Combo with "Windows 7 Configuration" and 2 others

Ace your homework & exams now with Quizwiz!

Configuring a Central Store of ADMX files help solve the problem of ________.

"SYSVOL bloat"

You manage a Windows Server 2012 system and need to perform an immediate system state backup. The backup should be saved on the E:\ volume. Which command should you use to do this?

*wbadmin start systemstatebackup -backupTarget:E:*

You have configured OSPF routing on RouterA. A partial configuration is shown below: RouterA is connected to RouterB through the serial link. What routes will RouterB have in its routing table that it has learned from RouterA?

172.16.1.64/27 and 172.16.1.96/28

If a host on a network has the address 172.16.45.14/30, what is the subnetwork this host belongs to?

172.16.45.12

You have the following binary number: 10110111. What are the decimal and hexadecimal equivalents?

183/B7

What is the default port number for WSUS synchronization?

8530

Which of the following is the process of granting an authenticated user a specific degree of access to specific computer or data resources?

Authorization

What is spoofing?

Changing or falsifying information in order to mislead or re-direct traffic.

You have decided to implement Network Access Protection (NAP) with a VPN on your network. You have installed the NPS role, configured the System Health Validator (SHV), created health policies, and configured network policies. Which additional step will you need to perform to complete the configuration?

Create a connection request policy that uses PEAP authentication and has quarantine checks enabled.

You have two computers: WS1 is running Windows Vista Business and WS2 running Windows 8.1 Professional. You are using USMT to migrate only the user profiles and user data from WS1 to WS2. You need to specify the rules used for migration to include all .vmx and .vdmk files. What should you do?

Create a custom XML file and use <include> elements.

Which of the following are functions of the MAC sublayer?

Defining a unique hardware address for each device on the network. Letting devices on the network have access to the LAN

Which of the following is a valid IPv6 address?

FEC0::AB:9007

You have configured FSRM quotas on the user home directories located inside the H:\Users directory. The quota was set using a quota template, with quota limits being applied to all subfolders. You want to generate a report once a week that lists all home directory folders along with the size of the files in the folder. What should you do?

In File Server Resource Manager, go to Storage Report Management and create a new report task.

You have a computer running Windows 7. You need to install an updated driver for a hardware device on the computer. You need a driver file which has been tested by Microsoft and comes from a legitimate source. What should you do?

Install an updated driver with a digital signature.

You have an existing computer running Windows 7 Enterprise. You want to configure a RAID1 array in the computer. You install two new SATA drives, then use the RAID controller integrated in the motherboard to define a RAID1 array using them. When you boot the computer, Windows does not show the logical RAID drive. What should you do?

Install the drivers for the RAID controller.

The chain of custody is used for what purposes?

Listing people coming into contact with evidence

You walk by the server room and notice a fire has started. What should you do first?

Make sure everyone has cleared the area.

What would a corporation use to allow private IPv4 addresses to communicate with the Internet?

NAT

Which of the following is a firewall function?

Packet filtering.

__________ are the rules or languages in which networking is possible.

Protocols

Which of the following allows you to save frequently-accessed Web sites on your local network for later retrieval?

Proxy

What RAID levels are supported by Windows Server 2012?

RAID levels 0, 1, and 5

You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?

RBAC

Which of the following statements about RIP are true? (Select two.)

RIP uses hop counts as the cost metric. RIP is susceptible to the count-to-infinity problem

Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Regularly test restoration procedures

Viruses and worms are said to be self-____.

Replicating

A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system.

Resident

You have a computer that runs Windows 7. Your company has started the migration to IPv6 on your network. You need to configure your computer with a static IPv6 address. What should you do?

Run netsh

You are the network administrator for Corpnet.com. Corpnest.com is merging with another company named Partner.com. As part of the consolidation, you need to decommission the Partner.com Enterprise CA. The Partner.com Enterprise CA has a number of custom templates that must remain available. You need to transfer the Partner.com custom templates to the Cortpnet.com CA. What should you do?

Run the *PKISync.ps1* command.

You have a Windows XP Professional system that you would like to upgrade to Windows 7 Ultimate. What should you do first?

Run the Windows 7 Upgrade Advisor.

Which of the following is the strongest hashing algorithm?

SHA-1

____ holds the promise of reducing the number of usernames and passwords that users must memorize.

SSO

What do you call it when you are loading an application, and you get a credential prompt that makes the rest of the screen dull and unclickable?

Secure desktop

Which of the following is NOT a group scope?

Security groups.

What is the default VTP mode for a Catalyst 2950 switch?

Server

Amplitude indicates an analog wave's:

Strength

Which touch gesture requires you to press a fingertip to the screen and release it?

Tap

You have a desktop computer that uses a 250 watt power supply. You recently added a 4-disk RAID10 array to the system and now it spontaneously shuts down. What should you do?

Upgrade to a power supply that provides more watts.

You have a laptop computer running Windows 7 Home Premium. You connect your computer to a wired network at work and a wireless network at home. You want to configure your computer to use a different default printer for each network. What should you do?

Upgrade your computer to Windows 7 Professional.

You load a driver for your motherboard and now the system does not boot properly. What should you do to overcome this problem? (Choose the best answer.)

Use the Last Known Good Configuration.

You are the network administrator for Corpnet.com. You are configuring a new Failover Cluster named Cluster1 that will have four nodes. You plan to use a Node and Disk Majority quorum. You intend to host the disk witness on a server named File1. The File1 server has several physical disks installed. You need to identify the type of disk and file system for the disk witness. What should you do? (Choose 2.)

Use the NTFS file system. Use a Basic disk.

How can you execute commands on a remote computer?

Use winrs.exe.

What can be installed on Windows Server 2008 that enables installers to deploy Windows Imaging files to workstations over the network?

WDS

How do switches and bridges learn where devices are located on a network?

When a frame enters a port, the source MAC address is copied from the frame header.

Windows 8 provides many emulation modes for older versions of Windows. Which of the listed modes is not available to select from?

Windows 2000

You are troubleshooting a workstation connection to the network. During your troubleshooting, you move the cable in the wiring closet to a different port on the patch panel. Which type of document should you update?

Wiring schematic

A multiple-alternative structure cannot be implemented by using which of the following:

a single If-Then statement

Which of the following ntdsutil commands cleans up metadata?

metadata cleanup

Which of the following is an example of a top-level domain?

microsoft.com

Your computer is sharing information with a remote computer using the TCP/IP protocol. Suddenly, the connection stops working and appears to hang. Which command can you use to check the connection?

netstat

Identify another utility that you can use to add SPNs to an account.

setspn

The expression ____ up one directory level.

../traverses

What is the default subnet mask for 198.54.65.3?

255.255.255.0

What type of key or keys are used in symmetric cryptography?

A shared private key

Which of the following best describes high amplification when applied to hashing algorithms?

A small change in the message results in a big change in the hash value.

Which of the following are characteristics of Bluetooth? (Select two.)

Ad hoc connections 2.4 GHz radio wireless

Which of the following information will enable a router to route packets?

All of the above.

To increase your ability to recover from a disaster, where should you store backup tapes?

At the vice president's home

You are creating an Ethernet network for your company. The shipping department is located in a different building that is located 150 meters from the main wiring closet. You connect a single Cat6e cable to connect the wiring closet to the shipping building. Which of the following conditions are you most likely to experience?

Attenuation

Which command do you use to manage auditing at the command prompt?

AuditPol.exe

What are the most common network traffic packets captured and used in a replay attack?

Authentication

__________-____ estimates involve estimating the costs of individual work items or activities and summing them to get a project total:

Bottom-up

The phone line to one office is not working. You have identified the location of the phone line in a 66 block in the wiring closet. Which tool would you use to connect to the phone line at the punch down block to see if you can make and receive calls?

Butt set.

Which of the following is a valid MAC address? C0-34-FF-15-01-8E 255.255.255.0 34-9A-86-1G-B3-24 73-99-12-61-15 83-5A-5B-0B-31-55-F1 192.168.12.15

C0-34-FF-15-01-8E

All of the 802.11 standards for wireless networking support which type of communication path sharing technology?

CSMA/CA

You manage a network with a single switch. On each switch port, a hub connects multiple devices to the switch. Which condition are you most likely to experience on the network?

Collisions

You manage 20 computers running Windows 7 in a domain network. You want to prevent the Sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do?

Configure the *User Account Control: Behavior of the elevation prompt for standard users* setting in Group Policy to *Prompt for credentials*.

You have just installed a new keyboard that includes special programmable buttons. You installed the custom driver that came with the keyboard. Now you want to configure what the special keyboard buttons do. Which windows utility wold most likely let you manage these settings?

Control Panel.

What is a major benefit of STP over UTP?

Greater resistance to interference.

You are using a crimper to attach an RJ-45 connector to a Cat 6 UTP cable. You need to use the T568A standard to connect the individual wires to the connector. Which wire should be connected to pin 1?

Green with white

Which of the following is not one of the methods that the SmartScreen Filter uses to identify potential phishing web sites?

Group Policy

Which of the following devices does not segment the network?

Hub

What does L2TP use to encrypt data?

IPsec

Which connector is used with unshielded twisted pair (UTP) cable?

RJ-45

What type of connector does an unshielded twisted pair (UTP. cable use?

RJ45

Which of the following is the most common detection method used by and IDS?

Signature

Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of 127.0.0.1?

::1

Show below is a diagram of a wireless network. From the items on the left, match the terms with the labeled components of the diagram.

A = STA B = AP C = BSS D = ESS E = DS

How does a proxy server differ from a packet filtering firewall?

A proxy server operates at the Application layer, while a packet filtering firewall operates t the Network layer.

Which of the following information are you likely to find in a policy document?

A requirement for using encrypted communications for Web transactions.

What is Microsoft's directory service called?

AD

Software restriction policies can work in three ways, based on the settings you choose for each of the rules. Which of the following is not one of the settings to choose from?

Allowed

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.

What is the most common type of host-based intrusion detection system (IDS)?

Anti-virus software

Project management knowledge areas: Are determined by the stakeholders. Describe the phases of a project. Are key competencies that must be developed by the project manager. Are not related to a project.

Are key competencies that must be developed by the project manager

Which of the following techniques are used to overcome problems inherent with the link state routing method? (Select three.)

Areas. Time stamps, sequence numbers, or aging timers. Designated (authoritative) routers.

Mark is the system administrator for a network with a single Active Directory domain. The network has just expanded to include an additional subnet. Mark has installed a new Windows Server 2012 system on the new subnet and configured it as a DHCP server.

Ask a member of the Enterprise Admins group to authorize the server.

How should you assign Password Settings objects (PSOs) to users?

Assign the PSOs to a global security group and add users to the group.

Which of the following are true of EIGRP configuration to enable two routers to become adjacent? (Select two.)

Authentication parameters must match. The AS number used to configure EIGRP must match.

What is the primary countermeasure to social engineering?

Awareness.

Where is the boot menu configuration stored?

BCD registry file

You are in the habit of regularly monitoring performance statistics for your devices. You find that this month a specific server has averaged a higher number of active connections than last month. Which type of document should you update to reflect the change?

Baseline

You need to connect a PC to the router console port to establish a console connection. For each of the parameters listed below, select the appropriate parameter to establish the connection.

Baud rate - 9600 Data - 8 bit Parity - None Stop - 1 bit Flow control - None

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking

You need a type of wireless connection that can transfer data between your phone, PDA, and laptop. You are transferring sensitive information. Which would be the best choice?

Bluetooth

Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow

Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.

CCTV

Which class of IP address provides a maximum of only 254 host addresses per network ID?

Class C

To help prevent browser attacks, users of public computers should do which of the following?

Clear the browser cache

When designing a firewall, what is the recommended approach for opening and closing ports?

Close all ports; open only ports required by applications inside the DMZ.

You currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine uses a single dynamic disk of 100 GB. You notice that the physical size of the virtual hard disk is 40 GB, but that the virtual machine reports only a total of 20 GB of files. You want to reduce the physical space used by the virtual hard disk. What should you do?

Compact the disk.

You are the network administrator for Corpnet.com. Users in the .sales.us.corpnet.com domain frequently need to access shares in sales.eu.corpnet.com, but report that it foften takes a long time to be authenticated when accessing the shares. You need to reduce the amount of time it takes the users in sales.us.corpnet.com to be authenticated in sales.eu.corpnet.com. What should you do?

Create a shortcut trust.

Which of the following is not a protection against session hijacking?

DHCP reservations

The _____ _______ uses a four-dimensional model of normal behavior, like the Social Styles Profile:

DISC Profile

Which of the following video card connectors provides digital video output? (Select two.)

DVI-D HDMI

What layer of the OSI model are the Media Access Control addresses part of?

Data-link

In the Setup dialog, what do the square brackets ([ ]) indicate?

Default settings

Before performing an upgrade to Windows 8, several tasks should be performed to ensure the procedure goes smoothly. Which of the following is not one of these tasks?

Defragment the hard drive

Soft skills encompass:

Dependability

Which of the following information are you likely to find in a procedure document?

Details on how to test and deploy patches.

What is the purpose of the CRC in network communications?

Detect data errors

To communicate with the operating system running on the computer, each device also requires a software element known as what?

Device driver

Which of the following is not part of security awareness training?

Employee agreement documents.

You are configuring a new network policy for temporary employees using the New Network Policy wizard in the Network Policy Server console. If the conditions and constraints you configured in the policy are met and the policy grants access to a client, you want the policy to apply 128-bit MPPE. Click the settings category you would use to do this.

Encryption

You are configuring a router that has a previous configuration. You need to turn CDP on for the entire router, but turn it off for the serial 0/0/1 interface. Match the correct command on the left with the configuration task on the right.

Enter global configuration mode > router#config t Turn CDP on for the router > router(config)#cdp run Enter interface configuration mode > router(config)#int s0/0/1 Turn CDP off for the interface > router(config-if)#no cdp enable

Which of the following are solutions that address physical security? (Select two.)

Escort visitors at all times. Require identification and name badges for all employees.

You are a network administrator for your company. A frantic user calls you one morning exclaiming that "nothing is working". What should you do next in your troubleshooting strategy?

Establish the symptoms.

You have a Web server on your network that hosts the public Web site for your company. You want to make sure that a failure of the NIC in the server does not prevent the Web site from being accessible on the Internet. Which solution should you implement?

Ethernet bonding

You have a network server with two network interface cards. You want both network adapters to be sued at the same time to connect to the same network to double the amount of data the server can send. Which feature would you use?

Ethernet bonding

You want to establish a console session to a new router using a Telnet session. Which of the following components will you need? (Select three.)

Ethernet port Ethernet cable IP address

A subset of business continuity planning and testing is disaster recovery, also known as IT recovery planning.

False

Cryptography cannot protect data as it is being transported across a network.

False

Education in an enterprise is limited to the average employee.

False

On a data network, information can be transmitted via an analog or video signaling method.

False

The top or seventh layer of the OSI model is the Session layer.

False

Training is not at all related to the successful completion of a project and therefore has no effect on the overall team

False

True or False: Routers that belong to different AS automatically share routing information, and they don't become neighbors.

False

Trusted OSs have been used since the late 1960s, initially for government and military applications.

False

Using a rainbow table to crack a password requires three steps.

False

Which backup strategy backs up all files from a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up?

Full

What does the acronym FQDN stand for?

Fully Qualified Domain Name

You need to configure settings for a USB printer that you have just connected to your Windows 7 system. Which option in Control Panel should you use to do this?

Hardware and Sound

Which of the following is used to verify that a downloaded file has not been altered?

Hash

Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

Hashing

What metric does RIPv2 use to find the best path to a remote network?

Hop count

You have been asked to deploy a network solution that requires an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?

Hot site

Which of the following is a correct combination of file type and default location in a Cisco router?

IOS/flash memory

What feature found in Internet Explorer 8 enables you to surf the Internet without leaving any record of your activities?

InPrivate Filtering

What does the acronym ISATAP stand for?

Intra-Site Automatic Tunnel Addressing Protocol

You want to be able to view the DNS server address that a computer is using. Which of the following utilities would you use? (Select two.)

Ipconfig Ifconfig

Which of the following are characteristics of coaxial network cable? (Choose two.)

It uses two concentric metallic conductors. It has a conductor made of copper in the center of the cable.

Which of the following is true of LED monitors?

LED monitors use LED backlight technology.

___ is a technology that can help to evenly distribute work across a network.

Load balancing

Which of the following attacks, if successful, causes a switch to function like a hub?

MAC flooding

Consider the domain shown in the example below. Click on all user objects displayed in the image.

Marty Bones Mary Hurd

Your monitor displays a large black border around the main screen image. Where should you go to fix this problem?

Monitor hardware controls.

Which of the following best describes the condition where a signal sent on one wire is received on another wire within the same connector?

NEXT

Lately your computer is spontaneously rebooting and freezing. What is the most likely cause?

Overheated CPU.

How does VTP use the VTP password?

Passwords are sent in all VTP advertisements and validate that the packet came from a trusted source.

What command is used to test network connectivity between two hosts?

Ping

What information does the privileged exec show lacp command display?

Port channel information

When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities.

Port scanner

HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?

Privacy

Instant Messaging does not provide which of the following?

Privacy

Which of the following policies specifically protects PII?

Privacy

A ____ virus infects program executable files.

Program

_________ ________ show four key roles for project stakeholders:

RACI charts

Auditing is used for what purpose?

Recording user's actions

Who is responsible for performing the steps of the business continuity plan or disaster recovery plan in the event of an emergency?

Recovery team

Which program enables you to connect to a remote computer including servers with no interaction required from the remote computer?

Remote Desktop

A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state?

Restore the full backup and the last differential backup

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

Rogue access point

Which DNS record contains the serial number for the zone?

SOA record

Which VPN protocol connects using SSL?

SSTP

Which of the following cloud computing solutions will deliver software applications to a client either over the Internet or on a local area network?

SaaS

Important inputs for performing quality assurance include all of the following except:

Scope management planning

You need to configure your Windows system such that CTRL+ALT+DEL must be pressed for a user to log on. Which local policy should you use to do this?

Security Options

What is a collection of configuration settings stored as a text file with an .inf extension?

Security template

Considering the different ways to remotely manage servers, which allows you to create server groups?

Server Manager

You use Cat5e twisted pair cable on your network. Cables are routed through walls and the ceiling. A user puts a screw in the wall to hang a picture and pierces the cable such that a signal sent on pin 1 arrives on the cable connected to pin 7. What term describes this condition?

Short circuit.

After arriving early this morning, you turn on your computer to begin your work. Instantly you see smoke and smell a strange odor coming from the computer. What should you do?

Shut off the system immediately.

What is modified in the most common form of spoofing on a typical IP packet?

Source address

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing

Which of the following network services or protocols uses TCP/IP port 69.

TFTP

_______ is very important in developing and delivering high quality IT products:

Testing

System availability is often expressed as a percentage of uptime in a year.

True

What technology uses the remote client to connect to a remote access server over the Internet?

VPN

When you do an authoritative restore process, a back-links file is created. What is a back-links file?

a reference to an attribute within another object

Heartbeat, time synchronization, and data exchange between parent and child partitions are all examples of functions provided by ________.

guest integration services

What factor is not important for choosing the best Windows Server 2012 edition for your environment?

heating and cooling system of the datacenter

In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer.

heuristic detection

Which mechanisms could you use to resolve a hostname into its associated IP address? (Select two.)

hosts file DNS

What is the default web address for the PowerShell Web Access Gateway?

https://<server name>/pswa

In the first phase of the program development cycle you should:

identify the desired results

You are the network administrator for a company that has a small block of registered IP addresses ranging from 24.1.2.47 through 24.1.2.47. You want to assign these addresses to a dynamic pool in NAT. Which command should you use?

ip nat pool net-1 24.1.2.32 24.1.2.47

Your organization has decided to implement uniquie local unicast IPv6 addressing. A global ID of FD01:A001:0001::48 been selected for the organization's IPv6 addressing scheme. The next 16 bits beyond the global ID have been used to define the following subnets: FD01:A001:0001:0001::/64 FD01:A001:0001:0002::/64 FD01:A001:0001:0003::/64 FD01:A001:0001:0004::/64 You need to statically assign an interface ID to a router interface connected to the FD01:A001:0001:0003::/64 subnet. To ensure uniqueness, the interface ID should be constructed using the MAC address of the router interface. Which interface configuration command would you use to do this?

ipv6 address FD01:A001:0001:0003: :/64 eui-64

When you fully engage NAP for remediation enforcement, what mode do you place the policy in?

isolation

Acknowledgments, sequencing, and flow control are characteristics of which OSI layer?

layer 4

Which IPv6 address type is only valid within a subnet?

link-local

Which Kerberos setting defines the maximum lifetime ticket for a Kerberos TGT ticket?

maximum lifetime for user ticket

Which Kerberos setting defines how long a service or user ticket can be renewed?

maximum lifetime for user ticket renewal

What command-line utility is used to import and export NPS templates?

netsh

Your supervisor has asked you to compile a graphical representation of the network. What is the best method to accomplish this task for your supervisor?

netsh

What kind of updates are released on an as-required basis and are not part of the standard release cycle?

out-of-band patches

You are configuring the PDX router to maximize available bandwidth. You realize that because the network connected to the Ethernet interface does not contain any RIP-enabled devices, RIP updates do not need to be sent out this interface. Which command can you use to prevent RIP updates from being sent out the E0 interface?

pdx(config-router)#passive-interface e0

A(n) ____ is hardware or software that captures packets to decode and analyze its contents.

protocol analyzer

Which of the following describes a web browser?

provides a way to look at and interact with information on the Internet

What type of service is the Windows File Server Resource Manager?

role

Which of the following commands can you use to see which IP access list is applied to the first Ethernet interface?

sh ip int

You need the IP address of the devices with which the router has established an adjacency. Also, the retransmit interval and the queue counts for the adjacent routers need to be checked. What command will display the required information?

show IP EIGRP neighbors

You have just finished configuring access list 101 and are ready to apply it to an interface. Before you do, however, you would like to view the access list to ensure there are no mistakes. Which command displays access list 101?

show access-lists 101

Single-key encryption is also known as what kind of encryption?

symmetric

Which file is used as a scratch pad to store information about in-progress large transactions and to hold pages pulled out of ntds.dit during maintenance operations?

temp.edb

The end product of a penetration test is the penetration ____.

test report

A ____ trust refers to a situation in which two individuals trust each other because each trusts a third party.

third-party

You have a VLAN network and your primary switch just failed. You must replace it. You've decided to enable one of your existing switches to create,modify and delete VLANs for the network. Which command should you use on the existing switch to promote it to perform these functions?

vtp mode server

What command do you use to allow remote management communications on a PC so that you can use winrs.exe?

winrm quickconfig

You are working on a computer running Windows 7. It is a member of a domain. You need to discover if there are any drivers on the computer which do not have a digital signature. Which of the following tools should you use?

Sigverif.exe

You have a small network with three subnets as shown in the graphic. IP addresses for each router interface are also indicated. You need to connect Wrk1_A to SubnetA and Wrk5_C to SubnetC. Which IP addresses should you use? (Select two.)

Wrk1_A = 192.168.111.62 Wrk5_C = 10.155.64.97

Based on the address prefix, for each IPv6 address on the right, identify the address type from the list on the left. (Addresses used might not represent actual addresses used in production.)

*200:6789:9078::ABCE:AFFF:FE98:0001* Global Unicast *FD00::8907:FF:FE76:ABC* Unique local *FEA0::AB89:9FF:FF77:1234* Link-local *FF00:98BD:6532::1* Multicast *FF02::1:2* Multicast

Match the Active Directory Rights Management Services (AD RMS) component on the right with the correct description on the left.

*AD RMS Server* Responsible for issuing licenses. *Active Directory Domain Services* Regulates access to all AD RMS users in the forest that have rights-protected content. *AD RMS Client* Facilitates communication between the server and the application. *Database Server* Stores configuration and policy information. *AD RMS-enabled Application* Encrypts content after the publishing license is obtained.

Listed on the left are various operation master roles. For each tool, identify the roles that you can transfer using that tool by dragging the role from the left to the boxes below the tool. Domain naming master Infrastructure master PDC emulator RID master Schema master

*Active Directory Users and Computers* RID master PDC emulator Infrastructure master *Active Directory Domains and Trusts* Domain naming master

What is the maximum range of the Bluetooth 2.0 specification for Class 1 devices?

100 M

Which tool can you use to add SPNs to an account?

ADSI Edit

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP poisoning

A private key has been stolen. What action should be taken to deal with this crisis?

Add the digital certificate to the CRL.

Where in a system do you configure PXE?

BIOS

What are the buttons called in the Windows 8 edge UI that provide access to common operating system functions such as Search and Settings?

Charms

Hashing algorithms are used to perform what activity?

Create a message digest

Which of the following is an example of privilege escalation?

Creeping privileges

Which of the following are subject to SQL injection attacks?

Database servers

Which of the following would you use to store a telephone number?

Declare PhoneNumber As String

Which of the following is NOT an example of a special identity?

Dialup Service

Which of the following statements about ESD is not correct?

ESD is much more likely to occur when the relative humidity is above 50%

A "brownout" is a momentary decrease in voltage; also know as a "lag."

False

Your CRT monitor flickers. What should you do?

Increase the refresh rate.

Before you can change the default search engine of IE 10 from Bing to something else, such as Google, what must you first do?

Install the appropriate add-on

Which IE security zone is the default catchall for web sites not listed in any other zone?

Internet

Which of the following statements accurately describes how a modem works? (Select two.)

It modulates digital data from the PC into analog data and transmits it on a telephone network. It demodulates analog data from a telephone network into digital PC data.

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source.

You need to configure a Group Policy preference that configures notebook systems in the domain to use the Power Saver power plan when undocked. You have specified the appropriate power plan in the Advanced Settings tab of the Power Options Group Policy preference and have set it as the active power plan. Click on the option you must enable to apply the preferences only to undocked notebook systems.

Item-level targeting

You are concerned that if a private key is lost, all documents encrypted using your private key will be inaccessible. Which service should you use to solve this problem?

Key escrow

Which built-in local user account is a member of the local Administrators group?

Local System

Which of the following passwords is considered complex?

M!croS0ft

Using File and Storage Services in Server Manager, you will create a new share. The New Share Wizard prompts you for a profile. You need a profile that provides basic NFS sharing with authentication and permissions. Which do you choose?

NFS Share-Quick

You are working in PowerShell on a Windows Server 2012 domain controller. You need to create a group managed service account that will be used by a new service that only you will install later on the server. Which cmdlet should you use to do this?

New-ADServiceAccount

Which of the following paths opens the Computer Management tool? (Select two.)

On the Start menu, right-click Computer and select Manage. In the Control Panel, open Admistrative Tools, then double0click the Computer Management icon.

How many keys are used with symmetric key cryptography?

One

You want to create an access list that prevents traffic from network A that is sent to host 1. You want the access list applied after the routing decision is made. Which of the following would be part of your design? (Select two.)

Outbound filter Extended access list

Your company has two subnets, 172.16.1.0 and 172.16.2.0 as shown in the exhibit. Recent policy changes forbid FTP traffic from leaving your company; however all other traffic is allowed. You've created the following access list to meet the new company requirements: access-list 101 deny tcp any any eq 20 access-list 101 deny tcp any any eq 21 access-list 101 permit ip any any Where should you apply this filter?

Outbound side of S0

Lately your computer is spontaneously shutting down after only a few minutes of use. What is the most likely cause? (Select two.)

Overheated CPU. Cooling fans clogged with dust.

Devices that receive power from a PSE (power sourcing equipment) are known as:

PD

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?

Packet sniffer

You want to know what protocols are being used on your network. You'd like to monitor network traffic and sort traffic based on protocol. Which tool should you use?

Packet sniffer

A Smurf attack requires all but which of the following elements to be implemented?

Padded cell.

A disaster recovery plan should include all but which of the following?

Penetration testing

Which of the following methods should you use to prevent SQL injection attacks?

Perform input validation

To prevent server downtime, which of the following components should be installed redundantly in a server system?

Power supply

Which of the following configures Internet Explorer to only low-integrity disk locations, such as the Temporary Internet Files and the standard IE storage areas, including the History, Cookies, and Favorites folders?

Protected mode

Which of the following requires invitations to use?

Remote Assistance

What command will prevent RIP routing updates from exiting an interface but will still allow the interface to receive RIP route updates?

Router(config-router)#passive-interface s0

You are troubleshooting access to a server in a remote network. You use the tracert command and see the following: Tracing route to 192.168.2.250 over a maximum of 30 hops: 1 2 ms 2 ms 2 ms 192.168.12.11 2 2 ms 2 ms 2 ms 192.168.11.1 3 5 ms 5 ms 3 ms 192.168.10.15 4 2 ms 2 ms 2 ms 192.168.9.1 5 5 ms 5 ms 3 ms 192.168.11.1 6 2 ms 2 ms 2 ms 192.168.10.15 7 5 ms 5 ms 3 ms 192.168.9.1 ... additional output omitted What is the problem?

Routing loop

Which of the following are components of a link-state routing protocol? (Select three.)

Routing table of paths and ports SPF tree Hello packets

You manage the network for the *eastsim.com* domain. You have three domain controllers, all running Windows Server 2012. You have forgotten the Directory Services Restore Mode password for your domain controllers. What should you do to reset the password?

Run *Ntdsutil*.

You need to see a list of third-party drivers on a Windows system. What should you do?

Run *pnputil -e* at the command prompt.

You need to deploy Windows 7 Professional to multiple new computers using a previously-captured system image. You mount the image and use Dism to make several changes to the image. You decide not to keep any of the changes you have made to the image. The image is still attached. You want to undo the changes with the least amount of effort. What should you do?

Run Dism with the /unmount-wim and /discard options.

You have a computer that runs Windows 7. Your network has just transitioned from using Ipv4 to Ipv6. Ipv6 configuration is performed automatically using information received by network routers. The network does not use a DHCPv6 server. Your computer is unable to communicate with a server named Srv1. A ping test to the server using its Ipv6 address works, but fails when you use its host name. What should you do?

Run netsh with the add dnsserver option.

Which protocol will find all links in a network and shut down redundant links?

STP

You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan?

Security guards.

You are the network administrator for your company. Your company uses Windows 8 as its desktop operating system. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to change the user's security group membership in a computer's local database. You want to create a policy that meets these requirements. What should you do?

Select *Failure* for *Security Group Management*.

A switch receives a frame addressed to the MAC address FF:FF:FF:FF:FF:FF. What will the switch do with the frame?

Send it out all ports except for the port it was received on.

What does the MAC method use to control access?

Sensitivity labels

Your Windows 7 computer has a folder named D:\SalesDocs. The folder has been shared with the sharename of SalesDocs. The D: drive is formatted with NTFS. The following permissions have been configured for the folder: NTFS permissions Users group = Allow-Read Sales group = Allow-Modify Share permissions Users group = Allow-Read Sales group = Allow-Change Sally is a member of the the Users and Sales groups. She needs to be able to red and modify all files in the SalesDocs shared folder except for the StyleGuide.doc file. Sally should be able to read StyleGuilde.doc but not modify it. What should you do?

Set Sally's NTFS permission for SytleGuide.doc to Deny Write.

You have a computer that runs Windows 7. Recently, a WSUS server was configured and enabled in your internal network. Now you need to configure Windows Update on your computer to search for and download updates from the WSUS server. What should you do?

Set the *Specify intranet Microsoft update service location* setting in Group Policy.

Of the following cables, which offer the best protection against EMI?

Single mode fiber optic

One method of preventing routing loops is to not send information about a route back to the router from which the information came. What is this technique called?

Split horizon

Your Windows 7 computer has a shared folder named Reorg. The folder contains sensitive information about planned changes in the personnel structure. You configure permissions on the folder to deny access to unauthorized users. You want to prevent users from seeing this share when they browse the computers on the network. You still need to allow access to users who are authorized to use the share. What should you do?

Stop sharing the folder. Share the folder again as Reorg$ with the same permissions as before.

If you don?t have TPM, how else can you use BitLocker?

Store the encryption key on a USB flash drive.

You are creating a new DNS zone. To protect your zone data from wire sniffers, your organization's security policy specifies that only secure zone transfers are allowed. Click the option you must use to configure this.

Store the zone in Active Directory (available only if DNS server is a writeable domain controller)

which of the following applications is more likely to justify the investment in Category 6 cable?

Streaming video

You have issued the following commands at the server console. Router(config)#access-list 122 permit tcp 10.6.0.0 0.0.255.255 any Router(config)#int eth 0 Router(config)#ip access-group 122 out Which of the following statements is true?

TCP packets received from host 10.6.12.45 on the serial 1 interface can be forwarded out the eth 0 interface.

When you try to boot your computer, it hangs after the POST. When you access the CMOS setup program, you see that the date is several years behind and the time is set to 12:01 am. What is the most likely problem?

The CMOS battery has failed.

A workstation configured to use DHCP for IP addressing sends a DHCP Request frame on the local network segment to the DHCP service running on a Windows Server 2012 system. What happens next?

The DHCP server responds with a DHCP ACK message.

What will a switch do with a frame received on a port that has a destination MAC address not in the mac address-table?

The switch will flood the data out all ports, except the port from which the data originated.

You use the show vtp status on a switch and see the following: VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 255 Number of existing VLANs : 16 VTP Operating Mode : Client VTP Domain Name : CCNA VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x55 0x16 0x9C 0x6F 0x83 0xD9 0x8F 0xCD Which of the two following is true of the configuration? (Select two.)

The switch will pass VLAN information to other switches. The switch will modify its configuration based on VLAN information received.

Which of the following statements is false with respect to full duplex?

There are few collisions in full -- duplex mode.

What are the differences, physically and logically, between the two printing configurations: Network-attached Printing and Network-attached Printer Sharing?

They are essentially the same physically. Logically, the print jobs are handled differently.

What is a program that appears to be a legitimate application, utility, game, or screensaver and that performs malicious activities surreptitiously?

Trojan horse.

A LAN is a network of computers and other devices that is confined to a relatively small place.

True

A Patch is a correction, improvement, or enhancement to a particular piece of a software application.

True

A Token is a special control frame that indicates to the rest of the network that a particular node has the right to transmit data.

True

Backbones usually are capable of more throughput than the cabling that connects workstations to hubs.

True

When a policy violation is detected by the DLP agent, it is reported back to the DLP server.

True

What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit portal?

Turnstiles

How many keys are used with asymmetric or public key cryptography?

Two

Which protocol and port number is used by TFTP?

UDP 69

What is the proper procedure for removing a domain controller from Active Directory?

Uninstall Active Directory Domain Services.

What is the purpose of the SSID on a wireless network?

Uniquely identifies the network.

Which of these groups' membership is stored in the global catalog?

Universal groups

You have a stand-alone computer running Windows 7 Professional. You need to determine if the computer has any administrative vulnerabilities. What should you do?

Use Microsoft Baseline Security Analyzer (MBSA)

What is the most effective means of improving or enforcing security in any environment?

User awareness training

Which of the following describes the MIMO feature of the 802.11n wireless?

Uses multiple send and receive radios to improve performance.

What is the purpose of the Services snap-in?

View and manage software processes running in the background.

What new standard defines a protocol that allows clients and servers to exchange data immediately as it becomes available without the overhead created by HTTP and TCP?

WebSocket

Which of the following are not reasons to remote wipe a mobile device?

When the device is inactive for a period of time

What is the minimum Windows 8 edition that you will need to use if you plan on joining the Windows 8 computer to an Active Directory domain?

Windows 8 Professional

If you are currently running Windows 8 on your computer, what is the easiest way to upgrade to Windows 8 Professional?

Windows Anytime Upgrade

It is predicted that ____ could become a key element in authentication in the future.

cognitive biometrics

DVDs and flash drives are all types of:

external memory

A ____ is a document that outlines specific requirements or rules that must be met.

policy

If you want to save on CPU and disk I/O but consume more network bandwidth for replication, which DFS feature can you disable?

remote differential compression (RDC)

Which one of the following is an example of an FQDN?

sales.microsoft.com

Which command will show you whether a DTE or a DCE cable is plugged into serial 0?

show controllers s 0

Which command will display all the EIGRP feasible successor routes known to a router?

show ip eigrp topology

Public-key cryptography uses how many keys?

two

Resource access for individuals takes place through their ______.

user accounts

An Ethernet network meets the specifications for Ethernet 100BaseTx. Connected to a port on the switch is a single server. The switch port is configured for auto-detect. What is the available bandwidth on the server cable segment?

100 Mbps if the server NIC is half duplex; 200 Mbps if the server NIC is full duplex.

What is the maximum distance of 100BaseTX?

100 meters

Your network follows the 1000Base-T specifications for Gigabit Ethernet. What is the maximum cable segment length allowed?

100 meters

What is the administrative distance of OSPF?

110

The binary equivalent of the decimal number 192 is:

11000000

Which of the following IP addresses belong to the Class A network 114.0.0.0? (Select three.) Tip: Assume the network is indicated by the default portion of the IP address. 115.88.0.55 114.0.0.15 115.77.89.4 115.0.0.66 114.122.66.12 114.58.12.0

114.0.0.15 114.122.66.12 114.58.12.0

You are working with a single active router. You would like to gather information about the router. Use the CLI to answer the following questions: What's the iOS version? How much Non-volatile RAM is available on the router? How much DRAM does the router have? How many serial interfaces does the router have?

12.4 191 KB 256 MB 4

Which of the following describes an IPv6 address? (Select two.)

128-bit address Eight hexadecimal quartets

You've just connected your Windows system to a large CRT monitor. The monitor supports screen refresh rates up to 75 Hertz and a resolution of up to 1280 by 1024. The video adapter in your system is plugged into a PCI-Express slot and has 1 GB of video memory installed. It supports screen refresh rates from 55 Hertz to 75 Hertz and screen resolutions up to 2560 by 1600. What screen resolution and refresh rate would be best to use with this system? (Choose two options. Each option is part of the solution.)

1280 by 1024 75 Hertz

Which of the following IP addresses are Class B addresses? (Select three.) 132.12.0.0 190.65.2.0 129.0.0.0 115.33.0.0 64.2.2.64 195.155.0.0 224.15.55.2

132.12.0.0 190.65.2.0 129.0.0.0

Which of the following are valid IPv6 addresses? (Select two.)

141:0:0:0:15:0:0:1 6384:1319:7700:7631:446A:5511:8940:2552

You've just connected your Windows system to a new LCD monitor. Your LCD monitor has a native resolution of 1440 by 900 at 64 Hertz. The video adapter in your system is plugged into a PCI-Express slot and has 1 GB of video memory installed. It supports screen refresh rates from 55 Hertz to 75 Hertz and screen resolutions up to 2560 by 1600. What screen resolution should you use with this system?

1440 by 900

You are the network manager for the *westsim.private* domain. The SRV1 server runs all file and print services for the network. In the DNS database, it has an A record that maps *srv1.westsim.private* to the IP address of 192.168.16.10. You want to create a PTR record that maps the IP address to the hostname. In which zone should you create the record?

16.168.192.in-addr.arpa

You are the network manager for the *westsim.private* domain. The SRV1 server runs all file and print services for the network. In the DNS database, it has an A record that maps *srv1.westsim.private* to the IP address of 192.168.16.10. you want to create a PTR record that mas the IP address to the hostname. In which zone should you create the record?

16.168.192.in-addr.arpa

Which of the following IP address ranges is reserved for Automatic Private IP addressing?

169.254.0.1 - 169.254.255.254

Passive tags have ranges from about 1/3 inch to ____ feet.

19

Which of the following IP addresses have a default subnet mask of 255.255.0.0? (Select two.)

191.168.2.15 129.0.0.1 168.16.5.1

You have an interface on a router with the IP address of 192.168.192.10/29. What is the broadcast address the hosts will use on this LAN?

192.168.192.15

Using the Standard edition of Windows Server 2012, I need to create 5 virtual machines. On how many can I install Windows Server 2012?

2

Your network uses the following backup strategy: Full backups every Sunday night Differential backups Monday through Saturday nights Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?

2

Which of the following is a valid IP address? (Select two.)

2.2.2.2 172.16.1.26

What is the subnetwork address for a host with the IP address 200.10.5.68/28?

200.10.5.64

Review the IPv6 addressing scheme used in the network shown in the following figure. Click on the IPv6 address that has been configured incorrectly.

2001:0BEF:0BAD:0003::2/64

Which of the following are correctly-formatted IPv6 addresses? (Select three.)

2001::78:ABC:891F ::DAFC:8904 FE80::AB01:7894

Which of the following IP addresses are Class C addresses? (Select three.)

222.55.0.0 192.15.5.55 223.16.5.0

Which of the following is NOT an IPv4 private address range?

224.0.0.0 through 224.255.255.255

You are configuring a network firewall to allow SMTP outbound e-mail traffic, and POP3 inbound e-mail traffic. Which of the following TCP/IP ports should you open on the firewall? (Select two.)

25 110

What is the default subnet for the IP address 203.111.3.3

255.255.255.0

Which of the following are not valid IP addresses? (Select three.)

257.0.122.55 145.8.260.7 45.22.156.256

How many commands in global configuration mode begin with the letters "de"?

3

To configure a printer pool, you enabled printer pooling on the Ports tab under Printer Properties. You have five print devices ready for the printer pool. Of those five, four are in one room. Of the four, three use the same print driver. Of those three, two print devices are identical. How many print devices are in your printer pool?

3

What is the minimum number of physical disks required to create a RAID 5 volume?

3

You have been asked to implement a RAID 5 solution for an engineer's desktop workstation. What is the minimum number of hard disks that can be used to configure RAID 5?

3

You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5?

3

What is the maximum transmission speed for Bluetooth devices?

3 Mbps

Routers operate at layer __. LAN switches operate at layer __. Ethernet hubs operate at layer __. Word processing operates at layer __.

3,2,1, none

What is the maximum number of IP addresses that can be assigned to hosts on a local subnet that uses the 255.255.255.224 subnet mask?

30

What is the value of the variable PayDay after the following statements have been executed: *Set Hours = 5* *Set PayDay = 30* *Set PayDay = Hours * 6*

30

Which of the following correctly describe the most common format for expressing IPv6 addresses? (Select two.)

32 numbers, grouped using colons Hexadecimal numbers

You need to upgrade a notebook system running 32-bit Windows 7 Home Premium edition to 64-bit Windows 8.1 Professional. Which of the following is true regarding this upgrade path?

32-bit versions of Windows 7 cannot be upgraded to 64-bit Windows 8.1 Professional.

Which of the following algorithms are used in symmetric encryption? (Select three.)

3DES Blowfish AES

Your network uses the following backup strategy: Full backups every Sunday night Incremental backups every Monday through Saturday nights Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?

4

Click the View Lab button and use the tracert command to identify the devices in the path between the IT Administrator workstation (named ITAdmin) and a remote computer on the internet which has an IP address of 189.36.78.83. How many routers in are in the path between ITAdmin and the remote computer? What is the default gateway address for ITAdmin? What is the IP address of the last router in the path between ITAdmin and the remote computer?

4 192.168.0.5 11.38.252.2

Ethernet networks may use one (or a combination) of:

4 kinds of data frames

The default maximum password age is how long?

42 days

To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can brows the Internet, you are unable to secure credit card transactions. Which protocol needs to be enabled to allow secure transactions?

443

Using a single Microsoft account, on how many Windows 8 devices can you install a specific Windows app?

5

You have a network that needs 29 subnets while maximizing the number of host addresses available on each subnet. How many bits must you borrow from the host field to provide the correct subnet mask?

5

What is the recommended humidity level for server rooms?

50%

You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?

500 resolution, 50mm, .05 LUX

You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?

53

Before Windows 2008 R2, only nine basic audit settings existed. Windows Server 2012 introduces a total of how many audit subsettings?

56

Which of the following are true of the SXGA screen resolution? (Select two.)

5:4 aspect ratio 1280 x 1024

You have an interface on a router with the IP address of 192.168.192.10/29. Including the router interface, how many hosts can have IP addresses on the LAN attached to the router interface?

6

There are almost ____ different Microsoft Windows file extensions that could contain a virus.

70

What key length is considered to be minimally strong for encryption algorithms?

80

You are designing a wireless network for a client. Your client needs the network to support a data rate of at least 54 Mbps. In addition, the client already has a wireless telephone system installed that operates 2.4 GHz. Which 802.11 standard will work best in this situation?

802.11a

Match the wireless networking characteristics on the left to the appropriate standard on the right.

802.11a Speed > 54 Mbps 802.11b Speed > 11 Mbps 802.11g Speed > 54 Mbps 802.11a Frequency > 5 GHz 802.11b Frequency > 2.4 GHz 802.11g Frequency >2.4 GHz 802.11a Non-overlapping channels > 12 Channels 802.11b Non-overlapping channels > 3 Channels 802.11g Non-overlapping channels > 3 Channels

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the wireless standards could the network be using? (Select two.)

802.11b Bluetooth

Which technology is the most common to connect to a wireless network for a corporation that allows a data rate up to 54 MB/sec?

802.11g

You are designing an update to your client's wireless network. The existing wireless network uses 802.11b equipment; which your client complains runs too slowly. She wants to upgrade the network to run at 54 Mbps. Due to budget constraints, your client wants to upgrade only the wireless access points in the network this year. Next year, she will upgrade the wireless network boards in her users' workstations. She has also indicated that the system must continue to function during the transition period. Which 802.11 standard will work best in this situation?

