1. What Is Used to Translate Private Addresses to Public Addresses?

Exam 3

1. What is used to translate private addresses to public addresses? A. active hub B. NAT device C. intelligent switch D. gateway

Answer: B Network address translation (NAT) is a Network-layer routing technology that enables a group of workstations to share a single public address. A NAT device has two network interfaces: one connected to a private network and one to the Internet. When a workstation on the private network wants to access an Internet resource, it sends a request to the NAT device.

2. Which mechanism incorporates the IPv4 connection into the IPv6 infrastructure by expressing the IPv4 address in IPv6 format and encapsulating IPv6 traffic into IPv4 packets? A. 6to4 B. ISATAP C. Teredo D. 4to6

Answer: A The 6to4 mechanism essentially incorporates the IPv4 connections in a network into the IPv6 infrastructure by defining a method for expressing IPv4 addresses in IPv6 format and encapsulating IPv6 traffic into IPv4 packets. To enable IPv4 links to function as part of the IPv6 infrastructure, 6to4 translates public IPv4 addresses into IPv6.

3. Which WINS replication mechanism updates its partners after a set amount of time? A. push B. pull C. dynamic D. static

Answer: B Push partners trigger replication events after a specific number of database changes occur, whereas pull partners initiate replication according to a predetermined schedule. Pull partnerships are preferable for servers connected by slower links, such as WAN connections, because you can schedule replication to occur during off hours, when traffic is low.

4. What evolved to improve flexibility for public Internet service providers (ISPs) to allocate many small networks to their customers? A. CIDR B. NAT C. Proxy D. HGH

Answer: A Because of its wastefulness, classful addressing was gradually obsolesced by a series of subnetting methods, including variable-length subnet masking (VLSM) and eventually Classless Inter-Domain Routing. CIDR is a subnetting method that enables you to place the division between the network bits and the host bits anywhere in the address, not just between octets. This makes creating networks of almost any size possible.

5. You have a network address of 162.23.76.167 with a subnet mask of 255.255.255.224. How many hosts can each subnet have? A. 24 B. 30 C. 26 D. 46

Answer: B Because the default subnet mask for a 162.23.76.0 network is 255.255.255.224, you are using 11 bits to define subnets and the last 5 bits to define the host addresses. With five subnet bits, you take 2^5–2, which gives you 30 host addresses.

6. Before designing your forests and domains, you must collect information for all the following except ______. A. organization infrastructure B. operating system versions and service packs C. geographical infrastructure D. network infrastructure

Answer: B Before you can begin designing your forests and domain, you must collect the following information:  Organizational infrastructure consists of the political divisions of your organization, including companies, divisions, and departments.  Geographical infrastructure is made up of the locations of the organization’s various elements, in both large and small scale, including continents, countries, states, and counties or cities.  Network infrastructure consists of the network facilities at each organization’s locations, including all links between them and their speeds.

7. Which forest model would you choose that is based on organizational or political divisions within your organization? A. organizational forest model B. resource forest model C. restricted access forest model D. domain lookup forest model

Answer: A After you decide to create multiple forests, you can use several models to separate the enterprise resources. In the organizational forest model, the divisions between the forests are based on organizational or political divisions within the enterprise. Administrators frequently use this model when an enterprise consists of distinctly separate business units due to acquisitions, mergers, or geographical separation.

8. Which of the following is not a reason for creating an organizational unit? A. assigning Group Policy settings B. duplicating organizational divisions C. implementing domains D. delegating administration

Answer: C The correct reasons for creating an OU include duplicating organizational divisions, assigning Group Policy settings, and delegating administration.

9. How are user rights assigned? A. Active Directory Users and Computers B. Active Directory Sites and Services C. Registry Editor D. Group Policies

Answer: D To assign user rights, you use Group Policy objects (GPOs). The 44 user rights can provide individuals with various system privileges, ranging from remote access to changing the system time.

