|
i required new dump anyone have new dump ad it plz thanks
|
Question 1.
Your company has an IPv6 network. The IPv6 network has 25 segments. You deploy a server on the IPv6 network. You need to ensure that the server can communicate with systems on all segments of the IPv6 network.
What should you do?
A. Configure the IPv6 address as fd00::2b0:d0ff:fee9:4143/8.
B. Configure the IPv6 address as fe80::2b0:d0ff:fee9:4143/64.
C. Configure the IPv6 address as ff80::2b0:d0ff:fee9:4143/64.
D. Configure the IPv6 address as 0000::2b0:d0ff:fee9:4143/64.
Answer: A
Question 2.
Your company has a single Active Directory domain. All servers run Windows Server 2008. Your company uses an Enterprise Certificate Authority. Company security policy requires that revoked certificate information be made available. You need to ensure that revoked certificate information is highly available.
What should you do?
A. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load
Balancing.
B. Publish an Online Certificate Status Protocol (OCSP) responder by using an Internet Security
and Acceleration Server array.
C. Publish the trusted certificate authorities list to the domain by using a group policy object.
D. Create a new group policy object that allows users to trust peer certificates. Link the group
policy object (GPO) to the domain.
Answer: A
Question 3.
Your corporate network has a member server named RAS1 that runs Windows Server 2008. RAS1 provides Routing and Remote Access Service. The company's remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees to increase remote access security. You need to configure RAS1 and your remote access policy to support the use of the smart cards for dial-up connections.
What should you do?
A. Install the Network Policy Server (NPS) on the RAS1 server.
B. Create a remote access policy that requires users to authenticate by using Shiva Password
Authentication Protocol (SPAP).
C. Create a remote access policy that requires users to authenticate by using Extensible
Authentication ProtocolCTransport Layer Security (EAP-TLS).
D. Create a remote access policy that requires users to authenticate by using version 2 of the
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP v2).
Answer: C
Question 4.
You deploy a Windows Server 2008 server that has routing and remote access installed. You configure the server that runs Windows Server 2008 to function as the corporate Virtual Private Network (VPN) server. All the portable computers in your company run Microsoft Windows 2000 Professional, Microsoft Windows XP or Windows Vista. The remote users in the company use this server for domain connectivity into the company network.
Confidential research data will be transmitted from the portable computers of the remote users to the VPN server. The company security policy requires public key infrastructure (PKI) based user and computer authentication for
the transmission of confidential data. You need to ensure that the VPN connection meets the security policy requirements.
What should you do?
A. Create certificate-based authentication with an L2TP/IPsec policy.
B. Create a custom IPSec policy by using the Kerberos version 5 authentication protocol.
C. Create a policy by using a Pre-shared authentication for most secure data transmission.
D. Run the secedit /refreshpolicy machine_policy command at the command line of the server.
Answer: A
Question 5.
Your company is deploying notebook computers that will be used to connect to the wireless network. You create a group policy and configure profiles by using the names of approved wireless networks. You link the group policy object (GPO) to the Notebook organizational unit. The new notebook computer users report that they cannot connect to the wireless network. You need to ensure that the group policy wireless settings are applied to the notebook computers.
What should you do?
A. Run the gpupdate /boot command on the notebook computers.
B. Run the gpupdate /target:computer command on the notebook computers.
C. Connect the notebook computers to the wired network. Log off the notebook computers, and
then log on again.
D. Run the Add a network that is in range of this computer wizard on the notebook computers and
leave the service set identifier (SSID) blank.
Answer: C
Question 6.
Your company plans to open a new branch office as a part of its Active Directory infrastructure. Users from the engineering department have to dial in to the company network when they work at the new branch office. You create a template account for new users in the engineering department. You need to ensure that all new user accounts in the engineering department hold the appropriate dial-in rights.
What should you do?
A. Add the group membership information to the template account, and then create a connection
request policy that includes the new group.
B. Add the group membership information to the template account, and then create a group policy
that grants the new group local logon permissions
C. Modify the schema for the account by changing the Logon Hours to 6:00-18:00 hours Monday
through Friday.
D. Modify the schema for the group membership attribute by selecting the Index this attribute in
the Active Directory check box.
Answer: A
Question 7.
Your company has a single Active Directory domain. All servers run the Windows Server 2008 operating system. The company network has 10 servers that perform as Web servers. All confidential files are located on a server named FSS1. The company security policy states that all confidential data must be transmitted in the most secure manner. You activate Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the Data Decryption Field (DDF) of the confidential files for the users who want to access them.
When you monitor the network, you notice that the confidential files that are stored on the FSS1 server are being transmitted over the network without encryption. You need to ensure that encryption is always used when the confidential files on the FSS1 server are transmitted over the network.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Deactivate all LM and NTLM authentication methods on the FSS1 server.
B. Use IIS to publish the confidential files, activate SSL on the IIS server, and then open the files
as a Web folder.
C. Use IPSec encryption between the FSS1 server and the computers of the users who want to
access the confidential files.
D. Use the Server Message Block (SMB) signing between the FSS1 server and the computers of
the users who want to access the confidential files.
E. Activate offline files for the confidential files that are stored on the FSS1 server. In the Folder
Advanced Properties dialog box, select the Encrypt contents to secure data option.
Answer: B, C
Question 8.
Network Access Protection is configured for the corporate network. The company policy requires confidentiality of data when the data is in transit between the client computers and the servers. Users connect their personal portable computers to the corporate network and access the network resources. You need to prevent computers that do not comply with the company policy requirements from accessing network resources.
What should you do?
A. Create an IPSec Enforcement Network policy.
B. Create an 802.1X Enforcement Network policy.
C. Create a Wired Network (IEEE 802.3) Group policy.
D. Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.
Answer: A
Question 9.
You company has Network Access Protection and Active Directory Certificate Services (AD CS) deployed on the network. You set up new portable computers to connect to the company's wireless network. The portable computers will use PEAP-MS-CHAP V2 for authentication. You need to ensure that the portable computers can join the domain when users restart their portable computers.
What should you do?
A. Run the netsh wlan export profile command on each portable computer.
B. Configure each portable computer with a Bootstrap Wireless profile.
C. Configure a group policy with the Use Windows WLAN Auto Config service for clients policy
setting enabled.
D. Configure a group policy with the Use Windows Wired Auto Config service for clients policy
setting disabled.
Answer: B
Question 10.
Your company uses Routing and Remote Access Service (RRAS) for remote user access. The remote users' computers are not domain members. You discover that the remote users' computers are the source of a virus on internal member servers. You need to protect the corporate network against viruses that are transmitted from remote users.
What should you do?
A. Deploy file-level antivirus software on the RRAS server and configure automatic updates for
the antivirus software.
B. Configure a network health policy to require that an antivirus application is running and that the
antivirus application is up to date.
C. Configure a network health policy to require that an anti-spyware application is running and
that the anti-spyware application is up to date.
D. Create an organizational unit for remote users. Deploy antivirus software to the organizational
unit by using a group policy object (GPO).
Answer: B
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.