Exam 2
1.
You have a network with a subnet mask of 255.255.240.0. What would the
CIDR notation be for this network?
A.
/16
B.
/24
C.
/20
D.
/12
Answer: C
CIDR introduced a more efficient notation for network addresses. A
standard dotted-decimal address representing the network is followed by a
forward slash and a numeral specifying the size of the network-identifying
prefix. Because 20 bits are masked, it would use a CIDR notation of /20.
2.
Which of the following represents the loopback for IPv6 addresses?
A.
0:0:0:0:0:0:0:1
B.
FF:FF:FF:FF:FF:FF:FF:1
C.
127.0.0.1
D.
172.0.0.1
Answer: A
Two IPv6 unicast addresses serve special purposes, which correspond to
equivalents in IPv4. The loopback address causes any messages sent to it
to be returned to the sending system. In IPv6, the loopback address is
0:0:0:0:0:0:0:1, more commonly notated as ::1.
3.
What type of query receives the name resolution request and immediately
responds with the best information it possesses at the time?
A.
iterative
B.
recursive
C.
replication
D.
notification
Answer: A
When a client sends an iterative request to a DNS server, the server
responds with either the answer to the request or the name of another
server that has the information.
4.
Which network has the three most significant bits as 110, with the
remainder of the first three octets as the network number and the last octet
as the host number?
A.
Class A
B.
C.
D.
Class B
Class C
Class D
Answer: C
In a class C network, the first octet begins with 110 in binary, which gives
a range from 192 to 223 in decimal format.
5.
Which of the following is not shared within a forest?
A.
global catalog
B.
trust relationships
C.
schema
D.
SQL databases
Answer: D
A single forest shares each of the following elements:
 Global catalog. A forest has a single global catalog, which enables
computers and users to locate objects in any domain in the forest.
 Configuration directory partition. All domain controllers in a forest
share a single partition in which the Active Directory Domain Service
stores configuration data for AD-enabled applications
 Trust relationships. All domains in a forest are connected by twoway transitive trust relationships, enabling users and computers in one
domain to access resources in other domains.
 Schema. A forest’s domains all share a single schema. If one business
element requires modifications to the schema, those modifications
affect all other elements in the forest.
 Trustworthy administrators. Any individual with the permissions
needed to administer an AD DS domain controller can make changes
that affect the entire forest. Therefore, a certain level of
trustworthiness is necessary for all administrators in a forest.
6.
What is the minimum domain functional level needed to include last
interactive logon and fine-grained password policies?
A.
Windows 2000 Native
B.
Windows Server 2003
C.
Windows Server 2008
D.
Windows Server 2008 R2
Answer: C
The Windows Server 2008 functional domain level includes the following
features:
 Support for SYSVOL in Distributed File System Replication
 Advanced Encryption Services for Kerberos
 Information about the last interactive logon
 Fine-grained password policies
7.
What allows a user access to read or modify an Active Directory object?
A.
permission
B.
right
C.
privilege
D.
customization
Answer: A
ACLs and access control entries (ACEs) make up the system of Active
Directory permissions, which provide users with access to the AD DS
infrastructure.
8.
What tool do you use to change the domain or forest functional level?
A.
Active Directory Users and Computers
B.
Active Directory Sites and Services
C.
Active Directory Domains and Trusts
D.
Group Policy Management console
Answer: C
To raise the functional level of a forest or a domain at a later time, use the
Active Directory Domains and Trusts console.
9.
How often does inter-site replication occur by default?
A.
5 minutes
B.
10 minutes
C.
15 minutes
D.
1 hour
Answer: C
Inter-site replication occurs on a scheduled basis (every 15 minutes by
default).
10.
When you configure a site link object, which attribute allows you to define
the path that replication will take?
A.
cost
B.
schedule
C.
frequency
D.
none of the above
Answer: A
Assigning a cost to a site link object allows you to define the path that
replication will take. If more than one path can be used to replicate
information, cost assignments determine which path is chosen first.
11.
What do you call the period it takes for a change to replicate to all domain
controllers?
A.
B.
C.
D.
frequency period
replication period
max period
latency period
Answer: D
The replication latency period is the time it takes for changes to propagate
to all domain controllers in the enterprise.
12.
What Windows component allows administrators to create queries based
on hardware, software, operating systems, and services?
A.
VBScript
B.
Windows Scripting Language
C.
Windows Management Instrumentation
D.
.NET Framework
Answer: C
The Windows Management Instrumentation (WMI) component provides
management information and control in an enterprise environment. It
allows administrators to create queries based on hardware, software,
operating systems, and services. These queries can be used to gather data
or determine where items, such as GPOs, will be applied.