10. Every object consists of ______that store information about the object. A. SIDs B. a topology C. schema D. Attributes Answer: D

Answer: Attributes A user object has as its attributes various types of information about the user, such as names and addresses. A group object has as its attributes a list of its members. The structure of an AD DS database — that is, the types of objects it can contain and the attributes allowed for each object type is dictated by the Active Directory schema.

11. Active Directory creates a ______with the idea that all writeable domain controllers in a domain should communicate AD information to each other, in addition to communicating forest-wide information with other domains. A. replication topology B. domain topology C. replication strategy D. domain strategy

Answer: A Active Directory creates a replication topology with the idea that all writeable domain controllers in a domain should communicate AD information to each other, in addition to communicating forest-wide information with other domains. Sites and subnets defined within AD will dictate the path used by replication traffic on the network, as well as form the basis for how AD information is distributed.

12. The ISTG automatically assigns one server in each site as the bridgehead server unless you override this by establishing a list of ______bridgehead servers. A. manual B. preferred C. static D. designated

Answer: B The Inter-Site Topology Generator (ISTG) automatically assigns one server in each site as the bridgehead server unless you override this by establishing a list of preferred bridgehead servers. The advantage of administratively assigning a preferred bridgehead server list is that you can determine which servers have the best processing power for handling replication traffic.

13. What represents the physical connection between remote sites? A. OU connector B. LAN link C. site-link object D. WAN link

Answer: C To enable replication between two sites, you must have a site-link object associated with both. A site-link object represents the physical connection between remote sites. The purpose of the site link is to indicate which sites are connected and to provide details about the cost and availability of the physical connection.

14. What is the sum of the policies applied to a user or computer after all filters, security group permissions, and inheritance settings, such as Block Policy Inheritance and Enforce, finish processing? A. Effective Permissions B. Resultant Set of Policy C. Effective Set of Policy D. Applied Policy

Answer: B Resultant Set of Policy (RSoP) is the sum of the policies applied to a user or computer after all filters, security group permissions, and inheritance settings, such as Block Policy Inheritance and Enforce, finish processing.

15. When developing a migration path to upgrade a domain to Windows Server 2008 R2, which of the following is not a criterion to consider? A. time B. number of OUs C. budget D. manpower

Answer: B One of the first steps in the planning process is to decide which migration path you want to use. Some criteria that you should consider as part of that decision are design, time, budget, productivity, and manpower.

16. Which of the following statements is true when creating inter-forest connections? A. Share DNS information B. Share WINS information C. Share DHCP information D. Share a PDC Emulator

Answer: A Your first concern is that the domain controllers in the two forests know of each others’ existence. This means that the forests must share Domain Name System (DNS) information about each other. 17. What does every object in Active Directory—including users, computers and groups—have? A. security identifier B. group owner C. assigned administrator D. History rights

Answer: A Every object in an AD or AD DS database has a unique security identifier (SID). Just as TCP/IP networks rely on IP addresses to identify hosts, providing names only for the convenience of human operators, AD DS uses SIDs internally to identify objects.

18. In ADFS, what gathers certain agreed-upon attributes from user accounts, such as group memberships, and packages them in a security token that it sends to the resource partner? A. magic token B. trusted token C. packet claim D. federation claim

Answer: D Because users are located on the account partner side, the Federation Service on that side is responsible for authenticating the users against the AD DS or AD LDS database. The service also gathers certain agreed-upon attributes from the user accounts (known as federation claims), such as group memberships, and packages them in a security token, which it sends to the resource partner.

19. In UNIX, what is the account name assigned to? A. user identifier B. user mapping C. user container D. user identity

Answer: A When a user successfully authenticates with an account name and password in UNIX, the operating system assigns him a user identifier (UID) value and a group identifier (GID) value. The NFS client includes the UID and GID in the file access request messages it sends to the NFS server.

