|
Question 1. Examine this procedure: CREATE OR REPLACE PROCEDURE update_employee (v_emp_id IN NUMBER) IS v_comm NUMBER; PROCEDURE calc_comm IS v_total NUMBER; BEGIN SELECT SUM(ord.total) INTO v_total FROM ord,customer WHERE ord.custid = customer.custid AND customer.repid = v_emp_id; v_comm := v_total * .20; END calc_comm; v_percentage NUMBER; BEGIN SELECT percentage INTO v_percentage FROM daily_figures WHERE TRUNC(figure_date) = TRUNC(SYSDATE); IF v_percentage > 33 THEN calc_comm; END IF; END; Why does this code cause an error when compiled? A. The SUBPROGRAM keyword does not exist. B. CALC_COMM must be invoked using the EXECUTE command. C. CALC_COMM must be declared after all local variable declarations. D. CALC_COMM must be declared before all local variable declaration. Answer: C Explanation: Subprograms must be declared after all local variables. CREATE OR REPLACE PROCEDURE update_employee (v_emp_id IN NUMBER) IS v_comm NUMBER; v_percentage NUMBER; PROCEDURE calc_comm IS v_total NUMBER; BEGIN SELECT SUM (ord.total) INTO v_total FROM ord,customer WHERE ord.custid = customer.custid AND customer.repid = v_emp_id; v_comm := v_tota * .20; END calc_comm; BEGIN SELECT percentage INTO v_percentage FROM daily_figures WHERE TRUNC(figure_date) = TRUNC(SYSDATE); IF v_percentage > 33 THEN calc_comm END IF; END; Question 2. In order for you to create run a package MAINTAIN_DATA which privilege do you need? A. EXECUTE privilege on the MAINTAIN_DATA package. B. INVOKE privilege on the MAINTAIN_DATA package. C. EXECUTE privilege on the program units in the MAINTAIN_DATA package. D. Object privilege on all of the objects that the MAINTAIN_DATA package is accessing. E. Execute privilege on the program units inside the MAINTAIN_DATA package and execute privilege on the MAINTAIN_DATA package. Answer: A Question 3. You have created a script file EMP_PROC.SQL that holds the text to create a procedure PROCESS_EMP. You have compiled the procedure for SQL Plus environment by running the script file EMP_PROC.SQL. What happens if there are syntax errors in the procedure PROCESS_EMP? A. The errors are stored in the EMP_PROC.ERR file. B. The errors are displayed to the screen when the script file is run. C. The errors are stored in the procedure_errors data dictionary view. D. YOU need to issue the SHOWERRORS command in the SQL Plus environment to see the errors. E. YOU need to issue the display errors command in the SQL Plus environment to see the errors. Answer: D Question 4. Which statement about the local dependent object is TRUE? A. They are on different nodes. B. They are in a different database. C. They are on the same node in the same database. D. They are on the same node in a different database. Answer: C Question 5. You need to create a stored procedure, which deletes rows from a table. The name of the table from which the rows are to be deleted is unknown until run time. Which method do you implement while creating such a procedure? A. Use SQL command delete in the procedure to delete the rows. B. Use DBMS_SQL packaged routines in the procedure to delete the rows. C. Use DBMS_DML packaged routines in the procedure to delete the rows. D. Use DBMSDELETE packaged routines in the procedure to delete the rows. E. You cannot have a delete statement without providing a table name before compile time. Answer: B Question 6. Under which situation do you create a server side procedure? A. When the procedure contains no SQL statements. B. When the procedure contains no PL/SQL commands. C. When the procedure needs to be used by many client applications accessing several remote databases. D. When the procedure needs to be used by many users accessing the same schema objects on a local database. Answer: D Question 7. Examine this procedure CREATE OR REPLACE PROCEDURE ADD_PLAYER (V_ID IN NUMBER, V_LAST_NAME VARCHER2) IS BEGIN INSERT INTO PLAYER(ID,LAST_NAME). VALUES(V_ID,V_LAST_NAME); COMMIT; END; This procedure must invoke the UPD-STAT procedure and pass a parameter. Which statement will successfully invoke this procedure? A. EXECUTE UPD_BAT_STAT(V_ID); B. UPD_BAT_STAT(V_ID); C. RUN UPD_BAT_STAT(V_ID); D. START UPD_BAT_STAT(V_ID); Answer: B Question 8. Examine this function CREATE OR REPLACE FUNCTION CALC_PLAYER_AVG (V_ID in PLAYER_BAT_STAT. PLAYER_ID%TYPE) RETURN NUMBER IS V_AVG NUMBER; SELECTS HITS/AT_BATS INTO V_AVG FROM PLAYER_BAT_STAT WHERE PLAYER_ID_V_ID; RETURN(V_AVG); END; This function must be moved to a package. Which additional statement must be added to the function to allow you to continue using the function in the group by the clause of a select statement? A. PRAGMA RESTRICT_REFERENCES (CALC_PLAYER_AVG, WNDS, WNPS); B. PRAGMA RESTRICT_REFERENCES (CALC_PLAYER_AVG, WNPS); C. PRAGMA RESTRICT_REFERENCES (CALC_PLAYER_AVG, RNPS, WNPS); D. PRAGMA RESTRICT_REFERENCES (CALC_PLAYER_AVG, ALLOW_GROUP_BY); Answer: A Question 9. Examine