802.11g

You have been contacted by OsCorp to recommend a wireless Internet solution. The wireless strategy must support a transmission range of 150 feet, use a frequency range of 2.4 GHz, and provide the highest possible transmission speeds. Which of the following wireless solutions would you recommend?

802.11g

You need to configure a wireless network. You want to use WPA Enterprise. Which of the following components will be part of your design? (Select two.)

802.1x TKIP encryption

According to the Federal Bureau of Investigation (FBI), almost ____ percent of crimes committed today leave behind digital evidence that can be retrieved through computer forensics.

85

What should a company have that defines the standards, restrictions, and procedures for end users who have authorized access to company data from their personal devices?

A Bring Your Own Device policy

Select the statement that best describes a broadcast storm.

A broadcast storm occurs when there are so many broadcast messages on the network that they approach or exceed the network bandwidth.

Which of the following are disadvantages to server virtualization? A compromise of the host system might affect multiple servers. Increased hardware costs. Systems are isolated from each other and cannot interact with other systems. A compromise of a guest system might affect multiple servers.

A compromise of the host system might affect multiple servers.

You currently have an 802.11g wireless network. You would like to upgrade to use 802.11n devices. However, for a time you need to support both 802.11g and 802.11n devices. What should you include in your plan?

A dual band access point.

Which of the following are disadvantages to server virtualization? A failure in one hardware component could affect multiple servers A compromise of a guest system might affect multiple servers Increased hardware costs Systems are isolated from each other and cannot interact with other systems.

A failure in one hardware component could affect multiple servers.

Which of the following describes a main-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server.

Which of the following describes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server.

What is a cookie?

A file saved on your hard drive that tracks Web site preferences and use.

Which of the following are differences between a firewall and an IPS? (Select two.)

A firewall filters individual packets; an IPS can detect patterns between multiple packets. A firewall filters traffic based on packet headers; an IPS can filter traffic based on packet data.

What is the key difference between a managed service account and a group managed service account.

A managed service account can be used on only one computer in a domain.

The difference between in-place upgrade and a migration is ________.

A migration copies vital information from the existing Server to a clean installation of Windows 2012.

When reading events in the Event Viewer, you need to recognize the designated levels or classifications. What is the definition for the Error level?

A problem has occurred that might impact functionality that is external to the application or component that triggered the event.

Which of the following statements about the Dynamic Host Configuration Protocol (DHCP) are true? (Select two.)

A workstation must request addressing information from a DHCP server. It can deliver a DNS server address in addition to the host IP address.

What is the main difference between a worm and a virus?

A worm can replicate itself and does not need a host for distribution.

You are the network manager for the *westsim.private* domain. You are in the process of transitioning from IPv4 to IPv6 on your internal network on your internal network. You want to configure DNS to provide hostname-to-IPv6 address and IPv6 address-to-hostname resolution for a specific IPv6-only host. Which record types would you create? (Select two.)

AAAA PTR

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

You are working as an administrator for a single Active Directory domain running in Windows Server 2012 functional level. The network consists of multiple domain controllers and member servers running Windows Server 2012. On one of the member servers, you install an enterprise CA. One of your tasks is to enroll smartcards for user accounts. To accomplish this task, you dedicate a workstation as a smartcard enrollment station. You create a separate group, *GG-EnrollmentAgent*, and add your user account as a member of this group. After you duplicate the smartcard enrollment agent certificate template, you add the certificate template to the list of issued certificate templates on the CA. You are trying to enroll a smartcard enrollment agent certificate through your Web browser, but the certificate template is not listed. What should you do?

Add the group *GG-EnrollmentAgent* to the ACL of the certificate template and select the *Read* and *Enroll* permission.

You are the network administrator for Corpnet.com. The previous network administrator published a template to the Enterprise CA that allows users to enroll for EFS certificates. The template was configured so that certificates based on the templates are not published in the Active Directory. Management has requested that all EFS certificates be published to Active Directory. You create a new EFS template and enable the *Publish certificate in Active Directory* option on the template. You need to ensure that users who attempt to renew their EFS certificates obtain new certificates based on the new template. Users must be able to continue to use their existing EFS certificates until all clients have obtained certificates based on the new template. What should you do?

Add the original EFS template to the *Superseded Templates* tab on the new EFS template and then publish the new template.

You have a computer running Windows 7 Ultimate. You need to configure Windows Firewall to allow traffic for an application that dynamically opens multiple ports on an as-needed basis. What should you do?

Adda program exception.

ARP stands for:

Address Resolution Protocol

MMC which of the following are Layer 2 switch functions?

Address learning.

You manage encrypted files or folders using the *Cipher* command. Drag the specific *Cipher* command on the left and drop it on the function performed on the right.

Adds a recovery agent key > *Cipher /u* Generates recovery agent keys > *Cipher /r* Creates a new file encryption key > *Cipher /k* Displays the encryption state > *Cipher* Changes the certificate used to encrypt files > *Cipher /rekey*

You manage a single domain named *widgets.com*. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use?

ADSI Edit

You are the network administrator for Corpnet.com. The company has decided to deploy Active Directory Rights Management Services (AD RMS). You attempt to install AD RMS, but the install fails. When you attempt the install for a second time, you receive an error message indicating that there is an existing AD RMS Service Connection Point (SCP). You need to remove the existing SCP so that you can successfully deploy AD RMS. Which tool should you use? (Choose 2.)

ADSIEdit Active Directory Sites and Services

You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?

AES

What address is assigned to a computer that fails to locate a DHCP server?

APIPA

A host wants to send a message to another host with the IP address 115.99.80.157. IP does not know the hardware address of the destination device. Which protocol can be used to discover the MAC address?

ARP

Which add-on enables users to send text or other media that you select in an IE browser window to another application, such as an email client, or an Internet resource, such as a blog?

Accelerators

Which of the following is a policy that defines appropriate and inappropriate activities and usage for company resources, assets, and communications?

Acceptable use policy

You plan to use a newly-installed Windows 7 system with an LCD monitor. You want to ensure that the text displayed on screen is as clear, sharp, and easy-to-read as possible. Which option should you use in the Display window to do this?

Adjust ClearType text

Which option in Control Panel is used to review your Windows 7 computer's status and resolve issues?

Administrative Tools

What is the purpose of the Audit Policy section of a local GPO?

Administrators can log successful and failed security events, such as loss of data, account access, and object access.

As a part of your organization's security policy, you need to configure the following security settings for all users: • At least 15 unique passwords must be used before an old password can be reused. • Passwords must be changed after 30 days. • Passwords must be in effect for at least 1 day before they can be changed. • Passwords must be at least 10 characters long and contain both upper and lower case characters along with a number or symbol. You have decided to configure and test local security policies to meet these requirements and then import them into the appropriate domain GPOs. Click on the GPO security settings category where these policies are located.

Account Policies

As a part of your organization's security policy, you need to configure the following security settings for all users: • User accounts should be locked after 3 invalid logon attempts. • Locked accounts should stay locked for 15 minutes. • The account lockout counter should be reset after 1 minute. You have decided to configure and test local security policies to meet these requirements and then import them into the appropriate domain GPOs. Click on the GPO security category where these policies are located.

Account Policies

You need to configure your Windows system to require users to use complex passwords. Which local policy should you use to do this?

Account Policies

Which of the following methods helps to detect lost packets? (Select two.)

Acknowledgements Sequencing

You need to temporarily take down the DHCP service running on a Windows Server 2012 system while you perform several preventative maintenance tasks. Click the options you could use in the DHCP management console to deauthorize the DHCP server. (Select three. Each option is a complete solution.)

Action DHCP dc1.westsim.com

You are the network administrator for *westsim.com*. The network consists of one Active Directory domain that contains 1,500 users. *westsim.com* has one main office and 15 branch offices. There are three domain controllers at the main office and one domain controller at each branch office. You have been asked to identify which domain controller hosts the Schema Master role. Which utilities should you use? (Select two.)

Active Directory Schema snap-in *Dsquery*

You need to set the screen refresh rate used by the monitor connected to your Windows 7 system. Click on the option you would use in the Screen Resolution window to do this.

Advanced settings

While browsing the Internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of?

Adware

You manage a network with a single domain named *eastsim.com*. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. Now you need to make the domain controller a global catalog server. Which tools could you use? (Choose two.)

Active Directory Users and Computers Active Directory Sites and Services

You manage a network with a single domain named *eastsim.com*. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. Now you need to make the domain controller a global catalog server. Which should you use?

Active Directory Users and Computers or Active Directory Sites and Services.

You are the network administrator for *southsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7. You have installed the Active Directory Rights Management Services (AD RMS) on a member server n the domain. A new network administrator named Bud Fox has been assigned to monitor the reports on the AD RMS server, and to assist users who are having difficulty obtaining licenses. You need to assign Bud Fox the minimum permissions necessary to perform these duties. What should you do?

Add Bud Fox to the AD RMS Auditors group.

You manage the network infrastructure for the *westsim.com* domain. All servers have recently been upgraded to Windows Server 2012 R2, and all clients run Windows 8. All server and client computers are members of the domain. You have configured a DFS solution with a domain-based DFS root. Srv1 hosts the DFS root, and the namespace is named *Sales*. A single folder named *Contacts* in the DFS root points to the *SalesSF* shared folder on Srv3. You would like to provide redundancy so that the data in the *Contacts* shared folder will still be available, even if Srv1 goes down. You want to use Srv4 to provide the redundancy. What should you do?

Add Srv4 as a namespace server.

You manage the network infrastructure for the *westsim.com* domain. All servers have recently been upgraded to Windows Server 2012, and all clients run Windows 8. All server and client computers are members of the domain. You have configured a DFS solution with a domain-based DFS root. Srv1 hosts the DFS root, and the namespace is *Sales*. A single folder named *Contacts* in the DFS root points to the *SalesSF* shared folder on Srv3. You would like to provide redundancy so that the data in the *Contacts* shared folder will still be available, even if Srv1 goes down. You want to use Srv4 to provide the redundancy. What should you do?

Add Srv4 as a namespace server.

Match the distribution channel on the left with the mechanism on the right that must be used to activate copies of Windows 8.1 purchased through that channel. (Each channel may be used more than once.)

*Activated by hardware manufacturer* Preinstalled (OEM) *Key Management Service (KMS) activation* Volume licensed *Microsoft Active Directory activation* Volume licensed *Phone or Internet activation* Full-packaged (retail)

Match the Active Directory Rights Management Services (AD RMS) license type on the right with the appropriate description on the left.

*Client License* Is issued to a user, and identifies the user as the owner of the content. *Publishing License* Is issued for each protected document and contains the usage right information. *Use License* Is issued after AD RMS authenticates the user and verifies the usage rights defined for that user.

Match the Active Directory term on the right with its corresponding definition on the left. Not all of the definitions on the left have an associated term on the right. Identifies the object classes that exist in the tree and the attributes of each class. Establishes the relationship between trees that have different DNS name spaces. Contains data that represents inherited security descriptors for each object. Contains all the information in the Active Directory data store. Contains data that represents linked attributes.

*Data Table* Contains all the information in the Active Directory data store. *Link Table* Contains data that represents linked attributes. *SD Table* Contains data that represents inherited security descriptors for each object. *Schema* Identifies the object classes that exist in the tree and the attributes of each class.

Match the Active Directory term on the right with its corresponding definition on the left. Not all of the definitions on the left have an associated term on the right.

*Domain Controller* A server that holds a copy of the Active Directory database that can be written to. *Site* Represents a group of networks that are connected with high-speed links. *Subnet* Represents a physical network segment. *Forest Root Domain* The first domain created in an Active Directory forest. *Tree Root Domain* The highest level domain in a tree.

You need to view resource usage for a Hyper-V virtual machine named AccServer running on a Windows Server 2012 system. Before you can actually retrieve resource usage information, you first need to turn resource metering on for the virtual machine. Which PowerShell command can you use to do this?

*Enable-VMResourceMetering -VMName AccServer*

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 and all the clients run Windows 7. The company has a branch office in Atlanta that has a read-only domain controller (RODC) named *ALTRODC1*. Management has requested a list of the users who have been authenticated by *ALTRODC1* in the past and whose user accounts are cached on the RODC. What command should you use?

*Get-ADDomainControllerPasswordReplicationPolicyUsage

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012 and all of the clients run Windows 7 or Windows 8. The company has a branch office in Atlanta that has a read-only domain controller (RODC) named ATLRODC1. Management has requested a list of users who have been authenticated by ATLRODC1 in the past whose user accounts are cached on the RODC. What command should you use?

*Get-ADDomainControllerPasswordReplicationPolicyUsage*.

Consider the following IPv6 address: *2001:0BEF:0BAD:0006::32/64* Drag the component parts of this address on the left to the corresponding description o the right. Not all descriptions on the right have corresponding components on the left.

*Global Routing Prefix* 200:0BEF:0BAD *Subnet ID* 2001:0BEF:0BAD:0006 *Interface ID* ::32 *Prefix Length* /64

Listed below are several DNS record types. Match the record type on the left with its function on the right. A CNAME DNAME MX NS PTR SOA SRV

*Identify a domain controller* SRV *Identify a mail server* MX *Map a host name to an IPv4 address* A *Map an IPv4 address to a host name* PTR

You have configured OSPF routing on RouterA. A partial configuration is shown below: RouterA is connected to RouterB through the serial link. When you check RouterA, it is not learned of any routes connected to RouterB. What should you do to correct the problem?

Add a network statement that uses a network of 172.16.1.32 and a wildcard mask of 0.0.0.31.

You are the network administrator for *westsim.com*. The network consists fo a single Active Directory domain. All the servers run Windows Server 2012 and all the clients run Windows 8. You are responsible for a server named HV1 that has the Hyper-V role installed. HV1 hosts a virtual machine that runs a custom web application that is in use 24 hours a day. The virtual machine has one hard drive that is hosted on a 127 GB expanding virtual hard drive (.vhd). The server is running out of room. Management would like to upload 100 GB of new media files for use in the web application. You need to provide more storage space inside the virtual machine while minimizing the downtime for the custom web application. What should you do?

Add a new virtual hard dive (.vhd) to a SCSI controller.

You have configured access lists on your router. A partial configuration for the router is shown below: hostname RouterA ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed auto duplex auto ! interface FastEthernet0/1 ip address 192.168.2.1 255.255.255.0 speed auto duplex auto ! interface Serial10/1/0 ip address 192.168.3.1 255.255.255.248 encapsulation ppp ip access-group 107 in ! access-list 107 deny ip 192.168.1. 0 0.0.0.255 any access-list 107 deny ip 192.168.2. 0 0.0.0.255 any ! You want to block any traffic received on S0/1/0 that has a source address that appears to be coming from the two internal networks. However, you find that no traffic is being accepted on the S0/1/0 interface. What should you do?

Add a permit statement to the bottom of the access list.

You need to configure Windows Firewall with Advanced Security to allow traffic for an application that dynamically opens up multiple ports on an as-needed basis. What should you do?

Add a program rule.

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do to help reduce problems?

Add a separate A/C unit in the server room

You have a computer running Windows 7 Professional. You have a custom application that will not run on the computer. The application works well on computers running in 32-bit installation of Windows XP Professional. You decide to use Windows XP mode to run the application. Your computer has the following hardware specifications: C: drive with 62 GB of free space. 1 GB of RAM, one additional socket available. One Core 2 duo processor with Intel VT support. Video card with 128 MB of memory with WDDM support. You need the computer to run Windows XP mode. What should you do?

Add more memory

You manage the network with a single Active Directory domain named *eastsim.com*. Organizational units (OUs) have been created for each department. All user and computer accounts are members of the departmental OUs. For the Sales department, all users are members of the *SalesGG* global group. For the accounting department, all users are members of the *AccountingGG* global group. You have two branch offices. ● Branch1 has a single RODC named Rodc1.. ● Branch2 has a single RODC named Rodc2. You want to configure password caching so that passwords are cached for members of the Sales team at both locations. Passwords for the Accounting users should only be cached in Branch2. What should you do?

Add the *SalesGG* group as a member of the *Allowed RODC Password Replication Group* group. Add the *AccountingGG* group to the password replication policy for Rodc2.

You have configured NAT on your router to connect your small company network to the Internet. Shown below is a partial configuration for the router: hostname RouterA ! ip address 192.168.11.1 255.255.255.0 speed auto duplex auto ip nat inside ! interface FastEthernet0/1 ip address 192.168.12.1 255.255.255.0 speed auto duplex auto ip nat inside ! interface Serial0/1/0 ip address 116.12.11.155 255.255.255.248 ip nat outside ! ip nat pool ovrloadd 116.12.11.151 116.12.11.156 netmask 255.255.255.248 ! ip nat inside source list 7 pool ovrloadd ! access-list 7 permit 192.168.11.0 0.0.0.255 access-list 7 permit 192.168.12.0 0.0.0.255 ! Following the configuration, you find that sometimes hosts connected to Fa0/1 can access the Internet, and sometimes they can't. Sometimes hosts on both Fa0/0 and Fa0/1 are connected at the same time, but additional computers can't connect. What should yu do to correct the problem?

Add the *overload* parameter to the *ip nat inside source list* line.

On your Windows 7 computer, you share the D:\Reports folder using a sharename of Reports. You need to configure permissions on the shared folder as follows: ● Members of the Accounting group should be able to view files, but not modify them. ● Phil, a member of the Accounting group, needs to be able to open and edit files in the shared folder. ● No one else should be allowed access. You need to assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer. You need to complete the task using the least amount of effort possible. What should you do?

Add the Accounting group and assign the Read permission. Add the Phil user account and assign Read/Write permission.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2008 and all the clients run Windows 7. The password policy of the domain requires that user account passwords be changed every 30 days. You have installed Active Directory Rights Management Service (AD RMS) on a cluster named *ADRMSCLSTR1*. AD RMS currently uses a service account named *RMSSvc1*. After 30 days, AD RMS fails. You discover that this is caused by the *RMSSvc1* being locked out. you create a new service managed service account named *M-RMSSvc1*. You need to use the *Set-RmsSvcAccount* cmdlet to set *M-RMSSvc1* as the service account for AD RMS. What command should you run first?

*Import-Module AdRmsAdmin*

Drag the Active Directory terms on the left to their corresponding definition on the right.

*Logical organization of resources* Organizational Unit. *Collection of network resources* Domain *Collection of related domain trees* Forest *Resource in the directory* Object *Group of related domains* Tree

You need to view resource usage for a Hyper-V virtual machine named AccServer running on a Windows Server 2012 system. Which PowerShell command can you use to do this?

*Measure-VM -VMName AccServer*

Your organization runs a Hyper-V hypervisor on Windows Server 2012 that hosts several Windows Server 2012 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine.files. Prior to cloning the source virtual machine, you need to check it for installed applications and services that aren't compatible with the cloning process. Which PowerShell cmdlet can you use to do this?

*New-ADDCCloneConfigFile*

You have been assigned to create a remote access strategy for your network. All full-time company employees should be allowed remote access during any time of the day. In addition, you have some contractors who are working with the Marketing department who should be allowed access only between 6am and 6pm. You have create a special group called *Contractors*, and defined the following network policies on the server. Remote Access Policy Name - *Allow Any* Conditions - *Domain Users group membership VPN connection* Permissions - *Allow access, ignoring Active Directory* Constraints - *None* Remote Access Policy Name - *Contractors Allow* Conditions - *Contractors group membership VPN connection* Permissions - *Allow access, ignoring Active Directory* Constraints - *None* Remote Access Policy Name - *Contractors Deny Night* Conditions - *Contractors Group membership VPN connection 6pm to 6am* Permissions - *Deny access, ignoring Active Directory* Constraints - *None* Place each network policy in the proper order to configure the required access.

*Policy #1* Contractors Deny Night *Policy #2* Contractors Allow *Policy #3* Allow Any

Your organization runs a Hyper-V hypervisor on Windows Server 2012 that hosts several Windows Server 2012 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 virtual machine and prompting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. You have completed all of the preparatory steeps and are now ready to clone the source virtual machine. Which PowerShell cmdlets must you use to do this? (Select three. Each response is a part of the complete solution.)

*Rename-VM* *Export-VM* *Import-VM*

Match the Active Directory Federation Services (AD FS) component on the right with the appropriate description on the left.

*Resource partner* A member of a federation partnership that trusts the Federation Service to provide claims-based security tokens. *Claim* A statement made by a server about a digital identity. *Single-Sign-On* An AD FS function that allows users to access multiple systems without repeatedly supplying login credentials. *Security token* A digitally-signed object that contains claims for a given user. *Account partner* A member of a federation partnership that is trusted by the Federation Service to provide security tokens. *AD FS web agent* A service that secures access to the web applications that are hosted on web servers.

Match the AD FS configuration utility on the right with the Windows Azure integration configuration task it is used to complete on the left.

*Set-MgmtSvcRelyingPartySettings* Configures Azure management portals to trust the AD FS server. *Set-MgmtSvcIdentityProviderSettings* Configures the Azure tenant authentication site to trust the AD FS server. *configure-adfs.ps1* Configures the AD FS server to trust the Azure management portals. *https://localhost:30101* Configures the Windows Azure Pack for Windows Server.

You need to integrate AD FS in your organization Windows Azure cloud services. Arrange the configuration tasks on the left in the appropriate order in which they should be completed on the right.

*Step 1* Install prerequisite software. *Step 2* Install Windows Azure Pack for Windows Server. *Step 3* Configure the AD FS server. *Step 4* Configure the Azure management portals to trust the AD FS server. *Step 5* Configure the Azure tenant authentication site to trust the AD FS server. *Step 6* Configure the AD FS server to trust the Azure management portals.

You are implementing a federated trust using Active Directory Federation Services (AD FS). Your organization is the accounts partner while the other organization is the resource partner. You've established a working relationship with a peer administrator in the resource partner organization. The AD FS servers in both organizations require a certificate for issuing tokens. Certificate services in both organizations are provided by an Active Directory Certification Authority (AD CA) running on Windows Server 2012. You and your peer administrator need to configure both CAs to support the federated trust. Arrange the configuration tasks on the left that you need to complete in the correct order on the right.

*Step 1* Issue an SSL certificate to the root CAs in both forests. *Step 2* Export both root CAs' certificates. *Step 3* Enroll the SSL certificates on the AD FS servers. *Step 4* Configure each server to trust its own root CA. *Step 5* Configure each AD FS server to trust the root CAs from the other forest.

Match the appropriate Active Directory Federation Services (AD FS) partner type on the left with the task that partner is responsible for in a federation trust. Each partner type can be used more than once.

*Storing user accounts in Active Directory* Account partner *Claim mapping* Resource partner *Issuing security tokens for applications* Resource partner *Collecting and authenticating user credentials* Account partner *Issuing cookies to user accounts* Resource partner *Building claims for users* Account partner *Packaging claims into security tokens* Account partner *Issuing security tokens to users* Account partner

Consider the following IPv6 address: *FD01:0001:0001:005::7/64* Drag the component parts of this address on the left to the corresponding description on the right. Not all descriptions on the right have corresponding components on the left.

*Subnet ID* FD01:0001:0001:005 *Interface ID* ::7 *Prefix Length* /64 *Global ID* 01:0001:0001 *Unique Local Unicast Prefix* FD

You are the manager for the *westsim.com* domain. All computers are members of the *westsim.com* domain. A single Windows Server 2012 server is the domain controller and DNS server for the domain. You have recently installed a new server, srv12, with IP address 192.168.3.199/24. You need to manually create a record in the DNS database that provides IP address-to-hostname resolution. Which command would you use?

*dnscmd /recordadd 3.168.192.in-addr.arpa 199 PTR srv12.westsim.com*

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 and all the clients run Windows 7 or Windows 8. The network had a child domain named *east.westsim.com*. The domain was decommissioned but several snapshots were taken prior to the decommissioning. Management requests that you identify the members of a group that existed in the *east.westsim.com*. You mounted the last snapshot to examine the group on a domain controller named *DC1*, but you now need to see the data in the snapshot. What command should you run?

*dsamain*

You have activated an Active Directory database snapshot on your Windows Server 2012 system and have mounted it. You now need to view the contents of the snapshot. To do this, you decide to access the mounted snapshot in Active Directory Users and Computers using the Lightweight Directory Access Protocol (LDAP). Which command should you use to do this?

*dsamain*

Your network has a single Active Directory forest with two domains: *eastsim.private* and *HQ.eastsim.private*. Organizational units Account, Marketing, and Sales represent departments of the HQ domain. Addition OUs (not pictured) exist in the *eastsim.private* domain. No other OUs exist in the HQ domain. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. • You create a GPO called AutoEnroll that automatically enrolls user certificates. This GPO should apply to all users in both domains. • You create a GPO called MyDoc Redirect that redirects the My Documents folder. This GPO should apply to all users in the Accounting department. • You create a GPO called CustomApp that distributes a custom application. This GPO should apply to all users in the Marketing and Sales departments. How should you link the GPOs to meet the design objective? To answer, drag the label corresponding to the GPO to the appropriate boxes.

*eastsim.private* AutoEnroll GPO *HQ.eastsim.private* AutoEnroll GPO, CustomApp GPO *Accounting* MyDoc Redirect GPO, No Override *Marketing* (none) *Sales* (none)

Your network has a single Active Directory forest with two domains: *eastsim.private* and *HQ.eastsim.private*. Organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in both the *eastsim.private* and *HQ.eastsim.private* domains. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are in the process of designing Group Policy for the network. You want to accomplish the following goals: • You want to enforce strong passwords throughout the entire forest for all computers. All computers in both domains should use the same password settings. • The Accounting department has a custom software application that needs to be installed on computers in that department. • Computers in the Marketing and Sales departments need to use a custom background and prevent access to the Run command. You create the following three GPOs with the appropriate settings: Password Settings, Accounting App, and Desktop Settings. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes.

*eastsim.private* Password Settings *HQ.eastsim.private* Password Settings *Accounting* Accounting App *Marketing* Desktop Settings *Sales* Desktop Settings

A domain controller in your domain has experienced a catastrophic failure. Because the server failed before it could be cleanly removed from your domain, Active Directory still thinks the failed domain controller is present. Al of the other domain controllers will continue to try to replicate with it, potentially resulting in database inconsistency. You need to remove the failed server by cleaning the metadata. Which ntdsutil command should you use to do this?

*remove selected server*

You are troubleshooting network communications on a Windows Server 2012 system. The server is able to communicate with hosts on the local subnet using the IPv4 protocol, but can't communicate with hosts on other networks in the organization or with hosts on the Internet. You need to verify that the default gateway is configured correctly. Which command should you use to do this?

*route print -4*

You manage a large number of servers running Windows Server 2012 (Server Core). You would like to standardize the event subscriptions for each of the servers. You have exported the desired subscription information to an XML file. You would like to import these settings to each of your core servers. Which tool should you use?

*wecutil*

You manage a server running Windows Server 2012 in a secure environment. You are required to archive event logs on a weekly basis. You would like to create a scheduled task to automatically archive the logs. Which tool should you use?

*wevtutil*

You are beginning the process of integrating AD FS with Windows Azure cloud services. The first step in this process is to install prerequisite software on a Windows server in the network. You have already installed the IIS web server role and the Microsoft Web Platform Installer on the server. You now need to use the Web Platform Installer to install prerequisite software on the server. Click on the products that must be installed on the server to support integration with Windows Azure. (Select two.)

.NET 4.5 Extended with ASP.NET for Windows 8 .NET Framework 3.5 SP 1

You need to add Spanish language support for your administrative templates to a Windows Server 2012 R2 system. Which administrative template component consists of language-dependent files that provide localized information when viewing template settings in the GPO?

.adml files

You need to add German language support for your administrative templates to a Windows Server 2012 R2 system. Which administrative template component consists of language-independent files that store policy settings in XML format?

.admx files.

To add drivers to an image using DISM.EXE, what file must you include?

.inf file

Which Windows extension allows you to add, replace, or delete sections or properties in configuration settings or setup information files?

.ini files

Windows Installer uses what file format for single package application installations?

.msi

If you have an IPv4 address of 123.54.34.77 with a subnet mask of 255.255.240.0, what is the CIDR notation?

/20

Which mask should you use on point-to-point WAN links in order to reduce the waste of IP addresses?

/30

Drag each command line option for the ImageX utility listed on the left to the correct description of its function on the right.

/split > Splits a captured image into multiple files. /capture > Creates an image of a reference computer. /compress > Specifies compression when capturing a system image. /apply > Deploys an image. /verify > Checks for errors and file duplication. /config > Identifies an alternate configuration file name and location.

What is the default administrative distance of a static route if you use an exit interface instead of a next hop address?

0

You want to create an access list statement that allows traffic from any network. Which network address and wildcard mask value should you use?

0.0.0.0 255.255.255.255

Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. Wednesday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?

1

Your company uses virtualized servers extensively and has many offline VMs. A role must be added to some offline VHDs. What do you do?

After selecting Add Roles and Features, you can browse for the offline VHD.

You are using Network Monitor on a Windows Server 2012 system to monitor Remote Desktop session traffic coming in and going out of the server. The output is shown in the image below. To make the output easier to read, you want to associate IP addresses with computer names. Click the option you would use in Network Monitor to do this.

Aliases

You have a network connected using a physical star topology. One of the drop cables connecting a workstation is removed. Which of the following best describes what happens to network communications?

All devices except the device connected with the drop cable will be able to communicate.

In the operation of CSMA/CD, which host(s) have priority after the expiration of the backoff algorithm?

All hosts have equal priority.

During a network infrastructure upgrade, you have replace two 10 Mbps hubs with switches and upgraded from Category 3 UTP cable to Category 5e. During the process, you accidentally cut the Cat 5e patch cable that stretches from the network printer to the upgraded switch. What is the impact on the network?

All network nodes, with the exception of the printer, will be available.

Earned value management is a project performance measurement technique that integrates:

All of the above

Outputs of the planning process group include.

All of the above

Project scope management includes: Planning scope management Collecting requirements Creating the WBS All of the above

All of the above

Project scope statements should include at least a: Product scope description Product user acceptance criteria Detailed information on all project deliverables All of the above

All of the above

Project time management can be described as: Estimating how long it will take to complete the work. Developing an acceptable project schedule. Ensuring timely completion of the project. All of the above.

All of the above

The overview of the project plan should include: The project name A brief description of the project The deliverables of the project All of the above

All of the above

The project management plan that describes management and technical approaches should include: Management objectives Project controls Risk management All of the above

All of the above

To be more effective, Project Managers must: Work closely with stakeholders of the project. Be familiar with the 10 project management knowledge areas. Be familiar with tools and techniques related to project management. All of the above.

All of the above

Which statement describes a spanning-tree network that has converged?

All switch and bridge ports are in either the forwarding or blocking state.

You are the network administrator for a large metropolitan hospital. The hospital must conform to several new regulations dealing with patient privacy. Several users in the accounting department are able to access confidential patient data. The users are utilizing the search function in Windows 7 to access the patient records. As part of a solution, you decide to distribute a group policy to users in the Accounting organizational unit (OU) that disables the search function no matter which workstation is being used. After you configure and test the policy, you report to the head of the accounting department what you are about to do. The department head points out that several people in the Accounting OU have valid reasons for using the search function. Removing the search function for these users would seriously compromise their ability to perform their jobs. These people are part of a security group named Managers. You need to prevent the Group Policy object (GPO) that you have configured from applying to members of the Managers group. What should you do?

Add the Managers group to the GPO's discretionary access control list (DACL). Deny the *Apply Group Policy* and *Read* permissions to the Managers group.

Arrange the Group Policy Objects (GPOs) in the order in which they are applied.

1. The Local Group Policy on the computer. 2. GPOs linked to the domain that contains the user or computer object. 3. GPOs linked to the organizational unit that contains the object.

You want to allow e-commerce Web sites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?

Allow first party cookies but block third-party cookies.

You have several Windows 7 computers in a domain network. When you install software on the new computers, you discover that it does not run because User Account Control (UAC) causes it to fail. Because the accounting program was designed by the company and it will not be upgraded anytime soon, you must get it to work as is with UAC. What can you do to get the application to work with UAC? (Choose the best solution.)

Alter the program settings to *Run this program as an administrator*.

Which of the following describes how access lists can be used to improve network security?

An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.

When reading events in the Event Viewer, you need to recognize the designated levels or classifications. What is the definition for the Warning level?

An issue has occurred that can impact service or result in a more serious problem if action is not taken.

When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?

An unauthorized user gaining access to sensitive resources

You have a video card with a DB-15 connector and a DVI-D connector. Which of the following combinations of monitors can you connect to the video card without additional conversion units (assuming you have the necessary cables)?

Analog CRT monitor and digital LCD monitor.

You want to implement an IDS system that uses rules or statistical analysis to detect attacks. Which type of IDS should you deploy?

Anomaly

You are concerned about protecting your network from network-based attacks from the Internet. Specifically, you are concerned about "zero day" attacks (attacks that have not yet been identified or that do not have prescribed protections). Which type of device should you use?

Anomaly based IDS.

WSUS can retrieve updates directly from Microsoft or from what other source?

Another WSUS server on your network

You manage Windows 7 and Windows 8 notebooks that have been joined to the *mydomain.com* Active Directory domain. Because these notebook systems are frequently taken on sales visits to client sites, you have decided to implement DirectAccess on your network. You run the setup for DirectAccess on the *DA1* server with the following choices: • End-to-end authentication with a smart card required for authentication. • Root certificate from *ca1.mydomain.com*. • Security group name of *DirectAccessGroup*. • The Network Location service runs on the DirectAccess server. You need to configure the client computers for the DirectAccess connection. What should you do?

Add the computer account for each client computer to the *DirectAccessGroup* security group.

Which of the following statements about the use of anti-virus software is correct?

Anti-virus software should be configured to download updated virus definition files as soon as they become available.

What is the most common form of host based IDS that employs signature or pattern matching detection methods?

Anti-virus software.

Which of the following measures are you most likely to implement in order to protect against a worm or Trojan horse?

Anti-virus software.

What feature of Windows 8 can be used to restrict access to specific Windows Store content?

AppLocker

To meet the requirements of your organization's security policy, you have been instructed to implement GPOs that tightly control the software used on each domain user's workstation. The policies in the GPO must: • Allow users to run only the applications you specify. • Be applied to specific users or groups. • Apply to all existing, future, or previous versions of an application. All workstations involved run either Windows 7 or Windows 8. You have decided to configure and test local security policies to meet these requirements and then import them into the appropriate domain GPOs. Click on the GPO security setting category where these policies are located.

Application Control Policies

File and Storage Services falls into which of the following basic role categories:

Application Services

The App-V system architecture is composed of several components. Which of them is responsible for preparing applications for virtualization?

Application Virtualization Sequencer

You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?

Application level.

You have installed a new application on a network device. During testing, it appears as if the software is causing other services running on the device to stop responding. Which tool should you consult to identify the problem?

Application log

You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security? (Select two.)

Apply all patches patches and updates. Change default account passwords.

Normally, preferences are refreshed at the same interval as Group Policy settings. If this option is selected, this option will be applied only once on logon or startup.

Apply once and do not reapply.

You have decided to use ACLs on your router to restrict TFTP traffic between networks. Specifically, you want to allow only the host with an IP address of 178.17.8.1 to access an TFTP server with an IP address of 10.0.0.1 on a different network. The TFTP protocol runs on UDP port 69. To accomplish this, you create the following ACL on the router connecting the two networks: Router(config)#access-list 100 Router(config)#access-list 100 permit udp host 172.17.8.1 host 10.0.0.1 eq 69 Router(config)#access-list 100 deny udp any any eq 69 Router(config)#access-list 100 permit IP any any You apply the ACL to inbound traffic on the interface (Fa 0/0) connected to the 10.0.0.1/8 network using the following commands: Router(config)#int fa 0/0 Router(config-if)#ip access-group 100 in After doing so, you find that lal hosts on the 172.17.8.0/24 network can still access the TFTP service on 10.0.0.1 over port 69. What can you do to fix this issue?

Apply the ACL to outbound traffic on the router interface connected to the 10.0.0.0/8 network.

To detect failures, clustered servers regularly poll each other on the network, asking:

Are you still there?

To prevent Update Sequence Number (USN) rollback issues with virtual domain controller (virtual or physical) is assigned a unique identifier called the VM-Generation-ID. For virtual domain controllers, where is this identifier stored?

As an attribute of each domain controller computer in Active Directory. In a file within the virtual machine configuration.

To prevent Update Sequence Number (USN) rollback issues with virtual domain controllers, each domain controller (virtual or physical) is assigned a unique identifier called the VM-Generation-ID. For virtual machine controllers, where is this identifier stored? (Choose two.)

As an attribute of each domain controller computer object in Active Directory. In a file within the virtual machine configuration.

You manage a Windows 7 computer. You need to control access to the D:\Reports folder as follows: Members of the Accounting group should be able to open and view all files, edit them, and add new files. They should not be able to delete or rename files. Mary needs to be able to open and view files, but should not be able to modify the files. Mary is a member of the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible and affecting existing permissions as little as possible. What should you do?

Assign Allow Read & execute, List folder contents, Read, and Write to the Accounting group. For the Mary user account, Deny the Write permissions.

You manage a Windows 7 computer. You need to control access to the D:\Reports folder as follows: Members of the Accounting group should be able to open and view all files but not modify them. Mary needs to be able to modify existing files in the folder, add new files to the folder, but should not be able to delete or rename files. Mary is a member of the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible. What should you do?

Assign Allow Read & execute, List foldler contents, and Read to the Accounting group. Assign Allow Write to Mary.

On your Windows 7 computer, you share the D:\Apps folder using a sharename of Apps. You need to configure permissions to the share as follows: Members of the Appusers group should be able to open and view files in the shared folder. User JohnS should not have any access to files in the shared folder. JohnS is a member of the Appusers group. You need to assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer. You need to complete the task using the least amount of effort possible. What should you do?

Assign Allow Read permission to Appusers, and assign Deny Read permission to JohnS.

You manage a computer that runs Windows 7. The computer has a shared printer named Printer1. You want to let Chat pause, restart, and delete print jobs on the printer. Chad should not be allowed to delete the printer or change its properties. Chad is a member of the Sales group. Currently, the Everyone group has the Allow Print permission to the printer. What should you do?

Assign Chad the Allow Manage Documents permission to the printer.

You are deploying two new applications to users in the company as follows: • All computers should have Microsoft Word installed. • All users in the Accounting department should have Microsoft Access installed. • For other users in the company, you want to allow them to install Microsoft Access if desired by using the Add/Remove Programs applet in the Control Panel. Each department has its own organizational unit. How should you deploy these applications? (Select all that apply.)

Assign Microsoft Access in a GPO linked to the Accounting OU. Publish Microsoft Access in a GPO linked to the domain. Assign Microsoft Word in a GPO linked to the domain.

You manage a Windows 7 computer with a printer that is used by the Sales department. The sales manager has asked you to restrict access to the printer as follows: ● Sally needs to connect to a printer, print documents, and pause and resume her own print jobs. ● Damien needs to pause and resume documents for all users, but does not need to change printer properties. You want to assign the most restrictive permissions that meet the sales manager's requirements. What should you do? (Choose two. Each choice is a required part of the correct solution.)

Assign Sally the Print permission. Assign Damien the Manage Documents permission.

You want to let clients on your private network connect to the Internet through Server1. Server1 connects to the Internet using a dial-up connection. On Server1, you enable the Routing and Remote Access Service and install the NAT routing protocol. All computers in your network use Automatic Private IP addressing. There is no DHCP server on the network. You want to use the private IP address range 172.16.65.1 to 172.16.65.250. How would you configure Server1? (Select two. Each choice

Assign an IP address of 172.16.65.1 to the LAN interface of Server1. Configure the NAT routing protocol to automatically assign addresses in the range of 172.16.65.2 through 172.16.65.250 to computers on the private interface.

You administer a network with two Windows Server 2012 R2 servers and 70 Windows 7 computers. The network has a single domain, with OUs for each department. User and computer objects have been moved to their corresponding departmental OU. You create a Group Policy object (GPO) that deploys service packs. You want the service pack to be installed automatically to all client computers when the computer reboots. You edit a Group Policy object associated with the Marketing OU and assign the software package to all users. As a test, you reboot a computer. You find that the service pack has not been installed. What should you do?

Assign the software package to all computers.

Which of the follow are characteristics of ECC? (Select two.)

Asymmetric encryption Uses a finite set of values within an algebraic field.

You want to monitor processor and memory utilization on Srv4. You create a single Data Collector Set configured to save log files every day. You add the processor and memory Data Collectors to the Data Collector Set. After running the Data Collector Set for several days, you have several separate log files. You would like to compare to statistics for the first day with the statistics reported for the last day. In particular, you would like to be able to see a single graph that lines up the processor utilization on an hour-by-hour basis. What should you do?

At a command prompt, run the *Perfmon /sys* multiple times to open a view of each log file. Use the *Compare* option to transparently overlay each log onto the first log.

You are working on a computer running Windows. You recently installed a device that you only need temporarily. After several days of using the device, you remove it from the computer, and now you would like to remove the device driver as well. What should you do? (Select two. Both answers are complete solutions.)

At the command prompt, run *pnputil -d*. In Device Manager, uninstall the device.

You need to deploy Windows 7 Professional to multiple new computers using a previously-captured system image. You have created an answer file called Win7ProfAnswer.xml in the E\Images\Answerfiles folder. You want to apply the answer file to the image. What should you do?

At the command prompt, run dism /apply-unattend:e:\images\Answerfiles\Win7ProfAnswer.xml

You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You wold like to use auditing to track who performs these actions. You want to only monitor the necessary events and no others. What should you do? (Select two. Each choice is a required part of the solution.)

Audit successful system events. Create a GPO to configure auditing. Link the GPO to the domain.

Nadine is the systems administrator for a network with a single subnet. The subnet uses 192.168.1.0 with a mask of 255.255.255.0. The network has 10 Windows Server 2012 systems. Srv-1 currently provides both DHCP and DNS services. Nadine wants to increase the fault-tolerance for her DHCP servers. She installs a new server, Srv-11, and configures it for DHCP. She configures a scope on Srv-11 to match the scope on Srv-1, then excludes half of the addresses in the scope on Srv-1 and the other half of the addresses on the Srv-11. Nadine decides to test her solution and shuts down Srv-1. As a test, she forces a workstation to release its IP address and request a new one. She finds that the workstation has 169.254.0.15, with a mask of 255.255.0.0 for its IP address. What should Nadine do to fix the problem?

Authorize Srv-11

What are the common elements of a network hierarchy used by link-state routing protocols? (Select two.)

Autonomous System Area

What is the primary countermeasure to social engineering?

Awareness

You have a wireless network configured as shown in the diagram. A user with a handheld device connects to access point A. The user moves through the building so that the device falls out of the scope of access point A but into the transmission range of access point B. What does the wireless device use to keep track of the different access points?

BSSID

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?

Back up all logs and audits regarding the incident

Developers in your company have created a Web application that interfaces with a database server. During development, programmers created a special user account that bypasses the normal security. What is this an example of?

Backdoor

Which of the following are typically associated with human resource security policies? (Select two.)

Background checks Termination

Which of the following is an important aspect of evidence gathering?

Backing up all log files and audit trails

Which of the following mechanisms are used on Ethernet networks to control access to the transmission medium? (Select two.)

Backoff interval. Collision detection.

What does an differential backup do during the backup?

Backs up all files with the archive bit set; does not reset the archive bit.

What does an incremental backup do during the backup?

Backs up all files with the archive bit set; resets the archive bit.

What should you do (if possible) before flashing the BIOS? (Select two.)

Backup CMOS settings. Connect the computer to a UPS.

Network based intrusion detection is most suited to detect and prevent which types of attacks?

Bandwidth-based denial of service

You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time. Which document would help in identifying past average network traffic?

Baseline

You have decided to redirect the contents of the local Documents folder for all domain users on all workstations to a shared folder on your Windows Server 2012 system. The server is a member of the eastsim.com domain. You want users who are members of the Domain Users group to have their Documents folder redirected to C:\RegUsersShare and users who are members of the Domain Admins group to have their Documents folder redirected to C:\AdminUsersShare. Click on the setting in the folder redirection policy for Documents that you must configure to accomplish this.

Basic - Redirect everyone's folder to the same location.

When duplicating a drive for forensic investigative purposes, which of the following copying methods is most appropriate?

Bit-level cloning

You have a server that runs Windows Server 2012. You want to protect all of the files on the hard drive to prevent unauthorized access. You want to prevent access to any file on the hard drive, even if the hard drive is moved to another computer. Which feature should you use?

BitLocker

What technology is used to encrypt removable USB devices?

BitLocker To Go

Which of the following functions are performed by proxies? (Select two.)

Block employees from accessing certain Web sites. Cache web pages.

You want to use a wireless keyboard and mouse with your laptop computer. Which method should you choose?

Bluetooth

A portable computer connected to a printer with an infrared interface works fine inside your office. However, when you go outside it works sporadically. How can you fix this? (Select two.)

Bluetooth Wireless Ethernet

In older versions of Windows, such as Windows XP, the boot.ini file was used to provide the function that is now provided by what item?

Boot Configuration Data (BCD) file

You are the network administrator for a network with a single Active Directory parent domain and two child domains. All domains controllers are running Windows Server 2012. You are responsible for disaster recovery across the entire network. You decide to use Windows Server Backup. You schedule full server backups to be taken every night, along with a system state backup an hour later. On Friday morning, you are creating new users in the Accounting OU when you receive an error stating that the user cannot be created because the context could not be found. After some investigation, you find that a co-worker has deleted the OU and the change has replicated to all domain controllers. You want to restore the latest version of the OU without affecting the rest of Active Directory. What should you do?

Boot a domain controller into Directory services restore mode. Perform a non-authoritative restore. Run *Ntdsutil* and mark the accounting OU as authoritative.

You have two switches that are not yet connected. VTP configuration information for each switch is shown below. A#show vtp status VTP Version : 2 Configuration Revision : 5 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CCNA VTP Pruning Mode : Enabled B#show vtp status VTP Version : 2 Configuration Revision : 7 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CCNA VTP Pruning Mode : Enabled Switch A has been configured with VLANs 2, 3, and 4 in addition to the default VLANs. Switch B has VLANs 4, 5, and 6. You connect switch A to switch B with a trunk link. What will happen to the VLAN configuration?

Both switches will have VLANs 4, 5, and 6.

Which of the following commands are complete commands (i.e. they do not require additional parameters or keywords)? (Select all that apply)

Branch1#show version Branch1#conf t Branch1(config-if)#duplex half

You are working with a router connected to your network. You would like to gather information about the devices connected to this router. Use the necessary commands to answer the following questions: Which device is connected to the Memphis FastEthernet0/1 interface? Which device is connected to the Memphis Serial0/0/1 interface? What is the IP address of the device connected to the Memphis Serial0/0/0 interface? What is the IP address of the device connected to the Memphis FastEthernet0/0 interface? Which remote port connects Branch3 to the Memphis router? Which remote port connects Miami to the Memphis router? Which platform is running on the device connected to the S0/0/2 interface?

Branch3 Miami 172.16.224.2 192.168.30.130 GigabitEthernet0/1 Serial0/0/0 1841

Which of the following lists of devices is a list of Layer 2 devices?

Bridge, network interface card, switch

You have a Windows 7 computer that is shared by multiple users at work. You want to allow only members of the Sales team to run the sales lead application. The rule should use the digital signature of the software and apply to all current and future versions of the application, regardless of the filename or its location. You decide to create an executable rule with a publisher condition using application control policies. What should you do?

Browse and select the executable file for the application. Modify the rule to include the product name information.

Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?

Buffer overflow

Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?

Buffer overflow

In business continuity planning, what is the primary focus of the scope?

Business processes

The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.

C:\Inetpup/wwwroot

You have decided to redirect the contents of the local Documents folder for all domain users on all workstations to the C:\Shares shared folder on a Windows Server 2012 system named FS2. The server is a member of the eastsim.com domain. You configured Basic redirection to redirect all users' local Documents folder to C:\Shares on the server

C:\Shares

By default, where are storage reports saved?

C:\StorageReports\Scheduled

You need to add administrative templates for Microsoft Office products to a Windows Server 2012 R2 server. Where should the .admx and .adml files be copied to do this?

C:\Windows\PolicyDefinitions

You have enabled Group Policy caching in your domain. Using this feature, Group Policy settings are saved locally on each domain-joined host. In which folder are these settings stored?

C:\Windows\System32\GroupPolicy\DataStore

A(n) ____ serves as the trusted third-party agency that is responsible for issuing the digital certificates.

CA

You manage the intranet servers for EastSim Corporation. The company network has three domains: *eastsim.com*, *asiapac.eastsim.com*, and *eastsim.com*. The main company Web site runs on the *web1.eastsim.com* server with a public IP address of 101.12.155.99. A host record for the server already exists in the *eastsim.com* zone. You want Internet users to be able to use the URL *http://www.eastsim.com* to reach the Web site. What type of DNS record should you create?

CNAME

You manage the intranet servers for EastSim Corportation. The company network has three domains:" *eastsim.com, asiapac..eastsim.com*, and *emea..eastsim.com*. The main company Web site runs on the *web1.eastsim.com* server with a public IP address of 101.12.155.99. A host record for the server already exists in the *eastsim.com* zone. You want Internet users to be able to use the URL *http:///www.eastsim.com* to reach the Web site. What type of DNS record should you create?

CNAME

Which of the following are CRT monitor characteristics? (Select two.)

CRT monitors have a 4:3 aspect ratio which matches the display ratio of a television set. CRT monitors use an electron beam that hits phosphor dots inside the vacuum tube.

What character string makes up the telephone number of the network access server (NAS)?

Called Station ID

Which of the following are true about Gigabit Ethernet? (Select two.)

Can use both copper and fiber optic. Uses CSMA/CD

Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?

Carbon dioxide (CO2)

Cabling that is UTP, that contains four wire pairs, and that can support up to 16 Mbps throughput is:

Cat 4

You want to implement an Ethernet network using the 1000BaseT standard using the minimum hardware specifications possible. Which of the following should you include in your plan? (Select two.)

Cat5e twisted pair cable RJ-45 connectors.

What type of cabling could be used for an Ethernet 100BaseT (100 Mbps) network? (Select two.)

Category 5 UTP Category 6 UTP

You're responsible for implementing network cabling in a new Gigabit Ethernet network installation. The cabling will be installed in a manufacturing environment where there is a great deal of electromagnetic interference (EMI). Which type of cabling would operate best in this environment? (Choose two.)

Category 5 shielded twisted pair cable Fiber-optic cable

Which of the following are advantages of virtualization? (Select two.)

Centralized administration Easy migration of systems to different hardware

You manage a group of 10 Windows 8 workstations that are currently configured as a Workgroup. Which are advantages you could realize by installing Active Directory and adding the computers to a domain? (Select two.)

Centralized configuration control. Centralized authentication.

What type of Software Restriction Policy rule identifies applications based on a certificate signed by the software publisher?

Certificate rules

You manage a network that uses 1000BaseT Ethernet. You find that one device communicates on the network at only 100 Mbps. Which tool should you use to test the drop cable and the connection to the network?

Certifier

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?

Chain of custody

What is the most important element related to evidence in addition to the evidence itself?

Chain of custody document

You need to view a list of all valid display modes that are compatible with the video installed in your Windows 8 system. Click on the option you would use in the Display screen to do this.

Change display settings

You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network. Which type of document should you update?

Change documentation

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?

Change management

You have a computer running Windows 7 Enterprise. You need to change how Windows provides notifications when the firewall blocks a new program. Select the link that you would choose to make this change.

Change notification settings.

Your company has just purchased 120 licenses for a new application that will be used by all users. It is up to you to test and deploy the application as simply as possible. You decide to use a Group Policy object (GPO) to roll out the new application using the Windows Installer functionality. You create a software distribution point named *Apps* on the Server1 server and grant Read and Execute permissions to all users who will install the software. You then create a Group Policy object and edit the software installation properties under the User Configuration node. You configure the following properties: • Default package location: *C\apps* • When adding new packages to user settings: *Display the Deploy Software dialog box* • Installation user interface options: *Maximum* • Uninstall the applications when they fall out of the scope of management: *Enabled* You create a software distribution package based on the above settings that assigns the appropriate Windows Installer package. However, when you test the package, Windows Installer doesn't execute and install the software. You need to find out why and make appropriate changes. What should you do?

Change the *Default package location* setting to *\\Server1\Apps\. Delete and recreate the software distribution package.

You are the network administrator for Corpnet.com. You have created a network load balancing cluster to provide high availability for the intranet website. The NLB cluster consists of three web servers; Web1, Web2, and Web3. each web server has one network card installed. After configuring the NLB cluster, you determine that the web servers in the cluster are unable to communicate with each other. You must reconfigure the cluster to allow communication between the cluster members. What should you do?

Change the Cluster Operation Mode to Multicast.

On your Windows 7 computer, you share the D:\Promo folder using a sharename of Promo. The share has been assigned the following permissions: User/Group Permission Telesales group Allow Read Training group Deny Full Control Managers group Allow Change Mary user Allow Change The Mary user account is a member of the Training group. NTFS permissions allow all access. Mary needs to be able to edit documents in the shared folder but cannot. You need to modify the share permissions to allow her the necessary access. What should you do? (Choose two. Each choice is a possible solution.)

Change the Training group permission to allow Read. Remove the Mary user account from the Training group.

You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from accessing the access point (AP) configuration utility?

Change the administrative password on the AP.

You are the network administrator for a small private network. You have been providing VPN access to company users for the past few months through a Windows Server 2012 Routing and Remote Access server. Your company recently decided to require the strongest authentication possible to connect to the Remote Access server. You've set up a certificate server and changed the authentication protocol on the server to require certificates. Remote users are complaining that they can no longer access the Remote Access server. What should you do?

Change the authentication protocol on each client to EAP-TLS.

(This question includes an image that provides information to help you answer the question.) You manage a network with a single Active Directory domain called *westsim.com*. Organizational units have been created for the Accounting, Sales, and Shipping departments. User and computer accounts for each department are in their respective OU. At 5:30 pm, you get a call from Mary Hurd, a user in the Sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information show in in the image. You need to make sure Mary can log in. What should you do? (Select two. Each answer is a possible solution.)

Change the log on hours to extend past 5:30 pm. Unlock Mary's account.

You have a laptop that runs Windows 7. You connect your laptop on the network at work to allow an associate to copy files from your computer. Other computers on the network are not able to discover your computer, and your computer is not able to build an accurate network map in the Network and Sharing Center. You open the Network and Sharing Center and see the information shown in the image. What should you do?

Change the network type to Home.

You have purchased a SXGA LCD monitor and connected it to the DVI-I port on your computer using a DVI-D cable. You configure the screen resolution at 1600 x 1200 with 24-bit color. The screen display seems to be fuzzy at some spots. What should you do to correct the problem?

Change the screen resolution to the native resolution of the monitor.

You are the network administrator for *northsim.com*. The network consists of a single Active Directory domain. There is one main office in the company located in one building. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. A server named DC1 hosts the PDC Emulator flexible single master operations (FSMO) role. There are three other domain controllers named DC2, DC3 and DC4. Users complain that it sometimes takes several minutes to be authenticated to the domain. You determine that this occurs when users are authenticated by DC1. You need to permanently reduce the number of authentication requests being serviced by DC1 in order to improve authentication performance in the domain. DC1 must still remain able to authenticate users if necessary. What should you do?

Change the weight for the DNS SRV record for DC1 to a weight less than 100.

You are the network administrator for *westsim.com*. The network consists of a single domain named *westsim.com*. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. The main office contains a server named RRAS1, that has been configured to provide DirectAccess connectivity for clients. Clients complain that when they connect via DirectAccess, they are not able to resolve intranet names. What should you do?

Check for *.westsim.com* in the Name Resolution Policy Table.

You have just finished upgrading the CPU in your desktop system. After running the system for about 15 minutes, the system spontaneously shuts down. What should you do first to troubleshoot the problem? (Select two.)

Check the thermal shutdown threshold in the BIOS. Check the CPU fan power.

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

Circuit-level

In what class is the address of 156.43.75.212?

Class A

What is the class of address, the subnet address, and the host address of the following IP address: 172.16.10.5 255.255.248.0?

Class B, 172.16.8.0, and 10.5.

Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?

Class C

Your company will upgrade to Windows Server 2012. The present environment is Windows Server 2008 R2 servers or higher. What is the best path to upgrade to Windows Server 2012?

Clean installation of Windows Server 2012.

Srv12 is a Windows Server 2012 server that runs File and Print Services. On Srv12, you are troubleshooting a problem that keeps occurring. When the problem happens, there are several Warning and Error events logged to the Application log in Event View. While troubleshooting the problem, you create a filter for the log that shows only the Warning and Error messages. You would like to save all messages in the Application log so you can copy them to another computer and examine them there. What should you do? (Select two. Each choice is a possible solution.)

Clear the log, choosing to save the log before clearing. Clear the filter, then save the log.

You are performing a clean installation of Windows 8.1 on a desktop PC that uses a RAID1 disk array. You booted the system from the Windows 8.1 installation DVD and navigated through the first few screens of the installation wizard. You've reached the screen shown in the exhibit. What should you do?

Click *Custom: Install Windows only (advanced)*.

What is the name of the RADIUS client computer that requests authentication?

Client Friendly Name

You have decided to implement Network Access Protection (NAP) on your network. You want to impose the following restrictions: • Computers without antivirus software should not be allowed to connect. • Computers without the latest security updates should not be allowed to connect. • No other health checks should be performed. You create two health policies and two network policies: one each for compliant computers, and one each for non-compliant computers. Which of the following settings would you choose when configuring the non-compliant health policy?

Client fails one or more SHV checks.

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts

Which of the following is not true regarding cloud computing?

Cloud computing requires end-user knowledge of the physical location and configuration of the system that delivers the services.

Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its tasks, preventing a disruption in service?

Clustering

____ is related to the perception, thought process, and understanding of the user.

Cognitive biometrics

Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?

Cold site

When two different messages produce the same hash value, what has occurred?

Collision

When you originally deployed the AccServer virtual machine on your Windows Server 2012 hypervisor, it stored accounting data from all departments in your orgranization and therefore required a very large virtual disk. However, as your organization has grown, additional department-specific accounting servers have been deployed and much of the data that used to be stored on AccServer has been migrated to them. Because the virtual hard disk file for the AccServer virtual machine is set to grow dynamically, the now unused space in the file can now be reclaimed on the physical hard drive in the Windows server. Click on the option you would use in the Edit Virtual Hard Disk Wizard to do this without reducing the overall storage capacity of the virtual hard disk.

Compact

A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program.

Companion

What does an IDS that uses signature recognition use for identifying attacks?

Comparison to a database of known attacks.

What feature does IE 10 offer that enables it to correctly display pages that were developed using older technologies?

Compatibility mode

What program do you use to manage fully all local users and group accounts on a computer running Windows 7?

Computer Management console

The first two traditional project phases include:

Concept and development

By definition, which security concept ensures that only authorized parties can access data?

Confidentiality

You create a new document and save it to a hard drive on a file server on your company's network. Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing what security goal?

Confidentiality

You want to make sure that the correct ports on a firewall have been opened or closed. Which document should you check?

Configuration documentation

You manage the *northsim.com* domain. Your company produces components that are used in military and government products. Due to a recent laptop theft, you have decided to increase the security for design documents used to produce the components used for your military contracts. You want to encrypt documents so that they can only be read by specific authorized users. For users who can view the documents, you want to prevent them from printing or modifying the documents. What should you do?

Configure Active Directory Rights Management Services (AD RMS).

You are the server and workstation manager for the *westsim.com* domain. Members of the Sales team use Windows 8 laptops while traveling. You would like to use BitLocker on each computer to protect the volume used for the operating system and all user data. None of the laptops have a Trusted Platform Module (TPM). You need to configure the computers to use BitLocker. What should you do?

Configure BitLocker to use a startup key on a USB drive.

You have a new laptop that you want to configure with Windows 8 Professional. You would like to use BitLocker on the laptop to protect the volume used for the operating system and all user data. Your laptop does *not* have a Trusted Platform Module (TPM) chip on the motherboard. You need to configure the computer to use BitLocker. What should you do?

Configure BitLocker to use a startup key on a USB drive.

You administer a branch office connected to the main headquarters with a WAN link. Servers in the branch office provide DNS and DHCP services. The company network has multiple domains, with a single domain representing the branch office. A DNS server called DC1 at the branch office holds the primary zone for the branch domain but holds no other zone files. DNS servers at headquarters provide name resolution for hosts in other domains. One day, you come to work to find a number of customer service complaints. They all report something similar -- clients can resolve host names, but cannot resolve host names for other domains on the network. You contact the enterprise administrator and are told that the IP address for the DNS server that was being used previously as a forwarder for the branch office has been changed to 10.155.11.15. What should you do to fix the problem?

Configure DC1 to forward name resolution requests to 10.155.11.15.

Your organization uses one primary DNS zone that is backed up by seven secondary DNS zones on other servers. Your organization has changed ISPs, and as a result significant IP addressing changes are taking place within your infrastructure. To maintain availability, all of your secondary DNS servers need to be updated immediately whenever a change is made to the primary DNS server. What should you do?

Configure DNS Notify in the properties of the primary zone.

You are a network engineer for a large private network. The network has a corporate headquarters site, six regional sites, and dozens of branch sites per region. The network's private namespace consists of a single DNS domain that is a subdomain of a registered public DNS domain. To provide DNS name resolution fault tolerance and performance, each site has its own DNS server. All DNS servers run Windows Server 2012. The DNS server in the corporate headquarters site is a primary DNS server. All other DNS servers are secondary DNS servers for the private namespace. The primary DNS server for the private network is overwhelmed with zone transfer requests. You must redesign the network's DNS structure to alleviate this problem. What should you do?

Configure DNS servers in branch sites to receive zone transfers from a DNS server in a regional site.

You are an administrator for a company that uses Windows 2008 for its servers. In addition to Active Directory, you also provide file and print services, DHCP, DNS, and e-mail services. There is a single domain and a single site. Clients are either Windows Vista Business or Windows XP Professional. There are two members servers, one that handles file and print services only and one database server. You are considering adding additional servers as business increases. Your company produces mass mailings for its customers. The mailing list and contact information provided to your company by its clients is strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital), and because of the importance of the data to your operation, it can also be considered trade secrets. You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users. How should you configure your security policy to track access to the data files?

Configure Object Access auditing in a GPO and link it to the domain.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8. You have a server named VPN1 that is configured to accept VPN connections from remote clients. VPN1 is configured as a RADIUS client of a server named RADIUS1. Management decides to implement remote access auditing. You need to track when and how long each user is connected via remote access. What should you do?

Configure RADIUS accounting on RADIUS1.

Your company has recently added a traveling sales force. To allow salesmen access to the network while traveling, you install two additional servers. You configure the servers (REM1 and REM2) as remote access servers to accept incoming connections from remote clients. You configure network access policies on each server. The solution is working fine, but you find that you must make constant changes to the remote access policies. You install the Network Policy and Access Services role on a third server (REM3). You configure network access policies on REM3. Following the installation, you verify that all clients can connect to REM1 and REM2. You then delete the custom network policies on both server. Now, no clients can make a remote access connection. What should you do?

Configure REM1 and REM2 as RADIUS clients of REM3.

Mary is the network administrator for the Seattle location of the WestSim Corporation. The Seattle location has a direct connection to the Portland location. The rest of the company's network is accessible through the link to the Portland site. Currently, computers in the Seattle location use the WSDNS4 server in the Portland location for DNS name resolution. This server hosts secondary zones for the entire network. A DHCP server in the Seattle location configures each client to use WSDNS4 for name resolution. Because of network congestion, the enterprise administrator instructs Mary to configure a caching-only server at the Seattle location. Mary installs the DNS service on the SEA7 server. What must Mary do to complete the configuration? (Choose two. Each choice is part of the correct solution.)

Configure SEA7 to use WSDNS4 as a forwarder. Modify the DHCP options so that clients use SEA7 for DNS lookups.

You are the systems administrator for WestSim Corporation. You have been assigned to set up a new branch office in Tulsa. The branch will be represented by a single domain. You install a single DNS server called TulsaDNS and configure a primary zone for the branch office domain. You test name resolution and find that hosts can only resolve names for hosts within the domain. You need to enable clients in the Tulsa location to resolve names for hosts in other domains within your private network. You would like to minimize traffic across the WAN link between the sites. What should you do?

Configure TulsaDNS to use forwarders.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8 Enterprise edition. The main office contains a server named RRAS1. You are in the process of configuring RRAS1 to support DirectAccess connections. You need to configure RRAS1 to allow IPv6 connectivity for the clients to RRAS1 for the purpose of DirectAccess. What should you do?

Configure Windows Firewall with Advanced Security to allow ICMPv6 Echo Requests.

You have a computer that runs Windows 7. Your computer is configured to download and automatically install important (critical) patches using Windows Update. You notice that updates that Microsoft suggests, but does not mark as important, are not being downloaded. You would like these other updates to download and install automatically with the least amount of effort. What should you do?

Configure Windows Update to include recommended updates.

You manage a network with a single location and a single domain, *westsim.com*. All client computers on the private network are members of the *westsim.com* domain. The *westsim.com* zone is configured as a primary zone on the DNS1 server. You recently opened a branch office. The branch office is connected to the main office with a WAN link. All client computers in the branch office are members of the *westsim.com* domain, and use the DNS1 server in the main office for name resolution. In analyzing WAN link traffic, you notice a lot of traffic from DNS name resolution. You would like to reduce the name resolution traffic across the WAN link. However, you do not want any replication traffic to cross the WAN link. What should you do?

Configure a DNS server in the branch office without any zones. Configure all client computers in the branch office to use the new DNS server.

You are the network administrator for *eastsim.com*. The network consists of one Active Directory domain. All the servers run Windows Server 2012. You have been instructed to map a drive to a department share for all users. The company no longer uses login scripts, so you must ensure that the department share is mapped using group policy. What should you do?

Configure a Drive Maps policy in a GPO linked to the domain.

You manage the branch office for your company network. The branch office has a single Active Directory domain, *branch1.westsim.private*. All computers in the branch office are members of the domain. All client computers run Windows 7. The branch office consists of two subnets and 50 host computers. A single DHCP server on Subnet1 delivers IP address information to all clients. A single server on Subnet2 is both the domain controller and the DNS server. Dynamic updates are enabled on the DNS zone. You want to configure each client computer with consistent DNS server addresses and DNS search suffixes. You want to prevent users from modifying these settings. What should you do?

Configure a GPO with the DNS server and search suffix settings.

You have a program that ran on your Windows XP machine that was running SP2. You try to install the program on Windows 7, but it does not run. What should you try first to overcome this problem?

Configure a Windows emulation mode.

You are the network administrator for *westsim.com*. the network consists of a single active directory domain. All the servers run Windows 2012. All the clients run Windows 8. You have enabled outbound filtering for Public networks in the Windows Firewall with Advanced Security node of a Group Policy which applies to member servers. A member server named APP1 is being configured to host a custom web application named Application 1 that must contact a source server located on the Internet using port 735. After installing Application 1 on APP1, you discover that it is unable to contact the source server. You need to enable APP1 to contact the source server on the Internet. What should you do?

Configure a custom outbound rule.

You have a file server that has the File Services role installed. The E:\ drive is used for storing files for the graphic artists. The E:\Graphics folder holds all shared graphic files used by all artists. The E:\Users folder contains subfolders for user home directories, with one subfolder for each user. You would like to keep track of disk space usage by user. You would like to be notified whenever a user has more than 100 MB of files on the E:\ drive. What should you do?

Configure a disk quota limit of 100 MB. Log an event when the quota limit is exceeded.

You have a file server that has the File Server Resource Manager role service installed. The E:\ drive is used for storing files for the graphic artists. The E:\Graphics folder holds all shared graphic files used by all artists. The E:\Users folder contains subfolders for user home directories, with one subfolder for each user. You would like to keep track of disk space usage by user. Users should be able to save 200 MB in their home folder. When they reach 85% of that limit, you want an entry to be made in the Event Log. When their limit is reached, you want a second entry to be made in the Event log. However, you do not want to prevent users from exceeding the 200 MB limit at this time. What should you do?

Configure a quota on the E:\Users folder with a soft quota of 200 MB. Configure thresholds at 85 and 100 to log an event.

You are the network administrator for a network with a single Active Directory forest. The forest root domain name is *westsim.local*, where there are two child domains named *support.westsim.local* and *research.westsim.local*. Branch offices are located in Denver and Chicago. The corporate headquarers is located in Dallas. The Denver site has domain controllers from the *support.westsim.local* domain and *research.westsim.local* domains. Workstation computer accounts and user accounts for the Denver location are members of the *research.westsim.local* domain. You notice that authentication traffic is saturating the WAN links between Dallas and the two other offices. You want to decrease authentication traffic over the WAN link. What should you do?

Configure a shortcut trust between the *research.westsim.com* domains and the *support.westsim.com* domain.

You are working for a company that has a large Active Directory network with locations in New York City, Washington D.C., Seattle, Miami, and Des Moines. The company has just opened an office in Toronto. You are responsible for bringing the new Toronto site online. The Toronto and Washing locations are connected with a high-speed WAN link. A dial-up connection has also been configured between the two locations. You need to configure new site links to accommodate the Toronto office. What should you do? (Choose two. Each correct choice is part of the solution.)

Configure a site link to represent the high-speed connection between Toronto and Washington D.C.. Configure the site link cost to be 50. Configure a site link to represent the dial-up connection between Toronto and Washington D.C.. Configure the site link cost to be 150.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012. The network contains an Active Directory Rights Management Service (AD RMS) server and AD RMS has been configured for all of the client computers. *westsimcom* has gone into partnership with *eastsim.com*. *eastsim.com* also uses AD RMS to protect proprietary content. You add the *eastsim.com* domain to the list of trusted user domains to allow *eastsim.com* users to be authenticated by the AD RMS server. After several weeks, you notice that some users in the *eastsim.com* domain are being authenticated as *westsim.com* users. You need to prevent *eastsim.com* users from impersonating *westsim.com* users. What should you do?

Configure a trusted email domain.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8. There is a single main office located in New York. The company has deployed Network Access Protection (NAP) on the internal network. A server named NAP1 is configured with the Network Policy and Services role. You need to ensure that clients accessing the computer using wireless access points are authenticated using 802.1x authentication and are evaluated by NAP. What should you do?

Configure all wireless access points as RADIUS clients to NAP1.

You have a file server that has the File Server Resource Manager role service installed. The E:\ drive is used for storing files for the graphic artists. The E:\Graphics folder holds all shared graphic files used by all artists. The E:\Users folder contains subfolders for user home directories, with one subfolder for each user. All artists should be able to save graphic files to the E:\Graphics folder. However, you want to prevent users from saving any executable files in that folder. What should you do?

Configure an active file screen on the G:\Graphics folder.

You have just received a new laptop at work that you will use on your company network and at home. The company network uses dynamic addressing, while your home network uses static addressing. You connect the laptop to the company network and everything works fine. When you take your laptop home, you cannot connect to devices on your home network or the Internet. You run ipconfig on the laptop and receive the following output: Connection-specific DNS Suffix : IP Address : 169.254.22.74 Subnet Mask : 255.255.0.0 Default Gateway : You need to be able to connect to both the company network and your home network with the least amount of configuration and cost. What should you do?

Configure an alternate TCP/IP configuration.

You manage a computer that runs Windows 7. You would like to prevent users from running all software on the computer except for software that has been digitally signed. The rule should apply to all known and unknown software. What should you do?

Configure an executable rule in application control policies with a publisher condition.

You are the server administrator for the eastsim.com domain. You have an application server named Srv12 that runs a stateless Web application using IIS. Because of recent growth, this server is becoming unable to process all incoming requests in a timely manner. You would like to add a second server to run the application. Your solution should meet the following requirements: Client requests should be divided evenly between the two servers. If one server goes down, all requests should go to the other server. All application data will be stored on internal parallel SCSI drives on each server. You install the application on the second server. You now need to configure a solution to meet the requirements. What should you do?

Configure both servers in a Network Load Balancing (NLB) cluster.

You are the server administrator for the eastsim.com domain. You have an application server named Srv12 that runs a stateless Web application using IIS. Because of recent growth, this server is becoming unable to progress all incoming requests in a timely manner. You would like to add a second server to run the application. Your solution should meet the following requirements: Client requests should be divided evenly between the two servers. If one server goes down, all requests should go to the other server. All application data will be stored on internal parallel SCSI drives on each server. You install the application on the second server. You now need to configure a solution to meet the requirements. What should you do?

Configure both servers in a Network Load Balancing (NLB) cluster.

You manage a network with a single location. You have previously deployed a WSUS server in your location to specify the approved list of updates. All client computers are configured to download updates from your local WSUS server. Members of the Accounting department report that a new system update causes instability with their accounting software. You want to prevent this update from being applied to the accounting department computers, but you still want to ensure that all other updates are being applied as they should. What should you do?

Configure client side targeting on the WSUS server and computers in the Accounting department.

You have decided to implement Network Access Protection (NAP) with RD Gateway on your network. You have installed the NPS role, configured the System Health Validator (SHV), created health policies, and configured network policies. Which additional step will you need to perform to complete the configuration?

Configure connection authorization policies.

You have a Windows 7 computer shared by multiple users. The computer has a single hard disk with a single partition. You want to make sure that each user can only save up to 4 GB of files on the existing hard disk. Files stored to USB devices should not count towards the limit. What should you do?

Configure disk quotas.

You have a small wireless network with 10 client computers configured in a workgroup. You upgraded the firmware on two wireless devices so you can use a better security standard than WEP. Now you need to implement the new security standard. You need the greatest amount of security with the least amount of effort, and without replacing any of the wireless infrastructure. What should you do? (Select two.)

Configure each client with the same key. Implement WPA-PSK.

You are in charge of managing several servers. Your company requires many custom firewall rules in Windows Firewall with Advanced Security. What should you do?

Configure firewall settings in Group Policy. Apply the GPO so that it applies to all applicable servers.

You are in charge of installing a remote access solution for your network. You decide you need a total of four remote access servers to service all remote clients. Because remote clients might connect to any of the four servers, you decide that each remote access server must enforce the exact same policies. You anticipate that the policies will change frequently. What should you do? (Select two. Each choice is a required part of the solution.)

Configure network policies on the RADIUS server. Configure one of the remote access servers as a RADIUS server, and all other servers as RADIUS clients.

You have several computers running Windows 7 Ultimate. The computers are members of a workgroup. You need to create many custom firewall rules on each computer. The rules must be specific for the Private network profile. You should complete the task with the least amount of effort as possible. What should you do? (Select two. Each answer is a complete solution.)

Configure one computer with the Windows Firewall with Advanced Security MMC snap-in. Then use the same tool to export the settings and import settings on the remaining machines. Configure one computer. Use *Netsh advfirewall* to export the firewall settings. Import the settings on the remaining machines.

You are the network administrator for your company. Your network consists of two Active Directory Domains: *research.westsim.local* and *sales.westsim.local*. Your company has two sites: Dallas and Houston. Each site has two domain controllers, with one domain controller for each domain. Users in Houston who are members of the *sales.westsim.local* domain report slow performance when logging in and accessing files in Dallas. Users in Dallas do not report any problems logging in and accessing local resources. You want all users in Houston to experience adequate log on and resource access response time. What should you do?

Configure one of the domain controllers in Houston to be a global catalog server.

You are the network administrator for your company. Your network consists of two Active Directory domains: *research.westsim.local* and *sales.westsim.local.* Your company has two sites: Dallas and Houston. Each site has two domain controllers, with one domain controller for each domain. Users in Houston who are members of the *sales.westsim.local* domain report slow performance when logging in and accessing files in Dallas. Users in Dallas do not report any problems logging in and accessing local resources. You want all users in Houston to experience adequate log on and resource access resource access response time. What should you do?

Configure one of the domain controllers in Houston to be a global catalog server.

Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HQ_West, and child OUs of Research, HR, Finance, Sales, and Operations. You also want to ensure that all client computers have strong password policies applied, and that an administrator is required to unlock locked user accounts for the Research and Human Resources departments. You create a Group Policy Object named DefaultSec, which applies security setting that are required for all users and computers. You create a second GPO named HiSec, which has the security settings taht are required by the HR and the Research departments. Both GPOs use custom security templates. How should you link the GPOs to the OUs? (Select three.)

Configure password policies on a GPO linked to the domain. Link DefaultSec to the HQ_West OU. Link HiSec to the HR and Research OUs.

You are a domain administrator for a single-domain network. The domain has several organizational units (OUs) representing each department in the organization. You have delegated complete administration for each OU to appropriate users in each department. You have made these users members of the Group Policy Creator Owners group. You create a Group Policy object (GPO) named Corporate Desktop that configures the desktop environment for users in the company. You link the GPO to the domain. Later, you discover that some of the settings are not being applied to users in the Development department. How can you make sure that all settings in the Corporate Desktop GPO get applied to all users in the company?

Configure the *Enforced* option for the Corporate Desktop GPO.

You are the network administrator for a network with a single Active Directory domain. The domain's functional level is Windows Server 2003. Users are divided into OUs named Sales, Accounting, and Management. You are using Group Policy software distribution for all corporate applications. A sales application is deployed as user assigned in a GPO named Sales Applications that is linked to the Sales OU. Mary Hurd has been transferred to the Sales department to the Accounting department. You move the corresponding user account from the Sales OU to the Accounting OU. After logging on to a new computer in the Accounting department, Mary reports that the sales application is still being applied. You do not want the sales application to be applied to the user. What should you do?

Configure the *Uninstall this application when it falls out of the scope of management* option for the sales application software package.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012. All of the clients run Windows 7. *westsim.com* has decided to implement Active Directory Rights Management Services (AD RMS) to protect the content of documents and emails. After installing and configuring a new AD RMS cluster, you discover that clients are not able to locate the AD RMS server to obtain Rights Account Certificates (RACs). You need to enable clients to automatically discover the AD RMS cluster. What should you do?

Configure the AD RMS service connection point (SCP).

You are the administrator of a network with a single Active Directory domain. The domain includes two domain controllers. Your company's security policy requires that locked accounts are unlocked by administrators only. Upon reviewing the account lockout policy, you notice the Account lockout duration of *99999*. You need to configure your domain's account lockout policy to comply with your company's security policy. What should you do next?

Configure the Account lockout duration to *0*.

You are the administrator of a network with a single Active Directory domain. The domain includes two domain controllers. Your company's security policy requires that locked out accounts are unlocked by administrators only. Upon reviewing the account lockout policy, you notice the Account lockout duration of 99999. You need to configure your domain's account lockout policy to comply with your company's security policy. What should you do next?

Configure the Account lockout duration to 0.

You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network administrators for the high school. The school's computer center has workstations for anyone's use. All computers in the computer center are members of the Computer Center Computers global group. All workstations are currently located in the Computers container. The computer center computers have access to the Internet so users can perform research. Any user who uses these computers should be able to run Internet Explorer only. Other computers in the high school should not be affected. To address this security concern, you create a Group Policy object (GPO) named Computer Center Security. You need to configure and apply this GPO to enforce the computer center's security needs. What should you do?

Configure the Computer Configuration node of the Computer Center Security GPO to restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the Computer Center Computers group only.

You are the administrator of a single-domain network. The domain has an OU named *Sales*. All users in the Sales OU use an application named *ContractTrack*. You want to install this application to all computers in the Sales OU. You create a GPO named *Deploy Software*, configure it to assign the ContractTrack application to users, and link the GPO to the Sales OU. Although the shortcut appears in the Start menu for Sales users, the application is not installed until users click the shortcut. You want the GPO to install the application completely. What should you do?

Configure the Computer Configuration node rather than the User Configuration node of the Deploy Software GPO.

You are the administrator of a single-domain network. All servers in the domain run Windows Server 2008 R2 or Windows Server 2012 R2. All client computers run Windows 8. The domain has an OU named Sales. All users in the Sales OU use an application named ContractTrack. You want all Sales users to have a shortcut to the ContactTrack application in their Start menu. The first time they click the shortcut, you want the ContractTrack application to be installed. You create a GPO named Deploy Software, configure it to publish the ContractTrack application to users, and link the GPO to the Sales OU. You soon discover that the shortcut does not appear in any user's Start menu. What should you do?

Configure the Deploy Software GPO to assign rather than publish the ContractTrack software.

You are the administrator of a single-domain network. The domain has an OU named Sales. All users in the Sales OU use an application to be available in the Add/Remove Programs applet of all computers in the Sales OU. You do not want a shortcut to the program to appear on users' Start menu. You create a GPO named Deploy Software, configure it to assign the ContractTrack application to users, and link the GPO to the Sales OU. However, after doing so, the shortcut appears in the Start menu for all Sales users. What should you do to prevent the shortcut from appearing?

Configure the Deploy Software GPO to publish rather than assign the ContractTrack software.

You are implementing NAT on a Windows Server 2012 system using Routing and Remote Access. You installed two network interfaces in the server: • The *Ethernet* connection is connected to external network that uses registered IP addresses. • The *Ethernet1* connection is connected to the internal network where private IP addressing is used. The Ethernet connection is assigned an IP address of 137.65.1.23/16, while the Ethernet1 connection is assigned an IP address of 172.17.1.1/16. You enabled Routing and Remote Access on the server and configured it for NAT. You defined the Ethernet connection as the private interface and the Ertherner1 connection as the public interface with NAT enabled. When you test the configuration, it doesn't work correctly. What should you do to fix it?

Configure the Ethernet interface as the public interface and enable NAT on it.

You are responsible for all application installations on your network. You are also responsible for applying all service packs, hot fixes, and application upgrades. Presently, you need to upgrade an application that has been deployed using a GPO and the Windows Installer process. Before the installation of the upgrade, you must uninstall the previous version of the application. What should you do?

Configure the GPO to uninstall the previous version before it installs the new upgrade.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. *westsim.com* has a number of Product Specialists who travel to remote areas. The Product Specialists complain that their Internet connections frequently fail, forcing them to reconnect to the company VPN server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN performance by allowing the clients to automatically reconnect to the company VPN if the clients' Internet connection should fail. What should you do?

Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol.

You are the network administrator for *northsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. The company has one main office and several small branch offices. The branch offices do not have any on-site networks administrators. You are preparing to deploy servers to each of the branch offices. Security is a concern. You must ensure that the passwords for only the members of the branch office are cached on the branch office domain controllers. You must also ensure that data stored on the branch office servers cannot be compromised, even if a hard drive is stolen. What should you do?

Configure the branch office servers as Read-Only Domain Controllers (RODCs) and install the BitLocker feature.

You have a computer running Windows 7 Professional. The computer is a member of a domain. You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. What should you do?

Configure the connection to use WPA2-Enterprise.

You want to connect a laptop computer running Windows 7 to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?

Configure the connection with a preshared key and AES encryption.

You have decided to implement Network Access Protection (NAP) with 802.1x authentication on your network. You have installed the Network Access and Policy Server role, configured the System Health Validator (SHV), created health policies, and configured network policies. Which additional steps will you need to perform to complete the configuration? (Select two. Each choice is a possible action.)

Configure the enforcement point as a RADIUS client. In the network policy, configure VLAN memberships.

The Run the Remote Access Setup Wizard breaks the installation into four separate installations that give you a great deal of control over settings and configurations. Identify the correct description for the installation of Remote Access Servers.

Configure the network connections based on one or two network cards and which adapters are internal and which adapters are external. You can also specify the use of smartcards and specify the certificate authority (CA) to use for DirectAccess to provide secure communications.

The Portland site in your company network has the only connection to the Internet. To allow all Windows 8 computers on the network to access the Internet through the Portland connection, you install and configure the NAT routing protocol on a server in Portland. You decide to use IP addresses in the range of 192.168.40.1 through 192.168.40.50 for the network. The Portland server is configured to use an IP address of 192.168.40.1. Web1 is a Web server configured with an IP address of 192.168.40.2 and a default gateway of 192.168.40.1. Your Internet service provider has allocated two IP addresses, 207.46.179.16 and 207.46.179.17, to your network. You want to allow Internet users from outside your internal network to use an IP address of 207.46.179.17 to access the resources on the Web1 server through the NAT service on Portland. What should you do?

Configure the public interface of the NAT routing protocol to use an address pool with a starting address of 207.46.179.16 and a mask of 255.255.255.254. Reserve a public IP address of 207.46.179.17 for the private IP address of 192.168.40.2.

Margaret is in charge of configuring the remote access solution for her network. The network consists of a single subnet. A DHCP server on the private network assigns IP addresses to hosts on the private network. A single remote access server, RASSRV, provides remote access connections for 10 Windows 8 laptops. Remote clients have access to resources on the private network through RASSRV. Margaret wants the clients to receive their IP addresses from the DHCP server. What should Margaret do?

Configure the remote access server to use DHCP for addressing.

You are configuring the network for a new company with two sites: the main office is in Denver, and a branch office is in Phoenix. The sites are connected by a WAN link. All servers, including domain controllers, will run Windows Server 2012. All servers will be members of an active Directory domain. The main office uses the domain of *corp.westsim.com*. All domain members are currently located only in the Denver location. The branch office uses the domain of *research.corp.westsim.com*. All domain members are located only in the Phoenix location. The following servers are in each location. *Denver* srv1.corp.westsim.com, srv2.corp.westsim.com Domain controller; DNS server srv3.corp.westsim.com Domain controller *Phoenix* srv1.research.corp.westsim.com, srv2.research.corp.westsim.com Domain controller, DNS server srv3.research.corp.westsim.com All zones are Active Directory integrated zones, and there are no other DNS servers on the network. To improve name resolution at the Phoenix location, you install a domain controller and DNS server named *srv4.research.corp.westsim.com* in the Phoenix location.. You want this server to have a copy of the *corp.westsim.com* zone. You do not want any servers in the Denver location to have a copy of the *research.corp.westsim.com* zone. You want to minimize the amount of DNS information stored on each server. What should you do?

Configure the replication scope for *corp.westsim.com* as *To all DNS servers in this forest. Configure the replication scope for *research.corp.westsim.com* as *To all DNS servers in this domain*.

To tightly control the anti-malware settings on your computer, you elect to upgrade the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent the scenario from occurring again?

Configure the software to automatically download the virus definition files as soon as they become available.

You manage Certificate Services for the *westsim.com* domain. You have a single CA installed as an enterprise root CA that runs Windows Server 2012. You duplicate the Basic EFS certificate template and configure the CA to issue the certificate. You want users to request an EFS certificate using the Web enrollment pages. When a request is submitted, you want the certificate to be approved automatically. How should you complete the configuration of the certificate template? (Select two. Each choice is a required part of the solution.)

Configure the template to not require CA certificate manager approval. Grant users the Read and Enroll permissions.

You are the DNS manager for the *eastsim.com* domain. You have set up a Web site for your intranet that holds company information for use by the employees. Employees access the Web site using the URL: *intraweb.eastsim.com*. Because of the large number of employees, you decide to configure three different Web servers that will hold the intranet content. When users enter the URL in their browsers, you want the DNS server to respond with the IP address of one of the three servers. The DNS server should evenly use each of the three Web server addresses. What should you do? (Select two. Each choice is a required part of the solution.)

Configure three different host (A) records for *intraweb.eastsim.com*, with each pointing to a different server. On the DNS server, enable DNS round robin.

You have decided to implement Network Access Protection (NAP) on your network. You decide to create two categories of computers: • Those that pass all health checks. • Those that fail one or more health checks. Those that pass all checks should be granted full network access, while those that fail one or more should be granted access only to the quarantine network. How should you configure NAP for this scenario? (Select two. Each choice is a required part of the solution.)

Configure two Network Policies Configure two Health Policies

You manage a laptop that runs Windows 7. The laptop is shared by members of the Sales team. Sales team members use standard user accounts to log on to the computer. You want to allow users to change the system time and the time zone. You need to grant them this ability while limiting their ability to perform unrelated tasks. What should you do?

Configure user rights for the Sales group in the local security policy.

The Run the Remote Access Setup Wizard breaks the installation into four separate installations that give you a great deal of control over settings and configurations. Identify the correct description for the installation of Application Servers.

Configure your end-to-end authentication and security for the DirectAccess components. It also provides secure connections to individual servers.

You have an executive who needs her print jobs handled above those of others. How would you accomplish this advanced printing configuration?

Connect multiple print servers to a single print device

You manage the website for your company. The website uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage, and a single connection to your ISP. You want to provide redundancy such that a failure in a single component does not cause the website to be unavailable. What should you add to your configuration to accomplish this?

Connect one server though a different ISP to the Internet.

You want to create a loopback plug using a single RJ-45 connector. How should you connect the wires in the connector?

Connect pin 1 to pin 3 and pin 2 to pin 6.

You have three switches connected together as shown in the Exhibit. The VTP configuration status of each switch is shown. You notice that when you make a VLAN configuration change on switch A that the change is not passed to switch C. What should you do to correct this problem? (Select 2. Each choice is a complete solution.)

Connect switch C directly to switch A. On switch B, change the VTP domain name to CCNA.

You have just replaced the motherboard in your computer. Your computer starts, but the hard disk light does not come on while the system is booting. What should you do?

Connect the hard disk LED to the motherboard.

You are a field technician for a large company. You have been sent to a remote site to troubleshoot a downed router. When you arrive at the remote site, how will you connect your laptop to the router? (Select two.)

Connect the laptop's COM port to the router's console port using a rollover cable. Connect the laptop's Ethernet port to the router's Ethernet port using a crossover cable.

You have a new laptop computer running Windows 7 Professional. You need to connect your computer to a wired network at work and a wireless network at home. While connected to your work network, you set the default printer. You want to configure a different default printer to use when connected to your home network. In Devices and Printers, you click Manage default printers. Your home wireless network does not appear in the list of available networks. What should you do?

Connect to the wireless network.

You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?

Contact your customers to let them know of the security breach

You have a Web site that uses multiple servers for different types of transactions. For example, one server is responsible for static Web content, while another is responsible for secure transactions. You would like to implement a device to speed up access to your Web content. The device should be able to distribute requests between the various Web servers using specialized hardware and not just a software configuration. In addition, SSL sessions should use the hardware components in the device to create SSL sessions. Which type of device should you choose?

Content swtich

Which of the following terms describes the difference between white and black in an LCD monitor?

Contrast ratio

Which program or component includes User Accounts?

Control Panel

You are the administrator for the *corp.westsim.com* domain. All servers in the domain run Windows Server 2012, and all clients run Windows 7 or Windows 8. The domain has two subdomains: • *acct.corp.westsim.com* • *sales.corp.westsim.com* The *acct.corp.westsim.com* zone is an Active Directory-integrated zone, while the *sales.corp.westsim.com* zone is a primary zone. To improve name resolution, you set up DNS on the *Srv3.acct.corp.westsim.com* server. You create a secondary zone on that server pointing to the *sales.corp.westsim.com* zone. One day you come to work to find that the primary server for the *sales.corp.westsim.com* zone has failed. You have a backup that was performed the previous night. You need to have a primary server on line as quickly as possible while restoring as much of the zone data as possible. What should you do?

Convert the *sales.corp.westsim.com* secondary zone on Srv3 to a primary zone.

You currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 100 GB saved in the vdisk1.vhd file. Physical disk space on the server is getting low. When you run Disk Management within the virtual machine, you notice that only 30 GB of space is being used, but the vdisk1.vhd file occupies 100 GB. You want to reduce the physical size of the virtual hard disk What should you do?

Convert the disk to a dynamically expanding disk named vdisk2.vhd. Delete vdisk1.vhd, and rename vdisk2.vhd to vdisk1.vhd.

Which of the following is a text file provided by a Web site to a client that is stored on a user's hard drive in order to track and record information about the user?

Cookie

Use of which of the following is a possible violation of privacy?

Cookies

You have a file server that has the File Server Resource Manager role service installed. The G:\ drive is used for storing files for the research department. The G:\Users folder contains subfolders for user home directories, with one subfolder for each user. The G:\Reports folder is shared by all users for holding weekly department reports. You create a quota entry for the G:\Users folder using the default 100 MB Limit template and auto applying the template to subfolders. You create a second quota entry for the G:\Reports folder using the *Create quota on path* option and the default 100 MB Limit template. After several months, the manager is complaining that the G:\Reports folder is full. You are instructed to increase the quota limit to 200 MB while keeping the remaining quota settings. What should you do?

Copy the 100 MB Limit template to a new template. Increase the space limit to 200 MB and apply the template to the G:\Reports folder.

You are the network administrator for *eastsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. The company has a main office in New York and several international locations including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the eastsim.com* office in Germany. The network administrators in Germany plan to use Group Policy Administrative Templates to manage Group Policy in their location. You need to install the German version of the Group Policy Administrative Templates so they will be available when the new domain controller is deployed to Germany. What should you do?

Copy the German .ADML files to the appropriate directory in the SYSVOL on a local domain controller.

You are the network administrator for *eastsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 8. The company has a main office in New York and several international locations including facilities in Germany and France. You have been asked to build a domain controller that will be deployed to the *eastsim.com* office in Germany. The network administrators in Germany plan to use Group Policy Administrative Templates to manage Group Policy in their location. You need to install the German version of the Group Policy Administrative Templates so they will be available when the new domain controller is deployed to Germany. What should you do?

Copy the German .ADML files to the appropriate directory in the SYSVOL on a local domain controller.

You want to create a central store for the administrative templates on a Windows Server 2012 R2 domain controller. What should you do?

Copy the local .admx and .adml files to C:\Windows\SYSVOL\domain_name\Policies\PolicyDefinitions.

You manage a Windows 7 computer. One day you are downloading some new mp3 files to your computer. You save the files directly to the music library on your computer. You want to copy the new files to a different folder on your computer. You view the properties of the Music library and see the dialog shown in the image. What should you do?

Copy the new files from the C:\Users\Public\Public Music folder.

You have two computers that run Windows 7 Ultimate: Comp1 and Comp2. Both computers are members of a HomeGroup; neither computer is a domain member. On Comp1, you share the C:\Files folder with the HomeGroup. The C:\Files\data.doc file is encrypted. From Comp2, you can access all of the files in the C:\Files folder except for the data.doc file. What should you do?

Copy your private key from Comp1 to Comp2.

You have decided to install multiple virtual servers, all running Windows Server 2011, on a single physical computer. You install Hyper-V on a server that is running Windows Server 2012 Datacenter edition. You need to install the following virtual machines: 3 servers running the Windows Server 2008 Standard edition (32-bit) 4 servers running the Windows Server 2008 R2 Standard edition (64-bit) 3 Servers running the Windows Server 2012 Datacenter edition (64-bit) To conserve disk space, you decide to use parent and differencing disks. You need to create the virtual hard disks used by the virtual machines. What should you do?

Create 3 fixed disks and 10 differencing disks.

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do? (Select two. Each choice is a possible solution.)

Create GPOs with the common settings. Take a backup of each GPO. After creating new GPOs, import the settings from one of the backed up GPOs. Create GPOs with the common settings. When creating new GPOs, copy one of the existing GPOs.

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As you manage Group Policy objects (GPOs), you find that you often make similar user rights, security options, and Administrative Template settings in different GPOs. Rather than make these same settings each time, you would like to create some templates that contain your most common settings. What should you do? (Select two. Each choice is a possible solution.)

Create GPOs with the common settings. When creating new GPOs, copy one of the existing GPOs. Create GPOs with the common settings. Take a backup of each GPO. After creating new GPOs, import the settings from one of the backed up GPOs.

Your company has started the transition to Ipv6. You need to configure records on the DNS server so that clients can submit an IPv6 address and receive back the host name for that computer. What should you do?

Create PTR records.

You are the network administrator for *northsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. Shares for the Sales department are located on a file server named FS1. FS1 has File Server Resource Manager (FSRM) installed. A file screen has been created for a folder named SalesData. The file screen is configured to block files contained in the Audio and Video file group. The sales department is working closely with the Marketing department to develop a new marketing strategy. Users in the Marketing department have developed several promotional videos that are stored as .avi files. You need to allow only members of the Marketing department to upload these videos to the SalesData folder. What should you do?

Create a File Screen Exception

You are the network administrator for the *westsim.com* domain. All client computers are running Windows 8 and all servers are running Windows Server 2008 R2 or Windows Server 2012 R2. Organizational Units (OUs) have been created for each department, and user and computer accounts have been moved into the department OUs. You have recently configured a Windows Server Update Services (WSUS) infrastructure on the network. All client computers are configured to download updates from your internal WSUS server. You have just received notification that the accounting software has a new update. The update is critical and must be deployed as quickly as possible to all computers in the accounting department. What should you do?

Create a GPO linked to the Accounting OU. Assign the .msi file included with the update to computers.

You are the network administrator for the *westsim.com* domain. All client computers are running Windows 8 and all servers are running Windows Server 2008 R2. Organizational Units (OUs) have been created for each department, and user and computer accounts have been moved into the departmental OUs. You have recently configured a Windows Server Update Services (WSUS) infrastructure on the network. All client computers are configured to download updates from your internal WSUS server. You have just recently configured a Windows Server Update Services (WSUS) infrastructure on the network. All client computers are configured to download updates from your internal WSUS server. You have just received notification that the accounting software has a new update. The update is critical and must be deployed as quickly as possible to all computers in the accounting department. What should you do?

Create a GPO linked to the Accounting OU. Assign the .msi file included with the update to computers.

You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You would like to use advanced auditing to track who performs these actions. You want to only monitor the necessary events and no others. What should you do? (Select two. Each choice is a required part of the solution.)

Create a GPO to configure auditing. Link the GPO to the domain. Audit successful system security state changes.

Members of the sales team use laptop computers while traveling. All laptops run Windows 8. All computers in the domain use smart cards for authentication. You have configured EFS in your domain to use the certificates on the smart card for encryption. To protect the data on each laptop, you want the contents of each user's Documents folder to be encrypted. All sensitive documents are to be saved in this folder. You also want to ensure that any temporary files used by applications while the files are open are also encrypted. If possible, you want to enforce encryption so that users cannot disable encryption. What should you do?

Create a Group Policy Object (GPO) that applies to all sales laptop computers. Configure the GPO to encrypt the Documents folder. Have each user manually encrypt all temporary directories used by applications.

You are the network administrator of a very large network. There are approximately 50 servers in the organization that all require the latest Microsoft service pack. You have acquired an MSI package that installs the latest service pack. All servers are located in an Active Directory OU called *Servers*. How should you deploy the service pack to all of the servers using the least amount of administrative effort? (Select two. Each choice is a required part of the solution.)

Create a Group Policy Object and link it to the Servers OU. Assign the MSI package using Computer Configuration.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8. The network consists of several main offices and branch offices. A Windows 2012 server installed with the Network Policy and Access Services role acts as the router for each office. You have been instructed to use NPS to configure IP Filters to control which traffic is passed to the local network.. The filters must be identical at each office. You must achieve this goal using the minimum of administrative effort. What should you do?

Create a Network Policy Server (NPS) template at one NPS server configured with the appropriate IP Filters, then export the template to the other NPS servers.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8. You need to provide access to remote clients who belong to the *Remote* group. You install the Network Policy Server (NPS) on a server named VPN1. You configure VPN1 to act as a VPN server and add all of the user accounts to the *Remote* group. You configure a server named RADIUS1 with the NPS role. You configure VPN1 to be a RADIUS client of RADIUS1. You need to configure RADIUS1 to process authentication requests from VPN1. What should you do?

Create a connection request policy.

You have two computers: ComputerA is running Windows Vista Business and ComputerB is running Windows 7 Professional. You are using USMT to migrate only the user profiles and user data from ComputerA to ComputerB. You need to specify the rules used for the migration to include all .jpg files. What should you do?

Create a custom XML file and then use *<include>* statements to specify the file types to be included in the migration.

You are configuring the network for a new company with two sites: the main office is in Denver, and a branch office is in Phoenix. The sites are connected by a WAN link. All servers, including domain controllers, will run Windows Server 2012. All servers will be members of an Active Directory domain. The main office uses the domain *corp.westsim.com*. All domain members are currently located only in the Denver location. The branch office uses the domain of *research.corp.westsim.com*. All domain members are currently located only in the Phoenix location. The following servers are in each location: *Denver* srvA.corp.westsim.com, srvB.corp.westsim.com Domain controller; DNS server srvC.corp.westsim.com Domain controller *Phoenix* srv1.research.corp.westsim.com, srv2.research.corp.westsim.com Domain controller, DNS server srv3.research.corp.westsim.com Domain controller. All zones are Active Directory integrated zones, and there are no other DNS servers on the network. To improve name resolution at the Phoenix location, you install a domain controller and DNS server named *srv4.research.corp.westsim.com* in the Phoenix location. You want this server to have a copy of the *corp.westsim.com* zone but not the *research.corp.westsim.com* zone. You do not want any other servers in the Phoenix location to have a copy of this zone. You want to minimize the amount of DNS information stored on each server. What should you do? (Select two. Each choice is a required part of the solution.)

Create a custom directory partition for *research.corp.westsim.com*. Add *srv1* and *srv2* to the replication scope. Create a custom directory partition for *corp.westsim.com*. Add *srvA*, *srvB*, and *srv4* to the replication scope.

You are the network administrator for Corpnet.com. The company has implemented Active Director Rights Management Services (AD RMS). The company has a vendor named Partner.com. Partner.com does not have an AD RMS cluster. You need to enable users in the Partner.com forest to access content protected by the AD RMS cluster in the Corpnet.com forest. What should you do?

Create a federated trust.

You are the network administrator for *northsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. You support a file server named FS1, that contains documents relating to a Defense Department project. According to the terms of the contract, all documents that contain an eight digit project number must be marked "Proprietary" and archived to a secure Network Attached Storage (NAS) device after three months. You need to ensure that all files that contain the project number are automatically marked "Proprietary". What should you do first?

Create a file classification rule.

You are the network administrator for *eastsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. There is a file server at the main office named FS1, that has File Server Resource Manager installed. A new company directive states that HR documents may be stored on an active file server for no more than two years from the date they were created. You need to ensure that after two years, HR documents are moved to an archive folder on a server named FS2, using the minimum amount of administrative effort. What should you do?

Create a file management task.

You have a file server that has the File Server Resource Manager role service installed. The G:\ drive is used for storing files for the research department. The G:\Users folder contains subfolders for user home directories, with one subfolder for each user. The G:\Reports folder is shared by all users for holding weekly department reports. All user accounts for the department are in the Research OU. You want to make sure that users cannot save executable files in the G:\Reports folder. However, users should be able to save .vbs scripts in this folder. What should you do?

Create a file screen for the G:\Reports folder. Select the Executables Files file group. Edit the file group and remove the *.vbs extension.

Yo manage a single domain named *widgets.com*. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members of the Directors OU. What should you do?

Create a granular password policy for Matt. Apply the new policy directly to Matt's user account.

You manage a single domain named *widgets.com*. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into the corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do?

Create a granular password policy. Apply the policy to all users in the Directors OU.

You manage a single domain named *widgets.com*. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do?

Create a granular password policy. Apply the policy to all users in the Directors OU.

You manage a single domain named *widgets.com*. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do?

Create a granular password policy. Create a global security group. Apply the policy to the group. Add all users in the Directors OU to the group.

You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?

Create a hash of each log.

You manage a Windows 7 computer that is shared by multiple users. You want to prevent users from running a common game on the computer. You want to prevent the game from running even if the executable file is moved or renamed. You decide to create a Software Restriction policy rule to protect your computer. What should you do?

Create a hash rule.

You manage a Windows 7 computer on a small home network. You want to share the following folders on your computer with users on the network: D:\Clipart D:\Fonts D:\VacationPictures You want to allow access meeting the following requirements: Users will access all folders through a simple share. The share should include only these folders and no others. The folders should remain in their current locations in the file system structure. What should you do?

Create a library. Add all folders to the library. Share the library with the HomeGroup.

You are the network administrator at *eastsim.com*. The organization owns 8 restaurants located in California. The network consists of a single Active Directory domain. There is one domain controller and one database server located in each restaurant. The domain password policy requires the use of complex passwords that must be changed every 30 days. After implementing a new third party backup system the backups run without problems for the first month and then begin failing regularly. You determine that the failure is due to an expired password on the service account being used by the third party backup software. You must reconfigure the software to perform successful backups. Your solution should maintain current security standards and avoid future backup failures, while using the least amount of administrative effort. What should you do?

Create a managed service account. Then you should configure the backup software to use the managed service account.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8. The network consists of one main office located in New York and 10 branch offices. There are several file servers at the main office and one file server in each of the branch offices. Users in the Sales department need to distribute pricing spreadsheets to the branch offices on a regular basis. The reports will only be updated at the main office and should not be updated at the branch office. You need to make the spreadsheets automatically available to the users at the branch offices when they are updated at the main office. Branch office users must not be able to modify the spreadsheets at the branch office. Your solution should minimize traffic between the main office and the branch offices. What should you do?

Create a namespace using the Distributed File System (DFS). Create a folder on one of the main office file servers and then create read-only replicas on the branch office file servers.

You manage a network with two locations: New York and Los Angeles. All computers are members of a single domain named *northisim.com*. You have been put in charge of creating a remote access solution, so that sales team members can connect to both sites using a VPN connection. On a server in the New York location, you configure a network policy that allows access to VPN users who are members of the Sales group. You test the connection and find that everything is working properly. You install a second remote access server in the Los Angeles location. However, when you try to connect using the VPN connection, the connection is refused, even though you used the same user account that was able to connect to the server in the New York location. What should you do?

Create a network policy on the server in the Los Angeles that is similar to the policy on the server In New York.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. There is one main office located in New York, and several branch offices, including one in Chattanooga, TN. All of the clients in the Chattanooga, TN are configured using DCHP and obtain addresses in the 172.16.0.0/16 subnet, with the scope ranging from 172.16.3.1 to 172.16.3.254. There are two domain controllers in the Chattanooga office named TNDC1 and TNDC2. TNDC1 has a static IP address of 172.16.2.3/16 and TNDC2 has a static IP address of 172.16.2.4/16. During the course of an IT audit, you notice that users authenticated by TNDC2 experience significant logon delays. You order a new server to replace TNNDC2. As a temporary fix, you would like to ensure that all users in the Chattanooga, TN site are authenticated by TNDC1. The solution should enable users to be authenticated by TNDC2 only if TNDC1 fails. What should you do?

Create a new Active Directory site. Create a new subnet object using the 172.16.2.4/32 subnet. Move TNDC2 to the new site.

You are the network administrator for *eastsim.com*. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012. All of the clients run Windows 8. The computer objects for all of the file servers in the company have been placed into an organizational unit named *FileServers*. Human Resources has received a complaint that a user has been accessing secured material on the company's file servers. They have requested a list of all files accessed by this user on any file server in the company during the next two weeks. You must provide this information using the least amount of administrative effort. What should you do?

Create a new group policy object and link it to the FileServers organizational unit. Enable *Global Object Access Auditing* for the *File System* and specify the user's account in the Auditing tab.

You are the network administrator for *eastsim.com*. the network consists of a single Active Directory domain. All of the servers run Windows Server 2012. All of the clients run Windows 8. The manager of the Sales business unit informs you that critical files have been inappropriately modified. You need to determine who has modified the files and what permissions have allowed them to do so. What should you do?

Create a new group policy object and link it to the organizational unit that contains the computer account for the file server. Enable the *Audit File System* and *Audit Handle Manipulation* policies in the Advanced Audit Policy Configuration node. On the Auditing tab in the Advanced Security Settings dialog box for the file, specify the Everyone group.

You are the network administrator for *westsim.com*. The network consists of one Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 8. You need to identify attempts by users to log on after their accounts have been locked out. Your solution should identify attempts made on any client computer in the domain. You must use the least amount of administrative effort. What should you do?

Create a new group policy object. In the Advanced Audit Policy Configuration, enable *Audit Account Lockout*.

You manage the *northsim.com* domain. Your company produces components that are used in military and government products. You would like to implement Active Directory Rights Management Services (AD RMS) to protect sensitive documents. You have the following two servers available for the configuration: ● Srv1 ● Srv2 Both are member servers running Windows Server 2012. Srv2 is running SQL Server. You want to configure the two servers in an AD RMS cluster. You will install AD RMS on Srv2 to create the root cluster and use Srv2 for the database server. Following Microsoft's recommendations, which of the following will be part of the configuration? (Select two. Each choice is a required part of the solution.)

Create a new user account for the AD RMS service account. Do not assign any permissions or group memberships to the account. Use *adrms.northsim.com* as the cluster address.

You are the administrator for WestSim Corporation. The network has a single domain, *westsim.com*, running at the Windows Server 2008 functional level. Five domain controllers, all running Windows Server 2008 R2 or Windows Server 2012, are located on the network. Your company recently merged with the EastSim Corporation. Their network has a single Active Directory domain running at the Windows 2003 forest functional level. For now, you need to maintain the *eastsim.com* domain as a seperate forest. Users in *eastsim.com* need access to resources in the *westsim.com* domain. However, users in *westsim.com* should not have access to any resources in the *eastsim.com* domain. What should you do?

Create a one-way external trust where the *westsim.com* domain trusts the *eastsim.com* domain.

You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application that reports the host name of all clients that tr to access three sensitive servers in the Accounting department. The application has been working fine for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover the application reports only the IP address but not the host name for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?

Create a primary reverse lookup zone for subnet 192.168.5.0.

You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application that reports the host name of all clients that try to access three sensitive servers in the Accounting department. The application has been working fine for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover that the application reports only the IP address but not the host name for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?

Create a primary reverse lookup zone for subnet 192.168.5.0.

You are the administrator for the *westsim.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective department OUs. Computers in the Accounting department use a custom application. During installation, the application creates a local group named *AcctMagic*. This group is used to control access to the program. By default, the account used to install the application is made a member of the group. You install the application on each computer in the Accounting department. All Accounting users must be able to run the application on any computer in the department. You need to add each user as a member of the *AcctMagic* group. You create a domain group named *Accounting* and make each user a member of this group. You then create a GPO named *Acct Software* linked to the Accounting OU. You need to define the restricted group settings. What should you do?

Create a restricted group named *AcctMagic*. Add the *Accounting* domain group as a member.

You are the administrator for the Creative Designs company. The network uses a single domain named *cdesign.com*. A single domain controller (CDDC1) holds an Active Directory-integrated zone and provides DNS services. Recently, your company purchased a competitor company, Design Limited, Inc. Their network uses a single domain named *dlimitinc.com*, with a single domain controller (DLIDC1) holding an Active Directory-integrated zone. Domains for each company are currently in different forests. You connect the Creative Designs location to the Design Limited location with a T-1 line. You want to enable hosts at the Creative Designs location to be able to resolve host names in the *dlimitinc.com* zone. You need to minimize hardware costs while maximizing DNS performance. How should you configure the CDDC1 server at the Creative Designs location to enable clients to resolve names at Design Limited, Inc.?

Create a secondary zone of the *dlimitinc.com* zone on CDDC1.

You are the systems administrator for EastSim Corporation. Domain controllers at headquarters host Active Directory integrated zones for the domain *eastsim.com* domain. The company has recently purchased a small design company located in Tampa. The new company will become a branch office connected to headquarters with a T-1 line. You have been sent to integrate the branch office into the corporate network. The existing network in Tampa is using a UNIX BIND-based DNS server. Rather than replace this server, you decide to use it to provide name resolution for the branch office. You want all clients in the branch office to be able to resolve hostnames for hosts in the *eastsim.com* domain. You want to minimize the network traffic across the WAN link and provide the fastest name resolution services possible. What should you do?

Create a secondary zone on the UNIX DNS server. Have it replicate data from one of the domain controllers configured as a DNS server.

You are the network administrator for Corpnet.com. Users in the .sales.us.corpnet.com domain frequently need to access shares in the sales.eu.corpnet.com, but report that it often takes a long time to be authenticated when accessing the shares. You need to reduce the amount of time it takes the users in sales.us.corpnet.com to be authenticated in sales.eu.corpnet.com. What should you do?

Create a shortcut trust.

You manage the remote access solution for your network. Currently, you have 10 remote access servers named RA1 through RA10. A single RADIUS server named RA11 holds all network policies for all remote access servers. Due to some recent changes, you decide to add two more RADIUS servers, RA12 and RA13, to your solution. Remote access authentication should be directed to either of the three servers so that requests are load balanced between them. You add RA14 to configure it as a RADIUS proxy. You configure RA1 through RA10 as RADIUS clients to RA14. Authentication requests will be received by RA14, then directed to one of the three RADIUS servers. How should you complete the configuration of RA14? (Select two. Each choice is a required part of the solution.)

Create a single RADIUS server group with RA11, RA12, and RA13 as members of the group. Create a single connection request policy.

You manage a network that has three sites: Tampa, Atlanta, and Nashville. You have shared a folder called *Policies* that you want to make available to users in all three sites. You configure a DFS namespace and configure a single folder named *Policies*. Five servers in each site are targets for this folder. You need to configure DFS replication so that data in the shared folder is replicated to all target servers in all locations. What should you do?

Create a single replication group with all servers as members of the group. Configure hub and spoke replication.

You re in charge of designing the Active Directory tree. You have a small company that has one location. You have determined that you will have approximately 500 objects in your completed tree. The tree design has been the subject of some controversy. In preliminary meetings, you have determined that there are four primary areas of the company: Accounting, Manufacturing, Sales, and Administration. Each are is autonomous and reports directly to the CEO. In meetings on the Active Directory tree design, the manager of each area wants to make sure that some management control of their users and resources remains in the department. What should you do?

Create an Organizational Unit object for each department. Train a member of each department to perform limited administrative duties. Use the Delegation of Control wizard to give a member of each OU enough rights to perform the necessary administrative tasks only in the appropriate OU.

Your company has just decided to upgrade from an older non-directory-based server operating system to Windows Server 2012 R2. You are in charge of designing the new Active Directory tree. You have a small company that has only one location. You have determined that you will have approximately 500 objects in your completed tree. The tree design has been the subject of some controversy. In preliminary meetings, you have determined that there are four primary areas of the company: Accounting, Manufacturing, Sales, and Administration. Each area is autonomous and reports directly to the CEO. In meetings on the Active Directory tree design, the manager of each area wants to make sure that some of the management control of their users and resources remains in the department. What should you do?

Create an Organizational Unit object for each department. Train a member of each department to perform limited administrative duties. Use the Delegation of Control wizard to give a member of each OU enough rights to perform the necessary administrative tasks only in the appropriate OU.

Your router has the following access lists: ● List 91 denies all traffic from network 12.1.6.0/24 and allows all other traffic. ● List 101 denies all Telnet traffic and allows all other traffic. Access list 91 is applied to the Serial0 interface for outbound traffic. Access list 101 is applied to the Serial0 interface for inbound traffic. You now want to modify the access list configuration to deny outbound ICMP traffic while keeping all other restrictions in place as closely as possible. How should you modify the access lists to accomplish your goal with the least amount of effort?

Create an access list 102 that denies ICMP traffic and traffic from network 12.1.6.0/24. Apply the list to Serial0 for outbound traffic.

You have configured NAT on your router to connect your small company network to the Internet. Shown below is a partial configuration for the router: hostname RouterA ! ip address 192.168.11.1 255.255.255.0 speed auto duplex auto ip nat inside ! interface FastEthernet0/1 ip address 192.168.12.1 255.255.255.0 speed auto duplex auto ip nat inside ! interface Serial0/1/0 ip address 116.12.11.155 255.255.255.248 ip nat outside ! ip nat pool ovrloadd 116.12.11.151 161.12.11.156 netmask 255.255.255.248 ! ip nat inside source list 7 pool ovrloadd ! Following the configuration, you find that no hosts on Fa0/0 or Fa0/1 can connect to the Internet. What should you do so that hosts can connect to the Internet?

Create an access list 7 that permits networks 192.168.11.0/24 and 192.168.12.0/24

A user reports that she can't connect to the Internet. After some investigation, you find that the wireless router has been misconfigured. You are responsible for managing and maintaining the wireless access point. What should you do next?

Create an action plan.

You have a file server that has the File Server Resource Manager role service installed. The E:\ drive is used for storing files for the graphic artists. The E:\Graphics folder holds all shared graphic files used by all artists. The E:\Users folder contains subfolders for user home directories, with one subfolder for each user. You want to make sure that the E:\Graphics folder only includes image files. No other type of file should be allowed to be saved in that folder. What should you do?

Create an active file screen for the E:\Graphics folder. Select all file groups except the Image Files group.

You have a Windows 7 computer that is shared by multiple users at work. You want to allow only members of the Sales team to run the sales lead application. If possible, the rule should apply to all current and future versions of the application, regardless of the filename or its location. The application is not digitally signed. What should you do?

Create an executable rule with a file hash condition in application control policies.

You have a Windows 7 computer that is shared by multiple users at work. You want to allow only members of the Sales team to run the sales lead application. The rule should apply to all current and future versions of the application, regardless of the filename or its location. What should you do?

Create an executable rule with a publisher condition in application control policies.

You are the network administrator for Corpnet.com. Corpnet.com has to Active Directory domains, named corpnet.com and production.corpnet.com. They also have a development domain in a seperate forest, named development.corpnet.net. You need to configure the Active Directory environment to meet the following requirements: Users in the development.corpnet.net domain must be able to access resources in the production.corpnet.com domain. Users in the development.corpnet.net domain must not be able to access resources in the corpnet.com domain. Users in the production.ocrpnet.com and the corpnet.com domains must not be able to access resources in the development.corpnet.net domain. What should you do?

Create an external trust.

You are the network administrator for your company. Your company has three standalone servers that run Windows Server 2012 R2. All servers are located in a single location. You have decided to create a single Active Directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department. As you design Active Directory, you want these users to maintain their responsibilities. You must not give these users more permission than they need. What should you do?

Create an organizational unit (OU) structure where each department has its own OU. Use the Delegation of Control wizard to grant each computer support user appropriate permissions to their department OUs.

You are the network administrator for your company. Your company has three standalone servers that run Windows Server 2012. All servers are located in a single location. You have decided to create a single Active Directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department. As you design Active Directory, you want these users to maintain their responsibilities. You must not give these users more permission than they need. What should you do?

Create an organizational unit (OU) structure where each department has its own OU. Use the Delegation of Control wizard to grant each computer support user appropriate permissions to their department OUs.

You have several computers running Windows 7 Ultimate. Corporate policy states that a specific connection-oriented application must be blocked from accessing the Internet. You must use the Windows Firewall with Advanced Security to complete the task. What should you do?

Create an outbound rule blocking the corresponding TCP port on each machine.

Your company uses an Internet domain of *westsim.com*. Your network also has a single Active Directory domain named *westsim.local*. You manage your network's DNS servers for the *westsim.com* zone and the *westsim.local* zone. All Domain Name Service (DNS) servers on your network run Windows Server 2012. Your company's Asia division wants its own Internet namespace, and wants to manage its own DNS servers. The division will use *asia.westsim.com* as its Internet domain name. You want to minimize administrative effort and communication between the two divisions as the Asia division installs DNS servers. To support this goal, you need to make appropriate configurations on the DNS servers that you manage. What should you do?

Create and configure a stub zone named *asia.westsim.com*.

Your organization runs a Hyper-V hypervisor on Windows Server 2012 that hosts several Windows Server 2012 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual domain controller's virtual machine files. What must you do to perform this procedure correctly? ( Select two. Each response is a part of the complete solution.)

Create the DCCloneConfig.XML file for the cloned domain controller. Add the source domain controller's computer object to the Cloneable Domain Controllers group in the Users container.

Your organization runs a Hyper-V hypervisor on Windows Server 2012 that hosts several Windows Server 2012 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. What must you do to perform this procedure correctly? (Select two. Each response is a part of the complete solution.)

Create the DCCloneConfig.XML file for the cloned domain controller. Add the source domain controller's computer object to the Cloneable Domain Controllers group in the Users container.

You have a small home network with the following computers: Comp1 runs Windows 7 Home Comp2 runs Windows 7 Home Premium Comp3 runs Windows 7 Professional You want to create a HomeGroup for your network. Which of the following should be part of your configuration? (Select the two most correct answers. Each choice is a required configuration step.)

Create the HomeGroup on Comp2 or Comp3. Set the network location to Home.

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, while you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you'd apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?

Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, while you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you'd apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer. What should you do?

Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings.

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. As part of your security plan, you have analyzed the use of Internet Explorer in your organization. You have defined three different groups of users. Each group has different needs for using Internet Explorer. For example, one group needs ActiveX controls enabled, while you want to disable ActiveX for the other two groups. You would like to create three templates that contain the necessary settings for each group. When you create a GPO, you'd apply the settings in the corresponding template rather than manually set the corresponding Administrative Template settings for Internet Explorer.. What should you do?

Create three starter GPOs with the necessary settings. When creating the GPOs, select the starter GPO with the desired settings.

You are the network administrator for Corpnet.com. The company has two Active Directory forests. Each forest has an Active Director Rights Management Services (AD RMS) root cluster. Users in both forests must be able to access AD RMS protected content from either forest. You intend to implement AD RMS trusts to enable to share content. You need to create the necessary AD RMS trusts. What should you do? (Choose 2.)

Create two AD RMS Trusted User Domains. Create two AD RMS Trusted Publishing Domains.

You are the network administrator of a network that spans two locations: Atlanta and Dallas. The network has only one Active Directory domain, named *company.local*. The Atlanta and Dallas locations are connected using a T1 line. You have also configure an on-demand dial-up connection between the two locations, which should be used only for backup if the T1 line becomes unavailable. You create two site objects named Atlanta and Dallas using the Active Directory Sites and Services snap-in. How should you configure Active Directory to perform replication over the T1 line rather than the dial-up connection?

Create two Site LInk objects representing the T1 and dial-up connections. Configure the T1 Site Link object with a lower cost than the dial-up Site Link object.

You have created a DFS namespace that is accessed using *\\westsim.com\Accounting*. The namespace currently has a single folder named *Accounting*, with two targets. You want to configure DFS replication so that data can only be modified on Srv1, with all changes being replicated to Srv2. Users should not be able to make changes to files on Srv2. You want to follow Microsoft's recommendations for doing this. What should you do?

Create two one-way connections. Configure a read-only replicated folder on Srv2.

You are getting ready to install Windows Server 2012. You would like to configure the server to use BitLocker. The server should start up without requiring a PIN or a USB device during startup. What should you do? (Select two. Each choice is a required part of the solution.)

Create two partitions on the hard disk. Put boot files on the first partition, and operating system files and data on the second partition. Enable the TPM.

You need to attach an RJ-45 connector to the end of a Cat 6 UTP cable. Which tool should you use?

Crimper.

You have decided to implement Gigabit Ethernet on your network. Each switch port is connected to a single device. Following the installation, you find one device connected to a switch that is only running at 100 Mbps. Which of the following are likely causes?

Crosstalk

You have a workstation running the 32-bit version of Windows Vista Professional that you would like to upgrade to the 64-bit version of Windows 7 Professional. You want to perform the upgrade with the least amount of effort and cost. Which installation option should you select?

Custom (advanced)

Which of the following is NOT an available security zone found in Internet Explorer?

Custom Sites

How many pins are on a VGA connector?

D-shaped with 15 pins

Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?

DAC

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

DAC

You are the network administrator for *eastsim.com*. *eastsim.com* has one main office in Dallas, TX and two branch offices in New York, NY and Los Angeles, CA. The branch offices are both connected to the main office by dedicated WAN links. There is no direct connection between the branch offices. The network consists of one Active Directory domain that contains 2,000 users. There are two domain controllers at each site as listed in the table below. Site Domain Controllers Dallas, TX DC1, DC2 New York, NY DC3, DC4 Los Angeles, CA DC5, DC6 DC1 was the first domain controller installed in the domain and it currently hosts all five Flexible Single Master Operations (FSMO) roles. You need to identify which server should be used as a backup operations master in the event that DC1 should fail. Which server should be used?

DC2

Which of the following is weakest symmetric encryption method?

DES

The initial configuration of WDS includes setup of what other server?

DHCP

Which service can you use on your network to automatically assign IP addresses to hosts and to help prevent the same address from being assigned to two different hosts?

DHCP

Which service can you use on your network to automatically assign IP addresses to hosts and to help prevent the same addresses from being assigned to two different hosts?

DHCP

You want to implement a mechanism that automates the IP configuration, including IP address, subnet mask, default gateway, and DNS information. Which protocol will you use to accomplish this?

DHCP

What is a command line tool that installers can use to mount, edit, and upgrade image files in the Windows Imaging format?

DISM.exe

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?

DMZ

Which of the following protocols uses both TCP and UDP?

DNS

Which type of Denial of Server (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning

While using the Internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the Web server, the correct site is displayed. Which type of attack has likely occurred?

DNS poisoning.

Which of the following is not an example of wireless networking communications?

DSL

By default, Windows 8 is configured to check for updates for installed apps _________ and then _________ the needed updates.

Daily, download but not install

The following items describe the functions performed at various OSI model layers. 1. Logical topology, hardware addresses, media access, framing. 2. Logical device identification, path identification and selection. 3. Flow control, reliable data transfer, windowing, segmentation, and sequencing. 4. Convert data to 0s and 1s, bit signaling and synchronization. Which of the following correctly identifies the layers that perform each of the functions listed here?

Data Link, Network, Transport, Physical

A host receives a frame and computes the checksum, and determines that the frame is damaged. The frame is discarded. At what layer of the OSI model did this happen?

Data link

You have a computer with three hard disks. A RAID 0 volume uses space on Disk 1 and Disk 2. A RAID 1 volume uses space on Disk 2 and Disk 3. Disk 2 fails. Which of the following is true?

Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not.

What is the difference between data packets and route update packets?

Data packets transport user data through the internetwork and route update packets are used to update neighbor routers about network connections.

What user account has the ability to recover BitLocker drives for an entire organization?

Data recovery agent

Which of the following defines an object as used in access control?

Data, applications, systems, networks, and physical space.

You manage a network with two locations: the main office is in Phoenix, and a branch office is in Tulsa. Srv1 is a DNS server in Phoenix, and holds the primary zone for the *eastsim.local* zone. To improve name resolution requests in the branch office, you place a secondary copy of the zone on Srv5 in the Tulsa location. Due to recent expansion, you are adding more servers to the Phoenix location. For each server, you manually create the A and PTR records. You find that after you add the server, computers in the Tulsa location are unable to contact the new servers for up to 10 minutes. You want to decrease the amount of time for changes to the zone to be transferred to the server in Tulsa. What should you do?

Decrease the *refresh interval* in the SQA record for the zone.

You've noticed on your Windows workstation that sometimes your mouse cursor appears strange on the screen. In addition, images in Web pages you are viewing appear to be corrupt. How can you fix this problem?

Decrease your video adapter's hardware acceleration.

Which TCP/IP configuration parameter identifies the router that is used to reach hosts on remote networks?

Default gateway

You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with hosts on the same subnet, but not with hosts on a different subnet. No other computers are having a problem. Which of the configuration values would you most likely need to change?

Default gateway

You have decided to implement Network Access Protection (NAP) with IPsec on your network. You have installed the NPS role, configured the System Health Validator (SHV), created health policies, and configured network policies. Which additional steps will you need to perform to complete the configuration? (Select two. Each choice is a possible action.)

Define restricted, boundary, and secure networks. Configure a Health Registration Authority (HRA).

To give someone permission to manage a particular GPO, you use the __________ tab of the individual GPO.

Delegate

You manage the intranet servers for EastSim Corporation. The company network has three domains: *eastsim.com*, *asiapac.eastsim.com*, and *emea.eastsim.com*. You create a primary zone for the *eastsim.com* domain on the *ns1.eastsim.com* server. Two additional servers, *ns2.eastsim.com* and *ns3.eastsim.com* hold secondary copies of the zone. One day the *ns3* server fails. While it is offline, you want to remove server *ns3* as an authoritative server for the zone. What should you do?

Delete the NS record for server *ns3*.

You are the network adminstrator for a company that has just implemented Windows Server 2012. To provide Internet access for your corporate office, you have decided to use a firewall that provides NAT. On the private network, you install and configure DNS on a Windows Server 2012 server to provide name resolution. After you finish the configuration, you realize that no one is able to access the Internet, but they are able to contact internal servers by their FQDN. A ping test using the IP address of Internet hosts is successful. You decide to check the forwarders setting on the DNS server, but the option to configure forwarders is grayed out. What should you do?

Delete the root forward lookup zone on the internal DNS server.

Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

Denial of service

Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

Denial of service attack

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

Denial of service.

Which of the following can be used to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?

Deploy a mantrap.

You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow access to the corporate database. What should you do?

Designate the domain controllers at sites 2 and 3 as global catalog servers.

Users report that the network is down. After some investigation, you determine that a specific router is configured such that a routing loop exists. What should you do next?

Determine if escalation is needed.

A user reports that she can't connect to a server on your network. You check the problem and find out that all users are having the same problem. What should you do next?

Determine what has changed.

You have a network connected using a full physical mesh topology. The link between device A and device B is broken. Which of the following best describes what happens to network communications?

Device A will be able to communicate with all other devices.

You need to configure the properties of the user shown in the image below such that remote access to your organization's VPN server is controlled using NPS Network Policy. Click the tab you would use to make this change.

Dial-in

Which backup strategy backs up only files which have the archive bit set, but does not mark them as having been backed up?

Differential

Which of the following is used for secure exchange of symmetric encryption keys?

Diffie-Hellman

Which of the following algorithms are used in asymmetric encryption? (Select two.)

Diffie-Hellman RSA

Which of the following is a minimal requirement in order to employ S/MIME?

Digital certificate

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012 R2. All the clients run Windows 8. There is a main office located in New York and a branch office located in Los Angeles. You have been directed to set up wireless access for clients in the New York office. You create a new Group Policy Object (GPO) that specifies the wireless network settings for the New York office and link it to the New York site. Users from the Los Angeles office complain that when they travel to New York they are unable to connect to the wireless network in New York. You need to enable the traveling users to connect to the wireless network. What should you do?

Direct the visiting users to first connect to the New York network using a wired connection to receive the wireless network settings.

You have a laptop that runs Windows 8 Enterprise. You want to use the laptop to connect to your corporate intranet while you are at home or traveling. Your solution should meet the following requirements: • The computer should connect automatically to the intranet without user initiation. • All communications between your laptop and the intranet should be encrypted. • The connection should allow for remote management of the computer from the corporate intranet. • Internet traffic should be directed to Internet servers without going through servers at the corporate network. • The solution should work through firewalls where only HTTP and HTTPS are permitted. Which feature should you implement?

DirectAccess

You manage a single domain named *widgets.com*. Recently, you notice that there have been several unusual changes to objects in the Sales OU. You would like to use advanced auditing to keep track of those changes. You want to only enable auditing that shows you the old and new values of the changed objects. Which directory service auditing subcategory should you enable?

Directory Service Changes

You manage a single domain named *widgets.com*. Recently, you notice that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You want to only enable auditing that shows you the old and new values of the changed objects. Which directory service auditing subcategory should you enable?

Directory Service Changes

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

A customer has called and indicated that he thinks his neighbor is connecting to his wireless access point (AP) to use his high-speed Internet connection. Which of the following will resolve this issue? (Select two.)

Disable SSID broadcast on the AP. Implement MAC address filters.

You have set up the AccountWizard.exe program to run in Compatibility mode on a Windows 7 computer. After running the program, you find that the large-scale fonts do not appear correctly and the movement of the window appears erratic. Select the settings you would enable to correct these issues. (Select two.)

Disable desktop composition Disable display scaling on high DPI settings.

You want to enable full-duplex on your Ethernet network. Which of the following would you do? (Select two.)

Disable loopback and collision detection. Make sure each switch port has only a single device connected.

You have a computer running Windows 7 Ultimate. You want to modify the default settings for UAC to meet the following criteria: Prompts should be shown when programs make changes to your computer and when you make changes to Windows settings. The desktop should not be dimmed and locked out, but should allow you to continue working in other applications without responding immediately to the prompt. Settings should apply to all standard users. What should you do?

Disable the *Switch to the secure desktop when prompting for elevation* setting in Group Policy.

Using Features on Demand results in saving potentially significant amounts of disk space. Features on Demand becomes a third installation state per feature in Windows Server 2012. While previous versions allowed only Enable or Disable, Features on Demand provides _______.

Disabled and deleted

When informing an employee that they are being terminated, what is the most important activity?

Disabling their network access

If you don't want a GPO to apply, which group policy permission do you apply to a user or group?

Disallow Apply

During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving the evidence?

Disconnect the access point from the network

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?

Disconnect the intruder

Which of the following functions can a port scanner provide? (Select two.)

Discovering unadvertised servers. Determining which ports are open on a firewall.

You have a laptop running Windows 7 Professional. The computer is a member of the mydomain.local Active Directory domain. You take your laptop home and use it on your home network. You would like to create a HomeGroup from your laptop that can be used on your home network. What should you do?

Disjoin your computer from the domain.

You manage the website for your company. The Web1 server hosts the website. This server has the following configuration: • Dual core processor • Dual power supplies • RAID 4 volume • One RAID controller • Two 1000 Mbps network adapters Which component is a single point of failure for the website?

Disk controller

You are working on a computer running Windows 7. You would like to update the video driver that is used on the computer. Select the area in Device Manager where you would make this change.

Display adapters.

__________ is used as an external display that displays images on a screen.

Display projector

Which of the following statements are true about the DisplayPort interface for connecting video monitors to computers? (Select two.)

DisplayPort uses a lower voltage than DVI or HDMI. DisplayPort can send both video and audio signals over the same cable.

How are distance vector routing protocols different from link-state routing protocols? (Select three.)

Distance vector routing algorithms do not calculate the exact topology of a network. Link-state routing protocols are faster to converge than distance vector routing protocols. Distance vector routing protocols are easier to implement than link-state routing protocols.

Which of the following are true about the distance vector routing method? (Select three.)

Distance vector routing is susceptible to routing loops. Distance vector routers share the entire contents of their routing table with their neighbors. Distance vector routers have less hardware and software requirements than link state routers.

State the three classes of routing protocols:

Distance-vector Routing Protocols Link-state Routing Protocols Hybrid Routing Protocols

When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?

Document what's on the screen.

Click on all of the organizational units in the domain represented in the image below.

Domain Controllers Sales

Which of these groups would an administrator use to assign permissions to resources in the same domain?

Domain local groups

You are creating a DFS namespace on a Windows Server 2012 system that is joined to the eastsim.com domain. You want any files and folders that users do not have permission to access to be hidden in the namespace folder targets. Click the options you must select to configure the namespace to function in this manner.

Domain-based namespace Enable Windows Server 2008 mode

What is a collection of computers that all utilize a central directory service for authentication and authorization and is usually associated with Active Directory?

Domains

Which touch gesture requires you to press a fingertip to the screen twice in quick succession on the same spot?

Double-tap

You have a computer running Windows 8. The computer is part of a domain. You need to transfer profiles and data files to the computer from a network share using USMT; however, you do not have USMT. What should you do?

Download the Windows Assessment and Deployment Kit (ADK) from Microsoft.

Using the Netstat command, you notice that a remote system has made a connection to your Windows Server 2003 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing?

Downloading a file.

You are performing a clean installation of Windows 8 on a notebook PC. The notebook system has one SATA hard disk installed. You want to divide the hard disk into two volumes. The C: volume should be 150 GB in size. The D: volume should consume the remaining available space on the drive. Click the option you would use in the Windows installer to implement this configuration.

Drive options (advanced)

When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?

Drive-by download

Which of the following security measures encrypts the entire contents of a hard drive?

DriveLock

A user reports that network access from her workstation is very slow. The problem does not seem to be affecting any other users. Which of the following conditions is most likely the cause?

Duplex mismatch

You are working on a computer running Windows 7. After upgrading a video driver, the screen becomes unresponsive. You need to get the system working properly with the least amount of effort and time. What should you do?

During the boot process, press F8 and boot into Safe Mode to roll back the driver.

