2013 Latest MCTS 70-642 Exam Questions 211-215

Ensurepass

QUESTION 16
Your company has a server named Server1 that runs Windows Server 2008 R2. Server1 runs the DHCP Server server role and the DNS Server server role. You also have a server named ServerCore that runs a Server Core installation of Windows Server 2008 R2.
All computers are configured to use only Server1 for DNS resolution. The IP address of Server1 is
192.168.0.1. The network interface on all the computers is named LAN.
Server1 is temporarily offline. A new DNS server named Server2 has been configured to use the IP address
192.168.0.254.
You need to configure ServerCore to use Server2 as the preferred DNS server and Server1 as the alternate
DNS server.
What should you do?
A. Run the netsh interface ipv4 add dnsserver “LAN” static 192.168.0.254 index=1 command.
B. Run the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.254 192.168.0.1 both command.
C. Run the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.254 primary command and the netsh
interface ipv4 set dnsserver “LAN” static 192.168.0.1 both command.
D. Run the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.254 primary command and the netsh interface ipv4 add dnsserver “LAN” static 192.168.0.1 index=1 command.
Correct Answer: A
Explanation/Reference:
Correct answer(s): A

QUESTION 17
Your network contains an Active Directory forest named contoso.com. Contoso.com contains three domain controllers that run Windows Server 2008 R2 and three domain controllers that run Windows Server 2003. All domain controllers are configured as DNS servers.
You configure the contoso.com zone to use DNSSEC.
You need to ensure that the zone only replicates to DNS servers that support DNSSEC. What should you do first?
A. Modify the Notify settings of the contoso.com zone. B. Create an application directory partition.
C. Move the contoso.com zone to the ForestDnsZones application directory partition. D. Add a server certificate to the Windows Server 2003 DNS servers.
Correct Answer: B
Explanation/Reference:
Correct answer(s): B
Only B makes any sense!

QUESTION 18
Your company has a single Active Directory domain. The company network is protected by a firewall.
Remote users connect to your network through a VPN server by using PPTP.
When the users try to connect to the VPN server, they receive the following error message: “Error 721: The remote computer is not responding.”
You need to ensure that users can establish a VPN connection. What should you do?
A. Open port 1423 on the firewall. B. Open port 1723 on the firewall. C. Open port 3389 on the firewall. D. Open port 6000 on the firewall.
Correct Answer: B
Explanation/Reference:
Correct answer(s): B
PPTP uses port 1723.
http://technet.microsoft.com/en-us/library/cc757501(v=ws.10).aspx

QUESTION 19
Your company has a single Active Directory domain. The domain has servers that run Windows Server
2008 R2.
You have a server named NAT1 that functions as a NAT server. You need to ensure that administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP).
What should you do?
A. Configure NAT1 to forward port 389 to RDP1. B. Configure NAT1 to forward port 1432 to RDP1. C. Configure NAT1 to forward port 3339 to RDP1. D. Configure NAT1 to forward port 3389 to RDP1.
Correct Answer: D
Explanation/Reference:
Correct answer(s): D

QUESTION 20
Your company has a main office and 15 branch offices. The company has a single Active Directory domain. All servers run Windows Server 2008 R2.
You need to ensure that the VPN connections between the main office and the branch offices meet the following requirements:
– All data must be encrypted by using end-to-end encryption.
– The VPN connection must use computer-level authentication.
– User names and passwords cannot be used for authentication.
What should you do?
A. Configure an IPsec connection to use tunnel mode and preshared key authentication. B. Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.
C. Configure a L2TP/IPsec connection to use the EAP-TLS authentication.
D. Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.
Correct Answer: C
Explanation/Reference: Correct answer(s): C Explanation:
EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is well supported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles’ heel.
EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled
systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards.[4] This is because there is no way to steal a certificate’s corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a
(typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.[5] There are client and server implementations of EAP-TLS in
3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4 , Windows XP and above, Windows Mobile 2003 and above, and Windows CE
4.2

Download Ensurepass Latest 2013 MCTS 70-642 Real Exam Questions , help you to pass exam 100%.