this procedure: CREATE OR REPLACE PROCEDURE find_cpt (v_movie_id {argument mode} NUMBER, v_cost_per_ticket {argument mode} NUMBER) IS BEGIN IF v_cost_per_ticket > 8.50 THEN SELECT cost_per_ticket INTO v_cost_per_ticket FROM gross _receipt WHERE movie_id = v_movie_id; END IF; END; Which argument mode should be used for V_MOVIE_ID? A. IN B. OUT C. IN OUT D. IN RETURN Answer: A Explanation: The value of V_MOVIE_ID is used in the WHERE clause to determine which row to return. Since it is only being read and not modified, it should be declared as an IN argument. Question 10. Which statement about procedure is true? A. They promote reusability and maintainability. B. They add functionality to SQL DML statements. C. They perform actions and always return a value. D. They add functionality to SQL SELECT statements. Answer: A Explanation: Procedure usually contains code that is executed from more than one application. Storing code in one location makes it ideally suitable for reusability and maintainability. Procedures cannot be used in SQL statements and do not have to return a value. Question 11. The MODIFY_PAYROLL procedure contains many SQL statements and will be executed from multiple client applications. Where should this procedure be stored? A. server only B. system global area C. client applications only D. server and client applications Answer: A Explanation: A procedure that contains multiple SQL statements should be stored on the server to dramatically reduce the amount of network traffic when executed from a client machine. If the procedure is stored in an Oracle Developer application, each SQL statement must be sent separately to the server to be processed. If the procedure is stored on the server, the application simply execute it with one call. Question 12. When invoking a procedure you can specify the arguments using the positional method by listing the values in the order of the argument list. Which method would you use to list values in an arbitrary order? A. FIFO B. List C. Type D. Named Answer: D Explanation: You can specify argument values using the positional or named method. The named method requires the use of the “=>” operator to specify a value for each argument and allows for an arbitrary assignment of values. The named method: EXECUTE find_seats_sold (v_theater_id => 500, v_movie_id => 34); The positional method: EXECUTE find_seats_sold (500, 34); The value of 500 is assigned to the first argument listed in the procedure header and 34 is assigned to the second argument. Question 13. The UPDATE_EMPLOYEE procedure contains an algorithm that calculates an employee’s commission multiple times throughout the program. If a change is made to the algorithm, the change must be made multiple times. How can this procedure be modified to simplify the code and reduce duplicated code? A. Add an algorithm exception handler. B. Create a library containing the algorithm. C. Add a local subprogram containing the algorithm. D. Create multiple anonymous blocks containing the alogrithm. Answer: C Explanation: Subprograms allow you to create just one occurrence of a piece of code that must be executed in different locations of a procedure. Use local subprograms when the code is only executed within the procedure. If the code will be executed from outside the procedure, then the subprogram should be written as a packaged or stand-alone procedure instead. Example: (calc_comm is the subprogram) CREATE OR REPLACE PROCEDURE update_employee (v_emp_id IN NUMBER) IS v_comm NUMBER; PROCEDURE calc_comm IS v_total NUMBER; BEGINS SELECT SUM(ord.total) INTO v_total FROM ord,customer WHERE ord.custid = customer.custid AND customer.repid = v_emp_id; V_comm := v_total * .20; END calc_comm; BEGIN … calc_comm; … calc_comm; … calc_comm; END; Question 14. You have just successfully dropped the CALC_COMM procedure and deleted the script file containing the source code. Which command can you execute to recover this procedure? A. ROLLBACK; B. ROLLBACK TO PROCEDURE calc_comm; C. ALTER PROCEDURE calc_comm COMPILE; D. Only the database administrator can recover this procedure using backups. Answer: D Explanation: The DROP PROCEDURE command is a DDL command and is therefore, auto-committing. A committed Transaction cannot be rolled back. Without a script file containing the source code, only the DBA can recover this procedure. Question 15. Examine this procedure: CREATE OR REPLACE PROCEDURE find_seats_sold (v_movie_id IN NUMBER) IS v_seats_sold gross_receipt.seats_sold%TYPE; BEGIN SELECT seats_sold INTO v_seats_sold FROM gross_receipt WHERE movie_id = v_movie_id; END; The value of V_SEATS_SOLD must be returned to the calling environment. Which change should you make to the code. A. Declare V_SEATS_SOLD as an OUT argument. B. Declare V_SEATS_SOLD as a RETURN argument. C. Add RETURN V_SEATS_SOLD immediately before the IS keyword. D. Add