names. |
| | |
| Question 14 | Answer B is correct. By assigning the Server (Request Security) policy, the server will attempt secure communications with clients. If the client is non-IPSec aware, they will still be able to authenticate. Answer A is incorrect because the server will respond only to client requests for secure communications. Answer C is incorrect because the server will require secure communications and not allow sessions for non-IPSec aware clients. Answer D is incorrect because there is no such default policy. |
| | |
| Question 15 | Answer D is correct. Using the Clear Cache option from the Action menu within the DNS management console allows you to delete the contents of the cache file. Although uninstalling the service would clear the contents of the cache, it's not the easiest way to perform the task; therefore, answer A is incorrect. Answer C is incorrect because there is no Clear Cache option available from the server's property window. |
| | |
| Question 16 | Answers B and C are correct. NAT supports multiple public IP addresses. The range of IP addresses that can be assigned to internal clients through the DHCP Allocator is configurable. Therefore, answer A is incorrect. Answer D is incorrect because public IP addresses and ports can be mapped to internal computers, making services available to Internet users. |
| | |
| Question 17 | Answer B is correct. To ensure that the IP addresses of the UNIX servers are not leased to any DHCP clients, you must exclude the three IP addresses from the scope. Answer A is incorrect because client reservations are configured for those DHCP clients who need to lease the same IP address. Answer C is incorrect because placing the UNIX servers on a different subnet will have no impact on the IP addresses leased out by the DHCP server. Answer D is incorrect because superscopes are created to support multinetted environments. |
| | |
| Question 18 | Answer C is correct. To give a user the capability to view database entries, add the user account to the WINS Users group. Answers A and B are incorrect. Although adding a user account to either of these groups would give the user the capability to view database entries, it would also allow the user to make configuration changes. Answer D is incorrect because there is no such group called WINS Administrators. |
| | |
| Question 19 | Answer D is correct. Because all the remote access users are running Windows 2000 Professional, the authentication protocol to use is MS-CHAP version 2. Therefore, answers B and C are incorrect. Answer A is incorrect because PAP sends credentials in cleartext and should only be used for non-Windows clients. |
| | |
| Question 20 | Answer B is correct. Because ICS is the simplest to configure, it would be the best choice for the scenario. Answer A is incorrect because this solution would result in an increase in cost. Answer C is incorrect because RIP does not enable a single connection to be shared. Answer D is incorrect because NAT requires more configuration. |
| | |
| Question 21 | Answer B is correct. The split horizon feature ensures that any routes learned from a network are not sent as RIP announcements on that network. Answer A is incorrect because triggered updates ensure that any changes made to the routing table trigger immediate updates. Answer C is incorrect because the periodic update announcement specifies the number of seconds between RIP announcements. Answer D is incorrect because clean-up updates enables a router to send an announcement when it is stopping in order to notify other routers that the routes it was servicing are no longer available. |
| | |
| Question 22 | Answer D is correct. Once a policy has been created and configured, the next step is to assign it to the group policy or the local computer by right-clicking the policy and choosing the Assign option. Answer A is incorrect because this command is used to refresh machine policy settings. Answer B is incorrect because restarting the server does not force an IPSec policy to be applied. Answer C is incorrect because policies are assigned, not enabled. |
| | |
| Question 23 | Answer A is correct. Windows NT 4.0 DNS servers do not support dynamic updates regardless of the service pack installed. The DNS servers need to be upgraded to Windows 2000 DNS. Therefore, answers B, C, and D are incorrect. |
| | |
| Question 24 | Answer D is correct. To view the certificates that have been issued by a CA, open the Certificate Authority snap-in and click the Issued Certificates container. Answers A, B, and C are incorrect because issued certificates cannot be viewed within these snap-ins. |
| | |
| Question 25 | Answer A is correct. Because the DHCP server was not a member of the DNSUpdateproxy group, it owns the resource records in the DNS database, causing the updates to fail. Therefore, answers C and D are incorrect. Answer B is incorrect because Windows 2000 Professional clients are configured by default to perform dynamic updates. |
| | |
| Question 26 | Answer B is correct. To verify the database entries for consistency, use the Verify Database Consistency option. Answers A and D are incorrect because performing these actions will not verify the integrity of existing database entries. Answer C is incorrect because there is no such option. |
| | |
| Question 27 | Answers A, B, and C are correct. Windows 2000 DNS, BIND 4.9.6, and BIND 8.1.3 all support SRV records. (SRV records are used to map the name of a specific service to the IP address of the server offering this service.) Answer D is incorrect because Windows NT 4.0 DNS supports SRV records only if service pack 4 or later is installed. |
| | |
| Question 28 | Answers B and D are correct. The two tunneling protocols supported by Windows 2000 are the point-to-point tunneling protocol (PPTP) and the Layer 2 tunneling protocol (L2TP). PPP and SLIP are used to establish dial-up connections. Therefore, answers A and C are incorrect. |
| | |
| Question 29 | Answers C and D are correct. When configuring the password options for the user account, enable the Password Never Expires option and disable the User Must Change Password at Next Logon Option. Therefore, answers A and B are incorrect. |
| | |
| Question 30 | Answer B is correct. The CRL can be manually published by right-clicking the Revoked Certificates container within the Certificate Authority snap-in and choosing the Publish option. Answer A is incorrect because there is no such option. Answers C and D are incorrect because there is no CRL container within the Certificate Authorities snap-in. |
| | |
| Question 31 | Answer C is correct. Because there is only a single NetWare server on the network, the frame type can be left to autodetect. Answers A and B are incorrect because the frame type does not need to be manually configured if there is only a single NetWare server on the network. Answer D is incorrect because there is no such option as autoselect. |
| | |
| Question 32 | Answer B is correct. ICS includes the DHCP Allocator service but can only assign clients IP addresses from the range of 192.168.0.1 to 192.168.0.254 . Answer A is incorrect because ICS can be enabled on Windows 2000 Professional, Windows 98, and Windows Me. Answer C is incorrect because no additional software is required on the client. Answer D is incorrect because ICS is enabled through the properties window of the connection. |
| | |
| Question 33 | Answer B is correct. A Mail Exchanger ( MX ) record is used to identify mail servers. Answer A is incorrect because A records are used to map hostnames to IP addresses. Answer C is incorrect because PTR records map IP addresses to their associated hostnames. Answer D is incorrect because CNAME records are used to assign an alias to a host already referenced in another record. |
| | |
| Question 34 | Answer B is correct. To use the Windows Groups condition, the groups must first be created within Active Directory Users and Computers. Two policies should be created and configured with the appropriate settings. Use the Windows Groups condition to specify the group of users to which the policy should be applied. Therefore, answers A, C, and D are incorrect. |
| | |
| Question 35 | Answer C is correct. Implementing OSPF will not result in a large amount of broadcast traffic from routing table updates and changes will be propagated immediately. Answer A is incorrect because static routing would require manual changes to be made on every router. Answer B is incorrect because ICMP is not a routing protocol. Answer D is incorrect because RIPv1 only supports broadcasts for propagating routing table updates. |
| | |
| Question 36 | Answer B is correct. The default URL that can be used for Web-based enrollment is http://< servername >/CertSrv/default.asp . Therefore, answers A, C, and D are incorrect. |
| | |
| Question 37 | Answer C is correct. When configuring DHCP options at different levels, they are applied in the following order: Server, Scope, Class, and Client. Therefore, answers A, B, and D are incorrect. |
| | |
| Question 38 | Answer A is correct. Clients that are configured for M-node perform a local broadcast, and then attempt to resolve the name using a NetBIOS name server. Therefore, answers B, C, and D are incorrect. |
| | |
| Question 39 | Answer D is correct. If you have been assigned multiple public IP addresses, they must be added to the public interface. This can be done using the Address Pool tab from the public interface's properties window within the RRAS console. Therefore, answers A, B, and C are incorrect. |
| | |
| Question 40 | Answer B is correct. The ping command can be used to verify TCP/IP connectivity between two IP hosts . Answer A is incorrect because ipconfig is used to view IP parameters configured on a computer. Answer C is incorrect because ARP is a protocol used to map IP addresses to MAC addresses. Answer D is incorrect because ICMP is a protocol used by the ping command to test for connectivity. |
| | |
| Question 41 | Answer C is correct. To clear the contents of the client resolver cache, use the ipconfig command with the flushdns parameter. Answers A and D are incorrect because there are no such parameters available with the ipconfig command. Answer B is incorrect because this displays the current TCP/IP parameters configured on the client. |
| | |
| Question 42 | Answer B is correct. The Renew Interval determines how long a client can continue to use a NetBIOS name before it must be registered. Therefore, answers A, C, and D are incorrect. |
| | |
| Question 43 | Answer B is correct. Before a DHCP server can lease IP addresses to clients, the scope must be activated within the DHCP management console. Answer A is incorrect because Windows 2000 Professional clients are DHCP-enabled by default. Answer C is incorrect because DHCP servers are not activated. Answer D is incorrect because the DHCP server service can be installed on a member server, domain controller, or standalone server. |
| | |
| Question 44 | Answer D is correct. Certificates can only be revoked through the Certificate Authority snap-in. To do so, right-click the certificate within the Issued Certificates container and choose the Revoke Certificate option. Answers A and B are incorrect because certificates cannot be revoked through either snap-in. Answer C is incorrect. There is no such administrative tool called Certificate Manager. All management tasks are performed through the Certificate Authority snap-in. |
| | |
| Question 45 | Answer C is correct. To increase the number of available PPTP ports, open the properties window from within the Routing and Remote Access management console. Select PPTP and click Configure. Therefore, answers A, B, and D are incorrect. |
| | |
| Question 46 | Answer A is correct. Because NAT supports a configurable range of IP addresses to assign to internal clients, this would be the correct choice. Therefore, answer C is incorrect. Answer B is incorrect because RIP is a routing protocol. Answer D is incorrect because there is no such solution called CIS. |
| | |
| Question 47 | Answer C is correct. If you do not want the server to require secure communications but still be able to respond to any client requests to use secure communications, select the Client (Respond only) policy. Therefore, answers A and B are incorrect. Answer D is incorrect because there is no such default policy. |
| | |
| Question 48 | Answer D is correct. RIPv2 is a routing protocol that can be used with nonpersistent connections and supports password authentication between routers. Answer A is incorrect because implementing static routes means the routing tables must be manually updated. Answer B is incorrect because ICMP is not a routing protocol. Answer C is incorrect because OSPF is not supported by nonpersistent demand-dial connections. |
| | |
| Question 49 | Answer C is correct. By configuring each DHCP server with a range of IP addresses from the remote subnet you can provide some level of fault tolerance. Each server should be configured with 80% of the IP addresses for their local subnet and 20% of the IP addresses for the remote subnet to avoid IP address conflicts. Answers A and B are incorrect because DHCP servers do not replicate nor share scope information. Answer D is incorrect because clients are not configured with the IP address of DHCP servers. |
| | |
| Question 50 | Answer D is correct. To configure secure updates for a zone, the zone type must be Active Directory integrated. If the zone is a standard primary, the Only Secure Updates option is not available. Therefore, answers A, B, and C are incorrect. |
| | |
| Question 51 | Answer A is correct. When configuring a two-way demand-dial connection, the user account names on the answering routers must be identical to the demand-dial interface names on the calling routers. Therefore, answers B, C, and D are incorrect. |
| | |
| Question 52 | Answers B and C are correct. By configuring the day and time restrictions, users can dial in during the weekdays. Because the RRAS server is configured with a range of IP addresses, all clients will lease an IP address when they establish a connection. Answer A is incorrect because you must configure the Windows Groups condition to limit access to a specific group of users. Answer D is incorrect. The RRAS server must be configured to use DHCP and the relay agent must be configured on the RRAS for clients to be assigned optional parameters. |
| | |
| Question 53 | Answer C is correct. The permissions for a certificate template can be edited through the Active Directory Sites and Services snap-in. This makes answers A, B, and D incorrect. |
| | |
| Question 54 | Answer B is correct. The subnet mask is used to determine whether a destination host is on the local subnet or a remote subnet. Answer A is incorrect because the IP address uniquely identifies a host on a given subnet. Answer C is incorrect because the default gateway is used to access other subnets. Answer D is incorrect because TCP/IP filters are used to control the type of IP traffic allowed to enter a computer or network. |
| | |
| Question 55 | Answers A, C, and D are correct. By creating and activating a scope, all clients can lease an IP address. Configuring the DHCP server to update records for all clients, including those that do not support dynamic updates, ensures that the DHCP server performs all updates. Configuring the 003 Router option configures the clients with the IP address of the default gateway. Answer B is incorrect because the static IP addresses assigned to the domain controllers are not excluded from the range of IP addresses configured in the scope. |
| | |
| Question 56 | Answer A is correct. Clients configured for P-node resolve NetBIOS names using a NetBIOS name server only. Answer B is incorrect because this indicates B-node. Answer C is incorrect because this indicates H-node. Answer D is incorrect because this indicates M-node. |
| | |
| Question 57 | Answer C is correct. The IP address of 192.168.0.1 is a class C address. Answer A is incorrect because a class A address falls in the range of 1 “126. Answer B is incorrect because a class B address falls in the range of 128 “191. Answer D is incorrect because a class D address falls in the range of 224 “247. |
| | |
| Question 58 | Answer D is correct. The /p parameter is used to add a persistent route to the routing table. This means the route will not be removed from the routing table when the router is restarted. Therefore, answers A, C, and D are incorrect. |
| | |
| Question 59 | Answers A, B, C, and D are correct. The proposed configuration of the RRAS server meets all the necessary requirements. |
| | |
| Question 60 | Answer D is correct. The #DOM: domain_name indicates that the record is for a domain controller on the network. Answer A is incorrect because the #Pre option is used to preload entries into the local cache. Answer B is incorrect because the #MH option is used to identify a multihomed computer. Answer C is incorrect because the #Include option specifies an LMHOSTS file other than the local one that clients should use. |