20. What is the minimum number of users for a branch office to be considered a medium size? A. 10 B. 100 C. 250 D. 500

Answer: B Picture an organization with branches in three sizes: a large office with 1,000 users, a medium-sized office with 100 users, and a small office with 10 users. Medium offices typically have only one administrator.

21. What is the minimum connection a medium branch office should have to the HQ connection? A. 1.0 Mbps B. 1.5 Mbps C. 10 Mbps D. 45 Mbps

Answer: B A medium size branch office should have a minimum of 1.544 Mbps or a T-1 line.

22. What is the minimum number of users for a branch office to be considered a small size? A. 10 B. 100 C. 250 D. 500

Answer: A A large office with 1,000 users, a medium-sized office with 100 users, and a small office with 10 users. Each office has users that must access resources hosted by the corporate headquarters, but each also has varying amounts of money, equipment, and administrative expertise with which to do that.

23. How many domain controllers should you have at large branch office running its own domain? A. 1 B. 2 C. 3 D. 4

Answer: B A large branch office running its own domain should have at least two AD DS domain controllers, for fault-tolerance purposes, with one or both also functioning as Domain Name Service (DNS) servers. 24. What command can you use to run the Active Directory Installation Wizard? A. adpromo B. dcpromo C. domainpromo D. adcreate

Answer: B The Active Directory Installation Wizard, dcpromo, will guide you through adding a domain controller to an existing environment, creating an entirely new forest structure, adding a child domain to an existing domain, adding a new domain tree to an existing forest, and demoting domain controllers and eventually removing a domain or forest.

25. How do you control access to remote administrators so that they can manage only the users at their site? A. Use the RODC console. B. Use the Computer Management console. C. Use the Delegation of Control Wizard. D. Use the Server Management console.

Answer: C One main reason for dedicating an entire organizational unit to a branch office is so that you can grant the branch office administrators access to the AD DS objects they are responsible for managing without granting them access to anything else. The Delegation of Control Wizard enables you to select security principals—users or groups—and grant them access to the contents of an OU in various ways.

26. If you want to have different password policies per site using only one domain, what would you use? A. fine-grained password policy B. local security policies C. override option in Active Directory Users and Computers D. block domain password policies

Answer: A One Windows Server 2008 R2 feature that makes a dedicated branch office OU a practical solution in more situations is the ability to assign fine-grained password policies.

27. ______files are used to apply service packs and hot fixes to installed software. A. Update B. Patch C. Upgrade D. Enhanced

Answer: B Windows Installer files with the .msp extension serve as patch files, which are used to apply service packs and hot fixes to installed software. Unlike an .msi file, a patch package does not include a complete database. Instead, it contains (at minimum) a database transform procedure that adds patching information to the target installation package database.

28. Which of the following is an advantage of using Microsoft Remote Desktop Services? A. single application installation B. low bandwidth consumption C. conservation of licenses D. all of the above

Answer: D Using Remote Desktop Services to deploy applications offers several advantages to network administrators, including single application installation, low bandwidth consumption, board-based client support, and conservation of licenses.

29. What role service provides the functionality that enables users running the RDC client to run full desktop sessions? A. File Server Terminal Manager B. Remote Desktop Server C. Terminal Search Services D. Terminal Instance Store

Answer: B The Remote Desktop Server role service provides the core Remote Desktop Services functionality that enables users running the RDC client to run full desktop sessions. This role service also includes the RemoteApp feature that enables clients to run individual applications in separate windows.

30. The Remote Desktop Licensing service requires only about 10 MB of memory, and the license database requires 1 MB of storage space for every ______licenses. A. 100 B. 200 C. 500 D. 1,200

Answer: D An RDS deployment needs only one Remote Desktop Licensing server for the entire installation, no matter how many RDS servers you have on your network. The Remote Desktop Licensing service requires only about 10 megabytes of memory and the license database requires one megabyte of storage space for every 1,200 licenses. The processor requirements are negligible, because the service issues a license to each client only once. 31. Which WSUS architecture has servers that get updates from a central server, but administrators at each site are responsible for evaluating and approving updates? A. single WSUS server B. replica WSUS servers C. disconnected WSUS servers D. autonomous WSUS servers

Answer: D Autonomous WSUS servers function in much the same way as replica WSUS servers, except that the remote servers download all available updates from the central server, and administrators at each site are responsible for evaluating and approving updates for their own users.

