2013 Latest MCTS 70-642 Exam Questions 31-35

Ensurepass

QUESTION 31
Your company has an Active Directory forest. All domain controllers run the DNS Server server role.
The company plans to decommission the WINS service. You need to enable forest-wide single name resolution. What should you do?
A. Enable WINS-R lookup in DNS
B. Create Service Location (SRV) records for the single name resources
C. Create an Active Directory-integrated zone named LegacyWINS. Create host (A) records for the single name resources
D. Create an Active Directory-integrated zone named GlobalNames. Create an alias host (CNAME)
records for the single name resources
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct answer(s): D
http://technet.microsoft.com/en-us/library/cc731744.aspx

QUESTION 32
You manage a domain controller that runs Windows Server 2008 R2 and the DNS Server server role. The DNS server hosts an Active Directory-integrated zone for your domain. You need to provide a user with the ability to manage records in the zone.
The user must not be able to modify the DNS server settings. What should you do?
A. Add the user to the DNSUpdateProxy Global security group.
B. Add the user to the DNSAdmins Domain Local security group. C. Grant the user permissions on the zone.
D. Grant the user permissions on the DNS server.
Correct Answer: C
Explanation/Reference:
Correct answer(s): C

QUESTION 33
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2008 R2 and are configured as DNS servers. All client computers run Windows 7.
You create a new zone named secure.contoso.com and configure the zone to use DNSSEC.
You need to ensure that all client computers verify whether the name and address information of secure. contoso.com is validated by the DNS servers.
What should you configure from Group Policy? A. an IPSec Security policy
B. the DNS Client settings
C. the Public Key policies
D. a Name Resolution Policy rule
Correct Answer: D
Explanation/Reference:
Correct answer(s): D
http://technet.microsoft.com/en-us/library/ee649182(WS.10).aspx

QUESTION 34
Your company has a main office and two branch offices that are connected by WAN links. The main office runs the DNS Server service on three domain controllers. The zone for your domain is configured as an Active Directory-integrated zone.
Each branch office has a single member server that hosts a secondary zone for the domain. The DNS
servers in the branch offices use the main office DNS server as the DNS Master server for the zone.
You need to minimize DNS zone transfer traffic over the WAN links. What should you do?
A. Decrease the Retry Interval setting in the Start of Authority (SOA) record for the zone.
B. Decrease the Refresh Interval setting in the Start of Authority (SOA) record for the zone. C. Increase the Refresh Interval setting in the Start of Authority (SOA) record for the zone.
D. Disable the netmask ordering option in the properties of the DNS Master server for the zone.
Correct Answer: C
Explanation/Reference:
Correct answer(s): C

QUESTION 35
Your network contains an Active Directory domain. The domain contains an enterprise certification authority
(CA) named Server1 and a server named Server2.
On Server2, you deploy Network Policy Server (NPS) and you configure a Network Access Protection
(NAP) enforcement policy for IPSec.
From the Health Registration Authority snap-in on Server2, you set the lifetime of health certificates to four hours.
You discover that the validity period of the health certificates issued to client computers is one year. You need to ensure that the health certificates are only valid for four hours.
What should you do?
A. Modify the Request Handling settings of the certificate template used for the health certificates.
B. Modify the Issuance Requirements settings of the certificate template used for the health certificates. C. On Server1, run certutil.exe -setreg policyeditflags +editf_attributeenddate.
D. On Server1, run certutil.exe Csetregdbflags +dbflags_enablevolatilerequests.
Correct Answer: C
Explanation/Reference:
Correct answer(s): C
Configure template validity period override
Use the following procedure to allow the CA to issue the new health certificate template. This procedure applies to an enterprise NAP CA only.
To allow template validity period override
On the NAP CA, click Start, click Run, right-click Command Prompt, and then click Run as administrator.
In the command window, type Certutil.exe -setreg policyEditFlags +EDITF_ATTRIBUTEENDDATE, and then press ENTER.
In the command window, type net stop certsvc && net start certsvc, and then press ENTER. Verify that Active Directory Certificate Services (AD CS) stops and starts successfully.
http://technet.microsoft.com/en-us/library/dd296906(v=ws.10).aspx

Download Ensurepass Latest 2013 MCTS 70-642 Real Exam Questions , help you to pass exam 100%.