13.
Which migration path is a two-phase process where you first upgrade an
existing forest and domain and then organize the AD objects as needed?
A.
domain upgrade migration
B.
domain restructure migration
C.
upgrade-then-restructure migration
D.
full migration
Answer: C
An upgrade-then-restructure migration is a two-phase process in which
you first upgrade your existing forest and domains to Windows Server
2008 R2, and then restructure the AD DS database by migrating objects
into other domains within the same forest.
14.
What do you need to install to migrate passwords from one domain to
another domain?
A.
AFS
B.
AFD
C.
SMB
D.
PES
Answer: D
To migrate passwords via the ADMT, you have to install the Microsoft
Password Export Server (PES) on your source domain controller. PES
enables ADMT to migrate user passwords through a secure channel
between the source and target domain, providing users with a seamless
transition to the new domain.
15.
In ADFS, which domain includes the user accounts employed to visit the
partner’s domain with the resources to be accessed?
A.
account partner
B.
resource partner
C.
source partner
D.
target partner
Answer: A
The ADFS architecture designates one side of the federation as the
account partner and the other side as the resource partner. The
administrators on the account partner side designate an AD DS or AD
LDS directory as the account store and maintain the user accounts that
require access to the resources hosted by the resource partner.
16.
What is the traditional method used to access files remotely from the
UNIX world?
A.
NetBIOS share
B.
SMB
C.
NFS
D.
UNIXShare
Answer: C
Windows operating systems rely on a protocol called Server Message
Blocks (SMB) for file sharing, but in the UNIX world, the standard is the
Network File System (NFS). Unlike SMB, which is proprietary, NFS is
based on an open standard published by the Internet Engineering Task
Force (IETF).
17.
In Windows, what is used to accommodate organizations that have both
Windows and UNIX computers?
A.
Services for Network File System
B.
UNIXShare
C.
NFS Proxy
D.
NFS Converter
Answer: A
To accommodate organizations with heterogeneous networks containing
both Windows and UNIX computers, Windows Server 2008 R2 includes
the Services for Network File System role service, which provides NFS
Server and NFS Client capabilities.
18.
What is the minimum connection should a medium branch office should
have to the HQ connection to HQ?
A.
1.0 Mbps
B.
1.5 Mbps
C.
10 Mbps
D.
45 Mbps
Answer: B
A medium size branch office should have a minimum of 1.544 Mbps or a
T-1 line.
19.
What is the disadvantage of using a full domain controller?
A.
It provides the fastest performance possible.
B.
It provides the best chance of corruption.
C.
It requires additional accounts to be configured.
D.
It provides the largest attack surface.
Answer: D
A full domain controller provides the largest attack surface, which is one
of the main reasons you might hesitate to deploy it in a branch office
environment. An attacker can access the AD DS database and modify its
contents inappropriately. The domain controller then replicates the content
to the other domain controllers, potentially contaminating the entire
enterprise.
20.
Where do you modify the default Password Replication Policy so that the
RODC caches passwords for selected users?
A.
Active Directory RODC console
B.
Active Directory Sites and Services
C.
Active Directory Users and Computers
D.
Active Directory Group Policies Management Console
Answer: C
To modify the Password Replication Policy, you must open the Properties
sheet for the server in the Active Directory Users and Computers console
and select the Password Replication Policy tab.
21.
Up to how many workstations can BranchCache typically support when
running distributed cache mode?
A.
10
B.
20
C.
50
D.
100
Answer: C
BranchCache supports file requests using Server Message Blocks (SMB)
and Hypertext Transfer Protocol (HTTP). At the branch office,
BranchCache in distributed cache mode can typically support up to 50
workstations. To use hosted cache mode, you must have a branch office
server at each location that has branch office workstations.
22.
Modifications to .msi files require transform files, which have which
extension?
A.
.msit
B.
.mse
C.
.msx
D.
.mst
Answer: D
At times, you may need to modify Windows Installer files to better suit the
needs of your corporate network. Modifications to .msi files require
transform files, which have an .mst extension.
23.
What is one way to simplify the process of deploying applications on a
large number of computers?
A.
thin client computing
B.
server-side processing
C.
mainframe computing
D.
Remote Desktop Services
Answer: D
One way to simplify the process is to use Remote Desktop Services to
provide your client computers with access to the applications they need.
24.
What is the modern equivalent of mainframe computing, in which servers
perform most of the processing and clients are relatively simple devices
that provide the user interface?
A.
Role Services
B.
Remote Desktop Services
C.
Domain Services
D.
Function Services
Answer: B
Remote Desktop Services is the modern equivalent of mainframe
computing, in which servers perform most of the processing and clients
are relatively simple devices that provide the user interface.
25.
__________, now in version 6.1, is based on the T.120 protocol standards
published by the International Telecommunications Union (ITU).
A.
Remote Access
B.
Remote Desktop Protocol
C.
D.
Remote Assistance
Remote Control Protocol
Answer: B
Remote Desktop Protocol (RDP) is a networking protocol that enables
communication between the RDS server and the client.
26.
To separate the client processes for individual sessions, what kind of
unique identifier does the terminal server assigns each session?
A.
GUID
B.
ACL
C.
Session ID
D.
Console number
Answer: C
The session can provide the client with a full-featured Windows desktop, a
desktop containing one application, or a single application in its own
window, appearing exactly as though the application was running on the
client computer. To keep track of what applications are running, each
session is assigned a session ID.
27.
Which WSUS architecture configuration is the simplest configuration?
A.
single WSUS server
B.
replica WSUS servers
C.
disconnected WSUS servers
D.
autonomous WSUS servers
Answer: A
In the simplest configuration, a single WSUS server downloads updates
from the Microsoft Update website, and all other computers on the
network download the updates from that WSUS server.
28.
Which WSUS architecture is recommended for larger, well-connected
branch offices?
A.
single WSUS server
B.
replica WSUS servers
C.
disconnected WSUS servers
D.
autonomous WSUS servers
Answer: B
For enterprise networks with remote locations, such as well-connected
branch offices, running a separate WSUS server at each site might be
preferable. This enables clients to access their updates from a local source,
rather than burden the WAN connection to a home office server with
multiple downloads of the same files.
29.
What is the minimum memory to install WSUS?
A.
1 GB
B.
2 GB
C.
3 GB
D.
4 GB
Answer: A
To install WSUS, 1 GB of memory is required but 2 GB is recommended.
30.
Which component does WSUS work on?
A.
Application Services
B.
IIS
C.
RRAS
D.
WINS
Answer: B
Windows Update clients connect to a WSUS server by accessing a
website, just as they do when connecting to the Microsoft Update site
directly. Therefore, when you install the Windows Server Update Services
role, the Add Roles Wizard prompts you to also install the Web Server
(IIS) role.
31.
When SCCM determines a computer’s desired configuration, what does it
compare to a client computer?
A.
preset configuration
B.
test configuration
C.
configuration baseline
D.
predefined configuration
Answer: C
Administrators can download preconfigured baselines that conform to
Microsoft best practices or build their own by using Configuration
Manager.
32.
To protect an enterprise network, what do you need to install to examine
incoming and outgoing traffic?
A.
email servers
B.
honey pots
C.
RADIUS servers
D.
firewalls
Answer: D
To protect an enterprise network, administrators erect a system of
firewalls that examine the traffic coming in from and going out to the
public network. Traffic that does not confirm to rules set down by
administrators is blocked.
33.
What type of connectivity creates a secure point-to-point connection
across either a private network or a public network, such as the Internet?
A.
remote access
B.
dial-up networking
C.
virtual private network (VPN)
D.
custom configuration
Answer: C
VPN connectivity creates a secure point-to-point connection across either
a private network or a public network, such as the Internet.
34.
Which authentication method sends the username and password in clear
text?
A.
PEAP
B.
PAP
C.
CHAP
D.
MS-CHAPv2
Answer: B
PAP is the least secure of the RRAS authentication protocols because it
transmits simple passwords in clear text over the link between the
computers.
35.
What optional component can be deployed to allow non-compliant client
computers to achieve network compliance and gain network access?
A.
enforcement server
B.
health policy server
C.
health requirement server
D.
remediation server
Answer: D
A remediation server is an optional component that you can deploy to
allow non-compliant client computers to achieve network compliance and
gain network access.
36.
What type of dynamic disk consists of an identical amount of space on
two physical disks?
A.
simple volume
B.
mirrored volume
C.
striped volume
D.
spanned volume
Answer: B
A mirrored volume consists of an identical amount of space on two
physical disks, both of which must be dynamic disks. The system
performs all read and write operations on both disks simultaneously.
Because information is written to both disks, if one disk fails, the other
one continues to provide access to the volume until the failed disk is
repaired or replaced.
37.
What file system provides the most granular user access control as well as
other advanced storage features, including file encryption and
compression?
A.
NTFS
B.
FAT
C.
LTP
D.
SWAP
Answer: A
NTFS not only provides the most granular user access control, it also
provides other advanced storage features, including file encryption and
compression.
38.
The Distributed File System (DFS) implemented in the Windows Server
2008 File Services role includes two technologies: DFS Namespaces and
__________.
A.
DFS Remediation
B.
DFS Replication
C.
DNS Replication
D.
DFS Topology
Answer: B
The Distributed File System (DFS) implemented in the Windows Server
2008 File Services role includes DFS Namespaces and DFS Replication.
39.
What type of site can users access to employ browser-based workspaces to
share information in various ways?
A.
Windows Server Update Services
B.
Windows SharePoint 2010 Foundation
C.
Windows SQL Server
D.
Windows IIS
Answer: B
By accessing the SharePoint 2010 Foundation site, users can employ
browser-based workspaces to share information in various ways, such as
storing documents, creating calendar appointments and task lists, and
contributing to newsgroup-style discussions. You can create individual
websites for specific projects, departments, or workgroups that contain
some or all of these features.
40.
Hyper-V uses what type of virtualization?
A.
Type 1
B.
Type 2
C.
Type 3
D.
Type 4
Answer: A
The virtualization capability built into Windows Server 2008, called
Hyper-V, uses a different type of architecture. Hyper-V uses Type 1
virtualization, in which the VMM is called a hypervisor, an abstraction
layer that interacts directly with the computer’s physical hardware.
41.
Which of the following statements is true regarding Hyper-V?
A.
It requires a 64-bit version of Windows Server 2008 or Windows
Server 2008 R2.
B.
It requires a 32-bit version of Windows.
C.
You have to install Virtual Server 2005 before installing Hyper-V.
D.
You need to enable Jumbo frames before installing Hyper-V.
Answer: A
Although Hyper-V is a more robust virtual host server, in some situations
you may choose to use Virtual Server 2005 R2. Because Windows Server
2008 R2 and Hyper-V run only on 64-bit systems, you cannot install
Hyper-V on Windows Server 2003.
42.
In Hyper-V, when a virtual machine it is placed in a save file, it creates
what kind of file?
A.
.vmc
B.
.vhd
C.
.vsv
D.
.avhd
Answer: C
A virtual machine may also use a saved-state (.vsv) file if the machine has
been placed into a saved state.
43.
What type of servers should not be virtualized?
A.
email servers
B.
SQL servers
C.
file servers
D.
servers with high I/O or processor requirements
Answer: D
Not all servers should be virtualized. For example, servers that have high
I/O requirements or high processor requirements will require the same
level of resources to perform as needed, with or without virtualization.
Therefore, virtualizing all the servers is pointless; adding a level of
virtualization would just add another level of complexity.
44.
What is an electronic document that contains a person’s or organization
name, serial number, expiration date, and the holder’s public key?
A.
digital certificate
B.
private key
C.
digital signature
D.
hash certificate
Answer: A
A digital certificate—which can be deployed to users, computers, network
devices, and services—is an electronic document that contains a person’s
or organization’s name, a serial number, an expiration date, a copy of the
certificate holder’s public key (used for encrypting messages and to create
digital signatures), and the digital signature of the Certificate Authority
(CA).
45.
What is the most common digital certificate?
A.
X.500
B.
X.509 version 3
C.
hash certificate
D.
EFS certificate
Answer: B
The most common digital certificate is the X.509 version 3. This standard
specifies the format for the public key certificate, certificate revocation
lists, attribute certificates, and a certificate path validation algorithm.
46.
Which of the following contains a digest of the certificate data used for
digital signing?
A.
certificate policies
B.
friendly name
C.
thumbprint algorithm
D.
thumbprint
Answer: D
A thumbprint contains a digest of the certificate data used for digital
signing.
47.
Which basic type of CA does not integrate into the Active Directory
environment and does not use certificate templates?
A.
subordinate
B.
enterprise
C.
standalone
D.
intermediate
Answer: C
Standalone CAs do not use certificate templates or Active Directory; they
store their information locally. Also, by default, standalone CAs do not
automatically respond to certificate enrollment requests, as is the case with
enterprise CAs. Requests wait in a queue for an administrator to manually
approve or deny them. Standalone CAs are intended for situations in
which users outside the enterprise submit requests for certificates.
48.
Which of the following is not a required permission that must be granted
to the same user or group for the autoenrollment certificate template
permission to function correctly?
A.
Allow Autoenroll
B.
Allow Enroll
C.
Allow Read
D.
Allow Write
Answer: D
For autoenrollment to function correctly, you must ensure that all three of
the required permissions (Allow Read, Allow Enroll, and Allow
Autoenroll) are granted to the same user or group.
49.
Which version of Windows Server 2008 must computers be running to
create a failover cluster?
A.
Basic
B.
Enterprise
C.
Standard
D.
Web
Answer: B
To create a failover cluster, computers must be running Windows Server
2008 Enterprise or Datacenter. The Standard and Web editions do not
support failover clustering.
50.
When performing backups, what do you call the collection of boot files,
system registry settings, system protected files (SPF), Active Directory
files, shared system volume (SYSVOL), and COM+ class registration
database?
A.
Role Services
B.
System State
C.
Registered Services
D.
Function Services
Answer: B
The Windows system state is a collection of system components that are
not contained in a simple file that can be backed up easily. It includes boot
files, system registry settings, system protected files (SPF), Active
Directory files, shared system volume (SYSVOL), and COM+ class
registration database.
51.
What mechanism automatically retains file copies on a server volume in
multiple versions from specific points in time?
A.
system state
B.
preferred copies
C.
Net copies
D.
shadow copies
Answer: D
Shadow copies allow users to retrieve previous versions of files and
folders on their own, without requiring IT personnel to restore files or
folders from backup media.
52.
Where do you install the enterprise root CA?
A.
domain controller
B.
standalone server
C.
dedicated Windows workstation
D.
member server that is part of the Active Directory domain
Answer: A
When you install the Active Directory Certificate Services Role on a
Windows Server 2008 computer, you must install it on a domain
controller. When you select the CA type, the Add Roles Wizard changes
to include various additional configuration pages, depending on the type
you select. On most enterprise networks that use certificates for their
internal applications, the first CA they install will be an enterprise root
CA.
53.
Which of the following template versions provides backward
compatibility for CAs running Windows Server 2003 Standard Edition
and Windows 2000 family operating systems?
A.
version 1
B.
version 2
C.
version 3
D.
version 4
Answer: A
Version 1 templates provide backward compatibility for CAs running
Windows Server 2003 Standard Edition and Windows 2000 family
operating systems.
54.
Which of the following Windows Server 2008 Certificate templates allows
user authentication, EFS encryption, secure email, and certificate trust list
signing?
A.
user
B.
administrator
C.
computer
D.
domain controller
Answer: B
The administrator certificate template allows user authentication, EFS
encryption, secure email, and certificate trust list signing.
55.
Which of the following steps is not part of the certificate enrollment
process?
A.
generating keys
B.
requesting the certificate
C.
verifying the certificate
D.
sending or posting the certificate
Answer: C
Although enrollment options might be restricted by network connectivity
issues or by the use of a standalone CA, the certificate enrollment process
always follows the same high-level procedure: generating keys, collecting
required information, requesting the certificate, checking the certificate
hash value, creating the certificate, and sending or posting the certificate.
56.
What computer component generates a private key and the public key?
A.
Cryptographic Service Provider
B.
Key Pair Generator
C.
CA generator
D.
CRL provider
Answer: A
When a client generates a request for a new certificate, the operating
system passes the request information to a Cryptographic Service Provider
(CSP) installed on the computer. The CSP generates the private key and
the public key—referred to as a key pair—for the certificate request. If the
CSP is software-based, it generates the key pair on the client computer. If
the CSP is hardware-based (such as a smart card CSP), the CSP instructs
the hardware device to generate the key pair. The client might also be
assigned a key pair by some authority in the organization.
57.
What is Microsoft’s implementation of the Simple Certificate Enrollment
Protocol?
A.
Network Device Enrollment Service
B.
C.
D.
X.509 Device Enrollment Service
CA Device Enrollment Service
CA Device Agent
Answer: A
The Network Device Enrollment Service (NDES) is the Microsoft
implementation of the Simple Certificate Enrollment Protocol (SCEP).
58.
How many consecutive heartbeats must fail before convergence occurs?
A.
3
B.
4
C.
5
D.
6
Answer: C
When a server fails to generate five consecutive heartbeats, the cluster
initiates a process called convergence, which stops it from sending clients
to the missing server.
59.
To balance the initial connection traffic among terminal servers, you can
use an __________ cluster.
A.
fail-over
B.
NLB
C.
tolerant
D.
active-active
Answer: B
Network load balancing (NLB) occurs when multiple computers are
configured as one virtual server to share the workload among multiple
computers. NLB enhances the availability and scalability of Internet server
applications such as those used on web, FTP, firewall, proxy, virtual
private network (VPN), and other mission-critical servers.
60.
You can implement shadow copies only for an entire __________; you
cannot select specific shares, folders, or files.
A.
B.
C.
D.
folder
volume
file
computer
Answer: B
Shadow copies allow users to retrieve previous versions of files and
folders on their own, without requiring IT personnel to restore files or
folders from backup media. Of course, you need to have sufficient disk
space to store the shadow copies—at least 100 MB of free space.