32. What would you use to provide high availability for WSUS servers? A. load balancing for the front-end servers and a failover cluster for the SQL server B. load balancing for the SQL server C. failover cluster for the front-end servers D. network balancing for the front-end servers and SQL server

Answer: A You can install multiple WSUS servers and join them together into a Network Load Balancing cluster, using a shared failover cluster running SQL Server as the back end. In an arrangement like this, you must use a full SQL Server installation, because multiple WSUS servers cannot share the single database instance created by Windows Internal Database server.

33. Which of the following software prerequisites do you need to use the WSUS administrative user interface? A. Oracle Connector B. Access Connector C. Microsoft Report Viewer Redistributable 2008 or later D. Windows Update Group Policy plug-in

Answer: C To use the administrative user interface provided with WSUS, you must install Microsoft Report Viewer Redistributable 2008 or later. After you agree to the terms of the End-User License Agreement, the wizard detects whether you have this component and prompts you to install it, if necessary. However, the wizard does not abort the WSUS installation if this component is not present on the server. You can install Microsoft Report Viewer before or after the WSUS installation.

34. What technology used with WSUS and SCCM uses idle bandwidth to transfer data and is usually in the background? A. SSTP B. RDP C. BITS D. IPProxy

Answer: C The Background Intelligent Transfer Service (BITS) Windows component uses idle network bandwidth to facilitate prioritized, throttled, and transfer files between machines.

35. Which of the following will you not find on the DMZ? A. FTP servers B. SQL servers C. SMTP servers D. proxy servers

Answer: B It is common today for perimeter servers to host many services other than web servers. Some other devices commonly found on perimeter networks include File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), network address translation (NAT), proxy server, virtual private network (VPN), Remote Authentication Dial-In User Service (RADIUS), and Remote Desktop Gateway. You would not typically find a SQL server running in the DMZ.

36. What encryption type is used for dial-up and PPTP-based VPN connections with a 40-bit key? A. basic encryption B. strong encryption C. strongest encryption D. no encryption

Answer: A Basic encryption is used for dial-up and PPTP-based VPN connections; MPPE is used with a 40-bit key. For L2TP/IPSec VPN connections, 56-bit DES encryption is used.

37. What port does IKEv2 use? A. TCP port 80 B. TCP port 443 C. TCP port 500 D. TCP port 8080

Answer: C IKEv2 uses TCP port 500.

38. Which VPN protocol does DirectAccess use? A. PPTP B. IPSec C. MS-CHAPv2 D. SSTP

Answer: B IPsec uses tunneling to protect communications between computers connecting over a private network. During the DirectAccess connection process, the client uses one IPsec tunnel to access the DNS server and AD DS domain controller on the host network. Then the systems negotiate the creation of a second tunnel that provides the client with access to the other resources on the network.

39. What is the minimum number of disks needed to create a RAID 5 disk? A. 2 B. 3 C. 4 D. 5

Answer: B A common form of RAID is RAID 5, which is similar to striping, except one of the hard drives is used for parity (error correction) to provide fault tolerance. To increase performance, error correction is spread across all hard drives in the array to avoid having the one drive doing all the work in calculating the parity bits. If one drive fails, you still keep working because the missing data can be filled in by doing parity calculations with the remaining drives.

