Microsoft Official Exam Center New Released 70-642 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Microsoft 70-642 at the first try!
Vendor: Microsoft
Exam Code: 70-642
Exam Name: TS: Windows Server 2008 Network Infrastructure, Configuring
Keywords: 70-642 Exam Dumps,70-642 Practice Tests,70-642 Practice Exams,70-642 Exam Questions,70-642 Dumps,70-642 PDF,70-642 VCE,70-642 Study Guide
QUESTION 151
Your company has a server named Server1 that runs a Server Core installation of Windows Server 2008 R2, and the DNS Server server role.
Server1 has one network interface named Local Area Connection.
The static IP address of the network interface is configured as 10.0.0.1.
You need to create a DNS zone named local.contoso.com on Server1.
Which command should you use?
A. ipconfig /registerdns:local.contoso.com
B. dnscmd Server1 /ZoneAdd local.contoso.com /DSPrimary
C. dnscmd Server1 /ZoneAdd local.contoso.com /Primary /file local.contoso.com.dns
D. netsh interface ipv4 set dnsserver name=”local.contoso.com” static 10.0.0.1 primary
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc756116(v=ws.10).aspx#BKMK_22
QUESTION 152
Your network contains a server named Server1 that runs Windows Server 2008 R2.
Server1 has the Network_Policy Server (NPS) role installed.
You need to ensure that the NPS log files on Server1 contain information of client connections.
What should you do?
A. Enable the Accounting requests settings.
B. Enable the Authentication requests settings.
C. Configure the IAS (Legacy) log file format.
D. Configure the DTS Compilant log file format.
Answer: D
Explanation:
The DTS Compliant log format is the newest one and only its XML have attributes fot session duration such as Acct-Session-Time = “The length of time (in seconds) for which the session has been active.
QUESTION 153
Your company has an Active Directory forest.
All domain controllers run the DNS Server server role.
The company plans to decommission the WINS service.
You need to enable forest-wide single name resolution.
What should you do?
A. Enable WINS-R lookup in DNS.
B. Create Service Location (SRV) records for the single name resources.
C. Create an Active Directory-integrated zone named LegacyWINS.
Create host (A) records for the single name resources.
D. Create an Active Directory-integrated zone named GlobalNames.
Create host (A) records for the single name resources.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc731744.aspx
QUESTION 154
You manage a domain controller that runs Windows Server 2008 R2 and the DNS Server server role.
The DNS server hosts an Active Directory-integrated zone for your domain.
You need to provide a user with the ability to manage records in the zone.
The user must not be able to modify the DNS server settings.
What should you do?
A. Add the user to the DNSUpdateProxy Global security group.
B. Add the user to the DNSAdmins Domain Local security group.
C. Grant the user permissions on the zone.
D. Grant the user permissions on the DNS server.
Answer: C
QUESTION 155
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
All client computers run Windows 7.
You create a new zone named secure.contoso.com and configure the zone to use DNSSEC.
You need to ensure that all client computers verify whether the name and address information of secure.contoso.com is validated by the DNS servers.
What should you configure from Group Policy?
A. an IPSec Security policy
B. the DNS Client settings
C. the Public Key policies
D. a Name Resolution Policy rule
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/ee649182(WS.10).aspx
QUESTION 156
Your company has a main office and two branch offices that are connected by WAN links.
The main office runs the DNS Server service on three domain controllers.
The zone for your domain is configured as an Active Directory-integrated zone.
Each branch office has a single member server that hosts a secondary zone for the domain.
The DNS servers in the branch offices use the main office DNS server as the DNS Master server for the zone.
You need to minimize DNS zone transfer traffic over the WAN links.
What should you do?
A. Decrease the Retry Interval setting in the Start of Authority (SOA) record for the zone.
B. Decrease the Refresh Interval setting in the Start of Authority (SOA) record for the zone.
C. Increase the Refresh Interval setting in the Start of Authority (SOA) record for the zone.
D. Disable the netmask ordering option in the properties of the DNS Master server for the zone.
Answer: C
QUESTION 157
Your network contains an Active Directory domain.
The domain contains an enterprise certification authority (CA) named Server1 and a server named Server2. On Server2, you deploy Network Policy Server (NPS) and you configure a Network Access Protection (NAP) enforcement policy for IPSec. From the Health Registration Authority snap-in on Server2, you set the lifetime of health certificates to four hours.
You discover that the validity period of the health certificates issued to client computers is one year.
You need to ensure that the health certificates are only valid for four hours.
What should you do?
A. Modify the Request Handling settings of the certificate template used for the health
certificates.
B. Modify the Issuance Requirements settings of the certificate template used for the health
certificates.
C. On Server1, run certutil.exe -setreg policy\editflags +editf_attributeenddate.
D. On Server1, run certutil.exe Csetregdbflags +dbflags_enablevolatilerequests.
Answer: C
Explanation:
Configure template validity period override
Use the following procedure to allow the CA to issue the new health certificate template.
This procedure applies to an enterprise NAP CA only.
To allow template validity period override
On the NAP CA, click Start, click Run, right-click Command Prompt, and then click Run as administrator.
In the command window, type Certutil.exe -setreg policy\EditFlags +EDITF_ATTRIBUTEENDDATE, and then press ENTER.
In the command window, type net stop certsvc && net start certsvc, and then press ENTER.
Verify that Active Directory Certificate Services (AD CS) stops and starts successfully.
http://technet.microsoft.com/en-us/library/dd296906(v=ws.10).aspx
Reference URL : http://technet.microsoft.com/en-us/library/dd296906(v=ws.10).aspx
QUESTION 158
Your company has a single Active Directory domain.
All servers run Windows Server 2008 R2.
You install an additional DNS server that runs Windows Server 2008 R2.
You need to delete the pointer record for the IP address 10.3.2.127.
What should you do?
A. Use DNS manager to delete the 127.in-addr.arpa zone.
B. Run the dnscmd /RecordDelete 10.3.2.127 command at the command prompt.
C. Run the dnscmd /ZoneDelete 127.in-addr.arpa command at the command prompt.
D. Run the dnscmd /RecordDelete 10.in-addr.arpa. 127.2.3 PTR command at the command
prompt.
Answer: D
Explanation:
http://support.microsoft.com/kb/842127/en-us
QUESTION 159
Your company has a server that runs Windows Server 2008 R2.
You have a new application that locates remote resources by name.
The new application requires IPv6.
You need to ensure that the application can locate remote resources by using IPv6.
What should you do?
A. Create a new Pointer (PTR) DNS record.
B. Create a new Quad-A (AAAA) DNS record.
C. Create a new Signature (SIG) DNS record.
D. Create a new Route Through (RT) DNS record.
Answer: B
QUESTION 160
You are building a test environment to evaluate DNS Security Extensions (DNSSEC).
You have a domain controller named Server1 that runs Windows Server 2008 R2 in your test environment.
Server1 has the DNS Server server role installed.
You need to configure Server1 to support the DNSSEC evaluation.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a new Quad-A (AAAA) DNS record.
B. Create a new Signature (SIG) DNS record.
C. Create a new Public key (KEY) DNS record.
D. Create a new Well-known service (WKS) DNS record.
Answer: BC
Instant Download Braindump2go New Released Microsoft 70-642 Exam Dumps PDF & VCE! Enjoy 1 year Free Updation! 100% Exam Pass Guaranteed Or Full Money Back!