RETURN V_SEATS_SOLD immediately before the END keyword. Answer: A Explanation: Procedure can return values to the calling environment using OUT arguments. Arguments are declared after the IS keyword and before the BEGIN keyword. The procedure after adding the OUT argument: CREATE OR REPLACE PROCEDURE find_seats_sold (v_movie_id IN NUMBER, v_seats_sold OUT NUMBER) IS v_seats_sold gross_receipt.seats_sold%TYPE; BEGIN SELECT seats_sold INTO v_seats_sold FROM gross_receipt WHERE MOVIE_ID = v_movie_id; END; Question 16. Examine this procedure: CREATE OR REPLACE PROCEDURE find_seats_sold (v_movie_id IN NUMBER, v_seats_sold OUT gross_receipt.seats_sold%TYPE) IS BEGIN SELECT seats_sold INTO v_seats_sold FROM gross_receipt WHERE movie_id = v_movie_id; END; Which set of commands will successfully invoke this procedure in SQL*Plus? A. DEFINE g_seats_sold NUMBER find_seats_sold(34, g_seats_sold); B. DEFINE g_seats_sold NUMBER find_seats_sold(34, :g_seats_sold); C. VARIABE g_seats_sold NUMBER EXECUTIVE find_seats_sold(34, g_seats_sold); D. VARIABE g_seats_sold NUMBER EXECUTIVE find_seats_sold(34, :g_seats_sold); Answer: D Explanation: V-MOVIE_ID is an IN argument and must be passed a value at invocation. V_SEATS_SOLD is an OUT argument and requires a variable at invocation to accept the returning value after completion of the procedure execution. To create a variable in SQL*Plus, you must use the VARIABLE command. VARIABLE g_seats_sold NUMBER To invoke this procedure, you must use the EXECUTE command. EXECUTE find_seats_sold(34, :g_seats_sold); Notice the G_SEATS_SOLD variable must be referenced with the colon prefix.
|
Question 1. You are an enterprise administrator for ITCertKeys. The company has a head office in San Diego and a branch office in New York. The corporate network of ITCertKeys consists of an Active Directory forest having two domains, ITCertKeys.com and Branch. ITCertKeys.com for the head office and the branch office respectively. All the servers on the corporate network run Windows Server 2008 and both the offices hold their respective domain controllers on their physical office locations. The two domain controllers at ITCertKeys.com are called ITCertKeysServer1 and ITCertKeysServer2 and the two domain controllers at Branch. ITCertKeys.com are called ITCertKeysServer3 and ITCertKeysServer4. All domain controllers host Active Directory-integrated DNS zones for their respective domains. As an enterprise administrator of the company, you have been assigned the task to ensure that users from each office can resolve computer names for both domains from a local DNS server. Which of the following options would you choose to accomplish this task? A. Add the ITCertKeys.com and the Branch. ITCertKeys.com DNS zones to the ForestDNSZones partition. B. Create a stub DNS zone for ITCertKeys.com on ITCertKeysServer3 and a stub DNS zone for Branch. ITCertKeys.com on ITCertKeysServer1. C. Create a standard primary DNS zone named ITCertKeys.com on ITCertKeysServer3 and a standard primary DNS zone named Branch. ITCertKeys.com on ITCertKeysServer1. D. Configure conditional forwarders on ITCertKeysServer1 to point to ITCertKeysServer3 conditional forwarders on ITCertKeysServer3 to point to ITCertKeysServer1. E. None of the above. Answer: A Explanation: To ensure that users from each office can resolve computer names for both domains from a local DNS server, you need to add the ITCertKeys.com and the Branch. ITCertKeys.com DNS zones to the ForestDNSZones partition because the ForestDNSZones directory partition can be replicated among all domain controllers (DCs) located in both the domains ITCertKeys.com and Branch. ITCertKeys.com in the forest of the company. This is because all the domain controllers have the DNS service installed. Once the DNS Zones data is replicated the users from each office can resolve computer names for both domains from their local DNS server A stub zone cannot be used because it is used to resolve names between separate DNS namespaces a Standard Primary DNS zone cannot be used because the DNS Server in this type of zone contains the only writable copy of the DNS zone database files. There can be only one Standard Primary DNS Server for a particular zone. A conditional forwarder cannot be used because it handles name resolution only for a specific domain. Reference: What causes the error I receive in the event log when I attempt to replicate the ForestDNSZones directory partition? http://windowsitpro.com/article/articleid/43165/q-what-causes-the-error-i-receive-in-the-event-log-when-iattem Reference: Understanding stub zones http://207.46.196.114/windowsserver/en/library/648f2efd-0ad4-4788-80c8 75f8491f660e1033.mspx?mfr=true Reference: DNS Conditional Forwarding in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_200 Question 2. You are an enterprise administrator for ITCertKeys. The company