____ is the time it takes for a key to be pressed and then released.

Dwell time

You are the network administrator for a medium-sized company that owns a Classic C IP address block. You do not have enough registered IP addresses for the 1000 hosts in your network; however, you've determined that no more than 20% of your hosts use the Internet. And, the bandwidth you've budgeted cannot support more than this number anyway. So, you decide to implement NAT and allocate 200 of your registered IP addresses to support external translation. Which method of NAT translation should you implement?

Dynamic

You are the network administrator for Corpnet.com. All the servers run Windows Server 2012. You are in the process of building a Failover Cluster with six nodes. You need the cluster to recalculate the quorum on the fly so that the cluster can continue to run even if the number of nodes remaining in the cluster is less than 50%. What kind of quorum should you use?

Dynamic Quorum

____________________ is the process of using protocols to find and update routing tables on routers.

Dynamic routing

You are the administrator of a large network. Your company has offices in several states, as well as several locations within the city of Chicago. Each location has its own Active Directory domain, complete with DNS server and DHCP configuration. You are opening a network segment for a research and development arm of the company. Communications from this segment to the rest of the network will be using PPP. You need an authentication method that will allow for a high degree of flexibility. It must support authentication using One Time Passwords, MD5-Challenge, or Transport Layer Security for smart cards. Encryption is not necessary in this implementation. Which authentication protocol should you choose?

EAP

You have decided to use Network Access Protection (NAP) with 802.1x authentication on your network. You have already configured the necessary servers and services. Now you need to configure client computers to connect to the network. Which enforcement client should you enable on the client?

EAP Quarantine Enforcement Client

Which of the following security solutions would prevent a user from reading a file which she did not create?

EFS

You want to use a routing protocol that utilizes the benefits of both distance vector and link state. Which routing protocol will you use?

EIGRP

You are reviewing the configuration of a router that uses EIGRP for its routing protocol. Shown below is the output from the show ip protocols command: Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set. Incoming update filter list for all interfaces is not set. EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5-0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 2 Redistributing: eigrp 1 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is in effect Maximum path: 5 Routing for Networks: 192.168.1.0 192.168.2.0 192.168.3.0 Routing Information Sources: Gateway Distance Last Update 192.168.1.12 90 00:55:50 192.168.2.15 90 00:55:50 Distance: internal 90 external 170 Based on the output, what is true of this configuration?

EIGRP will load balance on up to 5 unequal-cost routes.

You are troubleshooting a client connectivity problem on an Ethernet network. The client system has intermittent connectivity to the network. You discover that the UTP patch cable is run 75 feet from the wall outlet, passes through the ceiling and over several florescent light fixtures before reaching the client system. Which of the following may be the cause of the connectivity problem?

EMI interference

Based on the network diagram, which of the following are true? (Select two.)

Each access point must be configured with the same SSID. Each access point must be configured with a different channel number.

Based on the network diagram, which of the following are true? (Select two.)

Each access point will have a unique BSSID. Wireless communications use infrastructure mode.

How do link-state routing protocols determine the topology of the network?

Each router initially exchanges LSP messages which are used to build a topological database.

You would create a RADIUS template so that you can do what with it?

Easily create multiple RADIUS servers from it.

You have a cable Internet connection at home. The installer had connected the router near the outside wall of your house with RG-6 cable. You move the cable router a distance of 50 meters using RG-8 cables and special connector adapters. Which condition are you most likely to experience?

Echo

You have a computer running Windows 7. You want to configure Windows to prompt for additional credentials whenever a sensitive action is taken. What should you do?

Edit User Account Control (UAC) settings.

You are the administrator for the *westsim.com* domain. Organizational units (OUs) have been created for each department, with all user accounts being moved into their departmental OUs. Previously, you used the Delegation of Control wizard to assign permissions to a user to change passwords and manage user accounts in the Marketing OU. Now you need to remove some of the permissions assigned to that user for objects in the OU. What should you do?

Edit the ACL for the OU and remove the unnecessary permissions.

You have a file server that has the File Server Resource Manager role service installed. The E:\ drive is used for storing files for the graphic artists. The E:\Graphics folder holds all shared graphic files used by all artists. The E:\Users folder contains subfolders for user home directories, with one subfolder for each user. You have created a quota template named ArtQuota that is used only for the graphic artist quota limit. You apply it to the E:\Users folder with the auto apply option. The template has a hard limit of 50 MB. User MMickel is the artist manager and needs more space in his home folder. You edit the quota entry for the E:\Users\MMickel folder and configure a soft quota of 100 MB. After several months, you are instructed to allow each artist up to 75 MB in their home folder. You need to keep MMickel's quota unchanged. What should you do?

Edit the ArtQuota template. Change the limit to 75 MB. Apply the quota to all derived quotas that match the original template.

Srv12 is a Windows Server 2012 server that runs File and Print Services. On Srv12, you are troubleshooting a problem that keeps occurring. When the problem happens, there are several Warning and Error events logged to the Application and System logs in Event Viewer. After several days, there are several events in the Custom View. You would like to clear the messages from the view so that you only see messages starting from right now. You need to make sure that any messages in the corresponding logs still exist. What should you do?

Edit the Custom View properties and create a custom range for the logged events, starting with today's date.

You have a file server that has the File Server Resource Manager role service installed. The G:\ drive is used for storing files for the research department. The G:\Users folder contains subfolders for user home directories, with one subfolder for each user. The G:\Reports folder is shared by all users for holding weekly department reports. All user accounts for the department are in the Research OU. You have created a file screen to prevent saving executable files to the G:\Reports directory. However, users complain that they need to be able to save .vbs files to the directory. How would you modify the file screen to allow those files while still blocking all other executable files? (Select two. Each choice is a complete solution.)

Edit the Executables Files file group. Add *.vbs as a file to exclude. Edit the Executables Files file group. Remove *.vbs from the include list.

You manage a Windows 7 computer connected to a business network using switches and multiple subnets. You connect a workstation to the 192.168.1.0/24 subnet. The workstation can communicate with some hosts on the private network, but not with other hosts. You run *ipconfig /all* and see the following: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix: mydomain.local Description: Broadcom network adapter Physical Address: 00-AA-BB-CC-74-EF DHCP Enabled: No Autoconfiguration Enabled: Yes IPv4 Address: 192.168.1.102(Preferred) Subnet Mask: 255.255.255.0 Default Gateway: 192.168.2.1 DNS Servers: 192.168.2.20 What should you do?

Edit the IPv4 properties and change the default gateway.

You manage a Windows 7 computer connected to a business network using switches and multiple subnets. You connect a workstation to the 192.168.1.0/24 subnet. The workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix : mydomain.local Description : Broadcom network adapter Physical Address : 00-AA-BB-CC-74-EF DHCP Enabled : No Autoconfiguration Enabled : Yes Ipv4 Address : 192.168.1.102(Preferred) Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.1 DNS Servers 192.168.2.20 What should you do?

Edit the IPv4 properties and change the default gateway.

You have a computer that runs Windows 7. Your company has started the migration to IPv6 on your network. Your network administrator tells you that the network is using stateless autoconfiguration. You need to reconfigure your computer for IPv6 so it is correctly configured with the IPv6 address, default gateway, and DNS server addresses. What should you do?

Edit the Internet Protocol Version 6 (TCP/IPv6) properties for the network adapter. Select Obtain an IPv6 address automatically and Use the following DNS server addresses.

You manage the network with a sngle Active Directory domain named *eastsim.com*. Organizational units (OUs) have been created for each department. All user and computer accounts are members of the departmental OUs. For the Sales department, all users are members of the *SalesGG* global group. You have installed a read-only domain controller (RODC) in a branch office on a Server Core installation. The RODC is the only domain controller at he branch office. You want to configure the RODC to cache passwords only for members of the Sales team. No other passwords should be cached. What should you do? (Select two. Each choice is a possible solution.)

Edit the RODC account properties. Add the *SalesGG* group to the password replication policy with All permission. Add the *SalesGG* group as a member of the *Allowed RODC Password Replication Group* group.

You manage a network with a single location. You want to use WSUS to make sure that only approved updates are applied to all client computers. Client computers should download all approved updates from a WSUS server in your location. You install WSUS on one server. You synchronize the list of updates on the server, and approve the updates that you want applied to client computers. You check the client computers and find that only the approved updates are being applied, but updates are being downloaded from the Microsoft Update website and not your local WSUS server. What should you do?

Edit the WSUS server properties to store updates locally on the server.

You manage a single domain named *widgets.com*. Recently, you notice that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You enable successful auditing of directory service access events in a GPO, and link the GPO to the domain. After several days, you check Event Viewer but you do not see any events listed in the event log indicating changes to Active Directory objects. What should you do?

Edit the access list for the OU. Identify specific users and events to audit.

You are the network administrator for your company. Your company uses Windows XP Professional as its desktop operating system. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's Security log, no auditing events are listed. You want to make sure an event is listed in the Security log whenever one of Rodney's documents is deleted. What should you do?

Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit success of the Delete permission.

You are the manager of the *eastsim.com* domain. Your Active Directory structure has organizational units (OUs) for each company department. You have several assistant administrators who help manage Active Directory objects. For each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to make sure that your assistants can't delete the OUs they are in charge of. What should you do? (Select two. Each choice is a possible solution.)

Edit the properties for each OU to prevent accidental deletion. Remove Full Control permissions from each OU. Run the Delegation of Control wizard for each OU, granting permissions to perform the necessary management tasks.

You have a file server that has the File Server Resource Manager role service installed. The E:\ drive is used for storing files for the graphics artists. The E:\Graphics folder holds all shared graphic files used by all artists. The E:\Users folder contains subfolders for user home directories, with one subfolder for each user. You crate a quota template named ArtQuota that is used only for the graphic artist quota limit. You configure a space limit of 100 MB, and a notification threshold of 85. You apply it to the E:\Users folder with the auto apply option. Several days later you check and find that three users, MMickel, TThomas, and PPeters, have at least 150 MB of files in their home folder. You want to prevent any user from saving more than 100 MB in their home folder. What should you do?

Edit the template and change the space limit to a hard limit.

You manage a network with two locations: Denver and Phoenix. Both sites are connected with a WAN link. The network uses *westsim.private* as the domain name. The DNS1 server is located in the Denver location and has the primary copy for the *westsim.private* zone. The DNS2 server is located in Phoenix and is a secondary server for the zone. You notice that as you add new A records to the zone, that users in Phoenix are unable to resolve the hostname for the new host for up to 15 minutes after the record has been added. You want to reduce this time so that hostnames can be resolved in Phoenix as soon as possible. What should you do? (Select two. Each choice is a possible solution.)

Edit the zone properties on DNS1. On the SOA tab, decrease the refresh interval. Edit the zone properties on DNS1. On the Zone Transfers tab, configure the zone to automatically notify listed name servers.

You are working on a Windows system You have several standard users who need permission to install devices on this computer because Windows does not include the necessary drivers for the devices. What should you do? (Select two. Both answers are complete solutions.)

Enable *Allow non-administrators to install drivers for these device setup classes* in Group Policy. Run *pnputil -i -a* to add the drivers to the driver store.

You are the administrator for *eastsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. *eastsim.com* has one main site. There are two domain controllers named DC1 and DC2, which also provide DNS services to clients. There is a single Active Directory Integrated zone named *eastsim.com*. After users complain that they are unable to reach an application server in the main site, you determine that the record for the server has been deleted from the zone. You recreate the missing record. You need to ensure that if the record disappears again you can identify the cause of the deletion. Your solution must minimize the impact on servers not hosting the DNS role. What should you do?

Enable *Audit Directory Service Access* in the Audit policy of the Default Domain Controllers Policy Group Policy Object (GPO) and then use the DNS Console snap-in to enable auditing on the zone.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the server run Windows Server 2012. All the clients run Windows 7 or Windows 8. *westsim.com* has one main office with a single subnet. There are two application servers located in the main office that host a custom web application named APP1 and APP2. You have been instructed to ensure that APP1 and APP2 each service about half of the clients who need access to the custom web application using the minimum amount of administrative effort. You create two CNAME records linking the *customapp.westsim.com* Fully Qualified Domain name (FQDN) to each of the servers. What should you do next?

Enable *Round Robin* on the DNS server.

You are using Network Monitor to monitor network traffic coming into and out of a Windows Server 2012 system. You want to group the frames captured based on their attributes. Click the capture option you should enable to accomplish this.

Enable Conversations (consumes more memory)

You manage a network with two locations: the main office is in Phoenix, and a branch office is in Tulsa. Srv1 is a DNS server in Phoenix, and holds the primary zone for the *eastsim.local* zone. To improve name resolution requests in the branch office, you place a secondary copy of the zone on Srv5 in the Tulsa location. Due to recent expansion, you are adding more servers to the Phoenix location. For each server, you manually create the A and PTR records. You find that after you add the server, computers in the Tulsa location are unable to contact the new servers for up to 10 minutes. You want to make sure that hosts in Tulsa can contact these servers using DNS as quickly as possible. What should you do?

Enable DNS Notify on the zone on Srv1.

To speed up the boot process for hosts in your domain, you want to reconfigure Group Policy processing so that computers download the latest version of your policies and store them locally. This way, domain hosts can read and process the local copy of the policy settings instead of downloading them from the network when they boot. Click the policy in Group Policy Management that you must enable to configure this functionality.

Enable Group Policy Caching for Servers

Your company has established a branch office in a nearby town, which also has a small network. The remote office has two servers running the Windows Server 2012. You've been instructed to interconnect the two offices using a VPN tunnel. You install the Routing and Remote Access service on one of the Windows Server 2012 computers in your local office and on one of the Windows 2012 computers in the remote office. You enable the VPN service on both servers. You can successfully ping between the two devices. However, you cannot connect to resources on the other side of the remote access server. What should you do? (Select two. Each answer is required for a working solution.)

Enable LAN routing on both access servers. Configure a static route on each remote access server to the other network.

You are the network administrator for a network with a single Active Directory forest. All domains in the forest are at Windows Server 2003 functional level and the forest is also at Windows Server 2003 functional level. Offices exist in Denver, and Miami. Each geographic location has an Active Directory site configured. The links that connect the Denver and Miami sites to the corporate headquarters in Chicago are highly utilized, and you want to minimize replication traffic over them. Company headquarters is located in Chicago and that location has multiple global catalog servers to service global queries efficiently. Several users in Denver and Miami are members of universal groups throughout the forest. You need to make sure that in the event of a WAN link failure that group membership will be protected and logons will be available. What should you do?

Enable Universal Group Membership Caching for the Denver and Miami sites.

You manage a single-domain network named *northsim.com*. Currently, all users are located at a single site in Miami. You are opening a single branch office in Orlando. The Orlando office is connected to the Miami location using a dial-up connection. and demand-dial routing. The link between offices is only used during the nighttime to synchronize sales information. About 50 full-time sales people work in the Orlando office. The branch office will have its own domain controller, ORD-DC1. You create a new site object for the Orlando office and move the server into that site. You create a site link object that connects the Orlando site to the Miami site. Users are reporting that logon is slow. You find that during logon, the WAN link must be established before logon is allowed. You want to improve logon for the Orlando location. What should you do?

Enable Universal Group Membership Caching on the Orlando site.

You are configuring VTP for your network. All switches are in the same domain. You want to use VTP pruning and passwords. What should you do? (Select two.)

Enable VTP pruning on one VTP server. Configure the password on each switch.

The image shows the current scavenging settings for the *eastsim.com* domain. As you check records in the zone, you find several records that have not been updated for 16 days or longer. You need to make sure that records are automatically removed if they have not been updated in the last 14 days. What should you do?

Enable automatic scavenging on the zone.

You administer the DNS and DHCP servers on your network. The network has just added a new subnet. The subnet is represented as a new domain in DNS named *acct.istp.private*. The subnet uses address 192.168.16.0/24. All servers on the subnet run Windows 2012 and all clients run Windows 7 or Windows 8. The new subnet will use existing DNS and DHCP servers on another subnet. You need to configure DNS to support the new subnet. You configure a delegation to the new domain from its parent, and create a primary zone for the new domain. You also create a primary reverse lookup zone for the subnet address. When you check the DNS database, you find that there are no A or PTR records for hosts on the subnet. At a client computer, you run the *Ipconfig /registerdns* command. However, the corresponding DNS records are still not created. What should you do?

Enable dynamic updates on *acct.istp.private* and the reverse lookup zone for the subnet.

You are setting up a new network in a single location with a single domain named *eastsim.com*. All servers run Windows Server 2012, and all clients run Windows 8. You install a DHCP server server and configure it with a scope for the single subnet. You install a DNS server with a primary zone for the domain. You want to use dynamic updates to update DNS records in the zone automatically. What should you do?

Enable dynamic updates on the *eastsim.com* zone.

You have a Windows 7 computer that you use at home. You have a small network set up, with each member of the family having their own computer. You would like to share files such as pictures, videos, and music on your computer with other members of your family. Your mother should be able to modify any of these files, while everyone else should only have read-only access. You want to use the simplest method to make these files available while providing the level of access specified. What should you do?

Enable file and printer sharing in the Network and Sharing Center. Share specific folders and configure the necessary permissions.

You are the administrator for WestSim Corporation. The network has a single domain, *westsim.com*, running at Windows Server 2008 functional level. Five domain controllers, all running Windows Server 2012 R2, are located on the network. Users in the Shipping department have a special software program that helps them keep track of incoming products and match the SKU number with items in the order database. You have created an OU called Shipping and have placed all computers and users for that department into the OU. You create a software GPO called SKUWare that publishes the software to all users in the department. All manager user objects have been placed in an OU called Managers. The shipping manager logs on to one of the computers in the shipping department. He calls you because the software package is not available to install on the workstation. You need to make the software package available so he can install it. You want to make sure that anyone else who logs on to any workstation in the shipping department can install the software. What should you do?

Enable loopback processing in the SKUWare GPO.

You have configured a remote access server to accept dial-up connections for remote access clients. Remote clients are able to connect successfully and access resources on the remote access server. However, the remote clients are not able to connect to other devices located on the same subnet where the remote access server is located. Which action would likely correct the problem?

Enable proxy ARP cache on the LAN connection for the remote access server

You manage the DNS servers for the *eastsim.com* domain. You have a domain controller named DNS1 that holds a standard primary zone for the *eastsim.com* zone. You would like to configure DNS1 to use forwarders for all unknown zones. You edit the DNS server properties for DNS1. On the forwarders tab, you find that the *Use root hints if no forwarders are available* option is disabled. You also find you are unable to edit the forwarders list. What should you do?

Enable recursion on DNS1.

You are the network administrator for a single domain with three subnets. Two subnets have all Windows 8 computers. The conference room uses the third subnet. Traveling salesmen come to the conference room and plug in their laptops to gain network access. You have configured a DHCP server to deliver the configuration to hosts on this subnet. DNS is configured for dynamic updates. Over time, you notice that the size of the DNS database continues to grow. It is beginning to have an adverse effect on DNS server performance. What should you do?

Enable scavenging of stale resource records on the zone.

You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of a broadcast storm?

Enable spanning tree on the switches

You are the network administrator of a small network consisting of three Windows Server 2012 computers, 50 Windows 7 Professional workstations, and 100 Windows 8 workstations. Your network has a password policy in place with the following settings: ● Enforce password history: 10 passwords remembered. ● Maximum password age: 30 days. ● Minimum password age: 0 days. ● Minimum password length: 8 characters. ● Password must meet complexity requirements: Disabled ● Store password using reversible encryption: Disabled. One day while sitting in the cafeteria, you overhear a group of co-workers talk about how restrictive the password policy is and how they have found ways to beat it. When required to change the password, they simply change the password 10 times at the same sitting. Then they go back to the previous password. Your company has started a new security crackdown and passwords are at the top of the list. You thought you had the network locked down, but now you see that you need to put an end to this practice. Users need to have passwords that are a combination of letters and numbers and do not contain a complete dictionary word. Users should not be able to reuse a password immediately. What should you do? (Choose two. Each answer is part of the solution.)

Enable the *Password must meet complexity requirements* setting. Enable the *Minimum password age* setting.

You are the network administrator of a small network consisting of three Windows Server 2012 computers, 50 Windows 7 workstations, and 100 Windows 8 workstations. Your network has a password policy in place with the following settings: • Enforce password history: *10 passwords remembered*. • Maximum password age: *30 days*. • Minimum password age: *0 days*. • Minimum password length: *8 characters*. • Password must meet complexity requirements: *Disabled*. • Store password using reversible encryption: *Disabled*. One day while sitting in the cafeteria, you overhear a group of co-workers talk about how restrictive the password policy is and how they have found ways to beat it. When required to change the password, they simply change the password 10 times at the same sitting. Then they go back to the previous password. Your company has started a new security crackdown and passwords are at the top of the list. You thought you had the network locked down, but now you see that you need to put an end to this practice. Users need to have passwords that are a combination of letters and numbers and do not contain a complete dictionary word. Users should not be able to reuse a password immediately. What should you do? (Choose two. Each answer is part of the solution.)

Enable the *Password must meet complexity requirements* setting. Enable the *Minimum password age* setting.

You have been asked to troubleshoot a Windows 7 computer that is a member of a workgroup. The director who uses the machine said he is able to install anything he wants as well as change system settings on-demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show. What should you do?

Enable the *Run all administrators in Admin Approval Mode* setting in Group Policy.

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom Administrative Template settings are not shown. What should you do?

Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom Administrative Template settings are not shown. What should you do?

Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.

You are the network administrator for *eastsim.com*. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012. All of the clients run Windows 7 or Windows 8. There are two main sites: one in New York and one in the Los Angeles. All of the computers in New York site are configured with IP addresses in the 10.0.0.0/24 subnet. All of the computers in the Los Angeles site are configure with IP addresses in the 172.16.0.0/24 subnet. There is an application server located in New York named APP1 with an IP address of 10.0.0.10. There is a replica application server located in Los Angeles also named APP2 with an IP address of 172.16.0.10. Users must access the application using a URL of Http://customapp.eastsim.com. You create two CNAME records for *customapp.eastsim.com* that link to each of the two application servers. You need to ensure that users in each office will be referred to the local server when accessing the applications using this URL. What should you do?

Enable the Netmask Ordering option on the DNS server.

You have a computer running Windows 7 Ultimate. The computer has both wired and wireless network connections. The wired connection is on the internal private network, but the wireless connection is a public connection. You need to allow help desk users to use Remote Assistance to help you across the wired network, but want to block any such access from the wireless network. You want to configure Windows Firewall to allow and deny access as described. What should you do?

Enable the Remote Assistance exception only on the private profile.

You are the server and workstation manager for the *westsim.com* domain. You are implementing Windows Server 2012 on a new server. You would like to configure the server to use BitLocker. The servers should start up without requiring a PIN or a USB device during startup. What should you do? (Select two. Each choice is a required part of the solution.)

Enable the TPM. Create two partitions on the hard disk. Put boot files on the first partition, and operating system files and data on the second partition.

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server 2012 for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers. You want to be able to check each server's log for the events. What should you do? (Choose two. Each choice is a required part of the solution.)

Enable the logging of Logon events. Link the GPO to the Member Servers OU.

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server 2012 for domain controllers and members servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. You are creating a security template that you plan to import into a GPO. You want to log all domain user accounts that connect to the member servers. You want to be able to check each server's log for the events. What should you do? (Choose two. Each choice is a required part of the solution.)

Enable the logging of Logon events. Link the GPO to the Member Servers OU.

You are the security administrator for your organization. Your multiple domain Active Directory forest uses Windows Server 2012 for domain controllers and members servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. Computer accounts for workstations are located in the Workstations OU. You are creating a security template that you plan to import into a GPO. You would like to log whenever a user is unable to log on to any computer using a domain user account. What should you do? (Select two. Each choice is a required part of the solution.)

Enable the logging of failed Account Logon events. Link the GPO to the Domain Controllers OU.

You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at sites 2 and 3 report slow login and slow access to the corporate database. Users at site 1 can log in and access the corporate database with acceptable performance. You want to improve login and resource access performance for users in sites 2 and 3. What should you do? (Choose two. Each option is a complete solution.)

Enable universal group membership caching at sites 2 and 3. Configure the domain controllers at sites 2 and 3 as global catalog servers.

Which of the following is not a valid example of steganography?

Encrypting a data file with an encryption key.

You manage a firewall that connects your private network to the Internet. You would like to see a record of every packet that has been rejected by the firewall in the past month. Which tool should you use?

Event log

If you have corrected a DNS server problem, such as renamed a system or changed its IP address, but your local system still attempts to connect to the old system, what can you do to obtain the new information from the DNS server quickly?

Execute ipconfig /flushdns.

What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access.

_________ _________ include coordinating people and other resources to carry out the various plans of the project or phase.

Executing processes

Which of the following is not used to oversee and/or improve the security performance of employees?

Exit interviews

You currently manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The virtual machine uses a single fixed disk of 40 GB saved in the vdisk1.vhd file. The virtual machine is running out of free disk space. The virtual machine currently uses about 39.5 GB of the available disk space. You need to add more disk space to the virtual machine. What should you do?

Expand the vdisk1.vhd disk.

What is the primary benefit of CCTV?

Expands the area visible by security guards

You are the network administrator for Corpnet.com. You have two servers running Windows Server 2012, named HV1 and HV2. Both servers have the Hyper-V Role installed. HV1 has an Intel processor and HV2 has an AMD processor. HV2 hosts a virtual machine named VM1. You build another server named HV3 and install the Hyper-V role. HV3 has an Intel processor. You need to move VM1 from HV2 to HV3 with the least amount of downtime. What should you do?

Export VM1 on HV2 and then import it on HV3.

The Srv1 server runs Hyper-V and has several virtual servers installed. You would like to copy the VM4 virtual machine and create two new virtual machines running on Srv1. You are using the Hyper-V Manager console and want to complete the task with as little effort as possible. What should you do?

Export VM4 to the C:\Export folder. Copy the C:\Export folder to C:\Export2. Import the configuration using C:\Explort\VM4 as the path. Import the configuration again using C:\Export2\VM4 as the path.

You have two computers that run Windows 7 Professional: Comp1 and Comp2. Both computers are members of a domain. You have a domain user account named EFS-Recovery. You use the user account to recover some files on Comp1. You need to recover some files on Comp2, but are unsuccessful. What should you do?

Export the recovery agent keys from Comp1 and import them to Comp2.

You have two computers that run Windows 8: Comp1 and Comp2. Both computers are members of a domain. You have a domain user account named EFS-Recovery. You use the user account to recover some files on Comp1. You need to recover some files on Comp2, but are unsuccessful. What should you do?

Export the recovery agent keys from Comp1 and import them to Comp2.

Your organization runs a Hyper-V hypervisor on Windows Server 2012 that hosts several Windows Server 2012 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. You have completed all of the preparatory steps and are now ready to clone the source virtual machine. Which PowerShell cmdlets must you use to do this? (Select three. Each response is a part of the complete solution.)

Export-VM Import-VM Rename-VM

Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?

Extranet

You have just signed up for a broadband home Internet service that uses coaxial cable. Which connector type will you most likely use?

F-type

For GPP editing states, which key do you use to toggle Enable Current?

F6

Review the IPv6 addressing scheme used in the network shown in the following figure. Click on the IPv6 address that has been configured incorrectly.

FD01:0001:0002:0001::20/64

Consider the following Ipv6 address: FE80:0000:0000:0055:0000:0000:000A:AB00 Which of the following are valid shortened forms of this address? (Select two)

FE80:0000:0000:0055::000A:AB00 FE80::55::0000:0000:A:AB00

Match the IPv6 prefix on the left with its description.

FE80::/10 FF00::/8 FC00::/7

You are working on a workstation with the following MAC address: 10-01-64-AB-78-96 Which of the following will be the link-local address using the modified EUI-64 format?

FE80::1201:64FF:FEAB:7896

Which of the following IPv6 addresses is used by a host to contact a DHCP server?

FF02::1:2

Which of the following is likely to be located in a DMZ?

FTP server.

Match the following protocols with their port numbers:

FTP » 5 : port 21 News » 6 : port 144 Telnet » 2 : port 23 TFTP » 1 : port 69 DNS » 8 : port 53 POP3 » 4 : port 110 UDP » 7 : port 17 TCP » 3 : port 6

You are moving a client to a new location within an Ethernet network. Previous to the move, the client system did not have difficulty accessing the network. During the relocation, you attach a patch cable from the client system to the wall jack and from the patch panel to the switch. Once connected you do not get a link light on the network card or the switch. You swap out the cable running between the patch panel and the switch with a known working one but you can still not connect. Which of the following might you suspect as the problem?

Failed patch cable between the client system and the wall jack.

You have just connected four new computer systems to an Ethernet switch using spare patch cables. After the installation only three systems are able to access the network. You verify all client settings and replace the network card in the failed system. The client is still unable to access the network. Which of the following might you suspect as the real cause of the problem?

Failed patch cable.

A dependency or relationship deals with the hiring or new staff members for your project, and developing a relationship with these new team members

False

Each Ethernet frame contains a 14-byte header, which includes a destination address, and source address - having no additional fields.

False

Functionality tells the project manager who on his/her team has been the most functional and productive for that particular day

False

Given information sensitivity, a documented backup strategy is for IT Administrator eyes only. No other IT staff member has a need to know.

False

It is much more expensive to make major changes to a project during the early phases of the project

False

Projects do not have to have one primary customer. They can service many customers are the same time.

False

Resource leveling is a technique used by project managers to delegate resources out to the team

False

Scope validation involves the informal acceptance of the incomplete project deliverables

False

Servers will not become more fault-tolerant by supplying them with redundant components.

False

TCP/IP's roots lie with the University of Chicago, which developed TCP/IP for advanced research.

False

Vulnerability scans are usually performed from outside the security perimeter.

False

When a network must handle high volumes of network traffic, users benefit from a performance management technique known as Traffic Controlling.

False

You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is not detected by the NIDS device?

False negative

You have configured a NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?

False positive

Upon conducting a visual inspection of the server room, you see that a switch displays LED collision lights that are continually lit. You check the LED on the corresponding workstation and see that it is flashing rapidly even though it is not sending or receiving network traffic at that time. What is the cause of the network collisions?

Fault network card.

Which network type uses light pulses to transmit data?

Fiber optic

You manage a small network with two buildings, 1,000 meters apart. You want to connect the two buildings together with a switch. You are concerned about electromagnetic interference on the cable connecting the two buildings. What should you include in your plan? (Select two.)

Fiber optic cables with LC connectors. 1000BaseLX Ethernet.

You want to implement a network medium that is not susceptible to EMI. What type of cabling should you use?

Fiber-optic cable

What is the primary tool in Windows Server 2012 to take control of the shares on all your disks on all your servers and exercise granular control over their properties?

File and Storage Services in Server Manager

You are the server administrator for your network. Recently, the system time on several servers has been modified. You want to find out who has been making the change. You enable *Audit Security State Change* audit policy. After several days, you decide to check to see if any events have been logged. You want to view only those events that related to auditing that might indicate someone had changed the system time. What should you do? (Select two. Each choice is a required part of the solution.)

Filter to look for successful audit events. Look in the Security log.

Click the View Lab button and use the tracert command from the IT Administrator workstation (named ITAdmin) to answer the following question. From the IP addresses listed on the left, drag the addresses of the routers in the path between ITAdmin and a computer on the internet which has an IP address of 38.78.213.28. Make sure each address is listed in order from top to bottom, and use only the addresses that are necessary to identify the routers in the path.

First hop 192.168.0.5 Second hop 198.28.56.108 Third hop 12.34.58.32 Fourth hop 163.39.174.88

What does a switch do when a frame is received on an interface and the destination hardware address is unknown or not in the filter table?

Floods the network with the frame looking for the device

What prevents a sending host on one side of the connection from overflowing the buffers in the receiving host?

Flow control

Local GPOs contain fewer options than domain GPOs. Local GPOs do not support ______.

Folder redirection or Group Policy software installation.

You need to add a new replication target for an existing DFS folder, which currently contains several terabytes of data. To speed up initial replication to the new target, you decide to clone the DFS database. You plan do the following to accomplish this: • Install the DFS Replication role on both servers (source and target). • Verify the folder to be replicated on the source server is in the *Initial Sync* state. • Export the DFS Replication database from the source server using the *Export-DfsrDB* cmdlet. • Preseed the files to be replicated by manually copying them from the source server to the target server using Windows Server Backup. • Import the database on the target server using the *Import-DfsrClone* cmdlet. • Add the destination server to the replication group using the *Add-DfsrMember* and *Add-DfsrConnection* cmdlets. Which problems exist in this deployment plan? (Select two.)

Folders to be replicated on the source server must be in the *Normal* state. The DFS Replication database must be exported using the *Export-DfsrClone* cmdlet.

You have two switches that have not yet been connected. TVP configuration information for each switch is shown below. A#show vtp status VTP Version : 2 Configuration Revision : 5 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CCNA VTP Pruning Mode : Enabled B#show vtp status VTP Version : 2 Configuration Revision : 7 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : Cisco VTP Pruning Mode : Enabled Switch A has been configured with VLANs 2, 3, and 4 in addition to the default VLANs. Switch B has VLANs 4, 5, and 6. You connect the two switches using the Gi0/1 port on both switches. You notice that VLAN traffic from VLAN 4 is not passing between the switches. What should you do to enable VLAN traffic between the two switches? (Select two. Each choice is a complete solution.)

For Gi0/1 on both switches, set the switchport mode to trunk. On switch B, change the domain name to CCNA.

You have decided to implement Network Access Protection (NAP) on your network. You want to impose the following restrictions: • Computers without antivirus software should not be allowed to connect. • Computers without the latest security updates should not be allowed to connect. • No other health checks should be performed. You create two health policies and two network policies: one each for compliant computers, and one each for non-compliant computers. Only computers that pass all health checks should be allowed to connect to the unrestricted network. You are configuring the network policy for the non-compliant computers. Which of the following will be part of the network policy configuration? (Select three.)

For authentication, choose *Perform machine health check only*. Identify remediation server groups that can be used. For NAP enforcement, select *Allow limited access*.

You company has offices in Denver, Atlanta, and Phoenix. All sites are connected using wide area network (WAN) connections. All servers, including domain controllers, run Windows Server 2012 and are domain members. The company's research department is located in Phoenix and has its own Active Directory domain named *research.corp.westsim.com*. All other departments are located in Denver or Atlanta, and are part of the *corp.westsim.com* domain. You are creating the DNS zones. All DNS servers are also domain controllers. You will use Active Directory integrated zones for both zones. As part of your security plan, you must prevent zone data from being transferred to rogue DNS servers that might seek zone transfers from valid DNS servers. You must also prevent eavesdropping of any DNS data replicated between DNS servers. What should you do?

For both zones, disable the *Allow zone transfers* option.

You manage three Windows Server 2012 servers that run server core. Because you prefer to view events inside of Event Viewer, you would like to configure event subscriptions so that you can view all events from those servers to another server with a graphical interface.You want to configure the subscription properties from only the collector server, and you want events from the source servers to be sent to the collector server with a delay of up to 15 minutes. How should you configure the subscription properties on the collector server? (Select two. Each choice is a required part of the solution.)

For the subscription type, select *Collector initiated*. For event delivery optimization, choose *Normal*.

You have a computer on your workbench without an operating system. You would like to install Windows 7 Enterprise 32-bit edition on the computer. The computer has the following hardware specifications: Hard drive with 12 GB of free space. 1 GB of RAM, one additional socket available. One Pentium 2.8 GHz processor, one additional socket available. Video card with 128 MB of memory. You need to change the hardware so that you can install Windows 7 Enterprise. What should you do?

Free up some space on the hard drive.

You have a laptop running Windows 7 Enterprise. The laptop is used both in a public network and private (work) network. The work network contains FTP servers which hold sensitive data. To protect the data, you need to ensure that the computer can connect to FTP servers only while it is connected to the private (work) network. What should you do?

From Windows Firewall with Advanced Security, create a new rule.

For security reasons, you want to prevent the Toronto router from sharing any information about itself with neighboring devices. What should you do?

From global configuration mode on Toronto, type no cdp run.

You are the administrator of a large network for EastSim, Co. In the Washington DC location, users are complaining that one server's performance is exceptionally slow. You have checked the error logs and have found no cause for concern although resource utilization is much higher than the baseline. You suspect there may be some kind of Denial of Service attack against the computer. You would like to be able to monitor inbound and outbound traffic on that computer and perhaps capture several frames to analyze the contents. What should you do?

From the affected machine, run Network Monitor.

You have a laptop computer that runs Windows 8 Enterprise. The computer is a member of a domain. You want to use DirectAccess to access application servers on your corporate intranet. Application servers run Windows Server 2003 and Windows Server 2008. You want to configure a single access method for all servers and clients. Which connection method should you use?

Full enterprise network access (end-to-edge).

Which of the following is correct? Full-duplex Ethernet uses one pair of wires. Full-duplex Ethernet uses to pairs of wires. Half-duplex Ethernet uses two pairs of wires Full-duplex Ethernet uses three pairs of wires.

Full-duplex Ethernet uses to pairs of wires.

The employees using your network have complained about slow data transfers. You have decided to upgrade to full-duplex Ethernet. What requirements do you have to meet to run it? (Select two.)

Full-duplex NICs. Network media that can provide 10 or 100 Mbps data transport between nodes.

Which of the following will enter random data to the inputs of an application?

Fuzzing

What is the purpose of the dxdiag tool?

Gather information about your computer and to diagnose issues with your computer.

You have a computer that runs Windows 7. You would like to configure Windows update to download updates that Microsoft suggests, but does not mark as important. You would like to ensure that updates are installed on the computer without the intervention of an Administrative user. Select the settings that you should enable on the computer.

Give me recommended updates the same way I receive important updates. Allow all users to install updates on this computer.

Which type of IPv6 address is unique throughout the IPv6 universe?

Global

You need to design an IPv6 addressing scheme for your network. The following are key requirements for your design: Infrastructure hosts, such as routers and servers, will be assigned static interface IDs while workstations, notebooks, tablets, and phones will be assigned interface IDs dynamically. Internet access must be available to all hosts through an ISP. Site-to-site WAN connections will be created using leased lines. Which type of IPv6 addressing is most appropriate for hosts in this network?

Global Unicast Addressing

You manage a Windows Server 2012 server that stores a user data files. You have previously configured several scheduled backups in Windows Server Backup. A user comes to you wanting a file restored from a recent backup. You check your backup media and find that you have a DVD from today. You also have a hard disk with a backup taken last night, but that disk is stored in an offsite location. You need to restore the file as soon as possibly with the least amount of disruption to other users. What should you do?

Go get the hard disk with last night's backup. Run the Recovery Wizard using the backup on the disk.

You are the network administrator for *southsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 8. The current password policy requires complex passwords of at least 8 characters. These passwords expire every 90 days. *southsim.com* has obtained a contract with the United States Government. The contract requires that all engineers that work on the project have complex passwords with at least 14 characters that expire every 30 days. Management does not wish to change the password requirements for users who are not working on the new project. You need to ensure that the password requirements for the engineers working on the new project are enforced without affecting other users. What should you do?

Go to *System \Password Settings Container* in the Active Directory Administrative Center to create a new fine-grained password policy.

You have a computer that runs Windows 7. The computer is a member of a domain. Windows Update settings are controlled through Group Policy. You need to determine if a specific security update from Windows Update is installed on the computer. What should you do?

Go to Programs and Features in the Control Panel.

Your organization uses the following tape rotation strategy for its backup tapes: 1. The first set of tapes is used for daily backups. 2. At the end of each week, the latest daily backup tape is promoted to be the weekly backup tape. 3. At the end of each month, one of the weekly backup tapes is promoted to be the monthly backup tape. What kind of backup tape rotation strategy is being used?

Grandfather

You manage Certificate Services for the *westsim.com* domain. You have a single CA installed as an enterprise root CA that runs Windows Server 2012. You duplicate the Basic EFS certificate template and configure the CA to issue the certificate. You want to allow one of your assistants to manage certificates used for EFS. Your assistant needs to be able to edit the certificate template and modify all settings except for the permissions. You want to grant sufficient permissions to allow her to do this without granting too many permissions. What should you do?

Grant Read and Write permissions to the certificate template.

Your company has just purchased 120 licenses for an application that will be used by all company users. You must test and deploy the application as simply as possible. You decide to use a Group Policy object (GPO) to deploy the new application using the Windows Installer functionality. You create a software distribution point named *Apps* on the Server1. You then create a Group Policy object and edit the software installation properties under the User Configuration node. You configure the following properties: • Default package location: *\\Server1\Apps\* • When adding new packages to user settings: *Display the Deploy Software dialog box* • Installation user interface options: *Maximum* • Uninstall the applications when they fall out of the scope of management: *Enabled* You create a software distribution package based on the above settings that assigns the appropriate Windows Installer package. However, when you test the package, Windows Installer never executes and installs the package. You need to find out why and make the appropriate changes. What should you do?

Grant the Read and Execute permission to all users who will use the software distribution point.

Which of the following are advantages of using fiber optic cabling for a network, as opposed to other types of cabling? (Select two.) Greater cable distances without a repeater. Faster installation. More flexible cabling. Lower installation cost. Immunity to electromagnetic interference.

Greater cable distances without a repeater. Immunity to electromagnetic interference.

What is an Active Directory object stored in the Group Policy Objects container with the domain naming content of the directory that defines basic attributes of the GPO but does not contain any of the settings?

Group Policy Container (GPC)

You manage a Windows domain in a dynamic network environment that requires frequent changes to your Group Policy settings. You need to configure your domain hosts so that you can immediately refresh Group Policy settings without waiting for computers to reboot or for users to log off and log back on. Click the starter GPO you would deploy in the domain to automate the configuration process.

Group Policy Remote Update Firewall Ports

As a result of a recent security audit, you have made several critical changes to your domain's security configuration in Group Policy. You need these changes to be applied immediately. You've right-clicked the Workstations OU in the Group Policy Management console. Click the option you should use to refresh the Group Policy settings on all of the workstations in this OU.

Group Policy Update

Software Restriction policies and AppLocker are configured through __________.

Group policies

How do groups differ from OUs?

Groups are security principals, meaning you assign access permissions to a resource based on membership in a group. OUs are for organization and for assigning Group Policy settings.

Which account is designed for users that require only temporary access to the computer and is disabled by default?

Guest

Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two.)

Halon CO2

A milestone on a project is a significant event that normally:

Has no duration

Members of the sales team use laptop computers while traveling. All laptops run Windows 8. You have enabled EFS in your domain, and have configured a Group Policy Object (GPO) to enforce encryption of the Documents folder on each of the sales computers. You would like to use certificates stored on smart cards to increase the security of EFS for each laptop computer. You want to require these certificates to be used for EFS on the laptop computers. You add a smart card reader for each laptop and configure smart cards for each sales team member. You configure the GPO to require a smart card for EFS. What else must you do to complete the configuration? (Select two. Each choice is a required part of the solution.)

Have each user run *Rekeywiz* for all existing encrypted files. (Although it says to choose two, only one choice can be made.)

You have a Windows 7 laptop that is shared by three users. The computer is a member of a domain. Each user has been using EFS to encrypt their personal files on the laptop. You would like to add your user account as a recovery agent so you can recover any encrypted file encrypted by any user on the laptop. You would like to store the recovery keys on a smart card. You install a smart card reader and obtain a new smart card with a certificate that can be used for EFS recovery. You add a data recovery agent using Group Policy. What should you do next?

Have each user run *cipher /u*.

You have a Windows 8 Laptop that is shared by three users. The computer is a member of a domain. Each user has been using EFS to encrypt their personal files on the laptop. You would like to add your user account as a recovery agent so you can recovery any encrypted file encrypted by any user on the laptop. You wold like to store the recovery keys on a smart card. You install a smart card reader and obtain a new smart card with a certificate that can be used for EFS recovery. You add a data recovery agent using Group Policy. What should you do next?

Have each user run *cipher /u*.

Which of the following will not improve the quality of a project:

Having a causal attire day in the office

You have decided to implement Network Access Protection (NAP) on your network. You want to impose the following restrictions: • Computers without antivirus software should not be allowed to connect. • Computers without the latest security updates should not be allowed to connect. • No other health checks should be performed. You create two health policies and two network policies: one each for compliant computers, and one each for non-compliant computers. Only computers that pass all health checks should be allowed to connect to the unrestricted network. You perform a check of the configuration and find that a computer with antivirus software, but without the latest security patches is allowed to connect. Another computer that has no antivirus software, but with the required security updates is also allowed to connect. Only computers missing both the antivirus software and the security updates are prevented from connecting. You need to modify the configuration so that any client failing one or more health checks is not allowed to connect. Which NAP component would you modify?

Health Policy

When the ACT shows a steady light, this is an indication that the NIC is experiencing:

Heavy Traffic Volume

Which of the following are true of OSPF configuration to enable two routers to become adjacent? (Select two.)

Hello and dead timer intervals must match on all routers. The area assigned to each network must match.

What conditions must be met for Neighborship establishment?

Hello or ACK received

You have a computer that runs Windows 7. Windows Update is continually notifying you to install an update that you have determined that you should not install on your machine due to incompatibility reasons. You want Windows Update to stop notifying you of this update. What should you do?

Hide the update.

Which of the following are characteristics of a rootkit? (Select two.)

Hides itself from detection. Requires administrator-level privileges for installation.

When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?

Hijacking

You are working on a Windows 7 system that continuously fails once you logon to the system. You suspect that a startup application is causing the issue. What can you do to successfully logon to the system

Hold on the Shift key while logging on to the system

Which of the following methods of preventing routing loops prevents routing table changes from taking place too quickly and prevents downed links from being added back into the routing table?

