NOS 230 Final

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

For zones that allow dynamic updates, you do not need to create CNAME and MX records or host records that provide for round robin or netmask ordering.

False After creating a forward or reverse lookup zone, you can manually create resource records in a zone. For zones that allow dynamic updated, you still need to manually create CNAME and MX records as well as host records that provide for round robin or netmask ordering.

Block storage can easily be shared by several different Web apps, virtual machines, or containers.

False Block storage is normally associated with a single Web app, virtual machine, or container only. Object storage can easily be share by several different Web apps, virtual machines, or containers.

If multiple GPOs are linked to the same site, domain, or OU, they will be applied in a random order.

False If multiple GPOs are linked to the same site, domain, or OU, they will be applied in link order, with the highest link order applied first and the lowest link order applied last.

If there are multiple DHCP servers on a network, DHCP clients will accept the first offer that they receive.

False If there are multiple DHCP servers on your network, DHCP clients will accept the first offer that they receive and decline all other offers by sending a DHCPDECLINE packet to the other DHCP servers.

Trimming erases sections of the volatile memory chips on an SSD that no longer contain data, consolidating the existing data into fewer memory locations.

False SSDs use non-volatile memory chips for storage.

When a CA public/private key pair expires, a system administrator must generate a new CA public/private key pair the same day to ensure a smooth transition. True False

False The new CA public/private key pair is generated automatically, and it is functionally equivalent to the previous public/private key pair when used with the same asymmetric encryption algorithm to guarantee the validity of previously signed certificates.

How do last mile technologies impact the speed at which an organization can transfer information over the Internet?

Last mile technologies often span the "last mile" between the Internet and an organization. While the Internet itself is composed of several ISPs that use very fast fiber optic connections, last mile connections use relatively slower technologies such as digital subscriber line, cable broadband, Gigabit Passive Optical Network, or long-range Wi-Fi. REJ: Please explore the section "Understanding Organization Networks and Remote Access" for more information.

The subnet mask cannot be modified once a scope is created.

True

You can obtain a Remote Desktop session by navigating to https://server/RdWeb in a Web browser, where server is the FQDN of the Remote Desktop Web Access server.

True

A 257-bit encryption key is twice as difficult to guess compared to a 256-bit encryption key. True False

True A 257-bit encryption key is twice as difficult to guess compared to a 256-bit encryption key. Most keys are 256 bits in length. With every additional bit added to the length of the key, the strength of the encryption doubles.

LCOW requires that each Linux container run on a separate Linux kernel and achieves this by automatically running each Linux container as a Hyper-V container.

True LCOW requires that each Linux container run on a separate Linux kernel. To achieve this, LCOW automatically runs each Linux container as a Hyper-V container to ensure that each Linux container receives a separate Linux kernel provided by LinuxKit.

Using a disk management tool, you can create a GPT on a disk that has an MBR when no partitions exist on a disk.

True Provided that no partitions exist on the disk, you can right-click a disk in the Disk Management tool and click Convert to GPT to create a GPT on a disk that has an MBR, or click Convert to MBR to create and MBR on a disk that has a GPT.

How much storage space is reserved on a storage device to convert a storage disk to a dynamic disk using a Windows tool?

c. 1 MB

How does Remote Desktop differ from VPNs and DirectAccess?

Remote Desktop uses a different method to achieve remote access compared to VPNs and DirectAccess. Instead of relaying network traffic through an encrypted tunnel to a DMZ, remote access clients use a Remote Desktop app to log into a remote access server to obtain a graphical desktop session on the remote access server itself (called session-based desktop deployment), or a graphical desktop session from a Hyper-V virtual machine running on the remote access server (called virtual machine-based desktop deployment). After a remote access client obtains a graphical desktop session, they can run programs on the remote access server and access resources on the DMZ network to which the remote access server is connected. In other words, Remote Desktop allows remote access clients to access a graphical desktop running in the organization DMZ to provide access to organization resources. REJ: Please explore the section "Understanding Remote Desktop " for more information.

By default, where are updates synchronized from in WSUS?

a. Microsoft Update servers on the Internet.

Identify the option that can be used to create storage pools that include storage devices from different servers on a network.

a. Storage Spaces Direct Can create storage pools that include storage devices from up to 16 servers on the network.

While configuring Windows Server 2019 as a WSUS server, which of the following role services would you select to store information about updates in the Windows Internal Database?

a. WID connectivity

Which of the following is true of WINS?

b. It can only resolve NetBIOS names to IPv4 addresses.

An organization has published applications on its web servers. The applications are accessible to users in the organization when they are authenticated via Active Directory. What RAS capability will allow the organization's applications to be accessible to users outside of the organizations?

b. Web Application Proxy

Which of the following is a term given to the software component in the operating system that connects to the SAN device via iSCSI?

b. iSCSI initiator

Imran is associating a drive letter to a filesystem so that the drive letter can be accessed by the operating system. What is the term given to the process that Imran is carrying out?

c. Mounting The term "mounting" refers to the process of associating a drive letter or folder to a filesystem so that the drive letter or folder can be accessed by the operating system.

Which of the following RAID level configurations is not supported by Windows Server 2019?

c. RAID level 2 RAID level 2 is no longer used and was a variant of RAID 0 that allowed for error and integrity checking on storage devices.

Isabella installs a Fedora Linux distribution on a Windows Server 2019 server. Next. she installs the Apache Web server on this system. Because the server is also running IIS that uses port 80, Isabella modifies the port number for the Apache Web server. Which of the following commands must Isabella run to ensure that she did not make a syntax error during the recent change?

c. apachect1 config test Analysis: a. Incorrect. Isabella would have used the install apache2 command to install the Apache Web server. b. Incorrect. Isabella would have used the apachect1 start command to start the Apache Web serber. c. Correct. After modifying the Apache Web server configuration file, Isabella should check to ensure that she did not make a syntax error by running the apachect1 configtest command. d. Incorrect. Isabella most likely used the vim file command to edit the configuration file with the port parameter.

Trang, a system administrator, is configuring a DHCP relay on the remote access server. She needs to configure the DHCP relay agent to listen for DHCPDISCOVER packets on a network interface. Which of the following statements is true of this scenario?

d. Trang should select the network interface that is connected to the DMZ.

When some computers have incorrect address information, you should check for the presence of unauthorized DHCP servers on the network running a non-Windows operating system and remove them if found.

True

Container images that are based on Nano Server must be run as Hyper-V containers.

True Hyper-V can be used to provide each container with a separate copy of the kernel for greater stability, performance, and security. Container images that are based on Nano Server must be run as Hyper-V containers.

Ramona, the chief technical officer of an engineering company, needs to install software on 32-bit computers using GPO. The system network consists of over 500 computers and has a mix of 32-bit and 64-bit computers. How can Ramona ensure that the software is installed only on the 32-bit computers? a. By using a WMI filter b. By using the Security Filtering option c. By setting Group Policy preferences d. By modifying Software Settings under Group Policy

a. By using a WMI filter Analysis: a. Correct. Ramona can ensure that the software is installed only on the 32-bit computers by using a WMI filter. A WMI filter specifies the hardware and software features that must be present on a computer before the GPO is applied. b. Incorrect. Security Filtering is used to apply the Default Domain Policy GPO to specific users and computer accounts. c. Incorrect. Group Policy preferences can be used to provide configuration for Windows features, not to check for the hardware and software features. d. Incorrect. Software Settings specifies software packages that are deployed to computers, not the hardware and software features.

Tara, an administrator, has added storage devices to the storage pool and selected the RAID level for the virtual disk using Server Manager. She wishes to allocate more space than is required for the current amount of data such that the system only uses the actual space it needs, enabling the actual size to grow with data. What would you do to achieve Tara's wish?

a. Create several thin-provisioned virtual disks. You can allocate more space than is required for the current amount of data, but the system only uses the actual space it needs, enabling the actual size to grow with the data.

Damien is configuring DirectAccess for a group of users in his organization. One of the requirements is that the users should be able to access the resources in their organization's network through VPN, but they should use the default gateway on their physical network interface to access websites that are not on the organization's network. Which of the following options should Damien configure on the Enable DirectAccess Wizard? a. Damien should not select the Use force tunneling option. b. Damien should select the Use force tunneling option. c. Damien should select the Enable DirectAccess for mobile computers only option. d. Damien should not select the Enable DirectAccess for mobile computers only option.

a. Damien should not select the Use force tunneling option. Analysis: a. Correct. Split tunneling will allow users to connect to the organization's resource through VPN while using their physical network interface to access the Internet. To configure remote access clients to use split tunneling for DirectAccess, you should deselect the Use force tunneling option. b. Incorrect. If the Use force tunneling option is selected, users will be able to access the Internet via the remote server through the VPN connection. c. Incorrect. If this option is selected, DirectAccess will only be enabled for mobile computers such as laptops. This is an option that is unrelated to the requirement in this scenario. d. Incorrect. If this option is not selected, DirectAccess will be enabled for all computers. This is an option that is unrelated to the requirement in this scenario.

Asher, a system administrator, wants to run containers on Windows Server 2019. He chooses to install Docker using the Windows containers component. Which of the following is a service that will help Asher manage and run Docker containers on the server?

a. Docker daemon Analysis: a. Correct. Docker containers are run and managed by a service called the Docker daemon. b. Incorrect. Nearly all Docker configurations are performed using the docker command, which is often referred to as the Docker client program. c. Incorrect. Docker provides an online repository of preconfigured container images that you can download and run on your system to create one or more containers. This repository is called Docker Hub. d. Incorrect. DockerProvider is a Windows PowerShell module that allows you to obtain the latest version of Docker EE provided by Docker.

Emory install the WSL feature on a Web server. Next, she installs an Ubuntu Linux distribution and creates a new Linux user account, EmoryJ. She logs into the Ubuntu system using this user account. Which of the following is true of this scenario?

a. Emory can use the EmoryJ user account to run administrative commands as the root user. Analysis: a. Correct. To allow for system administration, the Linus user account that you create when installing the Ubuntu Linux distribution is automatically granted the ability to run administrative commands as the root user using the sudo (super user do) command. b. Incorrect. The Administrator user on a Linux system is called the super user and assigned a user name of root. c. Incorrect. As a security precaution, no password is assigned to the root user by default to ensure that users cannot log into the Linux system using the super user account. d. Incorrect. TO allow for system administration, the Linux user account that you create when installing the Ubuntu Linux distribution is automatically granted the ability to run administrative commands as the root user using the sudo (super user do) command. Consequently, each administrative command that you type at the Linux command prompt must be prefixed with the sudo command by default

You are investigating strange traffic on your network and wish to resolve an IP address to a DNS name. What resource record should you use to perform a reverse lookup? a. An A record b. An AAAA record c. A PTR record d. A CNAME record

c. A PTR record Analysis: a. Incorrect. An A record resolves an FQDN to an IPv4 address. You cannot use this record to perform a reverse lookup. b. Incorrect. An AAAA record resolves an FQDN to an IPv6 address. You cannot use this record to perform a reverse lookup. c. Correct. A PTR record resolves an IP address to an FQDN. This is the record that you need to use to perform a reverse lookup. d. Incorrect. A CNAME record resolves one FQDN to another FQDN. You cannot use this record to perform a reverse lookup.

The modern partition table is called the Master Boot Record (MBR) and uses storage devices that are larger than 2 TB.

False The traditional partition table is called the Master Boot Record (MBR), and is limited to storage devices that are equal to or less than 2 TB in size. The modern partition table is called a GUID Partition Table (GPT), which uses storage devices larger than 2 TB.

To run a Windows Web app in a public cloud using SaaS, you will need to create, configure, and maintain the associated Windows Server 2019 virtual machine on the public cloud provider's hypervisor.

False To run a Windows Web app in a public cloud using IaaS, you will need to create, configure, and maintain the associated Windows Server 2019 virtual machine on the public cloud provider's hypervisor.

What is the purpose of adding entries for each RADIUS client on the RADIUS server when configuring remote access servers to use RADIUS?

Remote access servers do not forward requests to a RADIUS server until they are configured as a RADIUS client. Moreover, RADIUS servers only respond to RADIUS clients that contain the same shared secret (password) in their configuration. As a result, you must add an entry for each RADIUS client on your RADIUS server that includes a shared secret, as well as configure each RADIUS client with the same shared secret. REJ: Please explore the section "Configuring Remote Access Servers to Use RADIUS" for more information.

What are the additional configuration options available on the Remote Access Setup pane that are unavailable on Enable DirectAccess Wizard?