has a head and a three branch offices. Each office has a Windows Server 2008 server running with a DNS role installed on it. All the branch offices consist of Windows 2000 Professional client computers installed on their networks. As an enterprise administrator of the company, you have been assigned the task to deploy Active Directory Domain Services (AD DS) on the corporate network of the company. You also need to plan the implementation of a name resolution solution for the deployment of AD DS that supports secure dynamic updates and minimize the response times for users connecting to resources anywhere on the network. Which of the following options would you include in your plan to accomplish this task? A. Implement GlobalNames zone (GNZ) for the forest. B. Implement a single Active Directory-integrated (ADI) DNS zone. C. Create a stub zone on the DNS server in each branch office. D. Create a standard primary zone in the head office and the secondary zones in branch offices. E. None of the above. Answer: B Explanation: To deploy Active Directory Domain Services (AD DS) on the corporate network of the company with given requirements, you need to implement a single Active Directory-integrated (ADI) DNS zone. Active Directory integrated (ADI) primary DNS zone enables built-in recovery, scalability, and performance. An ADI zone is a writeable copy of a forward lookup zone that is hosted on a domain controller. It can therefore reduce the response times for users connecting to resources anywhere on the network and because it uses directory-integrated storage it also simplifies dynamic updates for DNS clients that are running Windows 2000. None of the other options can be used to meet the desired objectives. Reference: From the Windows 2000 Resource Kit http://windowsitpro.com/article/articleid/76616/jsi-tip-5312-when-you-change-your-dns-active-directoryintegra Reference: ACTIVE DIRECTORY ADMINISTRATION TIPS http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1115858,00.html Question 3. You are an enterprise administrator for ITCertKeys. The company has a head office and a branch office located at different physical locations. The corporate network of the company consists of a single Active Directory domain. Both the offices of the company run Windows Server 2008 servers and have 2,000 client computers configured as DHCP clients without having DHCP relay supported on the network routers. As an enterprise administrator of the company, you have been assigned the task to configure a DHCP addressing solution for both the offices that would minimize the traffic between the offices and is available in case any one of the DHCP server fails. Which of the following options would you choose to accomplish this task? A. Install two DHCP servers, one in the head office and the other in branch office and make sure that both the DHCP servers have two scopes. B. Install a DHCP instance on a two node failover cluster in each office, the head office and the branch office. C. In the head office, install a DHCP server and in the branch office, install a DHCP Relay Agent. D. In the head office, install a DHCP instance on a two node failover cluster and in the branch office, install a DHCP Relay Agent. E. None of the above. Answer: B Explanation: To configure a DHCP addressing solution for both the offices that would minimize the traffic between the offices and is available in case any one of the DHCP server fails, you need to install a DHCP instance on a two node failover cluster in each office, the head office and the branch office. The two node failover cluster in each office will ensure that the DHCP server is always available even if one of the DHCP servers fails. Because DHCP relay is not supported on the network, both the offices need to have a separate DHCP failover clustering solution. Having two scopes of DHCP servers will not help because DHCP relay is not supported on the network. Installing a DHCP server and DHCP Relay Agent in the branch office and installing a DHCP instance on a two node failover cluster and in the branch office and a DHCP Relay Agent will not help because this solution would increase the traffic between the offices in case any one of the DHCP server fails. Reference: Step-by-Step Guide for Configuring Two-Node File Server Failover Cluster in Windows Server 2008 http://209.85.175.104/search?q=cache:9u-snEWIUtgJ:download.microsoft.com/download/b/1/0/b106fc39-936c- Reference: DHCP Relay Agent Overview http://www.tech-faq.com/dhcp-relay-agent.shtml Question 4. You are an enterprise administrator for ITCertKeys. The corporate network of the company consists of a single Active Directory forest that contains 25 domains. All the DNS servers on the corporate network run Windows Server 2008. The users on the corporate network use NetBIOS name to connect to the network applications in all the domains. Currently