Exam 2 1. You have a network with a subnet mask of 255.255.240.0. What would the CIDR notation be for this network? A. /16 B. /24 C. /20 D. /12 Answer: C CIDR introduced a more efficient notation for network addresses. A standard dotted-decimal address representing the network is followed by a forward slash and a numeral specifying the size of the network-identifying prefix. Because 20 bits are masked, it would use a CIDR notation of /20. 2. Which of the following represents the loopback for IPv6 addresses? A. 0:0:0:0:0:0:0:1 B. FF:FF:FF:FF:FF:FF:FF:1 C. 127.0.0.1 D. 172.0.0.1 Answer: A Two IPv6 unicast addresses serve special purposes, which correspond to equivalents in IPv4. The loopback address causes any messages sent to it to be returned to the sending system. In IPv6, the loopback address is 0:0:0:0:0:0:0:1, more commonly notated as ::1. 3. What type of query receives the name resolution request and immediately responds with the best information it possesses at the time? A. iterative B. recursive C. replication D. notification Answer: A When a client sends an iterative request to a DNS server, the server responds with either the answer to the request or the name of another server that has the information. 4. Which network has the three most significant bits as 110, with the remainder of the first three octets as the network number and the last octet as the host number? A. Class A B. C. D. Class B Class C Class D Answer: C In a class C network, the first octet begins with 110 in binary, which gives a range from 192 to 223 in decimal format. 5. Which of the following is not shared within a forest? A. global catalog B. trust relationships C. schema D. SQL databases Answer: D A single forest shares each of the following elements: Global catalog. A forest has a single global catalog, which enables computers and users to locate objects in any domain in the forest. Configuration directory partition. All domain controllers in a forest share a single partition in which the Active Directory Domain Service stores configuration data for AD-enabled applications Trust relationships. All domains in a forest are connected by twoway transitive trust relationships, enabling users and computers in one domain to access resources in other domains. Schema. A forest’s domains all share a single schema. If one business element requires modifications to the schema, those modifications affect all other elements in the forest. Trustworthy administrators. Any individual with the permissions needed to administer an AD DS domain controller can make changes that affect the entire forest. Therefore, a certain level of trustworthiness is necessary for all administrators in a forest. 6. What is the minimum domain functional level needed to include last interactive logon and fine-grained password policies? A. Windows 2000 Native B. Windows Server 2003 C. Windows Server 2008 D. Windows Server 2008 R2 Answer: C The Windows Server 2008 functional domain level includes the following features: Support for SYSVOL in Distributed File System Replication Advanced Encryption Services for Kerberos Information about the last interactive logon Fine-grained password policies 7. What allows a user access to read or modify an Active Directory object? A. permission B. right C. privilege D. customization Answer: A ACLs and access control entries (ACEs) make up the system of Active Directory permissions, which provide users with access to the AD DS infrastructure. 8. What tool do you use to change the domain or forest functional level? A. Active Directory Users and Computers B. Active Directory Sites and Services C. Active Directory Domains and Trusts D. Group Policy Management console Answer: C To raise the functional level of a forest or a domain at a later time, use the Active Directory Domains and Trusts console. 9. How often does inter-site replication occur by default? A. 5 minutes B. 10 minutes C. 15 minutes D. 1 hour Answer: C Inter-site replication occurs on a scheduled basis (every 15 minutes by default). 10. When you configure a site link object, which attribute allows you to define the path that replication will take? A. cost B. schedule C. frequency D. none of the above Answer: A Assigning a cost to a site link object allows you to define the path that replication will take. If more than one path can be used to replicate information, cost assignments determine which path is chosen first. 11. What do you call the period it takes for a change to replicate to all domain controllers? A. B. C. D. frequency period replication period max period latency period Answer: D The replication latency period is the time it takes for changes to propagate to all domain controllers in the enterprise. 12. What Windows component allows administrators to create queries based on hardware, software, operating systems, and services? A. VBScript B. Windows Scripting Language C. Windows Management Instrumentation D. .NET Framework Answer: C The Windows Management Instrumentation (WMI) component provides management information and control in an enterprise environment. It allows administrators to create queries based on hardware, software, operating systems, and services. These queries can be used to gather data or determine where items, such as GPOs, will be applied. 