40. For network users to be able to access a shared folder on an NTFS drive, what kind of permissions must you grant them? A. share B. NTFS C. both A and B D. registry

Answer: C For network users to be able to access a shared folder on an NTFS drive, you must grant them both share permissions and NTFS permissions. 41. Replication groups use which topology to limit the replication traffic to specific pairs of members? A. full mesh topology B. limited mesh topology C. hub and spoke topology D. both a and b

Answer: C By default, replication groups use a full mesh topology, which means that every member in a group replicates with every other member. This is a satisfactory solution for relatively small DFS deployments, but on larger installations, the full mesh topology can generate a huge amount of network traffic. In such cases, you might want to opt for a hub and spoke topology that enables you to limit the replication traffic to specific pairs of members.

42. What Windows technology enables you to encrypt individual files or folders? A. BitLocker B. BitLocker to Go C. EFS D. Encrypt-a-File

Answer: C Encrypting File System (EFS) is a core file-encryption technology used to store encrypted files on NTFS file system volumes. Encrypted files cannot be used unless the user has access to the keys required to decrypt the information. After a file is encrypted, you do not have to decrypt it manually before you can use it. When you encrypt a file or folder, you work with the encrypted file or folder just as you do with any other file or folder.

43. What number of virtual instances is included in Windows Server 2008 Datacenter? A. 4 B. 8 C. 16 D. unlimited

Answer: D Windows Server 2008 Datacenter includes unlimited licenses.

44. What is the maximum total amount of memory supported by Hyper-V 2008 R2 Server? A. 256 GB B. 512 GB C. 1 TB D. 2 TB

Answer: C Hyper-V Server supports up to 1 TB of memory.

45. In Hyper-V, what file is created to a new working disk while a snapshot is created? A. .vmc B. .vhd C. .vsv D. .avhd

Answer: D Snapshot files consist of the following:  A copy of the VM configuration .xml file  Any save state files  A differencing disk (.avhd) that is the new working disk for all writes that is the child of the working disk before the snapshot

46. When deciding which servers to virtualize for Hyper-V, what can you use to generate a virtualization candidate report? A. System Center Operations Manager B. Virtual Server Migration Toolkit C. System Center Virtual Machine Manager D. Virtual Machine Console

Answer: A To help you decide which servers should be virtualized, run the System Center Operations Manager (SCOM) to generate a virtualization candidate report that will list the servers that should be virtualized based on current usage levels.

47. What employs a cryptographic system that uses two keys (public and private) to encrypt data and whose public key is published in a digital certificate that confirms the web server’s identity? A. S/MIME B. PGP C. EFS D. SSL

Answer: D Secure Sockets Layer (SSL) uses a cryptographic system that uses two keys to encrypt data: a public key known to everyone and a private or secret key known only to the message recipient. The public key is published in a digital certificate, which also confirms the web server’s identity. When you connect to a site secured with SSL, a gold lock appears in the address bar, along with the name of the organization to which the CA issued the certificate.

48. What is a mathematical scheme used to demonstrate the authenticity of a digital message or document? A. digital signature B. digital check C. smart check D. MS Authenticity Check

Answer: A A digital signature is a mathematical scheme used to demonstrate the authenticity of a digital message or document. It is also used to ensure that the message or document has not been modified. The sender uses the receiver’s public key to create a hash of the message, which is stored in the message digest. The message is then sent to the receiver. The receiver will then use his or her private key to decrypt the hash value, perform the same hash function on the message, and compare the two hash values. If the message has not been changed, the hash values will match.

49. What do you call an instance of an operating system running on Hyper-V? A. component B. agent C. virtual machine D. hypervisor

Answer: C Virtualization is the process of deploying and maintaining multiple instances of an operating system, called virtual machines (VMs), on a single computer. Virtualization has become quite popular during the last few years.

50. What was Microsoft’s virtual server before Hyper-V? A. VMWare B. Virtual Server 2007 C. Virtual Server 2005 R2 D. HyperVisor 2005

Answer: C Over the last several years, Microsoft has had several software packages that allow a Windows system to host multiple virtual systems. Virtual Server 2005 R2 SP1 is a product that you can download and install for free from Microsoft’s website. 51. What is the maximum number of virtual machines that can run on Hyper V 2008 R2 Server? A. 24 B. 128 C. 256 D. 384

Answer: D Hyper-V Server virtual machines support up to 384 virtual machines or as many that fit within 1 TB of memory, whichever comes first.

