[Free] 2018(June) Ensurepass Microsoft 70-642 Dumps with VCE and PDF 231-240

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-642
100% Free Download! 100% Pass Guaranteed!

TS: Windows Server 2008 Network Infrastructure, Configuring

Question No: 231 – (Topic 3)

Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Network Access Protection (NAP) is deployed on Server1. Server2 has the Routing and Remote Access service (RRAS) role service installed.

You need to configure Server2 to use NAP VPN enforcement. Which authentication method should you enable on Server2?

  1. Microsoft encrypted authentication version 2 (MS-CHAP v2)

  2. Extensible authentication protocol (EAP)

  3. Allow machine certificate authentication for IKEv2

  4. Encrypted authentication (CHAP)

Answer: B

Question No: 232 – (Topic 3)

Your network contains a Windows Server Update Services (WSUS) server named Server1.

You discover that certain updates listed in the WSUS administrative console are unavailable on Server1.

You need to ensure that all of the updates listed in the WSUS administrative console are available on Server1.

What should you do on Server1?

  1. Restart the Update Services service.

  2. Run wsusutil.exe and specify the reset parameter.

  3. Run wsusutil.exe and specify the deleteunneededrevisions parameter.

  4. Run wuauclt.exe and specify the /detectnow parameter.

Answer: B Explanation:

wsusutil /reset: Checks that every update metadata row in the database has corresponding update files stored in the file system. If update files are missing or have been corrupted, WSUS downloads the update files again.


Question No: 233 – (Topic 3)

Your company has a single Active Directory domain. The company network is protected by a firewall.

Remote users connect to your network through a VPN server by using PPTP.

When the users try to connect to the VPN server, they receive the following error message: quot;Error 721: The remote computer is not responding.quot;

You need to ensure that users can establish a VPN connection. What should you do?

  1. Open port 1423 on the firewall.

  2. Open port 1723 on the firewall.

  3. Open port 3389 on the firewall.

  4. Open port 6000 on the firewall.

Answer: B Explanation:


Question No: 234 – (Topic 3)

You have a file server that runs Windows Server 2008 R2. You configure quotas on the server.

You need to view each user#39;s quota usage on a per folder basis. What should you do?

  1. From File Server Resource Manager, create a File Screen.

  2. From File Server Resource Manager, create a Storage Management report.

  3. From the command prompt, run dirquota.exe quota list.

  4. From the properties of each volume, review the Quota Entries list.

Answer: B

Question No: 235 – (Topic 3)

Your company has a server named FS1. FS1 hosts the domain-based DFS namespace named \\contoso.com\dfs. All domain users store their data in subfolders within the DFS namespace.

You need to prevent all users, except administrators, from creating new folders or new files at the root of the \\contoso.com\dfs share.

What should you do?

  1. Run the dfscmd.exe \\FS1\dfs /restore command on FS1.

  2. Configure the NTFS permissions for the C:\DFSroots\dfs folder on FS1. Set the Create folders/append data special permission to Deny for the Authenticated Users group. Set the Full Control permission to Allow for the Administrators group.

  3. Start the Delegate Management Permissions Wizard for the DFS namespace named

    \\contoso.com\dfs.Remove all groups that have the permission type Explicit except the Administrators group.

  4. Configure the \\FS1\dfs shared folder permissions. Set the permissions for the Authenticated Users group to Reader. Set the permissions for the Administrators group to Co-owner.

Answer: D

Question No: 236 – (Topic 3)

Your company has an Active Directory domain that has two domain controllers named DC1 and DC2.

You prepare both servers to support event subscriptions. On DC1, you create a new default subscription for DC2.

You need to review system events for DC2. Which event log should you select?

  1. system log on DC1

  2. application log on DC2

  3. Forwarded Events log on DC1

  4. Forwarded Events log on DC2

Answer: C

Question No: 237 – (Topic 3)

Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS).

The company#39;s remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees.

You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection.

What should you do?