Hold-downs

As a security precaution, you have implemented an IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of encrypted traffic to prevent any malicious attacks. Which solution should you implement?

Host based IDS

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?

Host based firewall.

Which of the following hardware devices regenerates a signal out all connected ports without examining the frame or packet content?

Hub

Correctly identify the type of routing protocols required for the following protocols: EIGRP <==> ______ IGRP <==> ______ RIP <==> ______ OSPF <==> ______

Hybrid or Advanced Distance vector Distance vector Distance vector Link state

What is the primary graphical tool for creating and managing virtual machines?

Hyper-V Manager

What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?

IDS

Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?

IDS

Which of the following are security devices that perform stateful inspection of packet data, looking for patterns that indicate malicious code? (Select two.)

IDS IPS

Which of the following devices can monitor a network and detect potential security attacks?

IDS.

You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?

IP address.

If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?

IP-HTTPS

Which of the following methods would be the best protection against Denial of Service (DoS) attack?

IPS

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use?

IPS

Which of the following devices is capable of detecting and responding to security threats?

IPS.

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use?

IPS.

What protocol does DirectAccess use to encrypt network communications?

IPSec

Which of the following is the best countermeasure against man-in-the-middle attacks?

IPSec

Which of the following is the best countermeasure against man-in-the-middle attacks?

IPSec.

Which of the following organizations is responsible for regulating the use of radio frequencies? (Select two.)

ITU-R FCC

A router periodically goes offline. Once it goes offline, you find that a simple reboot puts the router back online. After doing some research you find that the most likely cause of the problem is a bug in the router software. A new patch is available from the manufacturer that is supposed to eliminate the problem. What should you do next?

Identify possible effects of the solution.

A user reports that he can't connect to a specific Web site. You go to the user's computer and reproduce the problem. What should you do next?

Identify the affected areas of the network.

Which of the following tests can be performed by a TDR? (Select two.)

Identify the location of a fault on a cable. Measure the length of a cable.

A user is unable to connect to the network. You investigate the problem and determine that the network adapter is defective. You replace the network adapter and verify that it works. What should you do next?

Identify the results and effects of the solution.

To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where should it be submitted?

Identifying data and a certification request to the registration authority (CA).

Which of the following is not a form of social engineering?

Impersonating a user by logging on with stolen credentials.

You manage the *northsim.com* domain. Your company produces components that are used in military and government products. For an upcoming project, your company will be working with the Widgets Incorporated company. They have a single Active Directory domain named *widgets.com*. You would like documents for the project to be available and managed through Active Directory Rights Management Services (AD RMS). What should you do? (Select two. Each choice is a required part of the solution.)

Implement AD RMS together with Active Directory Federation Services (AD FS). Configure the AD RMS cluster address to use SSL.

You are the manager for the *westsim.com* domain. Your company has just started a collaborative effort with a partner company. Their network has a single domain named *eastsim.com*. Users in your domain must be able to run an application located in the *eastsim.com* domain. The application must authenticate users, and then control access within the application. You want to implement a single sign-on solution so that users do not need to have different user credentials or supply those credentials multiple times. You need to configure this solution without allowing too many permissions. What should you do?

Implement Active Directory Federation Services (AD FS).

You are the server manager for the *westsim.com* domain. Your company is opening a branch office in a neighboring city. Because the branch office will have only a few users, you will install a single server in the branch office and configure it with a Server Core installation. The server will provide Active Directory Domain Services ( AD DS) and file and print services. You are concerned about the security of the server in the branch office. Specifically, you want to meet the following requirements: ● If the hard disk is removed from the server, none of the Active Directory or user files should be readable. ● When the server boots, a PIN must be manually entered at the server console for the boot process to complete. You will designate two people in the branch office who know this PIN. ● If the PIN is not supplied, the server should not boot. You need to implement a solution to meet the stated requirements. What should you do?

Implement BitLocker with a TPM.

You have a server that runs Windows Server 2012. The server is a member of the domain. You would like to protect the data on your server to meet the following requirements: ● All operating system and user data should be encrypted. ● All user data should be inaccessible (unreadable) if the hard disk is removed and connected to a different computer. ● The computer should not boot unless a special key is found. ● The computer should not boot if a change is detected in the boot files. You need to implement a solution to meet the stated requirements. What should you do?

Implement BitLocker with a TPM.

You are the server manager for the *westsim.com* domain. You need to install 15 new servers, all running Windows Server 2012. You want to use BitLocker on all new servers. Your implementation should meet the following requirements: ● Servers should start up automatically without user intervention. ● To meet security requirements, USB support must be disabled on each server. ● You want to automatically generate recovery keys and store those keys in a central location. You need to implement a solution to meet the stated requirements. What should you do? (Select two. Each choice is a required part of the solution.)

Implement BitLocker with a TPM. Configure Group Policy to store recovery keys in Active Directory.

You have a laptop that runs Windows 8. The computer is a member of a domain. You want to use BitLocker on the laptop. Your implementation should meet the following requirements: ● The computer should start up automatically without user intervention. ● To meet security requirements, USB support must be disabled on the laptop. ● You want to automatically generate recovery keys and store those keys in a central location.. You need to implement a solution to meet the stated requirements. What should you do? (Select two. Each choice is a required part of the solution.)

Implement BitLocker with a TPM. Configure Group Policy to store recovery keys in Active Directory.

You are the network administrator for *northsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 and all the clients run Windows 8. The company has offices throughout the United States, as well as international locations. You have two servers named HV2 and HV2 that are located in the New York office. Both servers have the Hyper-V role installed. Both servers have quad core processors and 16 GB of RAM. Hv1 hosts two virutal machines named APP1 and APP2: APP1 hosts an application used heavily by users in New York. APP2 hosts an application used heavily by users in London. During the day you observe poor performance on APP1 due to a shortage of memory. During the evening, APP1 performs fine. However, APP2 experiences poor performance during peak business hours in London due to a shortage of memory. There are no empty slots to add memory to the sever, and management reports that they will not have money in the budget to upgrade HV1 for at least 6 months. You need to improve performance for APP1 and APP2. using the least amount of administrative effort. What should you do?

Implement Dynamic Memory in the properties of APP1 and APP2.

Several employees in your company have personal laptop computers that they bring to work and connect to the company network. Because they often use these laptops while traveling or to help them do their jobs, you can't prevent them from connecting to the network. However, you are concerned that many of these computers don't have the latest security patches installed. You want to implement a solution so that computers are checked for the latest security updates as they connect to the network. If the required updates are missing, you want to prevent these computers from having full access to the private network. What should you do?

Implement Network Access Protection (NAP) with a quarantine network.

You are the network administrator for Corpnet.com. The company has implemented Active Directory Rights Management Services (AD RMS). A vendor named Partner.com has also implemented AD RMS. Company policy prohibits creating a federated trust with external companies. You need to allow users who have obtained rights account certificates from the partner.com AD RMS cluster to consume content protected by the Corpnet.com AD RMS cluster. What should you do?

Implement a Trusted User Domain.

You manage a single domain named *widgets.com*. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do?

Implement a granular password policy for the users in the Directors OU.

You have a computer running Windows 7 Enterprise. A custom application works great on previous versions of Windows; however, it does not execute correctly on the Windows 7 computer. In an attempt to fix the problem, you tried to run the application in compatibility mode. When this didn't work, you temporarily disabled UAC, but this didn't fix the problem. You must get the application to work correctly on this computer. What should you do next?

Implement a shim from the Compatibility Administrator.

As you are helping a user with a computer problem you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Require complex passwords that include numbers and symbols Account lockout clipping level = 3 Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down?

Implement end-user training

What is the simplest way to deploy a security template on several computers simultaneously?

Importing the security template into a GPO

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. The main office contains a server named RRAS1, that has been configured to provide DirectAccess connectivity for clients. A group named *DirectAccess Clients* has been enabled for DirectAccess. Users complain that they are unable to connect to the internal network using DirectAccess. You need to ensure that the users can connect to RRAS1 using DirectAccess. What should you do?

In Active Directory Users and Computers, add the computer accounts of the users' computers to the *DirectAccess Clients* group.

You have a Windows 7 computer. You install a new internal sound card in the computer. After rebooting, you install the driver, but the device doesn't appear to be working. You need to view information for the device and perform troubleshooting steps. What should you do?

In Computer Management, go to Device Manager.

Your company's internal namespace is *westsim.local*. This domain has two additional child domains named *support.westsim.local* and *research.westsim.local*. Due to security concerns, your company's internal network is not connected to the Internet. Following are the DNS servers that you manage for your company: • Dns1, authoritative for *.* and *westsim.local*, IP address = 192.168.1.1. • Dns2, authoritative for *support.westsim.local*, IP address = 192.168.2.1. • Dns3, authoritative for *research.westsim.local*, IP address = 192.168.3.1. All internal DNS domains are Active Directory-integrated domains. You have configured Dns1 with appropriate delegation records for the child zones. You need to configure root hints for Dns2 and Dns3. What should you do?

In DNS Manager, edit the properties for Dns2, and Dns3. On the Root Hints tab, remove all entries, then add an entry for Dns1.

You are working on a computer running Windows 7. You try to listen to Audio Cds, but no audio is coming from the speakers. After checking the speaker cables, the volume level, and the mute feature, you check Device Manager and see the dialog shown in the image. What should you do?

In Device Manager, enable the Soundmax Integrated Digital HD Audio Driver device.

You have a laptop that runs Windows 7. The laptop has a built-in Ethernet and wireless network card. The wireless card stops working. You use the PCMCIA slot to add a wireless card to your laptop. After installing the wireless card, the adapter does not show in the list of available network adapters in the Network and Sharing Center. What should you do to troubleshoot the problem?

In Device Manager, right-click the wireless device and choose Properties. Examine the device configuration.

Your audio card in your Windows system is working, but you learn about an updated driver that adds some new features to the device. You download and install the new driver. After you restart and log on to Windows, you can no longer play audio files. Using a minimum of administrative tasks, you need to find a solution to be able to play audio. What should you do?

In Device Manager, roll back the driver.

You have a new laptop computer running Windows 7 Professional. You need to connect your computer to a wired network at work and a wireless network at home. While connected to your work network, you set the default printer. You want to configure a different default printer to use when connected to your home network. What should you do?

In Devices and Printers, click Manage default printers.

You have a Windows 7 Ultimate computer that is shared by multiple users. The default printer on your computer is a Sharp AL-2040. When you send a print job to the default printer, nothing happens. Other users who also use the same printer are not experiencing any problems. What should you do?

In Devices and Printers, right-click the Sharp AL-2040 icon and select Troubleshoot.

You use a Windows computer that is shared by multiple users. The default printer on the computer is a Sharp Al-2040. When you send print job to the default printer, nothing happens. The other users can send jobs to the same printer without experiencing any problems. What should you do?

In Devices and Printers, right-click the Sharp Al-2040 icon and select *Troubleshoot*.

You manage a Windows 7 computer. The computer has a printer shared with the name of Printer1. You need to modify the permissions that apply to the shared printer for network users. What should you do?

In Devices and Printers, right-click the printer and select Printer properties. Edit the Security settings.

You have a file server that has the File Server Resource Manager role service installed. The E:\ drive will be used for storing files for the graphic artists. The E:\Graphics folder will hold all shared graphic files used by all artists. The E:\Users folder will contain subfolders for user home directories, with one subfolder for each user. You want to limit the amount of space in each user home folder to 50 MB. The E:\Graphics folder should not have a limit. Your solution should minimize administration of the quotas for both new and existing user home directories. What should you do?

In File Server Resource Manager, create a quota template with a hard limit of 50 MB. Create a quota on the E:\Users folder, auto applying the new quota template to the new quota.

You have configured FSRM quotas for multiple directories on the H: drive of a file server. Currently each quota has been created using the same quota template. All quotas have a limit of 100 MB with a notification threshold set for 85%. When the notification threshold is reached, you would like to receive an e-mail report showing any duplicate files in the directory, along with a listing of files by owner. What should you do?

In File Server Resource Manager, edit the properties of the quota template.

You manage the network for the *eastsim.com* domain. You have three domain controllers, all running Windows Server 2012 R2. You have created several Group Policy objects (GPOs) for your domain and various OUs. You have also enabled the Administrative Templates central store. You want to take a backup of GPO and starter GPOs. You want to perform as few backups as possible, and the backup should contain these items and as little else as possible. What should you do?

In Group Policy Management, back up all GPOs. Back up all starter GPOs separately.

You are the administrator of the *westsim.com* Active Directory domain. You delegate administration of the Sales OU and Research OU to other administrators. You want to prevent the administrators of those OUs from creating any other Group Policy objects with settings that conflict with those you have configured for the domain. What should you do?

In Group Policy objects linked to the *westsim.com* domain, set the *Enforced* option.

You want to allow Research users to connect to the private network through a VPN connection. Users will connect to the Internet while on the road, then connect through a VPN server to the private network. All users will use laptops that run Windows 7 or Windows 8. You configure a Windows Server 2012 server as a router and configure it to accept VPN connections. During a random check one day, you notice that some connections are using PPTP while others are using L2TP. You want to force all connections to use L2TP. What should you do?

In Routing and Remote Access, edit the Ports node. Disable remote access and demand-dial routing connections for PPTP.

You are adding a new Internet connection to connect your private network to the Internet. A server running Windows Server 2012 with Routing and Remote Access and NAT connects the private network to the Internet. The ISP currently hosts your Web server, but you want to move that server into your private network. You want all Web traffic sent to 135.74.16.86 to be redirected to the server on your private network with address 10.1.1.3. What should you do?

In Routing and Remote Access, edit the properties of the public network interface running the NAT protocol. Redirect HTTP to 10.1.1.3.

You want to provide remote access using a VPN server to users in your company so that they can work from home. Users will connect to the remote access server using a VPN connection over the Internet in order to access all resources on the company network. You install Windows 2012 on a new server (Remote1) and configure it for remote access. You configure the network policies to allow connections between 7am and 8pm. The next day, you get a call from one of the users reporting that she can connect to the remote access server, but can't access any resources on the company network. You ask her to ping a server on the private network using its IP address, but the ping fails. From the remote access server, you can access all resources on the private network. What should you do?

In Routing and Remote Access, enable LAN routing on the server.

You have a computer that runs Windows 7. You want to modify the disk defragmentation schedule to run twice a week on Wednesdays and Saturdays at 11pm. What should you do?

In Scheduled Tasks, modify the default task to run on Wednesdays and Saturdays.

You run a custom application on a Windows Server 2012 server. You want to configure the firewall to allow the application to use a specific port, but restrict access to only Wrk1 and Wrk2. You want to make the change using the least amount of effort possible. What should you do?

In Windows Firewall with Advanced Security, add an inbound rule. Require only secure connections for the rule, and add the computers to the list of authorized computers.

You run a custom application on a Windows Server 2012 server. You want to configure the firewall to allow the application to use a specific port, but restrict access to specific users. You want to make the change using the least amount of effort possible. What should you do?

In Windows Firewall with Advanced Security, add an inbound rule. Require only secure connections for the rule, and add the users to the list of authorized users.

You have a computer running Windows 7 Professional. The computer is a member of a domain. The computer is used by several different users belonging to different groups. You have a custom application on the computer. You want to configure the firewall as follows: Allow a specific port used by the application. Open the port only for members of the Sales group. You want to make the change using the least amount of effort possible. What should you do?

In Windows Firewall with Advanced Security, add an outbound rule. Require only secure connections for the rule, and add the Sales group to the list of authorized groups.

You manage a laptop computer that runs Windows 7. As part of your security auditing strategy, you would like the system to record packets that have been dropped by firewall rules on your computer. You want to record only the packets dropped on public interfaces. You do not want to record information about allowed packets. What should you do?

In Windows Firewall with Advanced Security, configure logging for the public profile.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 8. There is one main office located in New York. *westsim..com* often hosts business meetings in the main office which business partners and contractors attend. During these meetings, personal laptops belonging to the contractors, partners, and some employees are connected to the company network. A server named FS1 located in the main site hosts information related to confidential research. Management is concerned about the security of FS1, and only when logged on with a valid user account in the *westsim.com* domain. You must provide the highest level of security possible to the data located on the FS1 to protect it from being compromised by unknown resources connected to the company network. What should you do?

In Windows Firewall with Advanced Security, create a new *Isolation* Connection Security Rule and *Require authentication for inbound and outbound connections*.

You manage a network with a single domain. Organizational Units (OUs) have been created for each department. User and computer accounts for each department have been placed in their corresponding OU. The network has three locations: Portland, Denver, and Phoenix. The Denver location is connected to Portland with a 1 Mbps WAN link. The Phoenix location is connected to Portland with a 256 Kbps WAN link. You want to implement a software installation policy to install an application for all members of the Accounting team. The application should be added to the Add/Remove Programs list, and should be installed only when a user manually adds it. The application should not be installed across the WAN links to the Denver and Phoenix locations. What should you do? (Select two. Each choice is a required part of the solution.)

In a GPO linked to the Accounting OU, publish the software to users. Enable the *Group Policy slow link detection* policy and configure it with a value of *1024*.

You manage a network with a single domain. Organizational Units (OUs) have been created for each department. User and computer accounts for each department have been placed in their corresponding OU. The network has three locations: Portland, Denver, and Phoenix. The Denver location is connected to Portland with a 1 Mbps WAN link. The Phoenix location is connected to Portland with a 256 Kbps WAN link. You want to implement a software installation policy to install an application on all computers in the Sales department. The application should be installed automatically, and should be on the computer regardless of which user is logged on. The application should be installed, even across slow WAN links. User profiles should not be applied across slow links. What should you do? (Select two. Each choice is a required part of the solution.)

In a GPO linked to the Sales OU, assign the software to computers. Enable the *Software Installation policy processing* policy and select *Allow processing across a slow network connection*.

You manage a computer running Windows 7 and shared by multiple users. Recently, users have downloaded and installed two malware programs onto the computer. After download, the applications are installed by running programs with a .msi extension. The files are not digitally signed. You want to prevent all users from installing these applications, regardless of how they have obtained the files. What should you do?

In application control policies, create a Windows Installer rule with a file hash condition.

You manage a computer that runs Windows 7. You want to prevent users from running any file with a .bat or .vbs extension unless the file is digitally signed by your organization. What should you do?

In application control policies, create a script rule with a publisher condition.

You manage a computer that runs Windows 7. You want to find out who has been running a specific game on your computer. You do not want to prevent users from running the program, but instead want to log information when the file runs. The application is not digitally signed. What should you do?

In application control policies, create an executable rule with a path condition that identifies the file. For executable rules, configure "Audit only".

You manage the intranet servers for EastSim Corporation. The company network has three domains: *eastsim.com*, *asiapac.eastsim.com*, and *emea.eastsim.com*. The main company Web site runs on the *web1.eastsim.com* server with a public IP address of 101.12.155.99. A host record for the server already exists in the *eastsim.com* zone. You want Internet users to be able to use the URL http://eastsim.com to reach the Web site. What should you do?

In the *eastsim.com* domain, create a CNAME record with a blank name pointing to server *web1.eastsim.com*.

You manage the intranet servers for EastSim Corporation. the company network has three domains: *eastsim.com*, *asiapac.eastsim.com*, * and *emea.eastsim.com*. The main company Web site runs on the *web1.eastsim.com* server with a public IP address of 101.12.155.99. A host record for the server already exists in the *eastsim.com* zone. You want Internet users to be able to use the URL http://eastsim.com to reach the Web site. What should you do?

In the *eastsim.com* domain, create a CNAME record with a blank name pointing to server *web1.eastsim.com*.

Mary is in charge of DNS administration for her network. The private network consists of a single Active Directory domain called *private.westsim.com*. DNS data is stored in a Active Directory-integrated zone. The Sales department has just installed a Web server called *SalesWeb*. This server will host an intranet site for use u the Sales team. They want this server to be accessible by using the URL *sales.westsim.com*. What should Mary do?

In the *westsim.com* domain, create a CNAME record called *sales*. Identify *SalesWeb.private.westsim.com* as the target.

Mary is in charge of DNS administration for her network. The private network consists of a single Active Directory domain called *private.westsim.com*. DNS data is stored in an Active Directory-integrated zone. The Sales department has just installed a Web server called *SalesWeb*. This server will host an intranet site for use by the Sales team. They want this server to be accessible by using the URL *sales.westsim.com*. What should Mary do?

In the *westsim.com* domain, create a CNAME record called *sales*. Identify *SalesWeb.private.westsim.com* as the target.

You are the network administrator for *westsim.com*. *westsim.com* has one main office and 10 branch offices. The network consists of three Active Directory domains: *westsim.com*, *eastsim.com*, and *websales.eastsim.com*. All the domain controllers run Windows Server 2012. Users on the *westsim.com* network often search for other employees based on the postal code attribute but they complain that Active Directory searches take a long time to complete. You believe that you can speed up searches by adding the postal code attribute to the Global Catalog. What should you do?

In the Active Directory Schema snap-in, in the Properties of the Postal Code attribute, select the *Replicate this attribute to the Global Catalog* check box.

You are preparing to install Windows 7 to a new computer. You copy the installation files from a DVD to a USB flash drive, then use bootsect to make the USB drive bootable. Using the RAID controller on the motherboard, you configure three hard disks in a RAID5 array. Using disk tools, you create a single partition that takes up the entire array. You insert the USB drive and boot the computer. The computer boots and shows you the following message: Error loading operating system Reboot and select proper boot device. What should you do?

In the BIOS, modify the boot order to boot from the USB device first.

You are the administrator for the *westsim.com* domain. Organizational units (OUs) have been created for each department. You have created a DFS structure with a single namespace and multiple namespace servers. You create a folder for each department, and specify a minimum of two targets for each folder. You create a replication group for each folder. You would like to delegate the task of managing replication for each folder to different administrators. What should you do?

In the DFS console, delegate management permissions to each replication group.

You manage the DNS servers for the *eastsim.com* domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the *eastsim.com* zone. You have opened a new branch office in Denver. The DNS namespace will use the *denver.eastsim.com* domain for the branch office. You want to configure a server in the Denver location to hold all DNS records for computers in that domain. An administrator in the Denver office will manage the new domain. What should you do?

In the DNS console on DC1, create a zone delegation for *denver.eastsim.com*.

You are a network administrator for your company. Your company's Internet namespace is *westsim.com*. The private network has a single Active Directory domain named *private.westsim.com*. Two Active Directory domain controllers run Windows Server 2012 with the DNS Server role and have Active Directory integrated zones for the *private.westsim.com* zone. A third DNS server located in a remote site runs BIND version 8 and stores a secondary copy of the *private.westsim.com* zone. You want to prevent the possibility that a hacker inside your company network might capture DNS and IP addressing information on your network by installing a rogue secondary DNS server and configuring it to receive zone transfers from the primary *private.westsim.com* zone. What should you do?

In the DNS console, configure the *private.westsim.com* zone to allow zone transfers only to the remote BIND DNS server.

You are the administrator of the *corp.westsim.com* domain. All servers in the domain run Windows Server 2012, and all clients run Windows 7 or Windows 8. The domain has two subdomains: *• acct.corp.westsim.com* *• sales.corp.westsim.com* To improve name resolution, you set up DNS on the *srv3.acct.corp.westsim.com* server. You create a secondary zone on that server pointing to the *sales.corp.westsim.com* zone. What should you do?

In the DNS console, right-click the zone and choose *Reload from Master*.

You are in the process of setting up a new network at a new location. The network uses a single domain named *eastsim.com*. The DC1 server is a domain controller that also provides DNS services. It hosts a primary zone for the *eastsim.com* zone. The network has 150 hosts on three subnets, all of which receive IP addresses from a DHCP server. The dhcp1 server is configured with three scopes, one for each subnet. Because some clients are not capable of dynamic DNS, you decide to configure the DHCP server to update DNS for all clients. In the DHCP snap-in, you edit the properties of the DHCP server and select the *Automatically Update DHCP Information in DNS* option. Shortly after the server is up and running, you discover the DNS server is nto receiving the automatic updates. What should you do?

In the DNS snap-in, enable dynamic DNS on the *eastsim.com* zone.

Members of the sales team use laptop computers while traveling. You have configured EFS for all sales team members and used Group Policy to require that all documents in their My Documents folder is encrypted. You recently learn of an attack that allows hackers to read the contents of the system paging file. You would like to protect the contents of the pagefile with EFS. What should you do?

In the GPO for the sales team computers, enable pagefile encryption.

You are the administrator for the *westsim.com* domain. Organizational units (OUs) have been created for each department. You have created a GPO named AccountingGPO and linked it to the Accounting OU. You want to give John Parker the ability to edit the settings in only that GPO. You want to assign the least amount of permissions as possible. What should you do?

In the Group Policy Management console, add the user to the Delegation tab for the GPO.

You are the administrator for the *westsim.com* domain. Organizational units (OUs) have been created for each department. In Group Policy, you have created a GPO linked to the domain that sets domain-wide settings. Additional GPOs linked to each OU configure department-specific settings. You want to allow user Julia Chow to create GPOs and manage settings in all GPOs. You want to assign the least amount of permissions as possible. What should you do? (Select two. Each choice is a possible solution.)

In the Group Policy Management console, add the user to the Delegation tab on the Group Policy Objects container. Make the user a member of the Group Policy Creator Owners group.

You create the *D:\drivers* folder on your Windows system for third party drivers and copy drivers for special devices to that folder. You want non-administrative users to be able to install devices on the computer without needing administrative privileges and without being prompted for the driver, but only for those devices whose driver is located in the *D:\drivers* folder. What should you do?

In the registry, edit the DevicePath key.

You have a computer that runs Windows 7. You create the D:\drivers folder on the computer for third party drivers and copy drivers for special devices to that folder. You want non-administrative users to be able to install devices on the computer without needing administrative privileges and without being prompted for the driver, but only for those devices whose driver is located in the D:\drivers folder. What should you do?

In the registry, edit the DevicePath key.

You have received a new Windows 7 Business edition laptop for use at work. You configure the wireless adapter to connect to the network. You also have a wireless network at home. You configure a second profile for your home network. For several weeks, the wireless connection works fine. Whether you are at home or at work, you can start your computer and make a connection without browsing for the list of available networks. One day you come in to work to find that you can't connect. You check with the network administrator, and he states that they have prevented the SSID of the company network from being visible. You need to make it as easy as you can to connect to the company wireless network now and in the future. What should you do?

In the wireless network profile, select Connect even if the network is not broadcasting.

Which of the following statements about access lists are true? (Select two.)

Inbound access lists are applied before the routing process. An access list without a permit traffic will not allow any traffic.

____ is the planning, coordination, communications, and planning functions that are needed in order to resolve an incident in an efficient manner.

Incident handling

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation cannot communicate with any other host on the network. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : mydomain.local Description : Broadcom network adapter Physical Address : 00-AA-BB-CC-74-EF DHCP Enabled :No Autoconfiguration Enabled : Yes IPv4 Address : 192.168.2.102(Preferred) Subnet Mask :255.255.255.0 Default Gateway : 192.168.1.1 DNS Servers : 192.168.2.20 What is the most likely cause of the problem?

Incorrect IP address

You manage a local area network with several switches. A new employee has started today so you connect her workstation to a switch port. After connecting the workstation, you find that the workstation cannot get an IP address from the DHCP server. You check the link and status lights and the connection is working properly. A ping to the loopback address on the workstation succeeds. No other computers seem to have the problem. Which of the following is the most likely cause of the problem?

Incorrect VLAN assignment

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : mydomain.local Description : Broadcom network adapter Physical Address : 00-AA-BB-CC-74-EF DHCP Enabled :No Autoconfiguration Enabled : Yes IPv4 Address : 192.168.1.102(Preferred) Subnet Mask :255.255.255.0 Default Gateway : 192.168.2.1 DNS Servers : 192.168.2.20 What is the most likely cause of the problem?

Incorrect default gateway

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : mydomain.local Description : Broadcom network adapter Physical Address : 00-AA-BB-CC-74-EF DHCP Enabled :No Autoconfiguration Enabled : Yes IPv4 Address : 192.168.2.102(Preferred) Subnet Mask :255.255.0.0 Default Gateway : 192.168.1.1 DNS Servers : 192.168.1.20 192.168.1.27 What is the most likely cause of the problem?

Incorrect subnet mask

The image shows the current scavenging settings for *eastsim.com* domain. Host (A) records within the zone are configured to refresh themselves every 7 days. You notice that sometimes a host record will be removed from the database, even though the host still exists on the network. You need to make sure that records are only removed when the host no longer exists. What should you do?

Increase the *Refresh interval* setting.

The display is using strange colors. Which of the following is a solution to this problem?

Increase the color depth.

You have recently upgraded all of the servers in your network to Windows Server 2012 R2. You have implemented replicated DFS folders on these servers to store files created by the multimedia production team in your organization. Lately, as the amount of data stored in the DFS folders has increased, the replication process has become increasingly slower. This is particularly true when the production team is working on large audio and video files. Which can you do to improve the performance of DFS replication between servers?

Increase the minimum staging size value.

You have a Windows 7 Professional computer that is used by three users. Each user has a folder for storing personal data. Chat copies a file from a CD-RW to his folder and receives the message Insufficient disk space. He finds that he cannot even add data to an existing file and save it. Other users of the computer do not have the same problems. You see that the volume has over 20 GB of free disk space. You need to let Chad create and edit files. What should you do?

Increase the quota limit.

What is the purpose of using Ethernet bonding? (Select two.)

Increases network performance Provides a failover solution for network adapters

Which of the following is the best description of the operation of split horizon?

Information about a route should not be sent back in the direction from which the original update came.

Which of the following CCTV types would you use in areas with little or no light?

Infrared

What is a key difference between a domain tree hierarchy and the organizational unit (OU) hierarchy within a domain?

Inheritance

Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data?

Input validation

You manage the *northsim.com* domain. Your company produces components that are used in military and government products. You would like to implement Active Directory Rights Management Services (AD RMS) to protect sensitive documents. You have the following servers available to use: ● Srv1 ● Srv2 ● Srv3 All servers run Windows Server 2012. Srv3 is running SQL Server. You would like to install the AD RMS role on two servers so that the servers run in a clustered configuration. The resulting cluster should provide all AD RMS services. You want to minimize the number of servers used for the configuration. What should you do?

Install AD RMS on Srv1. Create a new root cluster using Srv3 as the database server. Install AD RMS on Srv2, adding the server to the root cluster.

You are the network administrator for *westsim.com*. *westsim.com* has one main office and 50 branch offices. The network consists of one Active Directory domain that contains 5,000 users. You plan to deploy a Windows 2012 domain controller in each branch office. Ten of the branch offices do not employ on-site IT staff. You need to recommend a solution for these 10 branch offices. Your solution must meet the following requirements: • Minimize network traffic during the installation of Active Directory Domain Services (AD DS). • Maximize the security of the branch office domain controllers. What should you do?

Install Active Directory Domain Services (AD DS) using the Install from Media feature and configure the read-only domain controller (RODC) option.

You are an independent computer consultant. You have been called in by your newest customer, SouthSim, which is redesigning its corporate network. The company network consists of a single domain named *southsim.local*. Three locations are in the company: Headquarters, Branch1, and Branch2. A single domain controller at company headquarters holds an Active Directory-integrated zone for *southsim.local*. DNS2 and DNS3 are Windows Server 2012 servers configured as caching-only DNS servers. DNS nsame resolution has been very slow. You have been given the following two priorities: • Speed up DNS name resolution. • Provide for redundancy of the DNS information. What should you do?

Install Active Directory on DNS2 and DNS3 and make them domain controllers of the existing domain.

You have several computers in a domain network. Your company develops software that runs on bot Windows XP and Windows 7. Programmers need to have computers that will dual boot between Windows XP and Windows 7. You need to configure each system to meet the programmer's requirements. What should you do?

Install Windows XP first, and then install Windows 7 on another partition.

You have installed a new computer with a quad-core 64-bit processor, 7 GB of memory, and a PCIe video card with 512 MB of memory. After installing the operating system, you see less than 4 GB of memory showing as available in Windows. What should you do?

Install a 64-bit version of the operating system.

You are the administrator for the Seattle office of WestSim Corporation. Zone information for the entire *westsim.com* domain is stored in a primary zone on the *portland.westsim.com* server located in the Portland office. There is a T1 line between the Seattle and Portland offices, but the line is often saturated with heavy network traffic, which makes name resolution for those in the Seattle office very slow. What can you do to improve DNS performance for computers in the Seattle office?

Install a DNS server in the Seattle location. Configure it with a secondary zone of the *westsim.com* domain.

Your network has a single Active Directory domain named *westsim.local*. All *westsim.local* authoritative DNS servers are configured to forward DNS requests across a firewall to a public DNS server. Your company has opened one new site in South America. The South America site has its own Internet connection, and uses a dedicated wide area network (WAN) link to company headquarters in North America for intranet traffic. The WAN link between company headquarters in North America and the South America site is expensive and somewhat unreliable. DNS traffic across this WAN link must be minimized. You need to make appropriate DNS configurations to meet this requirement. What should you do? (Choose two. Each choice is part of the correct solution.)

Install a DNS server with no zones in the South America site. Configure the server to conditionally forward *westsim.local* DNS requests requests to *westsim.local* authoritative DNS servers and to forward all other DNS requests to the local Internet service provider's DNS server. Configure all client computers in the South America site to use the new DNS server in the South America site.

You are the network administrator for *northsim.com*, a company that specializes in extreme sports vacations. The company has one main office and 30 branch offices. All of the branch offices have between 3 - 10 users on location, and all of them are located in remote ares of the country. Due to the need to be located near natural resources, many of the branch offices lack basic security and almost all of them are connected to the main office via dial-up. Users at the branch offices complain that it takes a long time to log on to the domain. Management has authorized the purchase and deployment of one Windows Server 2012 server for each branch office. You have been asked to develop a standard installation for the new servers being deployed. Your solution must meet the following requirements: • Each branch office server should perform authentication for users located at that branch office. • Each branch office server should be configured so as to minimize the amount of Active Directory information that will be compromised in the event that the server is stolen. • Each branch office server should be configured so as to minimize the amount of user data that will be compromised in the event that the server is stolen. What should you do?

Install a Read-Only Domain Controller (RODC) in each branch office. Configure the hard drive to use Bitlocker drive encryption.

You manage the network with a single Active Directory domain named *eastsim.com*. Your company has a single office in Dallas. You open a second office in San Antonio. The San Antonio location is connected to the Dallas location by a WAN link. All user and computer accounts in the branch office are members of the *eastsim.com* domain. You do not install a domain controller in the branch office. Recently, the WAN connection between Dallas and San Antonio went down. During the outage, several problems existed because of the lack of a domain controller in the San Antonio location. You want to eliminate these problems in the future. You want to make sure that user passwords are cached on a server in San Antonio, and that directory service replication only happens from Dallas to San Antonio. Changes should not be made at San Antonio and replicated back to domain controllers in Dallas. What should you do?

Install a Read-Only Domain Controller (RODC) in the branch office.

Your network has a single Active Directory domain named *westsim.local*. All *westsim.local* authoritative DNS servers are configured to forward DNS requests across a firewall to a public DNS server. All client computers are members of the *westsim.local* Active Directory domain, and are configured to use *westsim.local* authoritative DNS servers. A new site in Seattle has just opened. The Seattle site is connected to company headquarters using a virtual private networking (VPN) connection. Company policy states that all client computers in all sites must receive Internet through a high speed Internet connection at company headquarters. You want to minimize unnecessary DNS traffic across the VPN connection and configure DNS appropriately to meet company policy. What should you do? (Choose two. Each choice is part of the correct solution.)

Install a caching-only DNS server in the Seattle site. Configure the new DNS server to forward all DNS requests to *westsim.local* authoritative DNS servers at company headquarters.

You manage the network with a single Active Directory domain named *eastsim.com*. Domain controllers run both Windows Server 2003 and Windows Server 2012. The domain functional level is at Windows Server 2003. Your company has recently opened a new branch office. You would like to create a new domain named *branch1.eastsim.com* for the branch office. You want to use a read-only domain controller for this domain. How should you install the RODC?

Install a full domain controller in the main office, then install the read-only domain controller in the branch office.

You have worked as the network administrator for a company for seven months. One day all picture files on the server become corrupted. You discover that a user has downloaded virus from the Internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss is adamant that this situation does not reoccur. What do you do?

Install a network virus detection software solution.

You have worked as the network administrator for a company for seven months. One day all picture files on the server become corrupted. You discover that a user downloaded a virus from the Internet onto his workstation and it propagated to the server. You successfully restore all files from backup but your boss is adamant that this situation does not reoccur. What should you do?

Install a network virus detection software solution.

You are working in Hyper-V Manager on your Windows Server 2012 system. This system hosts several Windows Server 2008 R2 virtual machines. You create snapshots of these virtual machines nightly as part of your disaster recovery plan. Users are complaining that they can no longer access the virtual servers. In Hyper-V Manager, they are identified as being in a Paused-Critical state. What should you do? (Select two. Each answer is part of the overall solution.)

Install a new physical hard disk in the hypervisor host. Move the snapshot files to the new hard disk.

Your company leases a very fast Internet connection and pays for it based on usage. You have been asked by the company president to reduce Internet line lease costs. You want to reduce the amount of web pages that are downloaded over the leased connection, without decreasing performance. What is the best way to do this?

Install a proxy server.

Your computer currently runs Windows 7 Enterprise edition. You want to create a RAID5 array using three newly-installed SATA disks. When you go to Disk Management, the option to create the RAID5 array is not available. What should you do?

Install an add-on RAID controller.

You need to install an updated driver for a hardware device on your Windows system. You need to use a driver file which has been tested by Microsoft and comes from a legitimate source. What should you do?

Install an updated driver with a digital signature.

__________ is one general guideline for protecting your network.

Install redundant components

Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running. What should you do?

Install shielded cables near the elevator

You are setting up a small network in your office with one Windows server and 50 Windows workstations. You want to spend as little time as possible configuring the workstations with IP addressing information. What should you do?

Install the DHCP service on your server.

You are the network administrator for *eastsim.com*. The network consists of one Active Directory domain. All the servers run Windows Server 2012 R2. All of the clients still run Windows Vista. The domain functional level of the domain is set to Windows Server 2008. You have been instructed to use Active Directory group policy preferences to map a department drive for each user. You create a new group policy object and link it to the domain. Then you configure the appropriate group policy settings. However, when you log on as a test user, you discover that the department drive has not been mapped. Troubleshooting indicates that the appropriate group policy object has been applied. You must ensure that the department drives are mapped using group policy. What should you do?

Install the client-side extensions (CSEs) on all of the client computers.

You are the network administrator for *eastsim.com*. The network consists of one Active Directory domain. All the servers run Windows Server 2012. All of the clients still run Windows Vista. The domain functional level of the domain is set to Windows Server 2008. You have been instructed to use Active Directory group policy preferences to map a department drive for each user. You create a new group policy object and link it to the domain. Then you configure the appropriate group policy settings. However, when you log on as a test user, you discover that the department drive has not been mapped. Troubleshooting indicates that the appropriate group policy object has been applied. You must ensure that the department drives are mapped using group policy. What should you do?

Install the client-side extensions (CSEs) on all of the client computers.

Your organization runs a Hyper-V hypervisor on a Windows Server 2008 R2 system that hosts a mix of Windows Server 2008 R2 and Windows Server 2012 virtual domain controllers. You want to use snapshots to protect your virtual domain controllers on this hypervisor host. However, you have heard that doing this can cause Update Sequence Number (USN) rollback issues. What must you do to prevent this from happening? (Select two. Each response is a part of the complete solution.)

Install the latest Integration Services from a Windows Server 2012 hypervisor to the virtual domain controllers. Upgrade the hypervisor host to Windows Server 2012.

Your organization runs a Hyper-V hypervisor on a Windows Server 2008 R2 system that hosts a mix of Windows Server 2008 R2 and Windows Server 2012 virtual domain controllers. You want to use snapshots to protect your virtual domain controllers on this hypervisor host. However, you have heard that doing this can cause Update Sequence Number (USN) rollback issues. What must you do to prevent this from happening? (Select two. Each response is a part of the complete solution.)

Install the latest Integration Services from a Windows Server 2012 hypervisor to the virtual domain controllers. Upgrade the hypervisor host to Windows Server 2012.

Last month you deployed Windows 7 Enterprise to all of the desktop computers in your company using a single system image. To install this image, you created a WinPE boot CD. You recently received new desktop computers, and one of your colleagues is not able to install the image using the WinPE CD. The WinPE CD cannot boot to the network drive. What should you do?

Install the latest hardware drivers for these new desktop computers on the WinPE image.

You have a 32-bit computer that runs Windows Vista Business RTM that you would like to upgrade to Windows 7 Ultimate. Your computer has the following specifications: 1 GHz processor 1 GB RAM 128 MB video card 16 GB free disk space DVD drive You would like to perform the upgrade with the least amount of effort possible. What should you do first?

Install the latest service pack

Your organization must upgrade to Windows 7. During the upgrade planning process you discover an application that will not run and is not supported on the Windows 7 platform. The organization must have the application and must upgrade to Windows 7. What solution would you recommend?

Install the program on the Windows 7 computer using Windows XP Mode

You have a computer that runs Windows 7. Mary and Mark share the computer. Mary encrypts a file by using Encrypting File System (EFS). When Mary attempts to grant Mark access to the file, she sees the dialog shown in the image. You need to ensure that Mary can grant Mark access to the file. What should you do?

Instruct Mark to log on to the computer and encrypt a file.

Rodney, a user in the research department, uses a Windows 8 laptop computer with a single NTFS volume. Rodney's computer is running out of space, so its volume is compressed.. Rodney stores a private company document named Stats.dat on his laptop and is concerned about the document falling into the wrong hands if his laptop is stolen. Rodney stores the Stats.dat file in the root of his Documents folder. Rodney's program for editing the Stats.dat file stores temporary data in the same folder where the file is being edited is located. You want to encrypt the Stats.dat file so that Rodney is the only authorized user. You also want to make sure that any temporary copies of the file while it is open are also encrypted. No other files should be encrypted. What should you do? (Choose two. Each correct choice is a required part of the solution.)

Instruct Rodney to create a new folder for the Stats.dat file, move the file to the folder, then encrypt the folder and all its contents. Instruct Rodney to uncompress the Stats.dat file.

Rodney, a user in the research department, uses a Windows 7 Professional laptop computer with a single NTFS volume. Rodney shares the laptop with his manager, Kate. Rodney stores private company documents in the C:\Data folder on his laptop. Both Rodney and Kate access the documents when they are using the laptop. Rodney is concerned about the documents falling into the wrong hands if his laptop if stolen. Rodney wants to protect the entire contents of the C:\Data folder. You want to help Rodney encrypt the contents of the C:\Data folder so that Kate and Rodney are the only authorized users. What should you do?

Instruct Rodney to log on to his computer, edit the properties of the C:\Data folder, and enable encryption. Add Kate as an authorized user for each file in the C:\Data folder.

Rodney, a user in the research department, uses a Windows 8 Laptop computer with a single NTFS volume. Rodney shares the laptop with his manager, Kate. Rodney stores private company documents in the C:\Data folder on his laptop. Both Rodney and Kate access the documents when they are using the laptop. Rodney is concerned about the documents falling into the wrong hands if his laptop is stolen. Rodney wants to protect the entire contents of the C:\Data folder so that Kate and Rodney are the only authorized users. What should you do?

Instruct Rodney to log on to his computer, edit the properties of the C:\Data folder, and enable the Encrypt attribute. Add Kate as an authorized user for each file in the C:\Data folder.

Your computer system is a participant in an asymmetric cryptography system. You've created a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash t your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide?

Integrity

A user calls to report that she is experiencing intermittent problems wile accessing the wireless network from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room which is across the hall from the elevator. What is the most likely cause of her connection problem?

Interference is affecting the wireless signal

The DoD model (also called the TCP/IP stack) has four layers. Which layer of the DoD model is equivalent to the Network layer of the OSI model?

Internet

What specialized program collects compatibility information for web pages and web-based applications?

Internet Explorer Compatibility Test Tool

You are the server administrator for the *westsim.com* domain. Your network has a main office in Tulsa, with a branch office in Norman. You want to provide a site-to-site VPN solution to connect the two sites that supports NAP health certificates. Which protocol should you use?

Internet Protocol Security (IPsec)

Select the policy node you would use to configure a user's Internet Explorer. (The picture shows Group Policy Management Editor)

Internet Settings

Your organization's security policy indicates that the security level of the Local Intranet and Trusted Sites zones in Internet Explorer be set to Medium-High on all user workstations. Rather than configure each workstation individually, you decide to use a Group Policy preference setting in a GPO to make the change. Click on the Control Panel Setting you would use to implement this configuration.

Internet Settings

As a result of a recent security audit, you have made several critical changes to your domain's security configuration using Group Policy. You need these changes to be applied immediately. Which PowerShell cmdlet should you use to do this from your Windows Server 2012 R2 domain controller?

Invoke-GPUpdate

DDNS is a reliable way of locating a host as long as the host's IP address:

Is static

A Parallel Backbone:

Is the most robust type of network backbone

Which of the following best describes how a switch functions?

It connects multiple cable segments (or devices), and forwards frames to the appropriate segment.

Which of the following is true about route poisoning?

It describes when a router sets the metric for a downed link to infinity.