the network is configured with IPv4 addressing. As an enterprise administrator of the company, you have been assigned the task to migrate the network to an IPv6-enabled only network without affecting any client computer. Which of the following options would you choose to accomplish this task? A. Configure GlobalNames zones on the DNS servers running Windows Server 2008. B. Add all domain zones to the ForestDNSZones partition on the DNS servers running Windows Server 2008. C. Create a new running Windows Server 2008 server and configure WINS server on it. D. Create a new running Windows Server 2003 server and configure WINS server on it. E. None of the above. Answer: A Explanation: To migrate the network from IPv4-enabled to an IPv6-enabled only network without affecting any client computer, you need to configure GlobalNames zones on the DNS servers running Windows Server 2008. To help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. The client and server name resolution depends on DNS. A DNS Client is able to resolve single-label names by appending an appropriate list of suffixes to the name. The correct DNS suffix depends on the domain membership of the client but can also be manually configured in the advanced TCP/IP properties for the computer. The problem occurs managing a suffix search list when there are many domains. For environments that require both many domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution. GNZ is designed to enable the resolution of the single-label, static, global names for servers using DNS. WINS cannot be used because it does not support IPv6 protocols and both are entering legacy mode for Windows Server 2008. ForestDNSZones partition cannot help to migrate a IPv4-enabled network to an IPv6-enabled only network Reference: Understanding GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/windows-DNS-globalnames-zone.htm Reference: Using GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/using-globalnames-zone-window-server-2008.htm Question 5. You are an enterprise administrator for ITCertKeys. The company has a head office and two branch offices. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain called ITCertKeys.com. The DNS Service is installed on the member servers of the ITCertKeys.com domain and all the domain controllers and DNS servers for the ITCertKeys.com domain are located in the head office. As an enterprise administrator of the company, you have been assigned the task to deploy two new Active Directory domains named branch1. ITCertKeys.com and branch2. ITCertKeys.com in the branch offices. To accomplish this task, you installed a DNS server in each branch office. Which of the following actions would you perform next to prepare the environment for the installation of the new domains? (Select three. Each selected option will form a part of the answer.) A. Configure a delegation subdomain DNS record on the main office DNS server for each new domain. B. Create a new standard primary zone on each branch office DNS server for the new domains. C. Create a new stub zone on each branch office DNS server for the new domains D. Configure forwarders on the main office DNS servers to point to the branch office servers. E. Configure conditional forwarders on the main office DNS servers to point to the branch office DNS servers. F. Configure zone transfer for the ITCertKeys.com zone to the branch office DNS servers. Answer: A, B, F Explanation: To deploy two new Active Directory domains in the branch offices, you need to first configure a delegation subdomain DNS record on the main office DNS server for each new domain then create a new standard primary zone on each branch office DNS server for the new domains and then configure zone transfer for the ITCertKeys.com zone to the branch office DNS servers after installing DNS server in each branch office. In DNS, a subdomain is a portion of a domain that you've delegated to another DNS zone. A subdomain is configured when you need to create domains in existing domain. A company might use subdomains for its various divisions. Because, to migrate your DNS zone data for the ITCertKeys.com zone to the branch office DNS servers, you will need to have a functioning standard primary server, you will need to create a new standard primary zone on each branch office DNS server for the new domains. Reference: Delegate subdomains in DNS in Windows 2000 Server http://articles.techrepublic.com.com/5100-10878_11-5846057.html Reference: Step-By-Step: How to migrate DNS information to Windows Server 2003 http://www.lockergnome.com/it/2005/01/14/step-by-step-how-to-migrate-dns-information-to-windows-server-20 Reference: DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html Question 6. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Active Directory forest that is made up of a single root domain and 15 child domains. The Administrators of the child domains need to frequently modify the records for authoritative DNS servers for the child domain DNS zones. The administrators take a long time in modifying these records. As an enterprise administrator of the company, you have been assigned the task to implement a solution that would minimize the effort required to maintain name resolution on the network. Which of the following options would you choose to accomplish this task? A. Create stub zones for the root domain zone on the child domain DNS servers. B. Configure conditional forwarders for the parent domain on the child domain DNS servers. C. Create stub zones for the child domain zones on the root domain DNS servers. D. Configure delegation subdomain records for the child domains on the root domain DNS servers. E. None of the above. Answer: C Explanation: To implement a solution that would minimize the effort required to maintain name resolution on the network, you need to create stub zones for the child domain zones on the root domain DNS servers. Stub zones can help reduce the amount of DNS traffic on your network by streamlining name resolution and zone replication. The Stub zone should be configured for the child domain zones on the root domain DNS servers and not vice versa because a stub zone is like a secondary zone that obtains its resource records from other name servers (one or more master name servers). Reference: DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html Question 7. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain and one IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista. On one of the Windows Server 2008 member servers, ITCertKeysServer1, Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services are configured. On another Windows Server 2008 member server, ITCertKeysServer2, Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA) services are configured. Some client computers that do not have the latest Microsoft updates installed connect to the local area network (LAN) from client computers that are joined to a workgroup. Besides all network switches used for client connections are unmanaged. As an enterprise administrator of the company, you have been assigned the task to implement a Network Access Protection (NAP) solution to protect the network. You need to ensure that only the computers that have the latest Microsoft updates installed must be able to connect to servers in the domain and only the computers that are joined to the domain must be able to connect to servers in the domain. Which of the following NAP enforcement method should you use to accomplish this task? A. 802.1x B. DHCP C. IPsec D. VPN E. None of the above. Answer: C Explanation: To ensure that only the computers that have the latest Microsoft updates installed must be able to connect to servers in the domain and only the computers that are joined to the domain must be able to connect to servers in the domain, you need to use IPSec NAP enforcement method. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec. Reference: Protecting a Network from Unmanaged Clients / Solutions http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclients.mspx Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deployment-planning.aspx Question 8. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain and one IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista, Windows XP Professional, and Windows 2000 Professional. On one of the Windows Server 2008 member servers, ITCertKeysServer1, Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services are configured. On another Windows Server 2008 member server, ITCertKeysServer2, Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA) services are configured. The NAP is configured by using IPsec, DHCP, and 802.1x enforcement methods. Currently the computers that are not joined to the domain can easily connect to the domain and access network resources. As a network administrator, you want to stop this security lapse and want to ensure that only computers that are joined to the domain can access network resources on the domain. Which of the following options would you choose to accomplish this task? A. Configure all DHCP scopes on ITCertKeysServer1 to enable NAP. B. Configure all network switches to require 802.1x authentication. C. Create a GPO, link it to the domain. Enable a secure server IPsec policy on all member servers in the domain in the GPO. D. Create a GPO, link it to the domain. Enable a NAP enforcement client for IPsec communications on all client computers in the domain in the GPO. E. None of the above. Answer: C Explanation: To ensure that only computers that are joined to the domain can access network resources on the domain, you need to create a GPO, link it to the domain and enable a secure server IPsec policy on all member servers in the domain in the GPO. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec. Configuring DHCP scope cannot stop unmanaged computers that are not joined to the domain from accessing the network. NAP is not required in this scenario because you just want the member computers to access network resources. Therefore, you need not create a GPO, link it to the domain. Enable a NAP enforcement client for IPsec communications on all client computers in the domain in the GPO. Reference: Protecting a Network from Unmanaged Clients / Solutions http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclients.mspx Question 9. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista. The network contains three Windows Server 2008 servers configured as follows: 1. ITCertKeysServer1 - Configured with Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services. 1. ITCertKeysServer2 - Configured with Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA), and Microsoft System Center Configuration Manager (SCCM) 2007 services 1. ITCertKeysServer3 - Configured with File Services and Microsoft Windows SharePoint Services (WSS). As an enterprise administrator of the company, you have been assigned the task to configure the NAP environment that would only allow computers that have required Microsoft updates installed to access the internal network resources. Besides, you need to ensure that when the client computers connect to the network, the network switches would only allow them to communicate with only ITCertKeysServer1 and ITCertKeysServer2 initially. . Which of the following NAP enforcement method should you use to accomplish this task? A. 802.1x B. DHCP C. IPsec communications D. VPN E. None of the above. Answer: A Explanation: To configure the NAP environment that would only allow computers that have required Microsoft updates installed to access the internal network resources and to ensure that when the client computers connect to the network, the network switches would only allow them to communicate with only ITCertKeysServer1 and ITCertKeysServer2 initially, you need to use 802.1x NAP enforcement method because this method enforces health policies when a client computer attempts to access a network using EAP through an 802.1X wireless connection or an authenticating switch connection. Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deployment-planning.asp Question 10. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all the client computers run Windows Vista with Service Pack 1. The network contains three Windows Server 2008 servers configured as follows: 1. ITCertKeysServer1- Configured with Network Policy and Access Services (NPAS). 2. ITCertKeysServer2 - Configured with Microsoft Windows SharePoint Services (WSS). 3. ITCertKeysServer3 - Configured with File Services. The company has many remote users (domain members) that need to access the domain resources from their remote locations. Some of the remote users informed you that they can access ITCertKeysServer2 by using the URL https://portal. ITCertKeys.com from their remote locations through Internet but the firewall used at their remote location site prevents all other outbound connections. As an enterprise administrator of the company, you have been assigned the task to plan a solution that would allow the remote users to access files on ITCertKeysServer3 through a VPN connection Which of the following types of connections should you enable on ITCertKeysServer1? A. Configure IPsec tunnel mode connection B. Configure a L2TP VPN connection C. Configure a PPTP VPN connection D. Configure Secure Socket Tunneling Protocol (SSTP) connection E. None of the above. Answer: D Explanation: To plan a solution that would allow the remote users using firewall on their remote locations to access files on ITCertKeysServer3 through a VPN connection, you need to configure Secure Socket Tunneling Protocol (SSTP) connection. Before Windows Server 2008, all kinds of VPN connections such as PPTP L2TP, and IPSec had problems with firewalls, NATs, and Web proxies. To prevent problems, firewalls must be configured to allow connections. If your VPN client computer is behind a NAT, both the VPN client and the VPN server must support IPsec NAT-Traversal (NAT-T). Besides, VPN server can't be located behind a NAT, and that L2TP/IPsec traffic can't flow through a Web proxy. With the advent of SSTP in Windows Server 2008 all the VPN connectivity problems such as firewalls, NATs, and Web proxies are solved. The SSTP connection allows the use of HTTP over secure sockets layer (SSL). SSTP uses an HTTP-over-SSL session between VPN clients and servers to exchange encapsulated IPv4 or IPv6 packets. Reference: The Cable Guy: The Secure Socket Tunneling Protocol / The New VPN Solution http://technet.microsoft.com/en-us/magazine/cc162322.aspx
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.