13. Which migration path is a two-phase process where you first upgrade an existing forest and domain and then organize the AD objects as needed? A. domain upgrade migration B. domain restructure migration C. upgrade-then-restructure migration D. full migration Answer: C An upgrade-then-restructure migration is a two-phase process in which you first upgrade your existing forest and domains to Windows Server 2008 R2, and then restructure the AD DS database by migrating objects into other domains within the same forest. 14. What do you need to install to migrate passwords from one domain to another domain? A. AFS B. AFD C. SMB D. PES Answer: D To migrate passwords via the ADMT, you have to install the Microsoft Password Export Server (PES) on your source domain controller. PES enables ADMT to migrate user passwords through a secure channel between the source and target domain, providing users with a seamless transition to the new domain. 15. In ADFS, which domain includes the user accounts employed to visit the partner’s domain with the resources to be accessed? A. account partner B. resource partner C. source partner D. target partner Answer: A The ADFS architecture designates one side of the federation as the account partner and the other side as the resource partner. The administrators on the account partner side designate an AD DS or AD LDS directory as the account store and maintain the user accounts that require access to the resources hosted by the resource partner. 16. What is the traditional method used to access files remotely from the UNIX world? A. NetBIOS share B. SMB C. NFS D. UNIXShare Answer: C Windows operating systems rely on a protocol called Server Message Blocks (SMB) for file sharing, but in the UNIX world, the standard is the Network File System (NFS). Unlike SMB, which is proprietary, NFS is based on an open standard published by the Internet Engineering Task Force (IETF). 17. In Windows, what is used to accommodate organizations that have both Windows and UNIX computers? A. Services for Network File System B. UNIXShare C. NFS Proxy D. NFS Converter Answer: A To accommodate organizations with heterogeneous networks containing both Windows and UNIX computers, Windows Server 2008 R2 includes the Services for Network File System role service, which provides NFS Server and NFS Client capabilities. 18. What is the minimum connection should a medium branch office should have to the HQ connection to HQ? A. 1.0 Mbps B. 1.5 Mbps C. 10 Mbps D. 45 Mbps Answer: B A medium size branch office should have a minimum of 1.544 Mbps or a T-1 line. 19. What is the disadvantage of using a full domain controller? A. It provides the fastest performance possible. B. It provides the best chance of corruption. C. It requires additional accounts to be configured. D. It provides the largest attack surface. Answer: D A full domain controller provides the largest attack surface, which is one of the main reasons you might hesitate to deploy it in a branch office environment. An attacker can access the AD DS database and modify its contents inappropriately. The domain controller then replicates the content to the other domain controllers, potentially contaminating the entire enterprise. 20. Where do you modify the default Password Replication Policy so that the RODC caches passwords for selected users? A. Active Directory RODC console B. Active Directory Sites and Services C. Active Directory Users and Computers D. Active Directory Group Policies Management Console Answer: C To modify the Password Replication Policy, you must open the Properties sheet for the server in the Active Directory Users and Computers console and select the Password Replication Policy tab. 21. Up to how many workstations can BranchCache typically support when running distributed cache mode? A. 10 B. 20 C. 50 D. 100 Answer: C BranchCache supports file requests using Server Message Blocks (SMB) and Hypertext Transfer Protocol (HTTP). At the branch office, BranchCache in distributed cache mode can typically support up to 50 workstations. To use hosted cache mode, you must have a branch office server at each location that has branch office workstations. 22. Modifications to .msi files require transform files, which have which extension? A. .msit B. .mse C. .msx D. .mst Answer: D At times, you may need to modify Windows Installer files to better suit the needs of your corporate network. Modifications to .msi files require transform files, which have an .mst extension. 23. What is one way to simplify the process of deploying applications on a large number of computers? A. thin client computing B. server-side processing C. mainframe computing D. Remote Desktop Services Answer: D One way to simplify the process is to use Remote Desktop Services to provide your client computers with access to the applications they need. 24. What is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively simple devices that provide the user interface? A. Role Services B. Remote Desktop Services C. Domain Services D. Function Services Answer: B Remote Desktop Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively simple devices that provide the user interface. 25. __________, now in version 6.1, is based on the T.120 protocol standards published by the International Telecommunications Union (ITU). A. Remote Access B. Remote Desktop Protocol C. D. Remote Assistance Remote Control Protocol Answer: B Remote Desktop Protocol (RDP) is a networking protocol that enables communication between the RDS server and the client. 26. To separate the client processes for individual sessions, what kind of unique identifier does the terminal server assigns each session? A. GUID B. ACL C. Session ID D. Console number Answer: C The session can provide the client with a full-featured Windows desktop, a desktop containing one application, or a single application in its own window, appearing exactly as though the application was running on the client computer. To keep track of what applications are running, each session is assigned a session ID. 27. Which WSUS architecture configuration is the simplest configuration? A. single WSUS server B. replica WSUS servers C. disconnected WSUS servers D. autonomous WSUS servers Answer: A In the simplest configuration, a single WSUS server downloads updates from the Microsoft Update website, and all other computers on the network download the updates from that WSUS server. 28. Which WSUS architecture is recommended for larger, well-connected branch offices? A. single WSUS server B. replica WSUS servers C. disconnected WSUS servers D. autonomous WSUS servers Answer: B For enterprise networks with remote locations, such as well-connected branch offices, running a separate WSUS server at each site might be preferable. This enables clients to access their updates from a local source, rather than burden the WAN connection to a home office server with multiple downloads of the same files. 29. What is the minimum memory to install WSUS? A. 1 GB B. 2 GB C. 3 GB D. 4 GB Answer: A To install WSUS, 1 GB of memory is required but 2 GB is recommended. 30. Which component does WSUS work on? A. Application Services B. IIS C. RRAS D. WINS Answer: B Windows Update clients connect to a WSUS server by accessing a website, just as they do when connecting to the Microsoft Update site directly. Therefore, when you install the Windows Server Update Services role, the Add Roles Wizard prompts you to also install the Web Server (IIS) role. 31. When SCCM determines a computer’s desired configuration, what does it compare to a client computer? A. preset configuration B. test configuration C. configuration baseline D. predefined configuration Answer: C Administrators can download preconfigured baselines that conform to Microsoft best practices or build their own by using Configuration Manager. 32. To protect an enterprise network, what do you need to install to examine incoming and outgoing traffic? A. email servers B. honey pots C. RADIUS servers D. firewalls Answer: D To protect an enterprise network, administrators erect a system of firewalls that examine the traffic coming in from and going out to the public network. Traffic that does not confirm to rules set down by administrators is blocked. 33. What type of connectivity creates a secure point-to-point connection across either a private network or a public network, such as the Internet? A. remote access B. dial-up networking C. virtual private network (VPN) D. custom configuration Answer: C VPN connectivity creates a secure point-to-point connection across either a private network or a public network, such as the Internet. 34. Which authentication method sends the username and password in clear text? A. PEAP B. PAP C. CHAP D. MS-CHAPv2 Answer: B PAP is the least secure of the RRAS authentication protocols because it transmits simple passwords in clear text over the link between the computers. 35. What optional component can be deployed to allow non-compliant client computers to achieve network compliance and gain network access? A. enforcement server B. health policy server C. health requirement server D. remediation server Answer: D A remediation server is an optional component that you can deploy to allow non-compliant client computers to achieve network compliance and gain network access. 36. What type of dynamic disk consists of an identical amount of space on two physical disks? A. simple volume B. mirrored volume C. striped volume D. spanned volume Answer: B A mirrored volume consists of an identical amount of space on two physical disks, both of which must be dynamic disks. The system performs all read and write operations on both disks simultaneously. Because information is written to both disks, if one disk fails, the other one continues to provide access to the volume until the failed disk is repaired or replaced. 37. What file system provides the most granular user access control as well as other advanced storage features, including file encryption and compression? A. NTFS B. FAT C. LTP D. SWAP Answer: A NTFS not only provides the most granular user access control, it also provides other advanced storage features, including file encryption and compression. 38. The Distributed File System (DFS) implemented in the Windows Server 2008 File Services role includes two technologies: DFS Namespaces and __________. A. DFS Remediation B. DFS Replication C. DNS Replication D. DFS Topology Answer: B The Distributed File System (DFS) implemented in the Windows Server 2008 File Services role includes DFS Namespaces and DFS Replication. 39. What type of site can users access to employ browser-based workspaces to share information in various ways? A. Windows Server Update Services B. Windows SharePoint 2010 Foundation C. Windows SQL Server D. Windows IIS Answer: B By accessing the SharePoint 2010 Foundation site, users can employ browser-based workspaces to share information in various ways, such as storing documents, creating calendar appointments and task lists, and contributing to newsgroup-style discussions. You can create individual websites for specific projects, departments, or workgroups that contain some or all of these features. 40. Hyper-V uses what type of virtualization? A. Type 1 B. Type 2 C. Type 3 D. Type 4 Answer: A The virtualization capability built into Windows Server 2008, called Hyper-V, uses a different type of architecture. Hyper-V uses Type 1 virtualization, in which the VMM is called a hypervisor, an abstraction layer that interacts directly with the computer’s physical hardware. 41. Which of the following statements is true regarding Hyper-V? A. It requires a 64-bit version of Windows Server 2008 or Windows Server 2008 R2. B. It requires a 32-bit version of Windows. C. You have to install Virtual Server 2005 before installing Hyper-V. D. You need to enable Jumbo frames before installing Hyper-V. Answer: A Although Hyper-V is a more robust virtual host server, in some situations you may choose to use Virtual Server 2005 R2. Because Windows Server 2008 R2 and Hyper-V run only on 64-bit systems, you cannot install Hyper-V on Windows Server 2003. 42. In Hyper-V, when a virtual machine it is placed in a save file, it creates what kind of file? A. .vmc B. .vhd C. .vsv D. .avhd Answer: C A virtual machine may also use a saved-state (.vsv) file if the machine has been placed into a saved state. 43. What type of servers should not be virtualized? A. email servers B. SQL servers C. file servers D. servers with high I/O or processor requirements Answer: D Not all servers should be virtualized. For example, servers that have high I/O requirements or high processor requirements will require the same level of resources to perform as needed, with or without virtualization. Therefore, virtualizing all the servers is pointless; adding a level of virtualization would just add another level of complexity. 44. What is an electronic document that contains a person’s or organization name, serial number, expiration date, and the holder’s public key? A. digital certificate B. private key C. digital signature D. hash certificate Answer: A A digital certificate—which can be deployed to users, computers, network devices, and services—is an electronic document that contains a person’s or organization’s name, a serial number, an expiration date, a copy of the certificate holder’s public key (used for encrypting messages and to create digital signatures), and the digital signature of the Certificate Authority (CA). 45. What is the most common digital certificate? A. X.500 B. X.509 version 3 C. hash certificate D. EFS certificate Answer: B The most common digital certificate is the X.509 version 3. This standard specifies the format for the public key certificate, certificate revocation lists, attribute certificates, and a certificate path validation algorithm. 46. Which of the following contains a digest of the certificate data used for digital signing? A. certificate policies B. friendly name C. thumbprint algorithm D. thumbprint Answer: D A thumbprint contains a digest of the certificate data used for digital signing. 47. Which basic type of CA does not integrate into the Active Directory environment and does not use certificate templates? A. subordinate B. enterprise C. standalone D. intermediate Answer: C Standalone CAs do not use certificate templates or Active Directory; they store their information locally. Also, by default, standalone CAs do not automatically respond to certificate enrollment requests, as is the case with enterprise CAs. Requests wait in a queue for an administrator to manually approve or deny them. Standalone CAs are intended for situations in which users outside the enterprise submit requests for certificates. 48. Which of the following is not a required permission that must be granted to the same user or group for the autoenrollment certificate template permission to function correctly? A. Allow Autoenroll B. Allow Enroll C. Allow Read D. Allow Write Answer: D For autoenrollment to function correctly, you must ensure that all three of the required permissions (Allow Read, Allow Enroll, and Allow Autoenroll) are granted to the same user or group. 49. Which version of Windows Server 2008 must computers be running to create a failover cluster? A. Basic B. Enterprise C. Standard D. Web Answer: B To create a failover cluster, computers must be running Windows Server 2008 Enterprise or Datacenter. The Standard and Web editions do not support failover clustering. 50. When performing backups, what do you call the collection of boot files, system registry settings, system protected files (SPF), Active Directory files, shared system volume (SYSVOL), and COM+ class registration database? A. Role Services B. System State C. Registered Services D. Function Services Answer: B The Windows system state is a collection of system components that are not contained in a simple file that can be backed up easily. It includes boot files, system registry settings, system protected files (SPF), Active Directory files, shared system volume (SYSVOL), and COM+ class registration database. 51. What mechanism automatically retains file copies on a server volume in multiple versions from specific points in time? A. system state B. preferred copies C. Net copies D. shadow copies Answer: D Shadow copies allow users to retrieve previous versions of files and folders on their own, without requiring IT personnel to restore files or folders from backup media. 52. Where do you install the enterprise root CA? A. domain controller B. standalone server C. dedicated Windows workstation D. member server that is part of the Active Directory domain Answer: A When you install the Active Directory Certificate Services Role on a Windows Server 2008 computer, you must install it on a domain controller. When you select the CA type, the Add Roles Wizard changes to include various additional configuration pages, depending on the type you select. On most enterprise networks that use certificates for their internal applications, the first CA they install will be an enterprise root CA. 53. Which of the following template versions provides backward compatibility for CAs running Windows Server 2003 Standard Edition and Windows 2000 family operating systems? A. version 1 B. version 2 C. version 3 D. version 4 Answer: A Version 1 templates provide backward compatibility for CAs running Windows Server 2003 Standard Edition and Windows 2000 family operating systems. 54. Which of the following Windows Server 2008 Certificate templates allows user authentication, EFS encryption, secure email, and certificate trust list signing? A. user B. administrator C. computer D. domain controller Answer: B The administrator certificate template allows user authentication, EFS encryption, secure email, and certificate trust list signing. 55. Which of the following steps is not part of the certificate enrollment process? A. generating keys B. requesting the certificate C. verifying the certificate D. sending or posting the certificate Answer: C Although enrollment options might be restricted by network connectivity issues or by the use of a standalone CA, the certificate enrollment process always follows the same high-level procedure: generating keys, collecting required information, requesting the certificate, checking the certificate hash value, creating the certificate, and sending or posting the certificate. 56. What computer component generates a private key and the public key? A. Cryptographic Service Provider B. Key Pair Generator C. CA generator D. CRL provider Answer: A When a client generates a request for a new certificate, the operating system passes the request information to a Cryptographic Service Provider (CSP) installed on the computer. The CSP generates the private key and the public key—referred to as a key pair—for the certificate request. If the CSP is software-based, it generates the key pair on the client computer. If the CSP is hardware-based (such as a smart card CSP), the CSP instructs the hardware device to generate the key pair. The client might also be assigned a key pair by some authority in the organization. 57. What is Microsoft’s implementation of the Simple Certificate Enrollment Protocol? A. Network Device Enrollment Service B. C. D. X.509 Device Enrollment Service CA Device Enrollment Service CA Device Agent Answer: A The Network Device Enrollment Service (NDES) is the Microsoft implementation of the Simple Certificate Enrollment Protocol (SCEP). 58. How many consecutive heartbeats must fail before convergence occurs? A. 3 B. 4 C. 5 D. 6 Answer: C When a server fails to generate five consecutive heartbeats, the cluster initiates a process called convergence, which stops it from sending clients to the missing server. 59. To balance the initial connection traffic among terminal servers, you can use an __________ cluster. A. fail-over B. NLB C. tolerant D. active-active Answer: B Network load balancing (NLB) occurs when multiple computers are configured as one virtual server to share the workload among multiple computers. NLB enhances the availability and scalability of Internet server applications such as those used on web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers. 60. You can implement shadow copies only for an entire __________; you cannot select specific shares, folders, or files. A. B. C. D. folder volume file computer Answer: B Shadow copies allow users to retrieve previous versions of files and folders on their own, without requiring IT personnel to restore files or folders from backup media. Of course, you need to have sufficient disk space to store the shadow copies—at least 100 MB of free space.