52. What tool do you use to translate a physical machine to a virtual machine? A. Microsoft System Center Virtual Machine Manager B. P2VConvert.exe C. P2VTranslate.exe D. VMConvert.exe

Answer: A Many organizations might need to consolidate several physical servers to one machine running multiple virtual servers. Microsoft System Center Virtual Machine Manager (VMM) allows you to convert existing physical computers into virtual machines through a process known as physical-to- virtual (P2V) conversion. VMM simplifies P2V by providing a task-based wizard to automate much of the conversion process. Because the P2V process is completely scriptable, you can initiate large-scale P2V conversions through the Windows PowerShell command line.

53. What is the maximum number of snapshot levels that you can create for a virtual machine in Hyper-V? A. 1 B. 4 C. 8 D. 10

Answer: d With Hyper-V, you can create 10 levels of snapshots per virtual server.

54. What do you call one or more virtual machines configured to access local or external network resources? A. virtual network B. magic link C. VM group D. VM Connection group

Answer: A Virtual networks consist of one or more virtual machines configured to access local or external network resources. Each virtual network is configured to use a network adapter in the physical computer.

55. In Hyper-V, what enables multiple Windows Servers to access SAN storage using a single consistent namespace for all volumes on all hosts? A. live migration B. P2P C. SAN Checker D. Cluster Shared Volumes

Answer: D With Windows Server 2008 R2, Hyper-V uses Cluster Shared Volumes (CSV) storage as part of the Windows Failover Clustering feature. CSV enables multiple Windows Servers to access SAN storage using a single consistent namespace for all volumes on all hosts. Multiple hosts can access the same Logical Unit Number (LUN) on SAN storage. CSV enables faster live migration and easier storage management for Hyper-V when used in a cluster configuration. Also, the CSV architecture implements a mechanism, known as dynamic I/O redirection, in which I/O can be rerouted within the failover cluster based on connection availability.

56. What was App-V formerly known as? A. Microsoft SoftGrid B. MagicApp C. SeeApp D. RemoteApp

Answer: A Microsoft Application Virtualization, known as App-V, is formerly Microsoft SoftGrid. The main difference between the two is that with App-V, the server actually transfers the virtual environment to the client, enabling the client to run the application using its own hardware, without the need to perform an application installation. With App-V, desktop and network users can reduce application installation time and eliminate potential conflicts between applications.

57. Which of the following allows designated recovery agents to create public keys that can decode encrypted information? A. Internet authentication B. digital signatures C. Encrypting File System D. IP Security

Answer: C To prevent a loss of data resulting from users leaving the organization or losing their encryption keys, EFS allows designated recovery agents to create public keys that can decode the encrypted information.

58. Which of the following authentication devices verifies a user’s identity during logon? A. IP Security B. smart card C. software code signing D. Internet authentication

Answer: B Windows Server 2008 can use a smart card as an authentication device that verifies a user’s identity during logon.

59. What is used to prove where an executable or driver came from and whether the file has not been modified? A. smart card B. software code signing C. PGP D. S/MIME

Answer: B Today, executable files, scripts, and drivers can be signed to prove where it came from and whether the software, script, or driver has been modified. Microsoft’s Authenticode is one technology that uses certificates to confirm that the software a user downloads and installs actually come from the publisher and has not been modified. In today’s 64-bit versions of Windows, you cannot install a driver that has not been signed.

60. To which format can you export a digital certificate that includes the public key and has a .cer or .crt extension? A. Personal Information Exchange B. DER-encoded binary X.509 C. Base64-encoded X.509 D. SMS-encoded X.509

Answer: B The Distinguished Encoding Rules (DER) format supports storage of a single certificate. This format does not support storage of the private key or certification path. It will usually have a .cer, crt, or .der filename extension.