Which of the following is NOT a primary characteristic of a worm?

It infects the MBR of a hard drive.

Which of the following describes the WDS install.wim image file?

It installs a standard Windows Server 2012 image to the client computer.

Which two of the following statements accurately describe full-duplex Ethernet?

It is collision free. It uses direct point-to-point connections between the sender and receiver.

Which of the following best describes a critical update?

It is high priority but not security related.

Which of the following describe the work of the Wi-Fi Alliance? (Select two.)

It is responsible for the creation of the WPA and WPA2 standards. It is an industry consortium that defines implementation standards for vendors.

What is the purpose of the backoff on an Ethernet network?

It is the random amount of time a device waits before retransmitting after a collision.

Which two of the following statements accurately describe half-duplex Ethernet?

It sends both signals along the same wire. It uses built-in loopback and collision detection.

You have created an access list with the following command: Router (config)#access-list 101 deny tcp 10.1.0.0 0.0.255.255 any Which three of the following are identified by the various parts of this command?

It will deny only TCP traffic. It applies to all destination networks and all hosts. It applies to traffic originating from all hosts on network 10.1.0.0.

What role does preboot execution environment (PXE) play in WDS?

It's used to boot to a WDS Server to install a preinstallation environment.

You have purchased a new laptop that runs Windows 8 Professional. You want to use DirectAccess to connect the computer to your corporate intranet. You will use Group Policy to enforce DirectAccess settings on the client. What should you do to configure the laptop for the DirectAccess connection? (Select two.)

Join the computer to a domain. Upgrade the computer to Windows 8 Enterprise.

You are the administrator of a large Active Directory network running at Windows Server 2008 functional level. All client computers run Windows 7 or Windows 8. Your company has offices in several states, as well as several locations within the city of Chicago. Each location has its own Active Directory domain, complete with DNS and DHCP servers. The company has just opened a new office in Des Moines. This is a two-way transitive trust. You need to choose the appropriate network access authentication protocol. Which method should you choose?

Kerberos

During which phase of the Windows 8 startup process does the system run the Windows Executive (consisting of the Windows kernel and the HAL), which processes the registry hive and initializes the drivers and services specified there?

Kernel loading phase

Which of the following is not true concerning symmetric key cryptography?

Key management is easy when implemented on a large scale.

What is the most common failure of a security policy in an environment?

Lack of user awareness

Which of the following devices is capable of performing routing of IP packets at wire speeds using an ASIC module instead of the CPU or software?

Layer 3 switch

When returning to the rebuilt primary site, the salvage team will restore or return what processes first?

Least business-critical

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious

Your network consists of a single Active Directory domain. The OU structure of the domain consists of a parent OU named HQ_West, and child OUs of Research, HR, Finance, Sales, and Operations. You also want to ensure that all client computers have strong password policies applied, and that an administrator is required to unlock locked user accounts for the Research and Human Resources departments. You create a Group Policy Object named DefaultSec, which applies security setting that are required for all users and computers. You create a second GPO named HiSec, which has the security settings that are required by the HR and the Research departments. Both GPOs use custom security templates. How should you link the GPOs to the OUs? (Select three.)

Link DefaultSec to the HQ_West OU. Link HiSec to the HR and Research OUs. Configure password policies on a GPO linked to the domain.

Which of the following are true about the link state routing method? (Select three.)

Link state routers send updates immediately. Convergence is faster than with the distance vector method. Network traffic due to sharing routing information is less than with the distance vector method.

You are troubleshooting an IP addressing issue, and so issue a command to view the TCP/IP configuration of the system. The command you use produces the following output: fxp0: flags=8843<UP, BROADCAST, RUNNING, SIMPLEX, MULTICAST> mtu 1500 inet6 fe80: :2a0:83ff:fe30:57a%fxp0 prefixlen 64 scopeid 0x1 inet 192.168.1.235 netmask 0xfffffx00 broadcast 255.255.255..255 ether 00:a0:83:30:05:7a media: Ethernet autoselect (100BaseTX <full-duplex>) status: active 1o0: flags=8049<UP, LOOPBACK, RUNNING, MULTICAST> mtu 16384 inet6 : : 1prefixlen 128 inet6 fe90: : 1%1o0 prefixlen 64 scopeid 0x7 inet 127.0.0.1 netmask 0xff000000 Which of the following operating systems are you working on?

Linux

You are installing Windows 7 on a new computer. Using the RAID controller on the motherboard, you configure three hard disks in a RAID5 array. A fourth hard disk is connected to the IDE channel. You edit the BIOS boot order to boot from the optical drive. You insert the installation DVD, boot to the disc, and start the installation. When you are prompted to select the disk where you want to install Windows, the RAID array you created does not show as a possible destination disk. Only the disk on the IDE channel is visible. Select the option you would choose to make the RAID array visible for the installation.

Load Driver

You are performing a clean installation of Windows 8 on a desktop workstation. The workstation has a high-end video adapter with 4 GB of video memory, 8 GB of system RAM, and a 1 TB RAID5 disk array. When you reach the "Where do you want to install Windows?" screen, you see the image shown below. Click the option you would use to resolve the issue.

Load Driver

Which of the following devices accepts incoming client requests and distributes those requests to specific servers?

Load balance

You have a Web server on your network that hosts the public Web site for your company. You want to make sure that the Web site will continue to be available even if a NIC, hard drive, or other problem prevents the server from responding. Which solution should you implement?

Load balancing

You manage a server that runs your company Web site. The Web server has reached its capacity, and the number of client requests is greater than the server can handle. You would like to find a solution so that a second server can respond to requests for Web site content. Which solution should you implement?

Load balancing

You manage a server that runs your company Web site. The Web server has reached its capacity, and the number of clients requests is greater than the server can handle. You would like to find a solution so that a second server can respond to requests for Web site content. Which solution should you implement?

Load balancing

You have a Web site that customers use to view product information and place orders. You would like to identify the maximum number of simultaneous sessions that this server can maintain before performance is negatively impacted. Which tool should you use?

Load tester

You are configuring a new system and want to use a RAID 0 array for the operating system using SATA disks and the RAID functionality built into the motherboard. Which of the following actions will you take as part of the configuration?

Load the RAID drivers during operating system installation.

Which program is an MMC snap-in?

Local Users and Groups

Which type of user profile is automatically created when a user logs on the computer for the first time and is stored on the computer's local hard drive?

Local user profile

Which of the following presents the correct order in which Group Policy Objects are applied?

Local, Site, Domain, OU

Which of the following controls is an example of a physical access control method?

Locks on doors

Rodney, a user in the research department, uses a Windows 7 Professional laptop computer with a single NTFS volume. Rodney recently left the company on short notice. Rodney's manager, Kate, wants access to all of Rodney's files. You make Kate's account an administrator for Rodney's computer and give her the computer. Later, Kate informs you that she cannot open one of Rodney's documents, receiving an access denied message. You realize that Kate is trying to access a file that Rodney encrypted using EFS. You want to let Kate open the file. What should you do?

Log on to the laptop using an account with DRA privileges. Clear the Encrypt attribute on the file.

Rodney, a user in the research department, uses a Windows 8 laptop computer with a single NTFS volume. Rodney recently left the company on short notice. Rodney's manager, Kate, wants access to all of Rodney's files. You grant Kate administrative provileges for Rodney's computer and give her the computer. Later, Kate informs you that she cannot open one of Rodney's documents, receiving an access denied message. You realize that Kate is trying to access a file that Rodney encrypted using EFS. You want to let Kate open the file. What should you do?

Log on to the laptop using an account with DRA privileges. Clear the Encrypt attribute on the file.

Rodney stores private company documents on his laptop and is concerned about the documents falling into the wrong hands if his laptop is stolen. Rodney wants you to protect the entire contents of his Documents folder. You log on to Rodney's computer using your administrative and enable the Encrypt attribute for Rodney's Documents folder and apply the change to all subfolders and files. You then return Rodney's laptop to him. Rodney soon informs you that he cannot access any documents in his Documents folder. You want to let Rodney access the documents in his Documents folder. You also want to ensure that the documents are encrypted. What should you do? (Choose two. Each correct choice is part of the solution.)

Log on using your administrative account. Clear the Encrypt attribute on Rodney's Documents folder. Apply the change to all subfolders and files. Instruct Rodney to log on to his computer. Have him set the Encrypt attribute to the Documents folder. Apply the change to all subfolders and files.

The Event Viewer is essentially what kind of tool?

Log viewer

Why would auditing include logon and logoff times?

Logon and logoff times can help pinpoint who was logged on during a failure.

You are the server administrator for your network. Recently, the system time on several servers has been modified. You want to find out who has been making the change. You enable the *Audit Security State Change* audit policy. After several days, you decide to check to see if any events have been logged. You want to view only those events that related to auditing that might indicate someone had changed the system time. What should you do? (Select two. Each choice is a required part of the solution.)

Look in the Security log. Filter to look for successful audit events.

You are the server administrator for your network. Recently, the system time on several servers has been modified. You want to find out who has been making the change. You enable auditing for System events. After several days, you decide to check to see if any events have been logged. You want to view only those events that related to auditing that might indicate someone had changed the system time. What should you do? (Select two. Each choice is a required part of the solution.)

Look in the Security log. Filter to look for successful events.

You have a computer that runs Windows 7. The computer is a member of a domain. Windows Update settings are controlled through Group Policy. You find that your computer has not been installing recent updates. You want to see information about how the computer is configured to get updates including the name of the server it tries to contact when checking for and downloading updates. What should you do?

Look through the WindowsUpdate.log file.

Which of the following will prevent a broadcast storm?

Loop avoidance scheme

In what form of access control environment is access controlled by rules rather than by identity?

MAC

What type of access control focuses on assigning privileges based on security clearance and data sensitivity.

MAC

Which of the following features on a wireless network allows or rejects client connections based on the hardware address?

MAC address filtering

Which of the following is the weakest hashing algorithm?

MD-5

The most popular attack toolkit, which has almost half of the attacker toolkit market is ____.

MPack

Maria is configuring a remote access solution for her network. A single server, RASSrv, runs Windows 2012 and is the remote access server. Approximately 20 remote clients, all running Windows 8, will connect to the server. Maria wants to use a a secure remote authentication method that encrypts passwords but does not require additional hardware. What is the most secure authentication method that Maria should use?

MS-CHAP v2

What is the primary goal of business continuity planning?

Maintaining business operations with reduced or restricted infrastructure capabilities or resources.

What is another name for a backdoor that was left in a product by the manufacturer by accident?

Maintenance hook.

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first?

Make a bit-level copy of the disk

You are consulting with the owner of a small network which has a Windows Server 2008 functioning as a workgroup server. There are six client desktop computers, each of which is running Windows XP Professional. There is no Internet connectivity. The owner of the company has heard of a case where the owner of a network was found legally liable for misuse of the corporate computers, because insufficient care was taken to prevent unauthorized access. The server contains possibly sensitive information and due care needs to be taken to ensure that no unauthorized access occurs. Specifically, the owner of the company wants you to configure auditing so that access to sensitive files can be tracked. You need to check and ensure that the files generate audit results. What should you do? (Choose three. Each selection is part of the required solution.)

Make sure Object Access auditing policy is configured for success and failure. Make sure the correct users and groups are listed in the Auditing properties of the files. Make sure the files to be audited are on NTFS partitions.

You manage a small office network with a single subnet. The network is connected to the Internet. All client computers run Windows 7. A single server runs Windows Server 2008 R2. Computers are not a member of a domain. Hosts use IPv6 addresses on the private network. All hosts on the private network are assigned host names such as Computer1, Computer2, etc. All computers use a DNS server at the Internet Service Provider (ISP) to resolve hostnames for Internet hosts. You need to implement a solution so that hosts on your private network can resolve hostnames for other hosts on the private network. You want to implement the solution with the least amount of effort. What should you do?

Make sure that LLMNR is enabled on all computers.

You are consulting with the owner of a small network which has a Windows Server 2012 functioning as a workgroup server. There are six client desktop computers, each of which is running Windows 2007. There is no Internet connectivity. The owner of the company has heard of a case where the owner of a network was found legally liable for misuse of the corporate computers, because insufficient care was taken to prevent unauthorized access. The server contains possibly sensitive information and due care needs to be taken to ensure that no unauthorized access occurs. Specifically, the owner of the company wants you to configure auditing so that access to sensitive files can be tracked. You need to check and ensure that the files generate audit results. What should you do? (Choose three. Each selection is part of the complete solution.)

Make sure the files to be audited are on NTFS partitions. Make sure the *Audit File System* policy is configured for success and failure. Make sure the correct users and groups are listed in the *File System* policy.

You manage the *northsim.com* domain. Your company produces components that are used in military and government products. You would like to implement Active Directory Rights Management Services (AD RMS) to protect sensitive documents. You would like to install AD RMS on the DC1 server. This server is a domain controller running Active Directory Domain Services (AD DS). You create a new user account for the AD RMS service account. During the installation, you select this account. However, an error is returned stating that the password cannot be verified, and the installation will not proceed. What should you do?

Make the service account a member of the Domain Admins group.

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?

Man in the middle attack

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?

Man-in-the-middle attack

Click on the container in Active Directory where group managed service accounts are created by default.

Managed Service Accounts.

To be most effective, an anti-malware policy should be authorized and supported by the organization:

Management

Which user profile type is enforced upon users, preventing them from changing the profile settings?

Mandatory user profile

Manuela is in charge of maintaining the VPN solution for her network. The VPN server was installed about two months ago and services a total of 25 clients. All clients run Windows 7 and Windows 8 and connect to the VPN server through the Internet. Occasionally, users complain that they are unable to establish a VPN connection. The problem is not isolated to any specific user and typically goes away after the user waits for a while before trying the connection again. Manuela checks the VPN server and finds it is obtaining IP addresses from a DHCP server to assign to clients. The DHCP Console shows that 30 addresses have been leased to the VPN server. A total of 20 L2TP ports are configured on the VPN server for incoming connections. What should Manuela do?

Manually configure additional L2TP ports.

Emma is a systems administrator for WestSim Corporation. The network has multiple domains with DNS and DHCP services confgured in each domain. All servers are running Windows Server 2012 and all clients are running Windows 8. All hosts are members of the acct.westsim.com domain, the records of which are stored in a primary zone. As part of a new security initiative, the IT department has developed a custom application that reports the host name of each client that tries to access three sensitive servers in the Accounting department. Emma has been asked to test the new application. During a random test, she finds that the program is not reporting the host names for some clients, even though it properly records their IP addresses. Emma realizes that the custom application submits revers lookup requests to the DNS server to discover the host n for the specified IP address. She also realizes that the clients who's host names could not be notified have manually configured static IP addresses on subnet 192.168.3.0, using a default subnet mask. What should Emma do?

Manually create a PTR record for the 3.168.192.in-addr.arpa zone for each host.

Emma is a systems administrator for WestSim Corporation. The network has multiple domains with DNS and DHCP services configured in each domain. All servers are running Windows Server 2012 and all clients are running Windows 8. All hosts are members of the *acct.westsim.com* domain, the records of which are stored in a primary zone. As part of a new security initiative, the IT department has developed a custom application that reports the host name of each client that tries to access three sensitive servers in the Accounting department. Emma has been asked to test the new application. During a random test, she finds that the program is not reporting the host names for some clients, even though it properly records their IP addresses. Emma realizes that the custom application submits reverse lookup requests to the DNS server to discover the host name for the specified IP address. She also realizes that the clients whose host names could not be notified have manually-configured static IP addresses on the 192.168.3.0 subnet, using a default subnet mask. What should Emma do?

Manually create a PTR record in the *3.168.192.in-addr.arpa* zone for each host.

You are the network administrator for your company's network. Your network consists of 8 Windows Server 2012 computers, 500 Windows 7 client computers, and 5 UNIX servers. One of your Windows Server 2012 computers is your DNS server. The DNS zone is configured as an Active Directory-integrated zone. The DNS zone is also configured to allow dynamic updates. Users report that although they can access the Windows 7 computers by host name, they cannot access the UNIX servers by host name. What should you do?

Manually enter A (host) records for the UNIX servers in the zone database.

What was the partition style(s) prior Windows Server 2008 and Windows Vista?

Master Boot Record (MBR) only

You have previously used Hyper-V to create a parent installation of Windows 7 with three child installations. Child virtual systems are named Client1, Client2, and Client3. The parent virtual hard disk file is named parent vhd, with differencing disks named Client1.vhd, Client2.vhd, and Client2.vhd. You decide that you want to configure the Client2 virtual machine so that it no longer uses a differencing disk. The remaining two virtual machines should continue to use differencing disks from the parent. What should you do?

Merge Client2.vhd with Parent.vhd creating a new file named Client2a.vhd. Delete Client2.vhd and rename Client2a.vhd to Client2.vhd.

You are using differencing disks for multiple virtual machines (VMs) to preserve the parent image from changes. Now you want to combine the two images together. What PowerShell cmdlet allows you to do this?

Merge-VHD

You connect a packet sniffer to a switch to monitor frames on your local area network. However, the packet sniffer is only able to see broadcast frames and frames addressed specifically to the host device. Which feature should you enable on the switch so you can see frames from all devices connected to the switch?

Mirroring

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device which is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you run the software, you see only frames addressed to the four stations but not to the router. Which feature should you configure?

Mirroring

You have decided to conduct a business meeting at a local coffee shop. The coffee shop you chose has a wireless hotspot for its customers who want Internet access. You decide to check your e-mail before the meeting begins, but when you open the browser you cannot gain Internet access. Other customers are on the Internet and because you use a wireless connection at work, you are sure your laptops wireless adapter works. What is the likely cause of the problem?

Mismatched SSID

You manage a network with multiple subnets connected to the Internet. A user reports that she can't access the Internet. you investigate the problem and find that she can access all hosts on the private network, but no hosts on the Internet. Which of the following is likely the cause of the problem?

Missing default route on a router

You manage a network with multiple subnets connected to the Internet. A user reports that she can't access the new server used in the accounting department. You check the problem and find out that her computer cannot access any server on that subnet, however the computer does access other computers on other subnets as well as the internet. Which of the following is most likely the cause of the problem?

Missing route on the default gateway router

When recovery is being performed due to a disaster, what services are to be stabilized first?

Mission-critical

You have a folder on your Windows 7 Professional computer that you would like to share with members of your development team. Users should be able to view and edit any file in the shared folder. You share the folder and give Everyone Full Control permission to the shared folder. Users connect to the shared folder and report that they cannot modify any of the files. What should you do?

Modify the NTFS permissions on the folder.

To troubleshoot a problem with DNS record registration, you run Network Monitor on the DNS server. You create a capture filter specifying only DNS traffic. You run the capture for several minutes, then stop it and examine the capture file. As you examine the information, you realize that you also need to see packets related to DHCP. What should you do?

Modify the existing filter to include DHCP packets. Restart the capture.

You have decided to use ACLs on your router to restrict TFTP traffic between networks. Specifically, you want to allow only the server with an IP address of 172.17.8.1 to access an TFTP server on a different network with an IP address of 10.0.0.1. The TFTP protocol runs on UDP port 69. To accomplish this, you create the following ACL on the router connecting the two networks: Router(config)#access-list 100 Router(config)#access-list 100 permit udp 172.17.8.1 0.0.0.255 host 10.0.0.1 eq 69 Router(config)#access-list 100 deny udp any any eq 69 Router(config)#access-list 100 permit IP any any After applying the ACL to inbound traffic on the interface connected to the 172.17.8.0/24 network, you find that all hosts on the 172.17.8.0/24 network can still access the TFTP service on 10.0.0.1 over port 69. What can you do to fix this issue? (Select two. Either option is a complete solution.)

Modify the first ACL line to access-list 100 permit udp host 172.17.8.1 host 10.0.0.1 eq 69. Modify the first ACL line to access-list 100 permit udp 172.17.8.1 0.0.0.0 host 10.0.0.1 eq 69.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8. There is one main office located in Chicago. The main office is protected from the Internet by a perimeter network. A server named VPN1 located in the perimeter network provides VPN remote access for external clients. A server named NPS1 has the Network Policy Server (NPS) role installed and provides RADIUS services for VPN1. NPS1 is located in the perimeter network and is configured to use Active Directory for authentication requests. There are three domain controllers on the internal network. A new company policy requires that the firewall between the internal network and the perimeter network be configured to allow traffic only between specific IP addresses. The amount of internal servers that can be contacted from the perimeter network must be kept to a minimum. You need to configure remote access to minimize the number of servers on the internal network that can be contacted by servers on the perimeter network. Your solution should not impact the availability of remote access services. What should you do?

Move NPS1 to the internal network and implement a RADIUS Proxy in the perimeter network.

You have a laptop computer that runs Windows 7. Your computer is configured to connect to the wireless network at work using a wireless profile named Company1. The profile is configured to connect using 802.11b. During a recent upgrade, your company has added an 802.11n wireless router. The router is configured to support 802.11n using one radio, and 802.11b/g with the other radio. You create a second profile on your computer for the 802.11n network. You notice that your computer is connecting automatically using 802.11b. You want the computer to connect first using 802.11n, and only use 802.11b if 802.11n is unavailable. What should you do?

Move the 802.11n profile up in the list of the preferred networks.

A group of telecommuting employees has been granted approval by upper management to use VPN internet access between the hours of 8:00 AM and 5:00 PM. No other employees will be allowed remote access to the network. The telecommuting employee computers are running Windows 8. You create an Active Directory group named *TeleCommute* and place all telecommuting employee user accounts into this group. You create a new Network policy (named *Telecommute Policy*) with the following conditions: • Day and time: *8:00 am* to *5:00 pm* ever day. • Windows group membership: *TeleCommute* group. • NAS Port Type: *Virtual (VPN)*. You configure remote access permissions for all users in the TeleCommute Group to allow remote access. The list of network policies is as follows in the Network Policy Server console: When you test the remote access connection, no users are allowed to connect to the remote access server. What should you do?

Move the TeleCommute Policy network policy up in the list.

You are a domain administrator for a large, multi-domain network. There are approximately 2500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?

Move the computer accounts from their current location to the correct OUs.

You have decided to redirect the contents of the local Documents folder for all domain users on all workstations to the C:\Shares shared folder on a Windows Server 2012 system named FS1. The server is a member of the eastsim.com domain.You configured a Basic redirection policy to redirect all users' local Documents folder to \\FS1\Shares on the server. You want to ensure that any existing files in users' Documents folders are automatically copied up to the share when the policy is applied. If the policy is removed at some point in the future, you want the users' files on the share redirected back to their local Documents directory. Click on the settings in the folder redirection policy for Documents that you need to configure to accomplish this.

Move the contents of Documents to the new location. Redirect the folder back to the local userprofile location when policy is removed.

You manage a Windows 7 computer. For the D:\Reports\Finances.xls file, you explicitly grant the Mary user account the Allow Modify NTFS permissions. You need to move the file from the existing folder to the D\Confidential folder. You want to keep the existing NTFS permissions on the fold. You want to accomplish this with the least amount of effort possible. What should you do?

Move the file to the new folder.

You have two computers that run Windows Server 2012: Server 1 and Server 2. Both computers are configured with BitLocker. Both computers have a TPM installed. Because of a hardware failure, Server 1 will not boot. You need to access the data on the drive where BitLocker was enabled as quickly as possible. What should you do?

Move the hard disk from Server 1 to Server 2. Use the recovery key from Server 1 to gain access to the encrypted volume.

You are the server manager for the *westsim.com* domain. You have previously installed Windows Server 2012 on two new servers, ServerA and ServerB. You configure both servers with BitLocker. Both servers have a TPM installed. Because of a hardware failure, ServerA will not boot. You need to access the data on the drive where BitLocker was enabled as quickly as possible. What should you do?

Move the hard disk from ServerA to ServerB. Use the recovery key from ServerA to gain access to the encrypted volume.

You are in the process of configuring a new computer. The motherboard has six memory slots and supports triple channel memory. You install two memory modules. When you booth the computer, the BIOS recognizes both modules, but the memory only runs dual channel mode. What should you do? (Select two.)

Move the modules to the correct motherboard slots. Install a third, identical memory module.

You and Sammy are creating an organizational unit structure and user accounts for the *education.westsim.com* domain. You created ACTG, PROD, and SALES organizational units on Server1. Fifteen minutes later, you change the name of the ACTG organizational unit to ACCT. Before replication finishes, Sammy uses Server 2 to add several user accounts to the ACTG organizational unit. You check the ACCT OU to find the user accounts are not there. What should you do?

Move the user accounts from the LostAndFound container to the ACCT container.

What command do you use to start the System Configuration Tool?

Msconfig

Which utility lets you customize which files are processed at startup on Windows 7 systems?

Msconfig

Which tool can you use to view, but not modify, hardware and configuration information for your computer?

Msinfo32

Which Windows component lets you modify system parameters stored in the registry using a GUI interface?

Msinfo32.exe

When the network is using RIPv2 for the routing protocol, which address is used to send router updates?

Multicast address

What technology enables a computer to transmit the same data to multiple destinations at the same time?

Multicasting

You want to measure the voltage, amps, and ohms of various devices. Which tool should you use?

Multimeter

Which of the following folders is not found as part of a default user profile?

My Contacts

If MyName = "Bunny" and YourName = "Buddy", which of the following is not true?

MyName <= YourName

You are configuring a new network policy for temporary employees using the New Network Policy wizard in the Network Policy Server console. If the conditions and constraints you configured in the policy are met and the policy grants access to a client, you want non-compliant clients to be allowed access only to a restricted network where their system can be remediated before being granted full network access. Click the settings category you would use to configure this.

NAP Enforcement

Your network has two sites as shown in the graphic. You want to configure Computer1 as a Global Catalog server. Which object's properties would you edit to accomplish this?

NTDS Settings

Your network has two sites as shown in the graphic. You want to configure Universal Group Membership Caching. Which object's properties would you edit to accomplish this?

NTDS Site Settings

Which one of the following is absolutely required for using WDS?

NTFS partition for storing images

You are implementing NAT on a Windows Server 2012 system using Routing and Remote Access. You installed two network interfaces in the server: • The *Ethernet* connection is connected to the external network that uses registered IP addresses. • The *Ethernet1* connection is connected to the internal network where private IP addressing is used. The Ethernet connection is assigned an IP address of 137.65.1.23/16 while the Ethernet1 connection is assigned an IP address of 172.17.1.1/16. You enabled Routing and Remote Access on the server and are using the Custom Configuration option in the Routing and Remote Access Server Setup Wizard to configure NAT. Click on the options that must be selected to enable NAT on the server.

Nat LAN routing

Which of the following locations will contribute the greatest amount of interference for a wireless access point? (Select two.)

Near cordless phones Near backup generators.

Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?

Need to know

On which layer of the OSI model is IPv4 Addressing included?

Network

Which layer of the OSI model is responsible for creating packets?

Network

What component is used to ensure that all clients meet a minimum set of criteria such as up-to-date anti-virus protection and Windows updates?

Network Access Protection

You are deploying Windows 7 in the accounting department. You discover that the users of the Windows 7 workstations will need the rights to change the network configuration of their local computers. What local group should you add the accounting users to on the Windows 7 computer? (Choose the most appropriate group)

Network Configuration Operators

Which network component connects a device to the transmission media and allows it to send and receive messages?

Network Interface Card

The third layer of the OSI model is the:

Network Layer

Outside Sales employees in your organization use a VPN connection to access your internal network while traveling to customer sites. Currently, each user must manually create and manage the VPN connection settings on their notebook systems and frequently require Help Desk assistance. Rather than configure each workstation individually, you decide to use a Group Policy preference setting in GPO to push down the correct VPN configuration settings for your organization's VPN server to the notebook systems. Click on the Control Panel Setting you would use to implement this.

Network Options

You would like to implement DirectAccess on your corporate network. Which of the following is *not* an infrastructure requirement for using DirectAccess?

Network access for files server role.

When discussing reserved IP addresses which of the following is interpreted to mean "all networks?"

Network address of all 1s

Which tool would you use in Windows Vista/7 to manage network connections?

Network and Sharing Center

You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e-mails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?

Network based firewall.

Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network based firewall.

In troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet. Which type of document would most likely have this information?

Network diagram

The following names are given to packets at various stages in the encapsulation process. 1. Packets 2. Bits 3. Segments 4. Frames To which OSI model layer do the packet names correspond?

Network, Physical, Transport, Data Link

Your organization runs a Hyper-V hypervisor on Windows Server 2012 that hosts several Windows Server 2012 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2012 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. Prior to cloning the source virtual machine, you need to check it for installed applications and services that aren't compatible with the closing process. Which PowerShell cmdlet can you use to do this?

New-ADDCCloneConfigFile

You have a network connected using a physical bus topology. One of the cables connecting a workstation to the bus breaks. Which of he following best describes what happens to network communications?

No devices will be able to communicate.

Management has decided to purchase new tablet systems for the administrative assistants in your organization. After conducting a needs assessment, they have determined that the new systems must meet the following requirements: • They must be joined to the organization's existing Active Directory domain. • Whole-disk encryption must be implemented with Device Encryption. • They must support User Account Control (UAC) to prevent unauthorized application privilege escalation. A sales rep from a computer manufacturer recently offered you a very competitive price on Windows RT tablet systems. Can you use these systems in this implementation?

No, Windows RT does not support domain join.

You are working in PowerShell on a Windows Server 2012 domain controller. You need to create a new group managed service account to be used by a new application that will be installed later on the Windows 7 workstations that are members of the domain. The domain functional level is set to Windows Server 2008 Can you do this?

No, group managed service accounts cannot be used by Windows operating systems prior to Windows 8.

You need to add a new replication target for an existing DFS folder, which currently contains several terabytes of data. To speed up initial replication to the new target, you decide to clone the DFS database. You plan to do the following to accomplish this: • Install the DFS Replication role on both servers (source and target). • Verify the folder to be replicated on the source server is in the *Normal* state. • Export the DFS Replication database from the source server using the *Export-DfsrClone* cmdlet. • Preseed the files to be replicated by manually copying them from the source server to the target server using File Explorer. • Import the database on the target server using the *Import-DfsrClone* cmdlet. • Add the destination server to the replication group using the *Add-DfsrMember* and *Add-DfsrConnection* cmdlets. Will this deployment plan work?

No, the *robocopy* utility should be used to preseed files on the target server.

You manage a Windows Server 2012 system and need to perform an immediate system state backup. The backup will be saved on the C:\ volume. To accomplish this, you determine that *wbadmin start systemstatebackup -backupTarget:C:* is the appropriate command to use. Will this strategy work?

No, the backup cannot be saved to the same drive as the system state data.

You need to work on several key projects over the weekend on your Windows Vista desktop system at home. However, one of the applications you need to complete your work only runs on Windows 8.x. You decide to create a Windows To Go drive so you can take your computing environment home from work. You have a PNY 32 GB USB 2.0 flash drive that you want to use for the Windows To Go drive. Will this configuration work?

No, you should use a USB 3.0 device to create a Windows To Go drive.

Which of the following CRT monitors is capable of producing a picture with the least amount of flicker?

Non-interlaced.

By definition, which security concept uses the ability to prove that a sender sent an encrypted message?

Non-repudiation

When a sender encrypts a message using their own private key, what security service is being provided to the recipient?

Non-repudiation

You manage a Windows Server 2012 system that functions as Hyper-V hypervisor, hosting several Windows Server 2012 virtual machines. One of these virtual machines has been experiencing poor performance due to excessive network utilization.You want to use Network Monitor to capture and analyze network traffic addressed to this virtual machine. You've accessed the virtual machine's settings and navigated to the advanced configuration screen for its network adapter, as shown in the figure below. Click the configuration option that you would enable to monitor network traffic with a packet sniffer such as Network Monitor.

None

You are testing the power supply in a PC system by measuring the voltage available on the 4-pin Molex connector. The voltage on the red wire is +5.2 volts. What should you do?

Nothing, the power supply is working normally.

What is the name used for the file that contains a mandatory profile?

Ntuser.man

You are working with an existing fiber optic installation in your building. You want to know how long each length of cable is that runs through walls. Which tool should you use?

OTDR

You have purchased a new laptop that runs Windows 8 Enterprise. You want to use DirectAccess to connect the computer to your corporate intranet from home. Your home network is connected to the Internet with a single public IP address and NAT. Firewalls between your network and the intranet allow only HTTP and HTTPS traffic. What should you do to configure the laptop for the DirectAccess connection?

Obtain a computer certificate for the laptop.

You have a Windows 7 computer that is shared by multiple users. You want to allow non-administrative users to install devices that use third-part drivers. Users should be able to install the device without prompts for administrative credentials. Users should only be able to install devices that use the drivers that you specifically identify. You copy the necessary drivers to the computer. You configure the DevicePath registry key to identify the folder where the drivers are located. A standard user logs on and tries to install the device, but gets a prompt for administrative credentials. What should you do?

Obtain drivers that have a digital signature.

You have a Windows 7 computer that is shared by multiple users. You want to allow non-administrative users to install devices that use third-party drivers. Users should be able to install the device without prompts for administrative credentials. Users should only be able to install devices that use the drivers that you specifically identify. You copy the necessary drivers to the computer. You configure the DevicePath registry key to identify the folder where the drivers are located. A standard user logs on and tries to install the device, but gets a prompt for administrative credentials. What should you do?

Obtain drivers that have a digital signature.

Srv1 is running a custom application that uses a custom packet type. You want to monitor network traffic to and from Srv1 for this application. When you go to create the filter, you cannot see the packet type listed. What should you do?

Obtain the parser file for the application and add it to Network Monitor.

You have two computers running Windows 7 named Comp1 and Comp2. Both Comp1 and Comp2 received their IP addresses from a DHCP server in the network, and accessed the Internet through a common default gateway. After several changes in the network infrastructure, Comp1 is the only computer with a connection to the Internet. In addition, Cmop1 is now acting as the default gateway and is sharing its Internet connection with Comp2. On Comp2, you are unable to access the Internet. You use the ipconfig /all command and discover the IP address for the Local Area Connection is 192.168.0.25 with a subnet mask of 255.255.255.0. What should you do?

On Comp2, run ipconfig /renew

You have two computers running Windows 7 named Comp1 and Comp2. Both Comp1 and Comp2 received their IP addresses from a DHCP server in the network, and accessed the Internet through a common default gateway. After several changes in the network infrastructure, Comp1 is the only computer with a connection to the Internet. In addition, Comp1 is now acting as the default gateway and is sharing its Internet connection with Comp2. On Comp2, you are unable to access the Internet. You use the ipconfig /all command and discover the IP address for the Local Area Connection is 192.168.0.25. What should you do?

On Comp2, run ipconfig /renew

You administer a network with a single domain. The network has ten Windows 2012 servers and four UNIX servers. All servers have been manually assigned a static IP address. DC1 and DC2 are domain controllers that hold Active Directory integrated zones for the domain and provide DNS services for all hosts. DC3 provides DHCP services for network clients. You decide to install a third DNS server to improve redundancy and performance for DNS queries. Because of server workload issues, you decide to configure one of the UNIX servers as the DNS server. You create a secondary zone on a UNIX server and configure it to receive information from DC1. Later that day, you notice that the UNIX DNS server does not hold any DNS records. What should you do?

On DC1, edit the zone properties to allow zone transfers.

Your company's Internet namespace is *westsim.com*, and your company's internal namespace is *internal.westsim.com*. Your network has two Windows Server 2012 DNS servers: DNS1 and DNS2. DNS1 is configured with a root zone and is authoritative for the *internal.westsim.com* domain. All client computers are members of the *internal.westsim.com* domain and are configured to use DNS1 as the primary DNS server. Client computers on your internal network cannot resolve Internet DNS names. You verify that client computers can resolve internal DNS names successfully. You also verify that the internal DNS server is configured to forward all unresolvable DNS names to the company's Internet DNS server. You must keep your internal network as secure as possible while making sure that all client computers can resolve Internet DNS names successfully. What should you do?

On DNS1, delete the *.* zone.

You manage a network with a main office and one branch office. Each office has its own Internet connection, and the two offices are connected with a WAN link. All computers in the main office are members of the *westsim.private* domain. All computers in the branch office are members of the *tulsa.westsim.private* domain. The DNS1 server in the main office holds a primary zone for the *westsim.private* domain, while the DNS2 server in the branch office holds the primary zone for the *tulsa.westsim.private* domain. Clients in the branch office are able to resolve hostnames for the *tulsa.westsim.private* domain and for all Internet hosts. However, they cannot resolve hostnames for hosts in the *westsim.private* domain. You need to allow hosts in the branch office to resolve names for hosts in the main office, while still allowing Internet name resolution and minimizing WAN traffic. What should you do?

On DNS2, configure a conditional forwarder for the *westsim.private* domain to forward all requests to DNS1.

You are a network engineer for your company. Your private network uses the namespace *private.westsim.com*. All servers run Windows Server 2012. All client computers run Windows 7 or Windows 8. You manage the DNS servers that are authoritative for the *private.westsim.com* zone. Two servers are authoritative for the zone: DNS1 hosts the primary DNS zone, and DNS2 holds a secondary copy of the zone. You use the DNS console to manually create an A resource record for a new Web server on your network that is configured with a static IP address. From your workstation, you open a browser and try to connect to the new Web server. You get an error message stating that the Web site is not found. You try the test from another workstation with success. You return to your workstation only to find it still does not work. You run *ipconfig /all* and find that your workstation is configured to use the DNS2 server as its preferred DNS server. You want to be able to resolve the host name on your computer as soon as possible to verify that it is working correctly. What should you do?

On DNS2, right-click the zone and select *Reload from Master*.

You manage the DNS infrastructure for your network. Server Dns1 holds a primary zone for the *research.westsim.com* domain. Server Dns2 holds a primary zone for the *sales.westsim.com* domain. Both servers are also domain controllers. Computers configured to use Dns1 as the preferred DNS server are unable to resolve names for hosts in the *sales.westsim.com* domain. You need to enable Dns1 to resolve names for hosts in that domain. Your company security policy states that DNS zone transfers are not allowed between Dns1 and Dns2. What should you do?

On Dns1, configure a conditional forwarder for *sales.westsim.com*.

You manage the DNS infrastructure for your network. Server Dns1 holds a primary zone for the *westsim.com* domain. Server Dns2 holds a primary zone for the *sales.westsim.com* domain. Both servers are also domain controllers. Computers configured to use Dns1 as the preferred DNS server are unable to resolve names for hosts in the *sales.westsim.com* domain. You need to enable Dns1 to resolve names for hosts in that domain. Zone data for the *sales.westsim.com* domain should not be stored on the Dns1 server. What should you do?

On Dns1, create a zone delegation for *sales.westsim.com*.

You manage the remote access solution for your network. Currently you have two remote access servers, RA1 and RA2, with an additional server, RA3, configured as a RADIUS server. You need to configure RA1 and RA2 to forward authentication requests to RA3. What should you do?

On RA1 and RA2, run Routing and Remote Access. Edit the properties of the server and configure it to use RA3 for authentication.

Consider the routed network shown in the exhibit. Host A tries to ping Host B, but gets no response. You check the IP configuration on Host A and see that its default gateway is set to Router1's IP address (172.17.0.1). You check the IP configuration on Host B and see that its default gateway is set to Router2's IP address (172.19.0.1). Upon inspection of the routing table on Router1, you note that it has no default gateway configured, nor does it have a route to the 172.19.0.0 network. Upon inspection of the routing table on Router2, you note that it also has no default gateway configured, nor does it have a route to the 172.17.0.0 network. What must you do to enable routing between all three networks shown in the diagram in the exhibit? (Select two. Each response is part of the complete solution.)

On Router1, enter *route add -p 172.19.0.0/16 172.18.0.2*. On Router2, enter *route add -p 172.17.0.0/16 172.18.0.1*.

Srv10 is a Windows Server 2012 server that runs server core. Srv5 is a Windows Server 2012 server that runs with a graphical interface. Over the next few days, you want to monitor Srv10. You would like to automatically save the contents of the Application and System logs on Srv10 to Srv5. You will then use Event Viewer on Srv5 to view the contents of the logs from Srv10. Because you will be checking for events periodically throughout the day, you want to make sure that the events saved on Srv5 are no more than 15 minutes old. What should you do?

On Srv5 and Srv10, enable and configure Event Subscriptions. Configure Srv10 as a source, and Srv5 as a collector.

You have two computers: WS1 is running Windows 7 and WS2 is running Windows 8.1. You need to migrate all user profiles and data files from WS1 to WS2. You need to ensure the user accounts on the destination computer are created and enabled during the migration. What should you do?

On WS2, run *loadstate* with the */lae* and *lac* options.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 8. A member server named Web1 running the Web Server (IIS) role is hosting an internal company web site. The web site has no internal security. *westsim.com* hires a group of contractors to perform maintenance on the network. The contractors will have Active Directory user accounts and be connected to the internal network using domain joined workstations. The user accounts created for the contractors will be members of the Domain Admins and Domain Users global groups, and of a new global group named TechContractos. Management has requested that the contractors be prevented from accessing the internal company web site for the duration of the project. The contractors may need to connect to Web1 using the Remote Desktop Client to perform maintenance. You must ensure that the contractors cannot access the internal company web site on Web1 using the least amount of administrative effort. What should you do?

On Web1 you should create a custom inbound firewall rule that allows HTTP traffic to Web1 from Domain Users. Add the TechContractors group as an exception to the rule.

Your Active Directory network uses an internal DNS namespace of *private.westsim.com*. Several other Active Directory domains also exist, which are children to the *private.westsim.com* domain. On the Internet, your company uses *westsim.com* for its public domain name. Your company manages its own DNS servers that are authoritative for the *westsim.com* zone. The *private.westsim.com* zone has been delegated to your company's Active Directory domain controllers, which are also DNS servers. Computers that are members of the *private.westsim.com* domain and all child domains must be able to resolve DNS names of Internet resources. However, to help secure your network, DNS queries for resources in the *private.westsim.com* domain and all child domains must never be sent to Internet DNS servers. Queries for Internet names must go first to your public DNS server that is authoritative for the *westsim.com* domain. You need to configure your company's DNS servers to meet these requirements. What should you do? (Choose two. Each correct choice is part of the solution.)

On all DNS servers that are authoritative for the *private.westsim.com* zone or any child zone, create a forwarders list. Forward to DNS servers that are authoritative for the parent zone. Delete root hints to Internet DNS servers on all DNS servers that are authoritative for the *private.westsim.com* zone or any child zone.

Your network has a single domain named *southsim.com*. All client computers run Windows 7 or Windows 8. DNS data for the domain is stored on the following servers: • DNS1 holds the primary zone for *southsim.com*. • DNS2 and DNS3 hold secondary zones for *southsim.com*. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers, and allow any of the three servers to update DNS records in the zone. What should you do?

On all three servers, change the zone type of the DNS zone to Active Directory integrated.

Srv12 is a Windows Server 2012 server that runs File and Print Services. On Srv12, you are troubleshooting a problem that keeps occurring. When the problem happens, there are several Warning and Error events logged to the Application and System logs in Event Viewer. You would like to be able to see only the Warning and Error events from both logs displayed at the same time. You want to save this configuration so that you can check back each day to see any new errors. What should you do?

On the Application log, filter the log to show only Warning and Error events. Save the filter to a Custom View, adding the System log as an additional filter.

You manage Certificate Services for the *westsim.com* domain. You have a single CA installed as an enterprise root CA that runs Windows Server 2012. You want to allow users of the Research department to request certificates for EFS. You duplicate the Basic EFS certificate template, then grant the Research group the Read and Enroll permissions to the certificate template. You configure the certificate to require CA certificate manager approval. A user who is a member of the Research groups logs on and tries to request a certificate for EFS using the Web enrollment pages. The EFS certificate template you created does not appear in the list of certificates that can be request that can be requested. What should you do?

On the CA, issue the certificate template.

You are the DNS manager for the *southsim.com* domain. You want to configure your single DNS server so that it never uses forwarders for name resolution. What should you do?

On the DNS server, disable recursion.

You are the DNS manager for the *eastsim.com* domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the *eastsim.com* zone. Users have complained about multiple DNS name resolution errors. You have examined the configuration, but can't see anything wrong. To help identify the problem, you would like to track the DNS packets sent and received by the server, as well as filter by IP address. What should you do?

On the DNS server, enable debug logging.

You are the network administrator for *westsim.com*. The network consists of two Active Directory domains named *westsim.com* and *sales.westsim.com*. The DNS servers in the *westsim.com* domain are authoritative for the *westsim.com* DNS domain. The DNS servers in the *sales.westsim.com* domain are authoritative for the *sales.westsim.com* DNS domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. The company plans to implement a new domain named *private.westsim.com*. You need to design the DNS infrastructure to support the new domain. Your solution must meet the following requirements: • The DNS servers in *private.westsim.com* must be authoritative for the *private.westsim.com* DNS domain. • All clients in the forest must be able to resolve *private.westsim.com* fully qualified domain names (FQDNs). • DNS servers in the *westsim.com* and *sales.westsim.com* domains should not be authoritative for the *private.westsim.com* domain and should not contain any records for nodes in the *private.westsim.com*. You install Active Directory, create the new domain, and verify that DNS is working within the *private.westsim.com* domain. What should you do?

On the DNS servers in *westsim.com* you should create a delegation for *private.westsim.com* and point the delegation to the DNS servers that are authoritative for *private.westsim.com*.