The Remote Access Setup pane is divided into four steps that represent the different components of DirectAccess. You can click the Edit button for each component to modify the associated DirectAccess configuration: Remote Clients allows you to modify the client setup options, as well as the URL that is used by remote access clients to locate DirectAccess information. Remote Access Server allows you to modify the network topology options. Additionally, you can modify the HTTPS certificate used for remote access authentication, allow Windows 7 clients to use DirectAccess, specify a manual IP address range for virtual network interfaces used by the IPSec tunnel (DHCP is used by default), or configure the remote access server to use RADIUS authentication. Infrastructure Servers allows you to modify domain suffix options. Additionally, you can modify the HTTPS certificate used by the network location server, DNS server settings, and the location of servers that can be used to provide Windows and antivirus updates to remote access clients. Application Servers allows you to extend the IPSec encryption used between remote access clients and the remote access server to include specific application servers in the DMZ. REJ: Please explore the section "Implementing DirectAccess" for more information.

What constraints are available for use in a remote access policy?

The available constraints include the following: Idle Timeout - Specifies the maximum amount of time a remote access session can remain idle before it is disconnected by the remote access server. Session Timeout - Specifies the maximum amount of time before an active remote access session is disconnected by the remote access server. Called Station ID - Specifies the phone number of the dial-up remote access server (only used for dial-up remote access). Day and time restrictions - Specifies the days and times that remote access sessions are allowed. If an active remote access session persists beyond the allowed time specified, it is disconnected by the remote access server. NAS Port Type - Specifies the type of network connections (e.g., Ethernet, wireless) that are allowed when connecting to the remote access server. REJ: Please explore the section "Configuring Remote Access Policies" for more information.

What are the different role services available for the Remote Desktop services server role?

The collection of services that provide for remote access using Remote Desktop on Windows Server 2019 is called Remote Desktop Services and can be obtained by installing the Remote Desktop Services server role. The collection of services includes: Remote Desktop Connection Broker: If multiple Remote Desktop Session Host or Remote Desktop Virtualization Host servers are used, it allows remote access users the ability to reconnect to a disconnected remote desktop session, as well as balances requests for remote desktop sessions across servers. Remote Desktop Gateway: When users connect to a Remote Desktop Session Host or Remote Desktop Virtualization Host server using RDP, this service ensures that all RDP traffic between the remote access server and client is encrypted by enclosing each RDP packet in an HTTPS packet. This role requires that you install an HTTPS certificate. Remote Desktop Licensing: This service allows you to add and manage the licenses required for Remote Desktop Services. Remote Desktop Services provides a 120-day grace period. After this period, you must purchase licenses from Microsoft and configure this service to continue using Remote Desktop Services. Remote Desktop Session Host: Provides for session-based desktop deployment and RemoteApp using RDP. This role uses a self-signed HTTPS certificate when authenticating users. Remote Desktop Virtualization Host: Provides for virtual machine-based desktop deployment and RemoteApp using RDP. This role uses a self-signed HTTPS certificate when authenticating users. Remote Desktop Web Access: Provides access to RemoteApp programs configured by the Remote Desktop Session Host or Remote Desktop Virtualization Host, as well as access to Remote Desktop sessions through a Web browser using HTTPS. This role requires that you install an HTTPS certificate. REJ: Please explore the section "Understanding Remote Desktop " for more information.

How does a remote access client determine the creation of an IPSec tunnel to connect to a remote access server using DirectAccess?

To determine whether they are located on a network outside the organization, each remote access client that participates in DirectAccess contains a Network Connectivity Assistant service that probes a network location server using HTTPS each time their network interface is activated on a network. If the remote access client determines that it is on a network outside of the organization, it automatically creates an IPSec tunnel to the remote access server after prompting the user to log into the Active Directory domain, if necessary. REJ: Please explore the section "Configuring Remote Access Servers to Use RADIUS" for more information.

Explain the configuration of dial-in settings for a fictional user J-Smith to allow the user VPN remote access.

VPN remote access is only granted if the properties of the user account used during authentication allow dial-in permission. For example, to configure dial-in permission for the user J-Smith, you can right-click the associated user account in the Active Directory Users and Computers tool, click Properties, and highlight the Dial-in tab. By default, each user account in Active Directory is set to check for dial-in permission in a remote access policy on a RADIUS server using the Control access through NPS Network Policy option. If the remote access server is not configured to use RADIUS, you must instead select Allow access to ensure that J-Smith is able to obtain VPN access from a remote access client. REJ: Please explore the section "Configuring Security Options and Authentication Methods" for more information.

When implementing a VPN server on Windows Server 2019, what are the four remote access tunneling protocols available for use, and how do they differ?

When you implement a remote access server using Windows Server 2019, four different VPN protocols are supported: Point-to-Point Tunneling Protocol (PPTP) is one of the oldest and most widely supported VPN protocols. It was developed by a consortium of vendors including Microsoft and encrypts data using Microsoft Point-to-Point Encryption (MPPE). Although MPPE supports encryption keys varying in length from 40 to 128 bits, modern Windows operating systems such as Windows 10 and Windows Server 2019 contain a registry key that prevent the use of MPPE keys less than 128 bits by default. Layer Two Tunneling Protocol (L2TP) is a VPN protocol developed by Microsoft and Cisco. It provides for tunneling only and relies on IP Security (IPSec) for the encryption of data packets using encryption keys varying in length from 56 to 256 bits. To participate in an L2TP VPN, the remote access client and server must authenticate to each other. To do this, you can configure the same preshared key (password) or install an IPSec encryption certificate on both the remote access client and server. Internet Key Exchange version 2 (IKEv2) is an enhancement to IPSec that provides VPN tunneling with faster speeds compared to L2TP. It uses 256-bit encryption keys and requires that remote access clients and servers authenticate to each other using an IPSec encryption certificate or preshared key. Secure Socket Tunneling Protocol (SSTP) is a VPN technology that tunnels data through HTTPS packets on a network. It originally used Secure Sockets Layer (SSL) encryption with 128-bit keys. However, modern SSTP implementations use 256-bit keys alongside Transport Layer Security (TLS) encryption. To use SSTP, the remote access server must contain an HTTPS encryption certificate. REJ: Please explore the section "VPN Protocols" for more information.

Discuss the authentication provider and accounting provider options that are available when configuring the security properties for a remote access server.

You can configure the remote access server to use Windows Authentication or RADIUS Authentication as the authentication provider. Windows Authentication ensures that the remote access server authenticates remote access users using Active Directory (or the local SAM database if the remote access server is not joined to an Active Directory domain). However, you can instead select RADIUS Authentication from the Authentication provider drop-down box to configure the remote access server to forward authentication requests to a RADIUS server. Similarly, if you select Windows Accounting as the accounting provider, this ensures that the details for each VPN connection are logged to C:\Windows\system32\logfiles\INyymm.log on the remote access server, where yy are the last two digits of the year, and mm are the digits that represent the month of the year. However, you can instead select RADIUS Accounting from the Accounting provider drop-down box to configure the remote access server to log VPN connection details to a RADIUS server. REJ: Please explore the section "Configuring Security Options and Authentication Methods" for more information.

Having heard the data theft suffered by a competing company by a man-in-the-middle attack, Finn asks Talia, his server administrator, to implement measures to prevent such attacks in his company. Which of the following should Talia do to ensure that Finn's company is protected from such attacks? a. Hire the services of a third-party Certification Authority b. Configure the Block Inheritance setting at OU-level GPOs c. Run the gpupdate /force command in a Command Prompt window. d. Run the gpresult /r command in Windows PowerShell.

a. Hire the services of a third-party Certification Authority Analysis: a. Correct. To ensure that Finn's company is protected from man-in-the-middle attacks, Talia should hire the services of a third-party Certification Authority (CA). CAs endorse the public keys before they are used for secure technologies, such as HTTPS. b. Incorrect. Configuring the Block Inheritance setting at OU-level GPOs will prevent the domain-level GPO settings from applying to user accounts in those OUs. This is not relevant to man-in-the-middle hacking attacks. c. Incorrect. Running the gpupdate /force command in a Command Prompt window forces the client computer to check the SYSVOL shared folder on their domain controller for new GPO settings and apply them, if necessary. d. Incorrect. Running the gpresult /r command in Windows PowerShell helps troubleshoot GPO configuration issues.

Zuber is configuring Windows Server 2019 as an iSCSI SAN device. He has successfully created an iSCSI virtual disk and a new iSCSI target. He is trying to connect his system to the new iSCSI target but he is facing a connection issue. What must be the cause for the connection issue? a. IQN is not present in the access server list. b. CHAP authentication is not enabled. c. DSM is not be added to the system. d. JBOD is not enabled in the system.

a. IQN is not present in the access server list. Analysis: a. Correct. The iSCSI target identifies iSCSI initiators using IQN. If the IQN is not present in the access server lists, the connection issue will arise because the ISCSI target cannot identify the iSCSI initiator of the system. b. Incorrect. CHAP is an authentication protocol that when enabled will ask for user credentials the first time the ISCSI initiator is configured to connect to the target. This is not the cause of the connection issue. c. Incorrect. DSM is a MIPO support file that is required when the iSCSI target cannot be added to the MIPO tool. This is not related to the connection issue that Zuber is facing. d. Incorrect. This is not related to the connection issue that Zuber is facing because JBOD is a type of RAID-like configuration, which consists of two or more storage devices that the system sees as one large volume.

Kaya is an administrator at Kelvin Computing. Benjamin, a user, wants to access a shared folder on SERVERA, so he uses the UNC \\servera\share to access the folder. His computer then sends out a broadcast to the network to resolve the name SERVERA. Because of the broadcast, all computers on the LAN interpret it and causes additional processing that interferes with other operations. What can Kaya do to avoid this additional overhead? a. Install a WINS server b. Restart the DNS Server c. Configure a default forwarder d. Configure a conditional forwarder

a. Install a WINS server Analysis: a. Correct. Kaya should install Windows Internet Name Service (WINS) servers to provide centralized NetBIOS name resolution that does not use broadcasts. b. Incorrect. Restarting the DNS Server will not help Kaya resolve this issue. c. Incorrect. Default forwarders help relay lookup requests that cannot be resolved to an ISP DNS server or other DNS servers in an organization. This will not help Kaya resolve the current issue. d. Incorrect. Conditional forwarders are an alternative to stub zones that provide the same functionality. This will not help Kaya resolve the current issue.

You are configuring a remote access server in your organization. You install the Direct Access and VPN (RAS) role service along with the Routing role service. On the next configuration screen, which of the following services should you select?

a. LAN routing

Kelsan Informatics has its client computers connected to a router through which the clients can access the organization's servers in the DMZ. The DMZ is connected to a NAT router that is connected to the Internet. In addition to providing access to the Internet, the NAT router also offers additional capabilities, such as traffic throttling, intrusion prevention, and malware filtering. What is the term for this type of NAT router? a. Next Generation Firewall b. Last mile technology c. Demarcation point d. Point-to-Point Protocol over Ethernet (PPPoE)

a. Next Generation Firewall Analysis: a. Correct. In this scenario, the NAT router is often referred to as a Next Generation Firewall (NGFW). Such routers often contain additional management and security capabilities, such as traffic throttling, intrusion prevention, and malware filtering. b. Incorrect. Last mile technologies often span the "last mile" between the Internet and the organization. Common last mile technologies include DSL and GPON. c. Incorrect. In this scenario, the organization NAT router is most likely connected to a demarcation point (often shortened to demarc) that connects to the ISP using a last mile technology. d. Incorrect. To communicate to an ISP using IP across a telephone network, DSL encloses Ethernet frames in a protocol called Point-to-Point Protocol over Ethernet (PPPoE).

Madison is using the Backup Schedule Wizard from the Actions pane of the Windows Server Backup tool. He selects the backup configuration as Custom and specifies the items to be backed up. While adding the items to be backed up, he happens to select the System state option. What does this option create a backup of? a. Operating system settings b. The entire system c. Virtual hard disk files d. Boot and recovery volumes

a. Operating system settings Analysis: a. Correct. This creates a backup of all operating system settings, including the Windows Registry, Active Directory database (for domain controllers), and boot loader files. b. Incorrect. Bare metal recovery creates a full backup of the entire system. c. Incorrect. Hyper-V backs up the configuration and virtual hard disk files for virtual machines. d. Incorrect. System state creates a backup of all operating system settings, including the Windows Registry, Active Directory database (for domain controllers), and boot loader files.