  1. Install the Network Policy Server (NPS) server role on RAS1.

  2. Create a remote access policy that requires users to authenticate by using SPAP.

  3. Create a remote access policy that requires users to authenticate by using EAP-TLS.

  4. Create a remote access policy that requires users to authenticate by using MS-CHAP v2.

Answer: C Explanation:

EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is wellsupported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles#39; heel.

EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP- TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards.[4] This is because there is no way to steal a certificate#39;s corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.[5] There are client and server implementations of EAP-TLS in 3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2

Question No: 238 – (Topic 3)

Your network contains a server that runs a Server Core installation of Windows Server 2008 R2.

You need to log the CPU utilization of the server. Which tool should you use?

  1. relog.exe

  2. oclist.exe

  3. logman.exe

  4. sc.exe

Answer: C Explanation:

Logman creates and manages Event Trace Session and Performance logs and supports many functions of

Performance Monitor from the command line Syntax

logman [create | query | start | stop | delete| update | import | export | /?] [options] http://technet.microsoft.com/en-us/library/cc753820(v=ws.10).aspx

Question No: 239 – (Topic 3)

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Web Server (IIS) role installed.

You need to review the contents of the IIS-Configuration Analytic event log on Server1. You configure Event Viewer to show the Analytic log.

What should you do next?

  1. Modify the General properties of the log.

  2. Create a custom view to the log.

  3. Attach a task to the log.

  4. Modify the Subscriptions list for the log.

Answer: A Explanation:

Analytic event logs, and not only for IIS are not enabled by default. You must enable it. You should enable them from quot;General Tabquot; of properties of log quot;Log of services and applications \Microsoft\Windows\IIS-Configuration\Analyticquot; to start logging

Question No: 240 – (Topic 3)

Your network contains a server named Server1. Server1 has the DHCP server role installed and contains multiple scopes.

You restore the DHCP database and discover that the active IP address leases are not displayed. You need to ensure that all IP address leases are displayed.

What should you do?

  1. Reconcile all of the scopes.

  2. Run jetpack.exe dhcp.mdb temp.mdb.

  3. Restart the DHCP Server service.

  4. Authorize Server1.

Answer: C Explanation:

Recovery: Restoring DHCP Database from Backup:

If the DHCP server database becomes corrupted or is lost, simple recovery is possible by replacing the server database file (Dhcp.mdb), located in the % SystemRoot

%\System32\Dhcp folder, with a backup copy of the same file. You can then perform a simple file copy to overwrite the current corrupted database with a backup copy of the same file.

If DHCP Manager has been used previously to enable backup, you can obtain the backup copy of the server database file located in the % SystemRoot %\System32\Dhcp\Backup folder. As an option, you can also choose to restore the Dhcp.mdb file from a tape backup or other backup media.

Before restoring the database file from backup, the DHCP service must first be stopped. Once you have copied the backup file to the % SystemRoot %\System32\Dhcp folder from your preferred backup source, you can restart the DHCP service.

To stop the DHCP server service, type the following at a command prompt: net stop dhcpserver

Once the DHCP service has been stopped, the following procedure can be used to safely restore a backup copy of the database from either backup media or the DHCP service backup folder.

First, move the files from your existing DHCP folder to a different folder location, such as

\Olddhcp. Be careful to keep the DHCP folder structure intact. For example, type the following set of commands at a command prompt to perform this step:

md c:\Olddhcp move % SystemRoot % \system32\DHCP\*.* C:\Olddhcp

Next, remove the corrupted server database file. This can also be done at the command prompt: del % SystemRoot % \system32\DHCP\Dhcp.mdb

You can then copy the backup database file into the DHCP service folder. The path to be used when performing the actual copy operation varies (as shown in Table 4.15), depending on the specific server version of Windows running on the computer where the

DHCP database file is being restored. http://technet.microsoft.com/en-us/library/cc958954.aspx

100% Ensurepass Free Download!
Download Free Demo:70-642 Demo PDF
100% Ensurepass Free Guaranteed!
70-642 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No
Tagged , , , , , , , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *