2013 Latest MCTS 70-642 Exam Questions 241-245

Ensurepass

QUESTION 11
Your company has an Active Directory domain that has two domain controllers named DC1 and DC2.
You prepare both servers to support event subscriptions. On DC1, you create a new default subscription for
DC2.
You need to review system events for DC2. Which event log should you select?
A. system log on DC1
B. application log on DC2
C. Forwarded Events log on DC1
D. Forwarded Events log on DC2
Correct Answer: C
Explanation/Reference:
Correct answer(s): C

QUESTION 12
Your company has a network that has an Active Directory domain. The domain has two servers named
DC1 and DC2.
You plan to collect events from DC2 and transfer them to DC1. You configure the required subscriptions by selecting the Normal option for the Event delivery optimization setting and by using the HTTP protocol.
You discover that none of the subscriptions work.
You need to ensure that the servers support the event collectors.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Run the wecutil qc command on DC1. B. Run the wecutil qc command on DC2.
C. Run the winrm quickconfig command on DC1. D. Run the winrm quickconfig command on DC2.
E. Add the DC2 account to the Administrators group on DC1. F. Add the DC1 account to the Administrators group on DC2.
Correct Answer: ADF
Explanation/Reference:
Correct answer(s): A, D, F
To configure computers in a domain to forward and collect events
-Log on to all collector and source computers. It is a best practice to use a domain account with administrative privileges.
-On each source computer, type the following at an elevated command prompt:
winrm quickconfig
-On the collector computer, type the following at an elevated command prompt:
wecutil qc
-Add the computer account of the collector computer to the local Administrators group on each of the source computers.
http://technet.microsoft.com/en-us/library/cc748890.aspx

QUESTION 13
Your company has a main office and a branch office. The branch office has three servers that run a Server
Core installation of Windows Server 2008 R2. The servers are named Server1, Server2, and Server3.
You want to configure the Event Logs subscription on Server1 to collect events from Server2 and Server3. You discover that you cannot create a subscription on Server1 from another computer.
You need to configure a subscription on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Run the wecutil cs subscription.xml command on Server1.
B. Run the wevtutil im subscription.xml command on Server1.
C. Create an event collector subscription configuration file. Name the file subscription.xml.
D. Create a custom view on Server1 by using Event Viewer. Export the custom view to a file named subscription.xml.
Correct Answer: AC
Explanation/Reference:
Correct answer(s): A, C
wecutil {cs create-subscription } CONFIGURATION_FILE
http://msdn.microsoft.com/en-us/library/windows/desktop/bb736545(v=vs.85).aspx

QUESTION 14
Your company has a server named DC1 that runs Windows Server 2008 R2. Server1 has the DHCP Server server role installed.
You find that a desktop computer named Computer1 is unable to obtain an IP configuration from the DHCP
server.
You install the Microsoft Network Monitor 3.0 application on Server1. You enable P-mode in the Network Monitor application configuration. You plan to capture only the DHCP server- related traffic between Server1 and Computer1.
The network interface configuration for the two computers is shown in the following table.
You need to build a filter in the Network Monitor application to capture the DHCP traffic between Server1 and Computer1.
Which filter should you use?
A. IPv4.Address == 169.254.15.84 && DHCP B. IPv4.Address == 192.168.2.1 && DHCP
C. Ethernet.Address == 0x000A5E1C7F67 && DHCP D. Ethernet.Address == 0x001731D55EFF && DHCP
Correct Answer: D
Explanation/Reference:
Correct answer(s): D

QUESTION 15
You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server.
You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for
24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB.
You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data.
What should you do?
A. Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file. B. Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file. C. Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
Correct Answer: D
Explanation/Reference:
Correct answer(s): D
Below is a sample i created :
C:UsersAdministratorDocumentsNetwork Monitor 3Captures>nmcap.exe /inputcapture data.cap /
capture
DNS /file dnsdata.cap
Network Monitor Command Line Capture (nmcap) 3.4.2350.0 Loading Parsers …
[INFO] sparser.npb:001.000 Successfully unserialized NPL parser ‘C:ProgramData MicrosoftNetwork Monitor 3NPLNetworkMonitor ParsersProfiles64BAA24A-0AAD-44 e6-9846-3BE43D698FF6sparser. npb. (0x83008006)
Saving info to: C:UsersAdministratorDocumentsNetwork Monitor 3Capturesdnsdata. cap – using circular buffer of size 20.00 MB.
ATTENTION: Conversations Enabled: consumes more memory (see Help for details) Note: Process
Filtering Enabled. Exit by Ctrl+C
Processing Received: 4045 Saved: 23 Time: 0 seconds. Closing generated capture files …
Completed Received: 4045 Saved: 23 Time: 0 seconds.
C:UsersAdministratorDocumentsNetwork Monitor 3Captures> ” is not recognized as an internal or external command, operable program or batch file.

Download Ensurepass Latest 2013 MCTS 70-642 Real Exam Questions , help you to pass exam 100%.