Rebecca is configuring a RAID with three storage devices. If she saves a file, the file will be divided into three sections, with each section written to separate storage devices concurrently, in a third of the amount of time it would take to save the entire file on one storage device. Which of the following RAID levels is Rebecca configuring?

a. RAID level 0 In RAID level 0, an individual file is divided into sections and saved concurrently on two or more storage devices, one section per storage device.

Zahara is accessing an application installed on her organization's remote access server from her laptop. She saves output from the application into a file on the server. She opens the saved file on the server and prints it using her local printer. Which of the following protocols is employed in this scenario? a. Remote Desktop Protocol b. Password Authentication Protocol c. Point-to-Point Tunneling Protocol d. Layer Two Tunneling Protocol

a. Remote Desktop Protocol Analysis: a. Correct. Zahara is using a remote desktop connection in this scenario. The Remote Desktop app uses Remote Desktop Protocol (RDP) to transfer desktop graphics, keystrokes, and mouse movements to and from the remote access server. b. Incorrect. This scenario does not exemplify the use of Password Authentication Protocol (PAP). PAP is an authentication protocol that transmits user passwords across the network in plain text (unencrypted). c. Incorrect. This scenario does not exemplify the use of Point-to-Point Tunneling Protocol (PPTP). PPTP is one of the oldest and most widely supported VPN protocols. d. Incorrect. This scenario does not exemplify the use of Layer Two Tunneling Protocol (L2TP). L2TP is a VPN protocol developed by Microsoft and Cisco. It provides for tunneling only and relies on IP Security (IPSec) for the encryption of data packets using encryption keys varying in length from 56 to 256 bits.

Valentina decides to install the Docker EE package on a Windows server. She wants to download the latest stable version of the package, so she chooses to install Docker using the DockerMsftProvider module. She enters the following commands in the Windows PowerShell window: PS C:\> Install-Module -Name DockerMsftProvider -XXXX psgallery -Force PS C:\> Install-Package -Name docker -ProviderName DockerMsftProvider Identify the correct code that should replace XXXX.

a. Repository Analysis: a. Correct. XXXX in the command should be replaced by Repository. b. Incorrect. Replacing XXXX with RequiredVersion is not the correct option. RequiredVersion is part of the command to install the Docker EE package using DockerProvider. c. Incorrect. Replacing XXXX with preview is not the correct option. In the command to install the Docker EE package via DockerProvider, preview is used. d. Incorrect. DockerProvider allows you to obtain the latest version of Docker EE provided by Docker. It is an alternative to DockerMsftProvider.

Pablo is a system administrator in training. He is trying to manually defragment the F: volume in Becky's system. Help Pablo identify the correct method to perform manual defragmentation. a. Right-click the volume, click Properties, highlight the Tools tab, and click the Optimize button. b. Right-click the volume, click Properties, highlight the Tools tab, and click the Check button. c. Write the "Repair-Volume-DriveLetter F -Scan" command in Windows PowerShell. d. Write the "Optimize-Volume -DriveLetter" command in Windows PowerShell.

a. Right-click the volume, click Properties, highlight the Tools tab, and click the Optimize button. Analysis: a. Correct. This sequence will optimize the volume and help it run more efficiently. b. Incorrect. This sequence will check the file for filesystem errors. c. Incorrect. This command scans the F: volume for errors. d. Incorrect. The volume name is missing from the command that needs to be optimized.

Christopher sets up multiple WINS servers in his organization and configures users' computers to use the WINS server. During testing, he attempts to access a folder called Share on the computer SERVERA. He enters the following statement into File Explorer: \\serverA\share. However, Christopher is unable to access the shared folder. What is the most likely reason for this issue? a. SERVERA does not have a NetBIOS name record on any WINS server. b. Christopher has not set up replication. c. The user computer is connect to the LAN but not to the Internet. d. The UNC syntax entered is incorrect and is missing arguments.

a. SERVERA does not have a NetBIOS name record on any WINS server. Analysis: a. Correct. Although Christopher has set up other users' computers to use the WINS servers, it is likely that SERVERA does not have a NetBIOS name record on the WINS servers. b. Incorrect. This is not the most likely cause of failure. Christopher needs to set up replication partners if he wants the WINS servers to share the NetBIOS name records. c. Incorrect. The user's computer does not need to be connected to the Internet for this feature to work. d. Incorrect. The UNC syntax is correct and is not missing any arguments.

Lashonda, a system administrator, installs a remote access server in her organization. The remote access server is connected directly to the demarc. Additionally, the remote access server is configured as a NAT router. When configuring the remote access server, which of the following is Lashonda most likely to do?

a. She will select the Demand-dial connections service.

Chynna wants to create two different firewall rules that are applicable depending on whether a computer is connected to a corporate domain or a home network. Which of the following panes in the New Inbound Rule Wizard should Chynna select to specify the conditions that should be met before the rules can be applied?

a. The Profile pane Chynna can specify the conditions that should be met before the rules can be applied in the Profile pane in the New Inbound Rule wizard. The Action pane gives the options to specify the action to be taken when a connection matches the condition specified in a rule. The Rule Type pane provides the options to select the type of connection security rule. The Protocol and Ports pane gives the options to specify the type of rule.

Shaw, a server administrator, uses an iSCSI SAN protocol to transfer data to and from SAN devices at a speed of up to 40 Gb/s. He configures one of the SAN devices to provide storage to Jasper's Windows Server 2019 system. What should Jasper configure in his system to be able to connect to the storage? a. The iSCSI target b. The iSCSI initiator c. HBA d. MPIO

a. The iSCSI target Analysis: a. Correct. To connect a Windows Server 2019 system to an iSCSI SAN, he must first ensure that the appropriate iSCSI target has been configured on the iSCSI SAN device and that his server can connect to it. These tasks must be performed using the configuration tools provided by the iSCSI SAN device manufacturer. b. Incorrect. The iSCSI initiator should be configured after the iSCSI target. c. Incorrect. HBA is a hardware-based FC controller that connects to an FC SAN device. He should configure the iSCSI target in his system. d. Incorrect. MPIO is a configuration where a server can have multiple connections to different SANs to provide fault tolerance. He should configure the iSCSI target in his system.

Nadia uses the Disk Management tool to create a simple volume in one of the disks. She specifies the simple volume size and chooses a drive letter. While selecting the formatting options, she modifies the default allocation unit size. What will happen if the allocation unit size is large? a. The performance of file sharing applications will increase. b. The performance of database applications will increase. c. The performance of file sharing applications will decrease. d. The performance of database applications will decrease.

a. The performance of file sharing applications will increase. Analysis: a. Correct. A large allocation unit size will increase the performance of file sharing applications, whereas a small allocation unit size will increase the performance of database applications. b. Incorrect. A small allocation unit size will increase the performance of database applications. c. Incorrect. A large allocation unit size will increase the performance of file sharing applications. d. Incorrect. A large allocation unit size will increase the performance of file sharing applications.

Noortje, an employee of Cutleaf Productions, is working from home. She restarts her laptop to install an operating system update. After the restart, the Noortje is able to access the organization's file server without initiating a connection to the VPN. Which of the following is true of this scenario? a. The remote access server also contains a network location server. b. Noortje had established a VPN connection before the system was restarted. c. Noortje is using a Windows 7 operating system. d. The client is using IPv4 packets to authenticate to the remote access server.

a. The remote access server also contains a network location server. Analysis: a. Correct. It is highly likely that Noortje is using DirectAccess to connect to the remote access server in the organization. DirectAccess makes use of a network location server to identify the location of the client on the network. By default, the network location server is installed on the remote access server that is configured for DirectAccess. b. Incorrect. When the system is restarted, the VPN connection is disrupted. On restarting the system, Noortje will have to reestablish this connection to connect with the organization's servers. c. Incorrect. The operating system on Noortje's computer is not consequential to the outcome in this scenario. d. Incorrect. It is highly likely that Noortje is using DirectAccess to connect to the remote access server in the organization. Remote access clients use IPv6 when contacting a network location server or authenticating to a remote access server using DirectAccess. These IPv6 packets are automatically enclosed in IPv4 packets when sent across an IPv4 network.

Which of the following is true of Group Policy Objects (GPOs)? a. They do not apply to Active Directory groups. b. They are not strictly enforced. c. They allow users to configure settings that are applied by GPOs. d. They are limited to 500 or less users or computers.

a. They do not apply to Active Directory groups. Analysis: a. Correct. GPOs do not apply to Active Directory groups. To function, they must be linked to a site, domain, or OU object that contains the user or computer accounts that they apply to. b. Incorrect. GPOs are strictly enforced. c. Incorrect. Users cannot configure or override the settings that are applied by GPOs. d. Incorrect. A single GPO can be applied to thousands of users and computers in an organization to reduce the time and effort that it takes to administer a large domain.

Which of the following is the most likely cause for missing resource records in a secondary zone? a. Zone transfer issues b. An invalid entry in the DNS cache c. Zones that allow dynamic updates d. Manual DNS cache flushing

a. Zone transfer issues Analysis: a. Correct. Missing resource records in a secondary zone are often caused by zone transfer issues. Zone transfers may not occur successfully if the network bandwidth is saturated at the time the zone transfer was initiated. b. Incorrect. An invalid entry in the DNS cache is unlikely to lead to missing resource records in a secondary zone. c. Incorrect. Zones that allow dynamic updates are unlikely to lead to missing resource records in a secondary zone. d. Incorrect. Manual DNS cache flushing is unlikely to lead to missing resource records in a secondary zone.

Amber is a hacker who steals information when people enter their personal details on specific websites. She intercepts the public key as it is sent from the Web server to the Web browser and substitutes her own public key in its place. This enables her to intercept the communication and decrypt the symmetric encryption key using her private key. Which type of hacking attack is Amber perpetrating? a. A denial-of-service attack b. A man-in-the-middle attack c. A drive-by attack d. A malware attack

b. A man-in-the-middle attack Analysis: a. Incorrect. A denial-of-service attack prevents a system from responding to service requests. It is not associated with information theft. b. Correct. Amber is perpetrating a man-in-the-middle attack. This type of attack is often used by hackers when redirecting HTTPS traffic to a malicious website for the purposes of stealing information. c. Incorrect. A drive-by attack is used to spread malware rather than to steal information. d. Incorrect. A malware attack is associated with installation of unwanted software without consent. In the given scenario, the attack is most likely to redirect HTTPS traffic to a malicious website.

Fatima is configuring a Windows Server 2019 system as a RADIUS server for use with 802.1X Wireless. She has configured the Network Policy and Access Services server role. What is the next step Fatima should take once the server role has been configured? a. Configure the Configure 802.1X wizard b. Activate the server in Active Directory c. Edit or remove existing RADIUS clients d. Choose the EAP authentication method

b. Activate the server in Active Directory Analysis: a. Incorrect. Configuring the Configure 802.1X Wizard is not the next step in the process. It comes later in the process. b. Correct. Once the Network Policy and Access Services server role has been configured, Fatima must use the Network Policy Server tool to activate the server in Active Directory, as well as create RADIUS clients for each WAP in her organization. c. Incorrect. Editing or removing existing RADIUS clients is done at the time of configuring RADIUS clients. d. Incorrect. Choosing the EAP authentication method comes later in the process, after the appropriate RADIUS clients have been configured.

Aria is setting up a Remote Desktop Services server to allow users remote access to the server. At what point in the installation process should Aria reboot the server?

b. After selecting the role services that Aria wants to install Analysis: a. Incorrect. Aria does not need to reboot the server before installing the Remote Desktop Services server role. b. Correct. Aria needs to reboot the server after selecting the role services that she wants to install. Additionally, Aria needs to reboot the server after applying all configurations and clicking Deploy. c. Incorrect. Aria does not need to reboot the server after choosing the desktop deployment type. d. Incorrect. Aria does not need to reboot the server after selecting deployment options.

Parker runs the net start svsvc command at a Command Prompt to scan volume errors. He finds a corrupted spot on a volume. How can Parker directly go to the corrupted spot identified by the Spot Verifier service? a. By using the /r option with the chkdsk command b. By using the /spotfix option with the chkdsk command c. By using the /c option with the chkdsk command d. By using the /x option with the chkdsk command

b. By using the /spotfix option with the chkdsk command Analysis: a. Incorrect. The /r option searches for bad sectors and attempts to recover information from them. b. Correct. He can use the /spotfix option with the chkdsk command to only fix errors that were previously identified by the Spot Verifier service. c. Incorrect. The /c option performs a quick check of the folder structure on a volume. d. Incorrect. The /x option dismounts or lock a volume before scanning.

You are asked to create seven partitions in a storage device that uses an MBR. The device already has two partitions. However, you are also told that you cannot create more than a certain number of partitions on the storage device using an MBR. What would your next step be? a. Use the drive letters A and B to label the partitions b. Create the partitions and label one of the partitions as extended c. Use a storage device that is more than 7 TB in size and uses an MBR d. Convert the device to GPT

b. Create the partitions and label one of the partitions as extended Analysis: a. Incorrect. Drive letters are irrelevant to the number of partitions on a storage device. Moreover, the drive letters A and B are reserved for floppy disks; therefore, they cannot be used. b. Correct. To overcome the limitation of partitions created on the MBR storage device, one of the partitions is labeled "extended," which can then contain an unlimited number of smaller partitions called logical drives. c. Incorrect. The MBR is limited to devices that are less than or equal to 2 TB in size; therefore, it is not possible to use a device with 7 TB of space. d. Incorrect. This is only possible if there are no existing partitions.

An organization separates its client computers from its servers in a DMZ. The client computers are allowed access to the Internet by connecting to the DMZ. The DMZ is connected to a NAT router. In this scenario, what is the device that will allow the NAT router to connect to the ISP using a last mile technology? a. Next Generation Firewall b. Demarcation point c. Remote access server d. Point-to-Point Protocol over Ethernet (PPPoE)

b. Demarcation point Analysis: a. Incorrect. In this scenario, the NAT router can be referred to as a Next Generation Firewall (NGFW) if it contains additional management and security capabilities, such as traffic throttling, intrusion prevention, and malware filtering. b. Correct. In this scenario, the organization NAT router is most likely connected to a demarcation point (often shortened to demarc) that connects to the ISP using a last mile technology. The demarc is a translation device or router with a specialized network interface for the last mile technology that passes traffic directly between the ISP and NAT router. c. Incorrect. A remote access server can be used to provide external clients remote access to resources within the DMZ. d. Incorrect. PPPoE is a protocol and not a device. To communicate to an ISP using IP across a telephone network, DSL encloses Ethernet frames in a protocol called Point-to-Point Protocol over Ethernet (PPPoE).

The users at Trembot Information Systems currently need to manually initiate a VPN connection when remotely accessing the organization's servers. Samir, a system administrator at Trembot, receives a request from multiple remote users to simplify the process of accessing the organization's servers. Which of the following options should Samir use? a. Layer Two Tunneling Protocol b. DirectAccess c. Next Generation Firewall d. Virtual Private Networks

b. DirectAccess Analysis: a. Incorrect. Layer Two Tunneling Protocol (L2TP) is a VPN protocol developed by Microsoft and Cisco. This is not the option that Samir needs to use. b. Correct. Using DirectAccess will allow Samir to automate remote access for the remote users. For organizations that deploy laptop computers that are joined to an Active Directory domain, secure remote access for these computers can be automated using DirectAccess. c. Incorrect. The organization may already be employing a NAT router in its network. When a NAT router contains additional management and security capabilities, such as traffic throttling, intrusion prevention, and malware filtering, it is often referred to as a Next Generation Firewall (NGFW). d. Incorrect. The current solution that is employed to provide remote access to users is Virtual Private Networks or VPN. Samir needs to identify a different solution.

Merjem, a PhD student, is writing her thesis. She takes regular backup of her files and data. When taking backup, she chooses the Faster backup performance option in the Optimize Backup Performance window. Which of the following is true of the backup process in the given scenario? a. Every backup overwrites the previous backup. b. Every backup only backs up data that has been modified since the previous backup. c. The backup process will provide the fastest option at the time of restoring data. d. The backup process backs up the all the specified data every time.

b. Every backup only backs up data that has been modified since the previous backup. Analysis: a. Incorrect. Every backup overwrites the previous backup when Normal backup performance is selected. b. Correct. Selecting Faster backup performance option performs incremental backups. This option performs a full backup the first time the backup is taken. However, subsequent backups only back up data that has been modified since the previous backup. c. Incorrect. If Merjem wants to restore data, she will have to restore the first full backup, followed by all subsequent incremental backups, in order. Fastest restore option is available when full backup is taken. d. Incorrect. The backup process backs up the all the specified data every time when full backup is taken.

Runako wants to build a social networking website and host it using a PaaS provider. The social networking website will have users posting and sharing large quantities of media such as videos and images. He is currently evaluating the storage options that the app will need. Which of the following storage options should Runako use and why?

b. Object storage, because it allows a Web app to directly store objects. Analysis: a. Incorrect. Runako should not use block storage because it does not suit his requirements. Block storage is more expensive than object storage. b. Correct. Runako should use Object Storage. Object storage allows Web apps to directly store objects, such as pictures, files, and video, using an HTTP request that is sent to an object storage service. Web apps that need to store and share thousands of pictures, files, and video typically use object storage. c. Incorrect. Persistent volume is the same as block storage. When purchasing storage from a public could provider, block storage is often referred to as a persistent volume, and object storage is often called Binary Large Object (BLOB) storage. d. Incorrect. Although block storage is faster than object storage, it is often used to store database files. Runako should consider another storage option to support the large number of media files such as videos and images.

Mateo uses the following command to search Docker Hub for containers that have IIS installed: PS C:\> docker search iis. The search returns the following options: microsoft/aspnet, microsoft/iis, nanoserver/iis. Mateo wants to download the latest version of the microsoft/iis container from Docker Hub. Which of the following commands can Mateo run to achieve this result?

b. PS C:\> docker pull microsoft/iis Analysis: a. Incorrect. To simplify commands that work with container images, you can create aliases for docker container image names using the docker tag command. This command creates an alias for the miscrosoft/iis container image called latest. b. Correct. This is the command that Mateo should run. To download the latest version of the official IIS container image from Docker Hub, you can run the following command PS C:\> docker pull microsoft/iis. c. Incorrect. This command is incorrect. The correct syntax of this command is docker pull microsoft/iis:latest, which can be used to download the latest version of the Microsoft/iis container. d. Incorrect. TO simplify commands that work with container images, you can create aliases for docker container image names using the docker tag command. This command creates an alias for the microsoft/iis container image called iis.

Skyfelt Graphics is a company that does not own any of the hardware or operating systems on which it creates and runs its Web app containers. These components are owned, maintained, and operated by a cloud provider. Which of the following cloud delivery models is Skyfelt using?

b. Platform as a Service Analysis: a. Incorrect. This scenario does not exemplify Software as a Service. Unlike Iaas and Paas, SaaS is not used to configure virtual machines or containers. Instead, the SaaS cloud provider maintains all aspects of the network, hardware, and operating system; it merely executes the Web app that you provide. b. Correct. This scenario exemplifies Platform as a Service. PaaS allows you to run Web app containers in the cloud. c. Incorrect. This scenario does not exemplify Infrastructure as a Service. With IaaS, the cloud provider offers a cloud platform that provides Internet access, IP addressing, and FQDN name resolution to virtual machines that you create on their hypervisor. d. Incorrect. This scenario does not exemplify Mobile as a Service. The words "as a service" are commonly used for marketing purposes. For example, Mobile as a Service (MaaS) can be used to describe Web apps that manage smartphone devices.

Rishab is looking for ways to manage duplicate file content on his organization's shared drive. He enables data deduplication for this purpose. To save computing resources, he wants to change the settings such that data deduplication occurs in the evening. What must Rishab do to make this change? a. Enter the file extensions to be excluded b. Click the Add button under Deduplication Settings c. Click Set Deduplication Schedule d. Select the Apply button under Deduplication Settings

c. Click Set Deduplication Schedule Analysis: a. Incorrect. This option is used to exclude certain file types from data deduplication. b. Incorrect. The Add button is used to add folders that need to be excluded from data deduplication. c. Correct. The Set Deduplication Schedule button will allow Rishab to modify the performance options for the Data Deduplication Service. d. Incorrect. This is used to apply the data deduplication settings. Before selecting this button, Rishab must change the settings.

XM GraFix, a graphics design company, has bought new design software. Mason, the system administrator, wants to install the software on all the computers in the design department. However, not all the designers need the software. Using the GPO, Mason uses a deployment method that allows the users to install the program from the network when they need it. Which of the following methods of deployment has Mason most likely used in the given scenario? a. Published the software under Software Settings in the Computer Configuration b. Published the software under Software Settings in the User Configuration c. Assigned the software under Software Settings in the Computer Configuration d. Assigned the software under Software Settings in the User Configuratio

b. Published the software under Software Settings in the User Configuration Analysis: a. Incorrect. This is not a method of deployment. b. Correct. Mason has most likely published the software under Software Settings in the User Configuration. This method gives users the option to install software when required. To install published software, users can click Install a program from the network in the Programs and Features section of Control Panel, select the software package, and click Install. c. Incorrect. When a software is assigned under Software Settings in the Computer Configuration, it gets automatically installed the next time the computer is booted. d. Incorrect. Assigning the software under Software Settings in the User Configuration creates a program icon on the Start menu, as well as a file association. The software is automatically installed the first time that a user clicks the program icon on the Start menu or opens a file that is associated with the program.

Kim has completed configuring DirectAccess on a remote access server in his organization. He also configures the users' computers and enables DirectAccess. While the laptop users are able to use DirectAccess, desktop users email Kim to let him know that they're unable to use DirectAccess. If Kim is able to resolve this issue successfully, which of the following options on the Remote Access Setup pane did Kim use? a. Remote Access Server b. Remote Clients c. Infrastructure Servers d. Application Servers

b. Remote Clients Analysis: a. Incorrect. Kim cannot use the Remote Access Server option to resolve this issue. Remote Access Server allows you to modify the network topology options. Additionally, you can modify the HTTPS certificate used for remote access authentication, allow Windows 7 clients to use DirectAccess, etc. b. Correct. If the laptop users can connect to the organization's servers via DirectAccess but the desktop users cannot, it indicates that Kim may have selected the option Enable DirectAccess for mobile computers only. Kim can click the Edit button for Remote Clients and change this selection to resolve the issue. c. Incorrect. Kim cannot use the Infrastructure Servers option to resolve this issue. Infrastructure Servers allows you to modify domain suffix options. Additionally, you can modify the HTTPS certificate used by the network location server, DNS server settings, and the location of servers that can be used to provide Windows and antivirus updates to remote access clients. d. Incorrect. Kim cannot use the Application Servers option to resolve this issue. Application Servers allows you to extend the IPSec encryption used between remote access clients and the remote access server to include specific application servers in the DMZ.

Reno is facing some DNS server issues that he is unable to resolve using nslookup, DNS manager, and other general methods. He decides to use information from the DNS Server log to identify the issue. However, the information that was logged is insufficient to resolve the issue. Reno is able to identify the issue after enabling debug logging. What should Reno do next? a. Reno should permanently enable debug logging. b. Reno should turn off debug logging. c. Reno should delete all the log files. d. Reno should flush the DNS server cache.

b. Reno should turn off debug logging. Analysis: a. Incorrect. Reno should not enable debug logging permanently because this will capture additional information that Reno may or may not use all the time. b. Correct. Once the issue is resolved, Reno should turn off debug logging because debug logging records a large amount of information in the log file. c. Incorrect. Reno should not delete all the log files because this does not serve any purpose. d. Incorrect. Since Reno has resolved the issue, flushing the DNS server cache serves no purpose in this scenario.

One of the disks on your computer is running low on storage space. You notice that there is unallocated space in the spanned volume. How will you use the unallocated space to increase storage space? a. Right-click the volume, click Reactivate Volume once the storage device is available, and use the unallocated space b. Right-click the volume on that disk and click Extend Volume to increase the size of the volume using the unallocated space c. Right-click a RAID level 1 volume and click Remove Mirror to remove the volume while retaining the data from one disk you specify d. Right-click the system or boot partition in the Disk Management tool, click Add Mirror, and select the second storage device

b. Right-click the volume on that disk and click Extend Volume to increase the size of the volume using the unallocated space Analysis: a. Incorrect. If a storage device that is part of a RAID level 0 volume becomes temporarily unavailable, you can right-click the volume and click Reactivate Volume once the storage device is available again. b. Correct. If there is unallocated space on one of the disks that contain a spanned volume, you can right-click the volume on that disk and click Extend Volume to increase the size of the volume using the unallocated space. c. Incorrect. You can right-click a RAID level 1 volume and click Remove Mirror to remove the volume while retaining the data from one disk you specify. The disk that you specify will retain the data in a simple volume using the same drive letter or path. d. Incorrect. This is used to configure the system and boot partitions as part of a software RAID level 1 volume following the installation of Windows Server 2019.

Sasha is configuring Windows Server 2019 as an enterprise CA. She installs the Active Directory Certificate Services server role and is prompted to choose the role services that she wishes to install. Which of the following role services should Sasha select to ensure that routers are allowed to obtain certificates? a. The Online Responder role service b. The Network Device Enrollment Service role service c. The Certificate Enrollment Policy Web Service role service d. The Certification Authority Web Enrollment role service

b. The Network Device Enrollment Service role service Analysis: a. Incorrect. The Online Responder role service allows clients to use the Online Certificate Status Protocol (OCSP) to view CRL information. b. Correct. Sasha should select the Network Device Enrollment Service role service. This role service allows routers and other network devices to obtain certificates. c. Incorrect. The Certificate Enrollment Policy Web Service role service provides a Web app that allows users to request certificates for their computer. d. Incorrect. The Certification Authority Web Enrollment role service allows users to request certificates for their computer, even if their computer is not joined to the Active Directory domain.

Merlyn, a developer at Enigma Designs, wants to host a Windows Web app in a public cloud. She prefers to build the app and host it with a public cloud provider. She does not want to deal with the back-end configuration such as setting up the Windows Server 2019, IIS, and Web app frameworks. Which of the following options should Merlyn choose?

b. SaaS Analysis: a. Incorrect. Using PaaS will require Merlyn to handle some back-end tasks. To run a containerized WIndows Web app on a public cloud provider using the PaaS cloud delivery model, you must first configure any block or object storage required by the Web app on the public cloud provider. Next, you must obtain the appropriate Windows container image from a container repository, such as a Docker Hub. b. Correct. To run a Windows Web app in a public cloud using SaaS, the public cloud provider configures and maintains all aspects of the underlying Windows Server 2019 operating system, including IIS and ay Web app frameworks. In this case, Merlyn will only need to provide the Web app, as well as configure the block or object storage required by the Web app on the public cloud provider. c. Incorrect. Using PaaS will require Merlyn to handle many back-end tasks. To run a Windows Web app in a public cloud using IaaS, you will need to create, configure, and maintain the associated Windows Server 2019 virtual machine on the public cloud provider's hypervisor. d. Incorrect. The words "as a service" are commonly used for marketing purposes. For example, Mobile as a Service (MaaS) can be used to describe Web apps that manage smartphone devices. This is not the option that Merlyn should choose.

Identify a vital service provided by secondary DNS servers.

b. Secondary DNS servers respond to DNS lookup requests using read-only zone files.

Denali wants to store information about all Windows updates on a specific Microsoft SQL Server for security reasons. Which of the following wizards can Denali use to set up SQL Server Connectivity to store update information? a. The Group Policy Results Wizard b. The Add Roles and Features Wizard c. The Windows Server Updates Services Configuration Wizard d. The Certificate Enrollment wizard

b. The Add Roles and Features Wizard Analysis: a. Incorrect. The Group Policy Results Wizard is used to troubleshoot the application of Group Policy. b. Correct. Denali can use the Add Roles and Features Wizard and select SQL Server Connectivity when selecting role services. This will allow the update information to be stored on a specified Microsoft SQL Server. c. Incorrect. The Windows Server Updates Services Configuration Wizard is used to configure WSUS. d. Incorrect. The Certificate Enrollment wizard is used to select the Active Directory Enrollment Policy and appropriate certificate template to generate a public/private key pair.

Alonso, a system administrator, has configured and deployed a new GPO at the domain level in his organization. However, when he checks after a few hours, two of the OUs in the Active Directory do not reflect the change. What is the most likely reason the new GPO configuration did not apply to the two OUs? a. The OUs were under another domain. b. The Block Inheritance setting prevented the OUs from applying the GPOs. c. The users under the OUs declined the domain-level setting when prompted. d. The GPO link was configured with the Enforced setting.

b. The Block Inheritance setting prevented the OUs from applying the GPOs. Analysis: a. Incorrect. For the OUs to apply the GPO, they must be linked to the domain in which the new GPO was deployed. b. Correct. The Block Inheritance setting on the OUs can prevent domain-level GPO settings from being applied to user accounts in those OUs. c. Incorrect. When GPO settings are applied, users are not prompted to decline or accept them. d. Incorrect. If the GPO link was configured with the Enforced setting, the GPO would have been applied to the accounts within the two OUs.

You are troubleshooting a DHCP server and discover that it is not dynamically updating DNS records for DHCP clients. What is the most likely cause for this issue? a. The network contains computers with manually configured IP addresses. b. The DNS server and DHCP server are in different domains. c. The DNS server is an authoritative, primary DNS server. d. The DNS server and DHCP server are running on different operating systems.

b. The DNS server and DHCP server are in different domains. Analysis: a. Incorrect. This is unlikely to cause the issue in the scenario. The presence of computers with manually configured IP addresses can cause IP conflict errors. b. Correct. The most likely cause for this issue is that that DNS server and DHCP server are in different domains. c. Incorrect. The DNS server being authoritative is an unlikely cause for the issue in the scenario. d. Incorrect. It is common for different servers to run on different operating systems. This is unlikely to cause the issue in the current scenario.

Raymond and Lin are facing network issues on their computers. Rayna, the administrator, is troubleshooting the issue. She notices that Raymond and Lin's computers are using the same IP address, 192.167.1.85. If the organization's network uses a DHCP server, which of the following most likely caused this issue? a. The IP addresses were configured automatically. b. The IP addresses were configured manually. c. The IP addresses were configured by the DHCP server. d. The IP addresses on both computers have expired.

b. The IP addresses were configured manually. Analysis: a. Incorrect. Automatic configuration of IP addresses takes place via DHCP servers. This did not cause the current issue. b. Correct. This is the most likely cause of failure. Rayna or another system administrator may have accidentally configured both computers with the same IP address. c. Incorrect. If the IP addresses were configured by the DHCP server, the computers would have different IP addresses. d. Incorrect. There is insufficient information to conclude that the IP addresses have expired. This is, however, unlikely to have caused the current issue.

Lashonda sets up a DNS server, SERVER1, with a forward lookup zone called domainA.com. It hosts the resource records for the domainX.com Active Directory domain. It contains host (A) records for two network interfaces on SERVER1 (172.16.0.10 and 192.168.1.50). The host records are associated with the FQDNs server1.domainA.com and domainA.com. There is also an SOA record and an NS record for the zone. Which of the following records identifies SERVER1 as an authoritative DNS server? a. The SOA record b. The NS record c. The A record for 172.16.0.10 d. The A record for 192.168.1.50

b. The NS record Analysis: a. Incorrect. An SOA record contains zone configuration information, such as zone transfer settings and the default TTL for resource records. The SOA record does not identify SERVER1 as an authoritative DNS server. b. Correct. An NS record is used to identify a DNS server that is authoritative for a zone. In this scenario, the NS record identifies SERVER1 as an authoritative DNS server. c. Incorrect. A records are used to resolve an FQDN to an IPv4 address. The A record for 172.16.0.10 does not identify SERVER1 as an authoritative DNS server. d. Incorrect. A records are used to resolve an FQDN to an IPv4 address. The A record for 192.168.1.50 does not identify SERVER1 as an authoritative DNS server.

TravelBugz is a website that reviews accommodations and holiday destinations. Users of the website can post their own reviews. Users can use the TravelBugz app too instead of the website if they want to. The app and website both directly access the Web app running on the cloud to store and retrieve data. Which of the following is true of this scenario?

b. The TravelBugz app communicates with the Web app using the TCP/IP protocol. Analysis: a. Incorrect. users accessing a website through a browser are accessing the website using the HTTP or HTTPS protocol. b. Correct. Client programs and mobile apps can also be used as the front end for Web apps, either by connecting to a website using the HTTP or HTTPS protocol or by communicating directly to a Web app on a cloud server using a different TCP/IP protocol. c. Incorrect. The TravelBugz app can communicate with the website using the HTTPS or HTTP protocol. d. Incorrect. The Travel Bugz app and website can communicate using the HTTPS or HTTP protocol.

Ava, a system administrator, configures 45 remote access clients to use the VPN server in the organization using the SSTP protocol. On any day, the number of users that work remotely does not exceed 15, so AVA configures the SSTP VPN protocol for 25 connections on the server. One day, owing to extreme weather, many employees are asked to work from home. When more than 25 users try to connect to the organization's servers, they are not allowed access. Ava uses the Routing and Remote Access tool to increase the number of connections for the SSTP protocol to 45. When she asks these additional users to confirm if they have received access, the users tell her that they are unable to connect to the organization's servers. If some or all of these users were able to remotely connect on a previous occasion, what is the most likely issue in this scenario? a. The number of connections for the SSTP protocol does not exceed the number of remote access clients. b. The remote access server was not rebooted after the recent changes. c. The client systems are running the latest version of Windows 10. d. The other protocols do not have updates to the number of connections.

b. The remote access server was not rebooted after the recent changes. Analysis: a. Incorrect. The number of connections for the SSTP protocol does not need to exceed the number of remote access clients. As a best practice, you should increase the number of connections for each VPN protocol to match the number of remote access clients configured to use the protocol, as well as disable any VPN protocols that are not used. b. Correct. After modifying the number of VPN connections, Ava must reboot the remote access server for the changes to take effect. In this scenario, it appears that Ava has not rebooted the remote access server. c. Incorrect. The client systems running the latest version of Windows 10 is unlikely to cause connection issues. d. Incorrect. Ava does not need to update the number of connections for any other protocol.

Giselle, a systems administrator, creates a file redirection GPO, in the User Configuration section that automatically saves files created by her colleagues to a shared network device instead of the local drives in their computers. However, the computers do not receive the configuration specified in the GPO. She runs the gpupdate /force command in the Command Prompt window of one of her colleagues' computer. Despite her effort, the computer does not receive the GPO, and she decides to rectify the issue the next day. To her surprise, she sees that the computer has been configured as per the GPO. What do you see as the issue with the GPO configuration? a. The GPO was not backed up before the new settings were applied. b. The settings can only be applied at the next login. c. The computer had to be rebooted for the application of the GPO settings. d. The Block Inheritance setting was enabled for the OU that the computers belonged to.

b. The settings can only be applied at the next login. Analysis: a. Incorrect. The backing up of the GPO does not have anything to do with the application of the settings. GPOs are backed up to ensure that the configurations can be restored in the event of a corruption. b. Correct. Some settings under the User Configuration section are applied only during the next login. One such setting is Folder Redirection. c. Incorrect. Computers need to be rebooted only if the settings were under the Computer Configuration section. d. Incorrect. If Block Inheritance was enabled, the computer would not have been configured as per the GPO settings.

Navin wants to reduce the chances of a data breach and monitor and control the traffic on his company's website. Instead of using a NAT router, he sets up an external server that acts as a filter between the organization's website and end users. Which of the following options must Navin select and configure when configuring WSUS? a. Store updates in the following location b. Use a proxy server when synchronizing c. Synchronize from another Windows Server Update Services server d. Synchronize from Microsoft Update servers

b. Use a proxy server when synchronizing Analysis: a. Incorrect. The Store updates in the following location option is used to specify the path of the location where updates are stored. b. Correct. Navin should select and configure Use a proxy server when synchronizing because his organization is using a proxy server instead of a NAT router. c. Incorrect. The option Synchronize from another Windows Server Update Services server is used to specify another WSUS server in the organization to synchronize updates. d. Incorrect. The option Synchronize from Microsoft Update servers will synchronize the updates from the Microsoft Update servers.

Stephen sets up manual enrollment for a user certificate from an enterprise CA. However, as he completes the process, he realizes that he has accidently set up the enrollment for a computer certificate rather than a user certificate. Which of the following commands did Stephen most likely type in the Command Prompt window? a. certmgr.msc b. certlm.msc c. wf.msc d. gpedit.msc

b. certlm.msc Analysis: a. Incorrect. The certmgr.msc command is used to manually enroll for a user certificate from an enterprise CA. Stephen did not type certmgr.msc as the enrollment was done for a computer certificate. b. Correct. Stephen most likely typed the certlm.msc command in the Command Prompt window. This command is used to manually enroll for a computer certificate. c. Incorrect. The wf.msc command is used to run the Windows Defender Firewall with Advanced Security tool. d. Incorrect. The gpedit.msc command is used to edit local GPOs.

Sonia is configuring a RAID level 5 array with five disks. Each disk has the capacity to store 3 TB of data. What is the total storage size that Sonia can use to store data? a. 3 TB b. 8 TB c. 12 TB d. 15 TB

c. 12 TB Analysis: a. Incorrect. In RAID level 5, one fifth of the toral storage size is reserved for parity information. The total storage is 5*3 = 15 TB; the storage reserved for parity information is 15 * (1/5) = 3 TB; and the combined storage capacity that Sonia can use is 15 - 3 = 12 TB. b. Incorrect. In RAID level 5, one fifth of the toral storage size is reserved for parity information. The total storage is 5*3 = 15 TB; the storage reserved for parity information is 15 * (1/5) = 3 TB; and the combined storage capacity that Sonia can use is 15 - 3 = 12 TB. c. Correct. In RAID level 5, one fifth of the toral storage size is reserved for parity information. The total storage is 5*3 = 15 TB; the storage reserved for parity information is 15 * (1/5) = 3 TB; and the combined storage capacity that Sonia can use is 15 - 3 = 12 TB. d. Incorrect. In RAID level 5, one fifth of the toral storage size is reserved for parity information. The total storage is 5*3 = 15 TB; the storage reserved for parity information is 15 * (1/5) = 3 TB; and the combined storage capacity that Sonia can use is 15 - 3 = 12 TB.

Sam, an administrator, sends out an HR policy file to Vicky, Mohammad, Charle, and Reena. They save the HR policy file on their home directories under a shared folder of Windows Server 2019 with different file names. As a result, the same copies of the file are present multiple times with different names. Reena opens and saves the file after making minor changes. What will happen to the files when Sam enables the Data Deduplication Service on Windows Server 2019? a. A copy of Reena's file is created with a new file name. b. All the files get deleted when the Data Deduplication Service is enabled. c. A new copy of Reena's file is created and associated with the same file name. d. None of the files are deleted as they have different file names.

c. A new copy of Reena's file is created and associated with the same file name. Analysis: a. Incorrect. After Reena saves the file, a new copy of the file will be created and associated with the same file name. b. Incorrect. Data deduplication periodically scans for duplicate file contents and stores a single copy of contents if they are found in many places. c. Correct. After Reena modifies the file, a new copy of the file is created and associated with the same file name. d. Incorrect. Data deduplication ignores file names when scanning for files to deduplicate. This allows files with the same contents to be deduplicated, even if they have different file names.

You are the administrator for an Active Directory domain and have been tasked with improving the response time for resolving DNS queries for resources in a second company-owned domain that does not use Active Directory. What type of zone can be used to accomplish this task with minimal overhead? a. A forward zone b. A reverse zone c. A stub zone d. A glue zone

c. A stub zone Analysis: a. Incorrect. A forward zone is not the best option in this scenario because it involves more overhead costs than other options such as a stub zone. b. Incorrect. A reverse zone is not the best option in this scenario because it involves more overhead costs than other options such as a stub zone. c. Correct. Stub zones contain NS and host records that allow a DNS server to access an authoritative zone on another DNS server. Creating a stub zone involves the least overhead. d. Incorrect. There are no zones called glue zones.

If a newly created firewall allows connection to a program only if the connection is authenticated by IPSec, which of the following options was most likely selected in the Action pane in the New Inbound Rule Wizard at the time of creating the rule? a. Authentication exemptio b. Allow the connection c. Allow the connection if it is secure d. Block the connection

c. Allow the connection if it is secure Analysis: a. Incorrect. This is an option available under the Rule Type pane, and not under the Action pane. b. Incorrect. The Allow the connection option in the Action pane allows connections that are protected with IPsec as well as those that are not. c. Correct. The Allow the connection if it is secure option allows only the connections that have been authenticated by IPsec. d. Incorrect. The Block the connection option will block all the connections.

Which of the following organizations does not need to install a WINS server? a. An organization that uses shared folders on computers with NetBIOS names b. An organization that uses modern operating systems such as Windows 10 c. An organization that has disabled NetBIOS on its computers d. An organization that has DNS servers installed

c. An organization that has disabled NetBIOS on its computers Analysis: a. Incorrect. If an organization uses shared folders on computers with NetBIOS names, performance will improve when WINS servers are used. b. Incorrect. While FQDNs are the preferred method for identifying computers on networks today, modern Microsoft operating systems such as Windows 10 and Windows Server 2019 still use NetBIOS to identify systems on a network, and many apps still support NetBIOS. c. Correct. While NetBIOS is enabled by default on all Windows systems, some organizations choose to disable it on each computer. These organizations rely entirely on DNS name resolution and do not require a WINS server as a result. d. Incorrect. The use of a DNS server does not rule out the need to install a WINS server.

David, a system administrator, has created specific GPOs for every department in his organization based on the permissions required by the various departments. However, he needs to apply the Default Domain Policy for some managers but not for the rest of the users. How can David ensure that the Default Domain Policy is applied only to specific managers' accounts? a. By using the Block Inheritance setting on the domain-level GPO b. By using the Enforced setting on the OU-level GPOs for the OUs that contain the managers' accounts c. By removing the Authenticated Users group from the Security Filtering section and adding the managers' accounts d. By using a WMI filter to check for conditions under which the Default Domain Policy must be applied

c. By removing the Authenticated Users group from the Security Filtering section and adding the managers' accounts Analysis: a. Incorrect. The Block Inheritance setting is used to prevent the application of domain-level GPOs to user and computer accounts. b. Incorrect. The Enforced setting at the domain level will override the Block Inheritance setting. However, it will not apply the Default Domain Policy to only specific computer accounts. c. Correct. David can ensure that the Default Domain Policy is applied only to specific managers' accounts by removing the Authenticated Users group from the Security Filtering section and adding the managers' accounts. d. Incorrect. A WMI filter is used to specify the hardware and software features that must be present on a computer before the GPO is applied.

Carlos is configuring a DHCP server in his organization. Some of the computers in his organization contain manually configured IP addresses. Currently, he is setting up the new server to configure IP addresses for users who operate their mobile devices on the organization's network. Which of the following decisions should Carlos reevaluate? a. Carlos sets the subnet mask as 255.255.255.0. b. Carlos provides a subnet delay of 100 milliseconds. c. Carlos sets the lease duration to 7 days. d. Carlos excludes certain IP addresses.

c. Carlos sets the lease duration to 7 days. Analysis: a. Incorrect. There is insufficient information to determine whether Carlos needs to reevaluate the decision to use this subnet mask. b. Incorrect. Carlos's decision to use a subnet delay may indicate a presence of relay agents, but it does not indicate that he has made an incorrect decision. c. Correct. Carlos should reevaluate his decision to set the lease duration to 7 days. A lease time of 7 days is appropriate for most networks that contain desktop PCs, but he should lower the lease time on networks that provide IP address configuration for mobile devices. d. Incorrect. Because the organization contains computers with manually configured IP addresses, Carlos should include these IP addresses as exclusions. Carlos does not need to reevaluate this decision.

What is the first step in troubleshooting an issue where a single computer is unable to lease an address? a. Ensuring that the DHCP service is running b. Verifying that the DHCP server is authorized c. Confirming that the computer has a physical connection to the network d. Checking if the computer was manually configured with an IP address

c. Confirming that the computer has a physical connection to the network Analysis: a. Incorrect. This is the first step in troubleshooting an issue where all computers on a network are unable to lease addresses. b. Incorrect. This is the second step in troubleshooting an issue where all computers on a network are unable to lease addresses. c. Correct. When a single computer is unable to lease an address, the first troubleshooting step is to confirm that the computer has a physical connection to the network. d. Incorrect. When a computer receives an IP conflict error after receiving an IPv4 address, the first troubleshooting step is to check if the computer was manually configured with an IP address.

VLX Learning Media provides IT training solutions to corporates. For the lab activities in these training sessions, the company runs the lab setup on virtual machines. These virtual machines are hosted by another company, VirtualFMZ, on its servers, but VLX installs and manages the virtual machines, including the different software applications that are required for various training offerings. Which of the following cloud deliver models is exemplified in this scenario?

c. Infrastructure as a Service Analysis: a. Incorrect. This scenario does not exemplify Software as a Service. Unlike IaaS and Paas, SaaS is not used to configure virtual machines or containers. Instead, the SaaS cloud provider maintains all aspects of the network, hardware, and operating system; it merely executes the Web app that you provide. b. Incorrect. This scenario does not exemplify Platform as a Service. PaaS allows you to run Web app containers in the cloud. c. Correct. This scenario exemplifies Infrastructure as a Service. With IaaS, the cloud provider offers a cloud platform that provides Internet access, IP addressing, and FQDN name resolution to virtual machines that you create on their hypervisor. d. Incorrect. This scenario does not exemplify Mobile as a Service. The words "as a service" are commonly used for marketing purposes. For example, Mobile as a Service (MaaS) can be used to describe Web apps that manage smartphone devices.

After configuring the role services on the Remote Desktop server, Jabez creates a collection for the Marketing group in the organization. He specifies multiple remote access servers for the collection. One of the users, Marion, complains to Jabez that whenever she connects to a Remote Desktop session and customizes the settings, these settings are not available to her on her next Remote Desktop session. If Jabez is able to fix this issue while maintaining load balancing, which of the following statements is true? a. Jabez removed Marion from the Marketing group and added her to another group. b. Jabez removed the Remote Desktop Connection Broker service. c. Jabez created a shared folder that is accessible to remote servers in the collection. d. Jabez rebooted the remote access server.

c. Jabez created a shared folder that is accessible to remote servers in the collection. Analysis: a. Incorrect. Removing Marion from the Marketing group and adding her to another group is unlikely to resolve the issue. b. Incorrect. The Remote Desktop Connection Broker service is necessary for load balancing. If a collection consists of multiple remote access servers, the Remote Desktop Connection Broker may connect a user to a different remote access server when that user requests a new Remote Desktop session. c. Correct. To provide a consistent desktop experience regardless of the remote access server that users connect to, you can configure a collection to store desktop customization settings for users in a shared folder that is accessible to all remote access servers in the collection. d. Incorrect. Rebooting the remote access server is unlikely to resolve the issue.

After downloading a container image from Docker Hub, you create multiple containers using the docker run command. After a few minutes, you download another container image and create multiple containers. Upon noticing that you are running out of system resources, you decide to stop some containers. Which of the following commands is the best choice to view the containers that are currently running?

c. PS C:\>docker ps Analysis: a. Incorrect. The list of results may be long because the docker ps -a command displays the list of previously run containers along with the list of currently running containers. You can consider an alternative command. b. Incorrect. The docker ps -a command displays the list of previously run containers along with the list of currently running containers. c. Correct. you can view currently running containers using the docker ps command, as well as see any previously run containers using the docker ps -a command. d. Incorrect. Because the list of previouslt run containers may grow large over time, you can run the docker container prune command to automatically remove and stopped containers that you don't plan to run in the future.

Hiro is working remotely. His current role requires him to access his organization's resources that are running on the remote access server. He opens the Microsoft Outlook application that is running on the remote access server on his system. He is able to manipulate actions within the application on his system. If Hiro was able to launch Microsoft Outlook directly from his computer, without accessing the desktop of the remote server, which of the following options is he using? a. Remote Desktop app b. Virtual Private Network c. RemoteApp d. DirectAccess

c. RemoteApp Analysis: a. Incorrect. Since Hiro has not accessed the desktop of the remote server, it is unlikely that he used the Remote Desktop app to launch Microsoft Outlook. b. Incorrect. Hiro is using Microsoft Outlook on the remote access server rather than requesting information from the remote access server, so it is unlikely that he is using VPN in this scenario. c. Correct. Hiro is using RemoteApp in this scenario. Instead of running a full graphical desktop, remote access clients can use RemoteApp to access a single program (e.g., Microsoft Outlook) running on a remote access server using Remote Desktop. d. Incorrect. Hiro is using Microsoft Outlook on the remote access server rather than requesting information from the remote access server, so it is unlikely that he is using DirectAccess in this scenario.

You are configuring a Windows Server 2016 VPN server using L2TP and NAT. Which of the following is one of the ports that needs to be opened on the firewall for this configuration to work? a. 1723/TCP b. 443/TCP c. 500/TCP d. 1701/TCP

d. 1701/TCP Analysis: a. Incorrect. When using PPTP, the 1723/TCP port can be used. b. Incorrect. When using SSTP, the 443/TCP port can be used. c. Incorrect. L2TP does not use a 500/TCP port. When using L2TP or IKEv2 and NAT, the 500/UDP port can be used. d. Correct. When using PPTP, the 1701/TCP port can be used. Additionally, the 500/UDP and 4500/UDP ports can be used.

What is the level of encryption of the public/private key pair that is contained in the domain-server-CA in Microsoft Server 2019?

d. 2048-bit encryption

Malia configures a primary zone on a DNS server to accept dynamic updates. Whenever a computer is added to the network, resource records for the computer are automatically created. For a computer, NX2001EY, Malia configures resource records manually. On the Zone Aging/Scavenging Properties window, she selects Scavenge stale resource records, sets the No-refresh interval to 14 days, and sets the Refresh interval to 14 days. She also enables automatic scavenging in the DNS server's properties. If Malia removes NX2001EY from the network, what is the most likely outcome in this scenario? a. The resource records for N2001EY will be deleted within 14 days. b. All the resource records for N2001EY will be made available for scavenging after 28 days. c. Some of the resource records for N2001EY will be made available for scavenging after 28 days. d. Malia will need to manually remove all the resource records for N20001EY.

c. Some of the resource records for N2001EY will be made available for scavenging after 28 days. Analysis: a. Incorrect. None of the resource records for N2001EY will be deleted within 14 days. After 14 days, the dynamically updated records for this computer will be marked as stale. b. Incorrect. Only the dynamically updated records for N2001EY will be made available for scavenging after 28 days. c. Correct. The dynamically updated records for N2001EY will be made available for scavenging after 28 days. The manually created records will not be scavenged. d. Incorrect. Malia has enabled automatic scavenging, so this will take care of scavenging the dynamically updated resource records.

You set up a Windows Server 2019 system and install the Docker EE package. The server also has IIS installed. Next, you enable LCOW and run a Linux container. Which of the following is true of this scenario?

c. The Linux kernel provided by Docker runs on the Hyper-V hypervisor. Analysis: a. Incorrect. You must use DockerProvider rather that DockerMsftProvider if you wish to execute Linux containers on Windows Server 2019. b. Incorect. The information provided is insufficient to arrive at the conclusion that the server is running Windows containers. c. Correct. To maximize performance, the Linux kernel provided by LinuxKit executes directly on the Hyper-V hypervisor and independent of the WIndows operating system. d. Incorrect. Linux containers cannot use the WSL for execution and instead rely on a Linux kernel provided by a Docker component called LinuxKit.

Felicia is drafting an email to her colleague Rhonda. After Felicia types out the email, she enters the email address [email protected] and clicks Send. Felicia's email server uses the email address typed to locate the recipient email server. Which DNS resource record for zoneA.com allows Felicia's email server to locate the recipient email server? a. The A record b. The AAAA record c. The MX record d. The CNAME record

c. The MX record Analysis: a. Incorrect. An A record resolves an FQDN to an IPv4 address. This record is not used to locate the recipient email server. b. Incorrect. An AAAA record resolves an FQDN to an IPv6 address. This record is not used to locate the recipient email server. c. Correct. When Felicia sends the email, her email server locates the target email server by resolving the MX record for zoneA.com. d. Incorrect. A CNAME record resolves one FQDN to another FQDN. This record is not used to locate the recipient email server.

Which of the following is a necessary condition if you want to configure a reverse proxy instead of port forwarding on a NAT router to enable access to a remote access server? a. The remote access server should be outside the DMZ. b. The NAT router must be configured to forward remote access requests. c. The NAT router should be a Next Generation Firewall. d. The remote access server should be connected directly to the demarc.

c. The NAT router should be a Next Generation Firewall. Analysis: a. Incorrect. Although the remote access server can be outside the DMZ, it is not a necessary configuration. b. Incorrect. You do not need to configure the NAT server to forward remote access requests in order to configure a reverse proxy. c. Correct. The NAT router should be a Next Generation Firewall if you want to configure a reverse proxy instead of port forwarding. In addition to forwarding remote access requests, reverse proxies interpret all service requests, and can deny access to traffic it deems malicious as a result. d. Incorrect. If the remote access server is connected directly to the demarc, there are no additional configurations required on the NAT router.

Aspen sets up the round robin feature in DNS for an FQDN server, server.domainA.com. She creates two identical Web servers with IP addresses 192.168.1.75 and 172.6.0.15 and associates two A records on the FQDN server with these IP addresses. The first A record is associated with the Web server having the IP address 192.168.1.75, and the second A record is associated with the Web server having the IP address 172.6.0.15. Aspen uses a client with the IP address 172.6.0.95 to perform a forward lookup of server.domainA.com. Which of the following is true of this scenario? a. The FQDN server will return both IP addresses, 192.168.1.75 followed by 172.6.0.15. b. The FQDN server will return one of the IP addresses because of the round robin feature setup. c. The client will contact the Web server with the address 172.6.0.15. d. The client will contact the Web server with the address 192.168.1.75.

c. The client will contact the Web server with the address 172.6.0.15. Analysis: a. Incorrect. The FQDN server will return both IP addresses, but in the order 192.168.1.75 after 172.6.0.15. b. Incorrect. The FQDN server will return both IP addresses, but it will rotate the order of the IP addresses on each lookup. c. Correct. The FQDN server will return both IP addresses in the order 172.6.0.15 followed by 192.168.1.75, so the client will contact 172.6.0.15. This is because netmask ordering ensures that the IP address that most closely resembles the client's IP address is returned first. d. Incorrect. The client is unlikely to contact the Web server with the address 192.168.1.75.

Leisl configures multiple WINS servers on her organization's network. She wants the WINS servers to be able to share the NetBIOS records with each other. Which of the following features should Leisl use? a. Nslookup b. Debug logging c. A stub zone d. A replication partner

d. A replication partner Analysis: a. Incorrect. When troubleshooting most DNS-related problems, the first step typically involves testing forward lookups from a resolver using the nslookup command at a Command Prompt or Windows PowerShell window. b. Incorrect. Debug logging is feature of DNS Server logs that allows users to obtain more information when debugging DNS-related issues. c. Incorrect. Stub zones are unrelated to this feature. Stub zones are zones that contain NS and host records that allow a DNS server to access an authoritative zone on another DNS server. d. Correct. Leisl needs to use the replication partner feature. If multiple WINS servers are deployed on the network, you can configure them to share their NetBIOS name records. In this case, each WINS server is called a replication partner and can resolve all of the NetBIOS names in the organization.

Viola, a system administrator, installs IIS on a Web server and creates two websites. She installs the necessary HTTPS encryption certificate on the server and proceeds to bind the HTTPS protocol to the first website using default settings. This binding is successful. Next, she proceeds to bind the HTTPS protocol to the second website. Which of the following is most likely to cause an issue when binding the HTTPS protocol to the second website?

c. The first website is using port 443, so the second website cannot use the same port. Analysis: a. Incorrect. The Web server is the correct place for the installation of the HTTPS certificate. You can configure Default Web Site to respond to HTTPS requests if an HTTPS encryption certificate is installed on your Web Server. b. Incorrect. IIS can run multiple websites at the same time. You can configure multiple websites on a Web server, but each website must be configured to respond to a unique HTTP or HTTPS port number and direct clients to a unique folder on the filesystem. c. Correct. Port 443 is used by default for HTTTPS requests. When binding the HTTPS protocol to the first website using default settings, port 443 was most likely used. To avoid a conflict, Viola should choose another port or explore other alternatives. d. Incorrect. You can configure multiple websites on a Web server, but each website must be configured to respond to a unique HTTP or HTTPS port number and direct clients to a unique folder on the filesystem.

Michelle is configuring a DHCP server in her organization. When creating a new scope, she is prompted to enter the subnet delay. She chooses to enter a few milliseconds of delay. If true, which of the following would justify this choice? a. The network contains other DHCP servers that lease IP addresses. b. The organization contains computers with manually configured IP addresses. c. The organization contains DHCP relay agents in different locations. d. The network contains DHCP servers configured in a DHCP failover configuration.

c. The organization contains DHCP relay agents in different locations. Analysis: a. Incorrect. The presence of other DHCP servers in the organization is an unlikely reason for Michelle's choice in this scenario. The function of DHCP servers is to lease IP addresses. b. Incorrect. The presence of computers with manually configured IP addresses will not influence the subnet delay. c. Correct. In this scenario, the presence of DHCP relay agents in different locations is likely to influence Michelle's choice. By default, DHCPOFFER packets are provided immediately by a DHCP server following the receipt of a DHCPDISCOVER packet, but you can provide a short delay should this cause problems with the DHCP relay agents in your organization. d. Incorrect. DHCP servers are configured in a DHCP failover configuration to ensure maximum uptime of DHCP servers on the network. If one server fails, another server can lease IP addresses. This is unlikely to influence Michelle's choice to use a subnet delay.

Gabriela attempts to create a virtual disk on a storage pool using Server Manager. However, she is unable to select the Create storage tiers on this virtual disk option. Why do you think she is not able to use the option? a. She enters the wrong virtual disk name. b. She is not using the New Virtual Disk Wizard. c. The system uses an SSD and not an HDD. d. The storage spool does not have sufficient space.

c. The system uses an SSD and not an HDD. Analysis: a. Incorrect. The virtual name cannot be wrong because she is creating a new virtual disk, and she can specify the name in the corresponding field. b. Incorrect. The Create storage tiers on this virtual disk option is available only in the New Virtual Disk Wizard. Therefore, this is not accurate. c. Correct. The Create storage tiers on this virtual disk option is only selectable if the storage pool contains a combination of hard disk and SSD storage devices. d. Incorrect. The storage size is not relevant to this problem.

Tuyet types the following statement into File Explorer: \\serverA\Share1 . The NetBIOS name is resolved by a WINS server, and Tuyet is able to access the shared folder. After this interaction with the WINS server, Tuyet does not perform any other operations that requires her computer to interact with the WINS server for over a week. Which of the following is true of this scenario? a. The NetBIOS name is first broadcast over the LAN to all the computers. b. Tuyet is using a Windows XP computer or another legacy operating system. c. Tuyet's computer's name record will be deleted from the WINS server. d. The WINS server will automatically shut down because of inactivity.

c. Tuyet's computer's name record will be deleted from the WINS server. Analysis: a. Incorrect. Since the WINS server is installed, the NetBIOS name will not be broadcast over the LAN. b. Incorrect. The information provided is insufficient to arrive at this conclusion. Microsoft operating systems such as Windows 10 and Windows Server 2019 still use NetBIOS to identify systems on a network, and many apps still support NetBIOS. c. Correct. If your computer does not contact a WINS server within 6 days, your NetBIOS name record is automatically removed from the WINS server. d. Incorrect. The WINS server will not shut down because of inactivity.

The new system administrator of XYZ company realizes that whenever updates are available for Windows, WSUS redirects computers to the Microsoft Update servers on the Internet to obtain updates instead of storing the update information on the WID. Which of the following is a likely reason for this issue? a. The WSUS installation is either incomplete or has not been installed properly. b. While installing WSUS, the option SQL Server Connectivity was selected. c. While installing WSUS, the option Store updates in the following location was deselected. d. While configuring WSUS, the option Synchronize from another Windows Server Update Services server was selected.

c. While installing WSUS, the option Store updates in the following location was deselected. Analysis: a. Incorrect. Redirecting computers to the Microsoft Update servers on the Internet to obtain updates does not indicate improper or incomplete installation. b. Incorrect. If the SQL Server Connectivity option is selected while installing the WSUS, the information about each update is stored in a database on the specified Microsoft SQL Server. c. Correct. If the Store updates in the following location option is deselected during WSUS installation, WSUS will not store the update content but instead redirect computers to the Microsoft Update servers on the Internet to obtain updates. d. Incorrect. The option Synchronize from another Windows Server Update Services server is used to specify another WSUS server in the organization to synchronize updates.

Yosef has configured Windows Server 2019 as an enterprise CA and deployed a GPO to enroll all the users for certificates. He chooses the setting that will enroll the users when they boot their computers. When he checks whether all users and computers have been enrolled, he finds that five users were not enrolled for the certificate. Yosef was able to manually enroll those users for certificates. Which of the following permissions to the certificate template is most likely to be missing for the five users who did not get enrolled? a. Read b. Write c. Enroll d. Autoenroll

d. Autoenroll Analysis: a. Incorrect. Without the Read permission, a computer or user cannot be enrolled manually. Yosef was able to enroll the fiver users manually. This indicates that the users have the Read permission. b. Incorrect. The Write permission is not required for enrollment for certificates. c. Incorrect. Without the Enroll permission, a computer or user cannot be enrolled manually. Yosef was able to enroll the fiver users manually. This indicates that the users have the Enroll permission. d. Correct. The five users do not have the Autoenroll permission. For a GPO to auto-enroll users or computers for certificates, those users or computers must have Read, Enroll, and Autoenroll permissions to the certificate template.

Radha is using nslookup to troubleshoot DNS-related issues on SERVER1. She uses the command prompt and types in the statement nslookup servery.zone1.com. SERVER1 returns an incorrect result. If SERVER1 is non-authoritative for this lookup, what should Radha do to resolve this issue? a. Ensure that the configuration of any stub zones is correct b. Configure the IP address of the correct DNS server in network interface properties on the resolver c. Modify the associated records in the zone on SERVER1 to include the correct information d. Clear the DNS Server cache, and clear the DNS cache on the resolver

d. Clear the DNS Server cache, and clear the DNS cache on the resolver Analysis: a. Incorrect. Since the server returns an incorrect result, Radha should explore another option to resolve this issue. b. Incorrect. Radha can use this resolution if the DNS server queried by nslookup is incorrect. c. Incorrect. Radha cannot resolve this issue by modifying the associated records in the zone on SERVER1 because SERVER1 is non-authoritative. d. Correct. Radha can resolve this issue by clearing the DNS Server cache and clearing the DNS cache on the resolver.

Britta, a system administrator, is managing a website that is running on an IIS web server. Recently, the website was redesigned, and some portions of the website were deleted. Search engines carry links to these deleted portions for specific searches. Britta wants to ensure that when users click on links to deleted portions of the website, they're redirected to a section of the website. Which of the following IIS configuration features should Britta use?

d. Error Pages Analysis: a. Incorrect. Directory Browsing specifies information displayed when listing a folder's contents. b. Incorrect. Request Filtering allows you to configure rules to restrict access to website content, based on the HTTP or HTTPS request. c. Incorrect. Handler Mappings specifies the Web app modules that are used to process files in a website folder. d. Correct. Error Pages specifies webpages that are shown when a specific error occurs on the Web server (e.g., 404 File Not Found for an invalid webpage name).

What role service available through Remote Desktop Services enables clients to establish an encrypted connection to virtual desktops and RemoteApp programs to an RDS server through the Internet using HTTPS?

d. Remote Desktop Gateway Analysis: a. Incorrect. Remote Desktop Licensing allows you to add and manage the licenses required for Remote Desktop Services. b. Incorrect. Remote Desktop Virtualization Host provides for virtual machine-based desktop deployment and RemoteApp using RDP. This role uses a self-signed HTTPS certificate when authenticating users. c. Incorrect. Remote Desktop Web Access provides access to RemoteApp programs configured by the Remote Desktop Session Host or Remote Desktop Virtualization Host, as well as access to Remote Desktop sessions through a Web browser using HTTPS. d. Correct. When users connect to a Remote Desktop Session Host or Remote Desktop Virtualization Host server using RDP, the Remote Desktop Gateway service ensures that all RDP traffic between the remote access server and client is encrypted by enclosing each RDP packer in an HTTPS packer.

Asa is working from home. She launches an application from the Start menu on her computer. The application is running on the remote access server in her organization. She is able to see and manipulate the application's graphical interface on her computer without running a full graphical desktop of the remote server. Which of the following Remote Desktop services server role allows this behavior of the application?

d. Remote Desktop Web Access

Danielle creates a new scope, Sales LAN, for a DHCP server in her organization. She wants to assign an IP address to a printer in the sales department. Which of the following folders should Danielle use to configure this option? a. Address Pool b. Address Leases c. Policies d. Reservations

d. Reservations Analysis: a. Incorrect. Address Pool contains the IP address range and exclusions configured for your scope. Danielle should use a different folder for her current requirement. b. Incorrect. Address Leases lists each lease provided to DHCP clients. Danielle should use a different folder for her current requirement. c. Incorrect. Policies can be used to create DHCP policies that provide a specific IP range or DHCP options for DHCP clients based on criteria in the DHCPDISCOVER packet. Danielle should use a different folder for her current requirement. d. Correct. Reservations allow you to provide the same IP address each time a DHCPDISCOVER is received from a DHCP client that has a certain MAC address. Reservations are often created for network-attached printers, servers, and network devices that must receive an IP address from a DHCP server that does not change over time.

Rory is managing the Remote Desktop connections to a collection, CollectionX. Two users, Aaron_T and Kwan_J have active connections. If Rory is able to view and interact with Kwan-J's desktop, which of the following statements is true? a. Rory used the Log off option. b. Rory used the Disconnect option. c. Rory used the Send Message option. d. Rory used the Shadow option.

d. Rory used the Shadow option. Analysis: a. Incorrect. Rory cannot use the Log off option to view and interact with Kwan_J's desktop. Log off is used to force the user to log off from their Remote Desktop session. b. Incorrect. Rory cannot use the Disconnect option to view and interact with Kwan_J's desktop. Disconnect is used to disconnect the user from the Remote Desktop session, keeping the session open for when the user connects again. c. Incorrect. Rory cannot use the Send Message option to view and interact with Kwan_J's desktop. Send Message is used to send a notification message to the user's Remote Desktop session. d. Correct. Rory most likely used the Shadow option. Shadow is used to open a duplicate connection to the user's Remote Desktop session that allows you to view and interact with the user's desktop (often used to provide user support).

Which of the following statements is true of SAN devices? a. SAN devices are the same as network-attached storage. b. SAN devices use SAN protocols to manage and format filesystems. c. SAN devices use hardware RAID externally to provide fault tolerance for the storage device that they contain. d. SAN devices are functionally like an external USB drive.

d. SAN devices are functionally like an external USB drive. Analysis: a. Incorrect. SAN devices are not the same as network-attached storage (NAS) devices. NAS uses SMB, NFS, or FTP to connect to the client, while SAN uses the SAN protocol to connect. b. Incorrect. SAN devices only provide storage to other systems using a SAN protocol and do not format or manage filesystems on this storage. Instead, the operating system that connects to the SAN device provides this functionality. c. Incorrect. SAN devices use hardware RAID internally to provide fault tolerance for the storage devices that they contain. d. Correct. SAN devices only provide storage to other systems using a SAN protocol and do not format or manage filesystems on this storage. Instead, the operating system that connects to the SAN device provides this functionality. As a result, a SAN device is functionally like an external USB drive.

Soha wants to build a Web app that analyzes financial details of users and provides them with investment advice. She will be running this app on a public cloud using IIS. If Soha wants to take advantage of applications pools to improve security of her Web app, which of the following should she do?

d. She should create the Web app using ASP.NET. Analysis. a. Incorrect. Generating a group of DLLs is unrelated to using application pools. If a Web app supports Internet Server Application Programming Interface (ISAPI), a group of dynamic-link libraries (DLLs) can also be generated to provide closer interaction with IIS as well as better performance. b. Incorrect. Using NFS does not impact application pools. However, NFS is not used to allow users to connect to Web apps over the Internet. NFS is used to share folders within an organization. c. Incorrect. Soha does not need to use object storage in this scenario. The use of either storage form is unrelated to application pools. d. Correct. Most Web apps that interface with IIS are written using the ASP or ASP.NET Web app framework. This is because Microsoft provides additional IIS features for ASP and ASP.NET Web apps, including the ability to isolate different Web apps using application pools for security and management.

To prevent man-in-the-middle attacks, Janet, a network administrator, configures a GPO such that all the traffic sent toward a specific database server is encrypted using IPSec. While most of her colleagues are able to successfully connect to the database via the IPSec authentication process, the connection is not successful for some computers. What do you see to be the problem here? a. The IP addresses of the computers were not added under Endpoint 1. b. The connection between the failed computers and the server was protected with IPSec. c. The rule type was set to Isolation instead of Server-to-server. d. The computers did not have an IPSec certificate.

d. The computers did not have an IPSec certificate. Analysis: a. Incorrect. This is not required because the configuration encrypts all the traffic sent toward the database server. Therefore, it is sufficient if the server's IP address is mentioned under Endpoint 2. b. Incorrect. If the connection was protected with IPSec, it means the connection was successful. c. Incorrect. To connect to the database server, the rule type must be set as Server-to-server. d. Correct. For the IPSec authentication process to be successful, all the computers must have an IPSec certificate issued by an enterprise CA.

Which of the following settings in Windows defender should be enabled to prevent malware and network attacks from accessing high-security processes in systems that support core isolation?

d. The memory integrity settings Enabling the memory integrity setting prevents malware and network attacks from accessing high-security processes in systems that support core isolation. The Block Inheritance setting is used to prevent domain-level GPO settings from applying to user accoutns. The firewall rules setting specifies the appropriate restrictions for different network types. The controlled folder access setting prevents ransomware from modifying files, folders, and memory on a system.

Amina, who works for a pharmaceutical company, configures and issues the Smartcard Logon certificate template with schema version 2. While most of the users get auto-enrolled, some of the users fail to obtain the certificate. Identify the most likely reason auto-enrollment failed for these users. a. Their operating system is Windows XP. b. They have the Block Inheritance setting at the OU level. c. The template did not have the Enforced setting. d. Their operating system is Windows 2000.

d. Their operating system is Windows 2000. Analysis: a. Incorrect. Windows XP is compatible with the schema version 2 certificate template. b. Incorrect. The Block Inheritance setting at the OU level will prevent domain-level GPO settings from applying to user accounts in those OUs. It will not affect the auto-enrollment for the certificate. c. Incorrect. The Enforced setting is used in the GPO configuration to override the Block Inheritance setting. d. Correct. Schema version 2 templates allow for the latest configuration options and auto-enrollment, but they only apply to Windows XP and Windows Server 2003 or later computers. Schema version 1 can be used by Windows 2000 and later computers, but it has limited configuration options and cannot be used for auto-enrollment.

A server rack containing data files, databases, web content, etc. is stored on an external SAN, which is connected to the Windows Server 2019 operating system via iSCSI. Which of the following is not likely to be achieved with this configuration? a. Connection to Fibre Channel SAN devices b. Accessing multiple SAN devices c. Providing storage to other servers d. Using hardware RAID externally to provide fault tolerance

d. Using hardware RAID externally to provide fault tolerance Analysis: a. Incorrect. You can configure Windows Server 2019 to connect to both iSCSI and Fibre Channel SAN devices. b. Incorrect. You can configure Windows Server 2019 to access multiple SAN devices using MPIO. c. Incorrect. You can configure Windows Server 2019 to provide storage to other servers using iSCSI. d. Correct. SAN devices use hardware RAID internally to provide fault tolerance for the storage devices that they contain.

Wilmer is creating a new remote access policy for the sales department in the organization. On the Specify Conditions screen of the wizard to create new policies, Wilmer selects the option to grant or deny access according to user dial-in properties. In which of the following circumstances will this permission be used? a. When a client is authenticated using an unencrypted authentication method b. When the Idle Timeout and Session Timeout constraints are set to 5 minutes c. When the access permission on the same screen is set to Access denied d. When a user account has the Control access through NPS Network Policy option set

d. When a user account has the Control access through NPS Network Policy option set Analysis: a. Incorrect. This permission is unrelated to the authentication method used. The best practice is to use an encrypted authentication method. b. Incorrect. The timeout constraints are not dependent on this permission. c. Incorrect. Whether the access is set to Access denied or Access granted, there are other factors that determine the use of the permission to grant or deny access according to user dial-in properties. d. Correct. This permission is used to override the NPS policy. This permission is only used if the Control access through NPS Network Policy option is set in the properties of the user account.

You download multiple container images from Docker Hub and create containers using the docker run command. After a few days, you notice that the list of containers that you have run is quite large. Which of the following commands can you use to shorten this list?

d. docker container prune Analysis: a. Incorrect. You can run the docker rmi image command to remove a container image from the system. b. Incorrect. You can run the docker stop container command to stop running a container (by container name or ID). c. Incorrect. You can run the docker rm container command to remove a stopped container configuration (by container name or ID). d. Correct. You can run the docker container prune command to automatically remove any stopped container that you don't plan to rerun in the future.


संबंधित स्टडी सेट्स

latin names and latin names only, if your not latin get the hell out of my quizlet bro i swear to god i will literally call my mom on you dont test me!

View Set

Project Constraints (Domain 2.0)

View Set

Chapter 45: Drugs for Diabetes Mellitus

View Set

9 levels of organization (from smallest to largest)

View Set

REENTRY PART 2 NUTRITION FUNDAMENTAL GERI

View Set

US Hybrid Trimester 2 Final Review

View Set