You are the administrator for a network with a single Active Directory domain named *widgets.local*. The *widgets.local* domain has an Organizational Unit object for each major department in the company, including the Information Systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the *widgets.local* domain that disables the Control Panel for users. You do not want this Group Policy object to apply to members of the Domain Admins group. What should you do?

On the Group Policy object's access control list, deny the Apply Group Policy permission for members of the Domain Admins group.

You are the network administrator for *eastsim.com*. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012. All of the clients run Windows 7. *eastsim.com has one main office. There is an enterprise Certification Authority (CA) located in the main office that handles all certificate requests for the domain. The company also maintains an Internet Information Services (IIS) server that is a member of the domain. The IIS server is located in a perimeter network. *eastsim.com* has a high volume of independent contractors that need to connect to the company network using a VPN connection to an ISA 2006 Server running L2TP/IPSec. The contractors are traveling trainers who must be able to obtain machine certificates to be used for this purpose. Most of the computers do not belong to the Active Directory domain, and the contractors do not often visit the corporate office. Some contractors are trained for projects without ever visiting an *eastsim.com* site. You must configure the enterprise CA to grant machine certificates to the contractors. What should you do?

On the IIS server, install the Certificate Enrollment Web Service.

You manage three Windows Server 2012 servers that run server core. Because you prefer to view events inside of Event Viewer, you would like to configure event subscriptions so that you can view all events from those servers on another server with a graphical interface. You need to configure the three source computers and one collector computer. The subscription should be collector initiated, and should use the *Minimize Bandwidth* optimization option. What should you do? Select only the required tasks for each server. (Select two. Each choice is a required part of the solution.)

On the collector server, configure the subscription. On all four servers, run *winrm quickconfig*. On the collector server, run *wecutil qc*.

You currently manage a network with a single domain. The forests and domain functional level is at Windows Server 2008. All domain controllers run Windows Server 2008. You want to install a new domain controller in the forest running Windows Server 2012. Before dong so, you need to update the schema to support Windows Server 2012 domain controllers. What should you do?

On the domain controller that is the schema master, run *Adprep /forestprep*.

You have created a DFS namespace that is accessed using *\\westsim.com\Accounting*. The namespace currently has a single folder named *Accounting* with two targets. You have configured DFS replication so that data is replicated between the two target folders. The content on Srv1 is considered the master folder, with changes only being allowed on that server. Data is replicated to a read-only folder on Srv2. The target folder on Srv1 includes a subfolder named *Salaries* that includes pay information for all employees. You want to make sure that this folder is not replicated when its copied to Srv2. What should you do?

On the replicated folder, configure a filter to exclude the *Salaries* subfolder.

You have a Windows 7 Ultimate laptop computer that you use both at home and in the office. The laptop has both an Ethernet and a wireless network connection. At home you have created a simple Ethernet network that connects your home computers to the Internet through a cable modem. A friend comes over to your house for some help configuring his new laptop computer. His computer has a wireless network adapter but not an Ethernet network adapter. He wants to connect his laptop through your network to the Internet to download some drivers. What should you do? (Select two. Each choice is a required part of the solution.)

On your laptop, configure a network bridge. Set up an ad hoc wireless connection between his computer and yours. Configure the wireless connection to use WPA-Personal

Which of the following is not an example of a physical barrier access control mechanism?

One time passwords

Which of the following encryption methods combines a random value with the plaintext to produce the cipher text?

One-time pad

Which of the following are backed up during a differential backup?

Only files that have changed since the last full backup.

Which of the following are backed up during an incremental backup?

Only files that have changed since the last full or incremental backup.

You have a small home wireless network that uses WEP. The access point is configured as the DHCP server and a NAT router that connects to the Internet. You do not have a RADIUS server. Which authentication method should you choose?

Open

You are working on a Windows system. Two devices connected to the computer are not performing correctly. You suspect the devices are conflicting with each other because they may be using the same system resources. What should you do to identify the problem? (Select two. Each answer is a possible solution.)

Open Device Manager and select *View\ Resources by connection*. Run System Information (*msinfo32.exe*).

You are working on a computer running Windows 7 Enterprise. Two devices connected to the computer are not performing correctly. You suspect the devices are conflicting with each other because they may be using the same system resources. What should you do to identify the problem? (Select two. Each answer is a possible solution.)

Open Device Manager and view the Resources tab. Run System Information (msinfo32).

After blocking a number of ports to secure your server, you are unable to send e-mail. To allow e-mail service which of the following needs to be done?

Open port 25 to allow SMTP service.

You have been put in charge of providing a VPN solution for all members of the Sales team. Laptops used by Sales team members run Windows 8. All remote access servers run Windows Server 2012. You decide to implement SSTP for the VPN solution. Your company security policy mandates that only necessary firewall ports be opened. What should you do?

Open port 443 in the firewall.

You have been hired to troubleshoot a wireless connectivity issue for two separate networks located within a close proximity. Both networks use a WAP from the same manufacturer and all settings, with the exception of SSIDs, remain configured to the default. Which of the following might you suspect as the cause of the connectivity problems?

Overlapping channels.

You are designing a new network that will support 6000 computers. You only have 8 registered IP addresses that can be allocated to the employees for external network communication so you decide to implement NAT and share the addresses. You want all of these computers to be able to access the Internet at the same time if necessary. Which method of NAT translation should you implement?

Overloading

____ networks are typically used for connecting devices on an ad hoc basis for file sharing of audio, video, and data, or real-time data transmission such as telephony traffic.

P2P

Which non-recommended method of user authentication is considered too insecure because usernames and passwords are sent in plain text?

PAP

____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).

PAT

You have been asked to implement a wireless solution for your company network. To improve security, you decide to implement 802.1x authentication using smart cards and certificates for all wireless users. Which authentication protocol will you use?

PEAP-EAP-TLS

You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose?

PTZ

Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?

PaaS delivers everything a developer needs to build an application onto the cloud infrastructure.

Windows apps that are available in the Windows Store are known as what?

Packaged apps

You want to install a firewall that can reject packets that are not part of the active session. Which type of firewall should you use?

Packet filtering.

When the Hyper-V role is added to a Windows Server 2012 server, the hypervisor creates the individual environments, each of which has its own operating system installed and accesses the computer's hardware via the hypervisor. What are those individual environments called?

Partitons

What type of Software Restriction Policy rule identifies applications based on where the Windows Installer package came from?

Path rules

What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?

Peer-to-peer networking

You have a workstation running the 64-bit version of Windows 7 Ultimate that you would like to change to the 64-bit version of Windows 7 Professional. You want to perform the upgrade with the least amount of effort and cost. What should you do first?

Perform a Custom (advanced) installation using the Windows 7 installation disc.

The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but it also quick to back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups?

Perform a full backup once a week with a differential backup the other days of the week.

You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next?

Perform a memory dump

You work for a consulting company. Your best customer, a university on summer break, has a serious problem. One of the student interns carried a large cup of coffee into the computer room and promptly tripped over a section of the raised flooring. The coffee spilled and found its way into one of the domain controllers. Sparks flew and the domain controller was dead on arrival to the tech bench. The system board was no longer functional and two SCSI hard drives have failed. You replace the system board and SCSI hard drives. Fortunately, a system state backup was done two nights ago, but several changes in Active Directory have occurred since then and have been fully replicated to other domain controllers in this single domain network. You need to decide how to restore Active Directory on the failed server. You must complete the restoration as quickly as possible. What should you do?

Perform a non-authoritative restore of the entire Active Directory database.

You manage a Windows 7 system. You want to view information about all of the programs running on your system and sort each program based on the amount of memory and CPU that the program uses. Which tool would you use?

Performance Monitor

You manage a Windows 7 system. You want to view information about your computer including the CPU utilization percentage and information about disk read operations. Which tools could you use to do this? (Select two.)

Performance Monitor msconfig.exe

Your organization uses a routed network. The network uses Windows Server 2012 systems with the Routing and Remote Access role installed to connect the various network segments together. Your network is very static in nature with changes happening only rarely. To reduce network traffic, you decide to reduce the frequency of RIP routing updates sent between routers. Click the option in the RIP interface properties you would use to do this.

Periodic announcement interval (seconds): 30

Which of the following enables the user to manage, configure, or perform certain tasks on an object?

Permissions

You have several computers running Windows 7 Enterprise. The computers are connected to the network as shown in the image. You have configured static IP addresses for Comp1 and Comp2. To test the connection between the computers, you enter *ping 192.168.23.38* on Comp1's command prompt; however, the ping is unsuccessful and times out. You then use the *ping 192.168.23.231* on Comp2's command prompt, but the ping times out again.You need the ping commands to succeed between the two computers. What should you do?

Permit ICMPv4 traffic through the firewalls of both computers.

You are configuring certificates for a federation trust. You've already issued SSL certificates to the root CAs in both the accounts and partner forests. Now you need to export both root root CAs' certificates so they can later be imported in the opposite forests. Click on the option you would use in the Certificates MMC console to do this.

Personal

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site?

Phishing

Users on your network report that they have received an e-mail stating that the company has just launched a new Web site for employees, and to access the Web site they need to go there and enter their username and password information. No one in your company has sent this e-mail. What type of attack is this?

Phishing.

You need to add additional disk space to the AccServ virtual machine running on a Windows Server 2012 hypervisor. to accomplish this, you decide to create a pass-through disk. Click the option you would use in the virtual machine's Settings screen to do this.

Physical hard disk:

You manage a network with all Windows 7 clients. As part of your IPv6 migration strategy, you have implemented ISATAP on your network. You would like to test the communication of a client computer using ISATAP. What should you do?

Ping the address beginning with FE80:

How does a DHCP client ensure that no other computer has its assigned IP address?

Ping to its own address to see if a response is detected.

To test a power supply, you want to use a multimeter to measure the voltage on a Molex hard disk connector. To do this, you need to turn the power supply on. Which pins on the 24-pin motherboard connector coming from the power supply can be shunted to turn the power supply on? (Select two.)

Pins 16 and 17 Pins 15 and 16

You have a folder on your Windows 7 computer that you would like members of your development team to access. You want to restrict network and local access to only specific users. All other users must not be able to view or modify the files in the folder. What should you do? (Select two.)

Place the files on an NTFS partition. Configure both share and NTFS permissions.

There are four dimensions of psychological type in the MBTI. Which of the following is not one of those dimensions:

Planning/working

You are installing networking cable in the air space between the ceiling and the roof of a building. Which type of cabling should you use?

Plenum

With which network type will OSPF establish router adjacencies but not perform the DR/BDR election process?

Point-to-point

A new law was recently passed that states that all businesses must keep a history of all e-mails sent between members of the board of directors. You need to ensure that your organization complies with this law. Which document type would you update first in response to this new law?

Policy

You manage a single domain named *widgets.com*. One day you notice that a trust relationship you have established with another forest has changed. You reconfigure the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event. Which auditing category should you enable?

Policy change events.

As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?

Pop-up blocker

An Internet server has a single network interface that has been assigned an IP address. The server is running both the FTP and HTTP services. A client computer initiates a session with the HTTP server. How is the HTTP request from the client routed to the correct service running on the server?

Port or socket number

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services Which tool should you use?

Port scanner

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

Port scanner.

Which of the following attacks are primarily reconnaissance attacks? (Select two.)

Port scanning Sniffing

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting the availability of the network. Which of the following should you implement?

Positive pressure system

During which phase of the Windows 8 startup process does the system load the BIOS or Extensible Firmware Interface (EFI) and run a hardware self-test procedure that detects the devices installed in the system and configures them using settings stored in non-volatile memory?

Power-On Self-Test (POST) phase

Which command is used to manage power?

Powercfg.exe

Which Application Compatibility GPO setting will disable the MS-DOS subsystem?

Prevent access to 16-bit applications

A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has access data in restricted areas. This situation indicates which of the following has occurred?

Privilege escalation

An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?

Privilege escalation

On a Windows system, which Task Manager tab would you use to adjust the priority given to a specific program?

Processes

What program that comes with Windows 7 is a wizard-based solution that users or administrators can use to automatically configure an executable file to use an appropriate Windows 7 compatibility mechanism?

Program Compatibility Troubleshooter

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation and not other devices. Which feature should you configure?

Promiscuous mode

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device which is connected to the same hub that is connected to the router. When you run the software, you see only frames addressed to the workstation and not other devices. Which feature should you configure?

Promiscuous mode

What is the name of the mode that IE 10 operates in by default that is designed to prevent attackers that penetrate the computer's defenses from accessing vital system components?

Protected mode

Which of the following is used to help prevent attackers that penetrate the computer?s defense from accessing vital system components?

Protected mode

Besides protecting a computer from under voltages, a typical UPS also performs which two actions:

Protects from over voltages Conditions the power signal

Which of the following is an advantage of a virtual browser?

Protects the operating system from malicious downloads.

You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are being encrypted. Which tool should you use?

Protocol analyzer

You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device. Which tool should you use?

Protocol analyzer

What is the purpose of the Microsoft Management Console (MMC)? (Select two.)

Provide a shell for running snap-ins Provide a common user interface for performing system administrative tasks

You manage a server that runs your company Web site. The Web server has reached its capacity, and the number of client requests is greater than the server can handle. You would like to find a solution so that static Web content can be offloaded to a different server, while the Web server continues to process dynamic content. Which solution should you implement?

Proxy server

Which of the following is the best countermeasure for man-in-the-middle attacks?

Public Key Infrastructure (PK)

How can an organization help prevent social engineering attacks? (Select two.)

Publish and enforce clearly-written security policies. Educate employees on the risks and countermeasures.

You are the network administrator for *westsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 8 Enterprise. There is a single main office located in New York. A perimeter network separates the main office from the Internet. Corporate policy requires that all servers be isolated from the Internet. No external clients may directly access internal resources unless the connection is secure. External connections to servers located in the perimeter network are permitted. You plan to implement DirectAccess to support encrypted connections from remote clients to the internal network. A server named RRAS1 will provide DirectAccess connections for the clients. The DirectAccess clients will use IP-HTTPS connections. Certificates for the DirectAccess clients and servers will be issued by an Enterprise root CA named CA1. You need to configure CA1 to support DirectAccess clients.What should you do?

Publish the CA1 Certificate Revocation List (CRL) on a server in the perimeter network.

You need to connect the end of a Cat 6 UTP cable to a 110 punch down block. Which tool should you use?

Punchdown tool

Management has decided to purchase new desktop systems for the users in Engineering. After conducting a needs assessment, they have determined that the new systems must meet the following requirements: • They must be joined to the organization's existing Active Directory domain. • Application restrictions must be implemented with AppLocker. • Whole-disk encryption must be implemented with BitLocker. • They must support virtualization technology using Client Hyper-V. A sales rep from a computer manufacturer recently offered you a very competitive price on desktop systems with the following specifications. • CPU: 64-bit AMD 3.0 GHz quad core (SLAT-enabled) • RAM: 8 GB • Hard disk: 1 TB • Operating system: Windows 8.1 Professional. What should you do?

Purchase the desktop systems as configured and implement them in the network.

You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)

Put the database server on the private network. Put the Web server inside the DMZ.

Your network conducts training sessions for high-profile clients. As part of the training, clients connect to get a video feed of the instructor and other class activities. You want to make sure that video traffic related to the training is not delayed on the network. Which solution should you implement?

QoS

To configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?

RADIUS server

Which RAID configuration level provides increased performance using only two disks?

RAID 0

Which of the following drive configurations uses striping without fault tolerance?

RAID 0

Which of the following disk configurations might sustain losing two disks? (Select two.)

RAID 1+0 RAID 0+1

What is an advantage of RAID 5 over RAID 1?

RAID 5 improves performance over RAID 1.

A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. This is an example of which kind of access control model?

RBAC (based on rules)

Which of the following protocols or services would you associate with Window's Remote Desktop Services network traffic?

RDP

ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags.

RFID

You are configuring routing on a Windows Server 2012 system. The server has two network interfaces installed, each one connected to a different network segment. You have installed and enabled the Routing and Remote Access role on the server. Rather than manually configure static routes on the server, you want to configure it to communicate with other routers already in the network to dynamically build its routing table. Click on the routing protocol you would use to do this.

RIP Version 2 for Internet Protocol

Which kind of connector do you use to connect a modem to a standard telephone line?

RJ-11

What of the following is based on a push technology used with Internet Explorer that notifies you when a Web site is changed?

RSS

Which of the following drive configurations is fault tolerant?

Raid 5

You manage a single domain named *eastsim.com*. The domain currently has domain controllers running Windows Server 2003 and Windows Server 2008. The domain and forest are running in Windows 2000 native mode. You want to install a single new domain controller into the existing domain. This domain controller will run Windows Server 2012. What should be the first step of the installation?

Raise the domain and forest functional levels.

You are the administrator for WestSim Corporation. The network has a single domain, *westsim.com*, running at Windows 2003 functional level. Five domain controllers, all running Windows Server 2012 server, are located on the network. Your network uses a distributed administrative approach. Numerous network administrators work in Active Directory adding users and maintaining their accounts. One day you check Active Directory and find a new OU that doesn't meet your organizational plan. You delete the OU and start checking to see who might have added it. You get a call from another administrator complaining that you deleted the OU she was working with. She explains the OU's purpose, and points out she had added it yesterday to prepare for a new department. She explains that although the OU was empty this morning, she had moved some user accounts into that OU at or shortly after the time you deleted the OU. You perform system state backups every night. You need to get back the deleted objects as quickly as possible without disrupting the network. What should you do?

Re-create the OU. Move the user accounts from the LostAndFound container into the new OU.

You have a computer that runs Windows XP Professional that you would like to upgrade to Windows 7 Professional. You run the setup program and install Windows 7 on the same computer and hard drive. What should you do next?

Re-install all applications.

What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?

Read-only

Which of the following best describes the concept of due care or due diligence?

Reasonable precautions, based on industry best practices, are utilized and documented.

You have a computer running Windows 7. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?

Reboot the machine.

The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?

Rebooting the system

Which form of alternate site is the cheapest but may not allow an organization to recover before reaching their maximum tolerable downtime?

Reciprocal agreement

You manage a Windows Server 2012 server named Srv12. Srv12 hosts an application that stores data in a custom database. You configure Windows Server Backup to back up the volume for the application and its data. The application has a VSS writer, and it is running when the backup completes. The hard disk holding the application and data has crashed. You check your backup media and find you have a DVD from today. You also have a hard disk with a backup taken last night, but that disk is stored in an offsite location. You want to restore the application and its data as quickly as possible, but leave the database in an unrecovered and offline state. What should you do? (Select two. Each choice is a required part of the solution.)

Recover the backup to the original location. Do not perform roll-forward recovery. Recover the application and its data from disk.

You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?

Recovery agent

You are the server manager for the *westsim.com* domain. You have previously installed Windows Server 2012 on two new servers, and configured both servers with BitLocker. Both servers have a TPM installed. Because of a hardware failure, one of the servers will not boot. You replace the failed hardware, but now BitLocker is preventing the system from starting because it has failed the startup system integrity checks. Which of the following would you use to reconfigure BitLocker so the system will start?

Recovery key

You have previously installed Windows Server 2012 on two new servers and configured both servers with BitLocker. Both servers have a TPM installed. Because of a hardware failure, one of the servers will not boot. You replace the failed hardware, but now BitLocker is preventing the system from starting because it has failed the startup system integrity checks. Which of the following would you use to reconfigure BitLocker so the system will start?

Recovery key

You are the desktop administrator for your company. You manage a group of Windows 8 Professional computers used by a part-time sales staff. All computers are members of a single Active Directory domain. Each part-time sales employee might use a different computer every day. You configure roaming user profiles for each part time sales employee. After you implement roaming user profiles, some users complain that it takes an excessive amount of time to log on to a computer for the first time.. You investigate the problem and discover that these users store large amounts of files in their Documents folders. You suspect that the increased log on times are due to the large amount of data being downloaded from the network. You want to decrease log on times for part-times sales employees. You also want to maintain access to each user's Documents folder when the user logs on to any computer. What should you do?

Redirect each part-time sales employee's Documents folder to a folder on a network share.

QoS provides which of the following on a network?

Reduces latency of time-sensitive traffic.

What is the primary security feature that can be designed into a network's infrastructure to protect and support availability?

Redundancy

What do you call a template for a workstation configuration that contains all the software the workstation requires?

Reference computer

You have a server that runs Windows Server 2012. The hard drive has been encrypted using BitLocker. BitLocker uses a TPM with a PIN and a startup key. You have lost the USB device containing the startup key. You also find that you are unable to locate the recovery key. You need to be able to boot the computer. What should you do?

Reformat the hard drive and reinstall Windows.

Which tool lets you view and directly edit the registry?

Regedit

You are the network administrator for Corpnet.com. You plan to deploy Active Directory Rights Management Services (AD RMS). The AD RMS clients in the domain must be able to automatically discover the AD RMS server. What should you do?

Register a Service Connection Point (SCP) in Active Directory.

You need to find out what kind of laws might apply to the design and operation of your network. Which type of document would you consult?

Regulation

You have an existing computer that you've been using for years. You decide to upgrade the processor. You check the motherboard documentation and purchase the fastest processor that is supported by the motherboard. When you start the computer, it beeps regularly but nothing is shown on the screen and it doesn't start. What should you do? (Select two.)

Reinstall the old processor in the motherboard. Flash the BIOS.

You manage the network with a single Active Directory domain named *eastsim.com*. You have installed a read-only domain controller in your branch office. As part of the configuration, you added the *Authenticated Users* group and the *Domain Computers* group as members of the *Allowed RODC Password Replication Group* group. During a break in at the branch office, the RODC was stolen. You are concerned that the passwords can be extracted from the RODC. You delete the RODC account and choose to rest the passwords for user and computer accounts. You save the list of reset passwords to the *rodcpw.txt* file. You need to enable logon for users and computers. What must you do? (Select two. Each choice is a required part of the solution.)

Rejoin the computers listed in the *rodcpw.txt* file to the domain. Manually reset uer account passwords for users listed in the *rodcpw.txt* file. Force users to change their passwords at the next logon.

A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device?

Remote wipe

You manage a Windows 7 computer with an attached printer. You share the printer using a share name of Printer1. You assign the Allow Print permission for the printer to the Sales group. However, you discover that users who are not members of this group can print to the printer. You want only members of the Sales group print to Printer1. What should you do?

Remove Everyone from the printer's access control list.

You have a Windows 7 computer that is shared by multiple users. Sally wants to access a file in the Reports folder. A group named Sales has been granted the Full Control permission to the Reports folder and all subfolders and files. You add Sally as a member of the Sales group, but she still cannot access the file that she needs. You want to let Sally access the Reports folder. What should you do?

Remove Sally from any other groups that have been explicitly denied access to the Reports folder.

You have just installed several devices at once to a computer, but now the computer fails to boot properly. What should you do?

Remove all of the newly added devices and install them one at a time.

You have been assigned to create a remote access strategy for your network. All full-time company employees should be allowed remote access during any time of the day. In addition, you have some contractors who are working with the Marketing department who should be allowed access only between 6am to 6pm. You have created a special group called *Contractors*, and defined the following network policies on the server. Remote Access Policy Name - *Allow Any* Conditions - *Domain Users group membership VPN connection* Permissions - *Allow access, ignoring Active Directory* Constraints - *None* Remote Access Policy Name - *Contractors Allow* Conditions - *Contractors group membership VPN connection* Permissions - *Allow access, ignoring Active Directory* Constraints - *None* Remote Access Policy Name - *Contractors Deny Night* Conditions - *Contractors Group membership VPN connection* Permissions - *Deny access, ignoring Active Directory* Constraints - *6pm to 6am* You configure the policies in the following order: 1. Contractors Deny Night. 2. Contractors Allow 3. Allow Any At 10am you get a call from one of the contractors stating that she cannot gain remote access. You check and find that no contractor has been granted access. You need to modify the configuration to meet the remote access requirements. What should you do?

Remove the constraints from the Contractors Deny Night policy and add a condition for 6pm to 6am.

You are creating an Ethernet network for your company. The shipping department is located in a different building that is located 150 meters from the main wiring closet. You connect a single Cat 6e cable to connect the wiring closet to the shipping building. Which of the following should you in include in your plan?

Repeater

You have a wireless network that you have been managing for several years. The network currently uses WEP on all access points. You check the access points and discover that they did not support WPA or WPA2 when they were originally released. You want to upgrade the network to support WPA2 Personal. Which of the following will be part of your plan? (Select two.)

Replace all access points with new ones. Change the authentication and encryption settings on all client computers.

A user from the Sales department calls to report that he is experiencing problems connecting to the Sales file server. All users in the Sales department connect to the Sales server through a single Ethernet switch. No other users have reported problems connecting to the Sales server. Which of the following troubleshooting actions are you most likely to perform first?

Replace the network card in the user's computer.

You are testing the power supply in a PC system by measuring the voltage available on the 4-pin Molex connector. The voltage on the yellow wire is +10.1 volts. What should you do?

Replace the power supply.

You have a stand-alone computer running Windows 7 Professional. You notice that the Aero features are not displayed. The computer has a 19 inch CRT screen that supports refresh rates up to 65 Hertz and a video card with 64 MB RAM. You need to use Aero features.

Replace the video adapter card with one that has at least 128 MB RAM.

You have a stand-alone computer running Windows 7 Professional. You notice that the Aero features are not displayed. The computer has a 19 inch CRT screen that supports refresh rates up to 65 Hertz and a video card with 64 MB RAM. You need to use the Aero features. What should you do?

Replace the video adapter card with one that has at least 128 MB RAM.

You manage the network for a single Active Directory domain named *eastsim.com*. You have installed a read-only domain controller in your branch office. As part of the configuration, you added the *Sales Users* group as a member of the *Allowed RODC Password Replication Group* group. You get a call from a user in the branch office saying that she can't log on. You verify that her user and computer accounts are members of the correct groups. You check and find that the WAN link to the branch office is down. You need to modify the configuration so that the user can log on even when the WAN link is down. What should you do?

Repopulate passwords on the RODC.

You are the network administrator for Corpnet.com. Management has requested that the intranet website, *intranet.corpnet.com* be configured for high availability. You have two Windows Server 2012 servers named Web1 and Web2. IIS has been installed and configured with a copy of the website on both servers. The Network Load Balancing feature has also been installed on both servers. You need to prepare the environment to create a Network Load Balancing cluster to provide high availability for the intranet web site. Clients must be able to access the website using the URL http://intranet.corpnet.com. What should you do? (Choose two.)

Reserve an unused valid IP address on the network to be assigned to the NLB cluster. Create an A record in DNS that maps the FQDN, *intranet.corpnet.com*, to the IP address erserved for the NLB cluster.

Srv12 is a Windows Server 2012 server that runs File and Print Services. On Srv12, you are troubleshooting a problem that keeps occurring. When the problem happens, there are several Warning and Error events logged to the Application log in Even Viewer. While troubleshooting the problem, you create a filter for the log that shows only the Warning and Error messages. Because you've been working on the problem for several days, you'd like to save the current filter settings on the Application log so you don't have to reconfigure the filter each time. What should you do?

Right-click the Application log and choose *Save Filter to Custom View...*.

You are working on a computer running Windows 7. It is part of a domain. You recently installed Windows 7 Professional edition. After installation, you are not able to connect to resources on the network. You check Device Manager and see the dialog shown in the image. What should you do?

Right-click the Broadcom NeXtreme Gigabit Controller and select *Update Driver*.

You have a Windows 7 computer. You use the computer at home with a small network used by members of your family. You want to share the contents of a folder with other users over your network. Most users should have read-only access, but you want to explicitly deny access to other users. You want to configure the permissions using the least amount of effort possible. What should you do?

Right-click the folder and select Properties. Configure Advanced Sharing on the Sharing tab.

Which type of user profile is stored on a shared server drive, which makes it accessible from anywhere on the network?

Roaming user profile

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

Rogue access point.

Which access control model manages rights and permissions based on job descriptions and responsibilities?

Role Based Access Control (RBAC)

After updating a device driver, the device has started to malfunction. What should you do first to try and resolve this issue?

Roll back the driver

What type of RJ45 UTP cable do you use to connect a PC's COM port to a router or switch console port?

Rolled

You want to make a console connection to a router using the serial port on a PC. Select the necessary components to make the console connection. Select only the necessary components.

Rollover cable Console port Terminal emulation program

Which user profile type stores the user profile on a network share, making it available from anywhere on the network?

Romaing User Profile

A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms.

Rootkit

You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to the computer. Which of the following terms best describes this software?

Rootkit

You have configured Router A, Router B and Router C as shown in the exhibit. Users in network 10.0.0.0 report that they have no trouble accessing resources within their own network, but claim they cannot access a database located on subnet 192.168.0.0. Users all the other networks claim they are having no problems accessing the database. What is the problem?

Router A has been configured with an incorrect network address.

You have configured Router A, Router B and Router C as show in in the exhibit. Users in network 10.1.1.0 claim they cannot access resources in network 192.168.2.0. What is the problem?

Router C has been configured with the incorrect AS number.

You want to configure static NAT so that packets from host 192.168.2.100 will always be assigned the registered IP address 24.1.2.11 as shown in the graphic. Match the missing lines with the required commands.

Router(config)# ip nat inside source static 192.168.2.100 24.1.2.11 Router(config)#interface ethernet 0 Router(config-if)# ip nat inside Router(config-if)#interface serial 0 Router(config-if)# ip nat outside

Which of the following commands will configure all the default VTY ports on a router?

Router(config)#line vty 0 4

Which command is used to manually encrypt passwords on a Cisco router?

Router(config)#service password-encryption

You are the network administrator for a company with a single Active Directory domain. The domain functional level is Windows Server 2003. Each departmental administrative team has delegated control over an organizational unit (OU) for their department. In the last few weeks there have been several new administrators join the team that have never managed Active Directory before. Yesterday, one of the new administrators inadvertently deleted an entire OU from within his department's OU structure. You have located a backup from two days ago to use for the restoration. What should you do? (Choose two. Each correct answer is part of the solution.)

Run *Ntdsutil* and mark the deleted OU for authoritative restore. Reboot a domain controller into directory services restore mode and restore Active Directory from the backup.

You have a computer that runs Windows XP Professional. You want to upgrade your computer to Windows 7 Professional. You want to maintain as much of the application, user profile, and user data as possible. You want to perform the upgrade with the least amount of effort possible. What should you do?

Run *Scanstate* in Windows XP. Perform a custom (advanced) installation of Windows 7 to the existing hard drive. Boot into Windows 7 and re-install all applications. Run *Loadstate*.

Your network currently has the following Active Director domains" *westsim.com*, *emea.westsim.com*, and *us.westsim.com*. All domains have both Windows Server 2003 and Windows Server 2008 domain controllers. All domains are at a Windows Server 2003 functional level , and the forest level is at Windows Server 2003. You want to add a Windows Server 2012 domain controller to the *uk.emea.westsim.com* domain. Which of the following must you do to prepare for the installation? (Select two. Select only the requried actions.)

Run *adprep /forestprep* in the *westsim.com* domain. Run *adprep /domainprep* in the *uk.emea.westsim.com* domain.

You manage the network with a single Active Directory domain named *eastsim.com*. Domain controllers run both Windows Server 2008 R2 and Windows Server 2012. The domain functional level is at Windows Server 2008. You would like to install a read-only domain controller for the *eastsim.com* domain to implement in a branch office. What should you do first?

Run *adprep /rodcprep*.

You have a stand-alone computer running both Windows 7 and Windows 8. The computer currently boots to Windows 7 by default. You need the computer to boot to Windows 8 as the default operating system instead. What should you do?

Run *bcdedit.exe*.

You have a Windows 7 laptop that is shared by three users. The computer is not a member of a domain. Each user has been using EFS to encrypt their personal files on the laptop. You would like to add your user account as a recover agent so you can revery any encrypted file encrypted by any user on the laptop. You would like to store the recovery keys on a smart card. What should you do first?

Run *cipher /r*.

You have a Windows 8 laptop that is shared by three users. The computer is not a member of a domain. Each user has been using EFS to encrypt their personal files on the laptop. You would like to add your user account as a recovery agent so you can recover any encrypted file encrypted by any user on the laptop. You would like to store the recovery keys on a smart card. What should you do first?

Run *cipher /r*.

You have a computer that runs Windows 8 connected to a domain network. After reconfiguring the static address of an internal Web server named WEB3, your computer can no longer connect to WEB3. However, other users are still able to connect to the same Web server. You need to be able t connect to the WEB3 server. What should you do?

Run *ipconfig /flushdns*.

You have a server running Windows Server 2012. The hard drive has been protected using BitLocker. You need to update the BIOS on the computer. What should you do first?

Run *manage-bed -pause*

You have a laptop running Windows 7 Ultimate edition. You have been encrypting files on your computer using EFS and a self-signed certificate. You now want to protect your encrypted files using a certificate on a smart card. You install a smart card reader and obtain a smart card with a new certificate. You want to make sure that all encrypted files use the certificate on the smart card. What should you do first?

Run *rekeywiz*.

You have a laptop running Windows 8. You have been encrypting files on your computer using EFS and a self-signed certificate. You now want to protect your encrypted files using a certificate on a smart card. You install a smart card reader and obtain a smart card with a new certificate. You want to make sure that all encrypted files use the certificate on the smart card. What should you do first?

Run *rekeywiz*.

You have a computer that runs Windows 7. You need to manually check for updates from Windows Update. What should you do? (Select two. Both answers are complete solutions.)

Run *wuauclt.exe /detectnow*. Click the *Check for updates* button in Windows Update.

You have a computer that runs Windows 7. You need to free up disk space and would like to delete all but the most recent restore point. What should you do? (Select two. Each selection is a complete answer.)

Run Cleanmgr as an administrator, then use the More Options tab to clean up the restore points. In Disk Cleanup, select Clean up system files, then use the More Options tab to clean up the restore points.

You have a Windows 7 computer with a single hard disk. You notice that the disk defragmentation schedule has been turned off on your computer. The disk is badly fragmented. You want to run disk defragmentation manually. What should you do?

Run Defrag.

You are visiting a Web site that worked fine when you were using Internet Explorer 6 on a Windows XP machine. However, you suspect that this Web site is not compatible with Internet Explorer 8?s protected mode. Which of the following should you NOT do when troubleshooting this problem?

Run Internet Explorer as a domain administrator.

You manage a small business network with a single subnet. All devices are connected through a series of three switches. You want to monitor traffic between Srv1 and Srv2. You install Network Monitor on Srv3 and start a capture to capture all packets. After you stop the capture, you cannot see any packets sent between Srv1 and Srv2. What should you do?

Run Network Monitor on Srv2.

You have a single computer running Windows XP. You are about to complete a clean installation of Windows 8 on the computer, and you need to migrate user profiles and data from the previous installation of Windows XP. What should you do?

Run WET and use *External hard disk or USB flash drive* as the transfer method. Use the *Custom: Install Windows only (advance)* option during the Windows 8 installation.

You want to deploy Windows 7 to multiple computers using a system image. You would like to use an answer file to automate the installation process on a reference computer. What should you do first?

Run Windows System Image Manager (Windows SIM).

You have installed anti-malware software on a computer that only you use. You want to protect the computer from files that you download from the Internet. What should you do next to make sure that there aren't any existing files on your system that are infected?

Run a full scan

You have a stand-alone computer running both Vista and Windows 7. The computer currently boots to Windows 7 by default. You need the computer to boot to Windows Vista as the default operating system instead. What should you do?

Run bcdedit.exe.

You need to deploy Windows 7 Enterprise to multiple new computers using a previously-captured system image. Before deploying the image, you need to see a list of all the drivers included in the image. What should you do?

Run dism

You are performing a network installation of Windows 7 on a new computer. You boot the computer using Windows PE. You need to install a device driver for the network adapter. What should you do?

Run drvload.exe

You need to deploy Windows 7 Enterprise to multiple new computers. You have an image that you have previously captured.You have mounted and dismounted the image several times. You want to reduce the overall size of the image file by removing unnecessary resource files from the image file. What should you do?

Run imagex /export.

You have a computer running Windows 7 Ultimate. You want to capture the installation as a system image. You have already used Sysprep to remove machine-specific information from the reference computer. You need to exclude specific files from the ImageX capture operation. What should you do? (Select two. Each choice is a required part of the solution.)

Run imagex.exe. Create a wimscript.ini file and include an exclusion list section.

You have a computer that runs Windows 7 connected to a domain network. After reconfiguring the static address of an internal Web server named WEB3, your computer can no longer connect to WEB3. However, other users are still able to connect to the same Web server. You need to be able to connect to the website on the WEB3 server. What should you do?

Run ipconfig /flushdns

You have a computer that runs Windows 7. Your network has just transitioned from using IPv4 to IPv6. IPv6 configuration is performed automatically using stateful DHCPv6. A DNS server on your network provides name resolution for IPv6. Your computer is having problems communicating on the network. You would like to receive new configuration information from the DHCP server as well as remove all old DNS entries in your local DNS cache. What should you do? (Select two. Each choice is a required part of the solution.)

Run ipconfig /release6 and ipconfig /renew6 Run ipconfig /flushdns

You have a computer that runs Windows 7. Your company has started the migration to IPv6 on your network. Your network administrator tells you that the network is using stateless autoconfiguration. You need to configure your computer for IPv6 so it is correctly configured with the IPv6 address, default gateway, and DNS server addresses. The computer is currently configured to get all IPv6 information automatically. What should you do?

Run netsh interface ipv6 add dnsserver

You manage a virtual machine named VM12 that has been installed on the Srv5 physical server. The configuration files for the virtual machine are currently saved in the C:\HyperV directory on Srv5. You want to move the virtual machine from Srv5 to Srv9. You copy the virtual machine files from Srv5 to the D:\VMs directory on Srv9. You edit the virtual machine configuration file to update the path to the virtual hard disks. When you run the Hyper-V Manager on Srv9, the VM12 virtual machine does not appear in the console. What should you do?

Run the *Mklink* command.

You are the network administrator for Corpnet.com. All the servers run Windows Server 2012. You have a domain controller named DC1 that is running a virtual machine. You would like to clone the DC1 virtual machine to create another domain controller named DC2. You need to prepare the DC1 t be cloned. What should you do?

Run the *New-ADDCCloneConfigFile* cmdlet.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 and all the clients run Windows 8. Company policy requires all users in the domain to change their passwords every 30 days. An application named *App1* uses a service account named *App1Svc*. Every 30 days, *App1* fails. When the *App1Svc* account password is reset, the application works fine. You need to prevent App1 from failing in the future without compromising corporate security standards. What should you do?

Run the *New-ADServiceAccount* cmdlet.

You are the network administrator for *northsim.com*. The network consists of one Active Directory domain. All of the servers run Windows Server 2012 and all of the clients run Windows 7. While attempting to run a backup on a member server, you discover that you are unable to log on to the domain. After troubleshooting the problem, you determine that the clock on the member server is 15 minutes fast. You verify that the time is correct on the PDC Emulator. You have no trouble logging o to other member servers. You need to display the member server's current Windows Time Service information to determine which server is being used as a time service provider. What should you do?

Run the *W32tm.exe* command.

Your Windows 7 computer has two hard drives as shown in the *Exhibit*. The C:\Finances folder and its contents have been encrypted. You need to move the C:\Finances\Reports.xls file to the D: drive. You want the file to remain encrypted. You want to accomplish this with the least amount of effort possible. What should you do?

Run the *convert* command, followed by the *xcopy* command.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8. You have modified the Default Domain Controllers group policy object. A new security policy in the company states that all group policy settings must be delivered using new group policy objects. You must reset the Default Domain Controllers policy to the default settings using the minimum administrative effort. What should you do?

Run the *dcgpofix /target:dc* command on a domain controller.

Srv7 is an application server that will run an application that is currently under development. As part of the development process, programmers, need to view events that will be logged to the Analytic and Debug logs in Event View. You open Event Viewer on Srv7 and configure the View menu to show the two logs. At the end of the day, you notice that there are no messages in those logs, even though the application testing has been running on the server for several hours. You need to make sure that messages are sent to the log and are visible. What should you do?

Run the *wevtutil* command with the */e:true* switch for both logs.

You just purchased a new Windows 7 system for an artist in your company. After installing an art application to the computer, the artist states that the application does not work correctly. The application worked fin on a Windows XP machine. In an attempt to fix the problem, you tried to run the application in compatibility mode. When this didn't work, you temporarily disabled UAC, but this still didn't fix the problem. You decide to create a shim for the application. You download the Application Compatibility Toolkit (ACT). What should you do next?

Run the Compatibility Administrator.

You are the administrator for the *westsim.com* domain. Organizational Units (OUs) have been created for each department. You want to give the TWhite user account the ability to link and unlink GPOs on the Sales OU. You want to assign the least amount of permissions as possible. What should you do?

Run the Delegation of Control wizard.

You have a computer that runs Windows 7 connected to a domain network. One day you find that your computer cannot connect to any network resources. You run the Ipconfig command and find that the network connection has been assigned the address of 169.254.12.155 with a mask of 255.255.0.0. What should you do?

Run the Ipconfig /release and Ipconfig /renew commands.

You have a Windows Vista system that you would like to upgrade to Windows 7. You want to make sure that everything in your current system is compatible with Windows 7. What should you do?

Run the Windows 7 Upgrade Advisor.

You have a computer running Windows 7 Ultimate. For several years, the developers in your company have used a specific application. After installing the application on your computer, it no longer executes correctly. The application worked best on Windows XP machines with Service Pack 3. You need to have the application work correctly on this computer with the least amount of administrative effort. What should you do?

Run the application in compatibility mode.

You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the following would best protect your system?

Run the browser within a virtual environment.

You have recently been called to troubleshoot network connectivity problems at a user's workstation. You have found that the network cable runs across high-traffic areas on the floor, causing the cable to wear through and break. You have replaced the cable with a plenum rated, shielded, twisted pair cable. You would like to minimize the problem and prevent it from happening again. What should you do?

Run the cable through the ceiling area instead of across the floor.

Your Windows 7 computer has two hard drives as shown in the image. The C: drive is running out of space. You would like to move the C:\Finances folder to the D: drive. Existing NTFS permissions should be kept on the folder following the move. You want to accomplish this with the least amount of effort possible. What should you do?

Run the convert command, followed by the xcopy command.

You have a laptop that runs Windows 7. The laptop uses DHCP for IPv4 addressing information. You need to see the IPv4 address, subnet mask, and DNS server addresses that the network connection is currently using. What should you do? (Select two. Each choice is a possible solution.)

Run the netsh command. View the status for the network connection. Click the Details button.

You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do?

Run the packet sniffer application on Host B

You have just installed a new Windows 7 computer for a client. The client asks you to install a software program that has the following minimum software requirements. 256 Memory 1 Gigabyte Hard Drive Windows XP Operating system You install the software on the Windows 7 computer and when you select the shortcut to launch the executable the program will not launch. What step would be most appropriate to take next?

Run the program using one of the Windows XP compatibility modes

What physical disk technology runs at 600 MB/sec. However, it is no longer suitable for large enterprise servers.

SATA

Using File and Storage Services in Server Manager, you will create a new share. The New Share Wizard prompts you for a profile. You need a profile that provides SMB sharing with full share and NTFS permissions and access to services provided by File Server Resource Manager. Which do you choose?

SMB Share-Advanced

You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?

SQL injection

You need to create a DNS record that identifies a service, protocol, and port number. Which record type would you create?

SRV

Listed below are several DNS record types. Match the record type on the left with its function on the right.

SRV *Identify a domain controller* MX *Identify a mail server* A *Map a host name to an IPv4 address. PTR *Map an IPv4 address to a host name

You have a small wireless network that uses multiple access points. The network currently uses WEP. You want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop? (Select two.)

SSID Preshared key

What option starts the computer with a minimal set of generic drivers which are needed to run the system?

Safe mode

You manage a Windows Server 2012 server that stores user data files. You want to use windows Server Backup to configure a backup schedule. You want to perform a complete system backup every Monday, Wednesday, and Friday. You want to be able to restore the entire system or individual files from the backup. What should you do? (Select two. Each choice is a required part of the solution.)

Save backups to a shared folder. Create a Scheduled Task that runs *wbadmin start backup*.

You have just installed a new domain on a new domain controller running Windows Server 2012. You would like to use Windows Server Backup to back up Active Directory. You would like to perform the backup so that you can restore the domain controller if the domain controller is able to boot but when Active Directory is corrupt. You want the backup to run once a day. You want to take the backup medium and put it in a safe in an offsite location. What should you do? (Select two. Each choice is a required part of the solution.)

Save the backup to a local disk. Create a scheduled task to run *wbadmin start systemstatebackup*.

You manage a Windows Server 2012 server that stores user data files. The system volume is drive C:, while all user data is on drive E:. You want to use Windows Server Backup to configure a backup schedule. You want to back up only the E: volume twice a day. You want to be able to restore individual files and folders. If possible, you want to save backups on optical media so you can place the backup disc in a media catalog server for easy retrieval. What should you do? (Select two. Each choice is a required part of the solution.)

Save the backup to an external hard disk. Create a Scheduled Task that runs *wbadmin start backup*.

Srv12 is a Windows Server 2012 server that runs File and Print Services. On Srv12, you are troubleshooting a problem that keeps occurring. When the problem happens, there are several Warning and Error events logged to the Application log in Event Viewer. You create a Custom View that shows only Warning and Error events. During troubleshooting, you filter the Custom View to show only the Error messages. You would like to create a new Custom View using the current filter settings. What should you do?

Save the filter to a Custom View.

The Srv1 server runs Hyper-V and has several virtual servers installed. Currently, most virtual servers are used for testing purposes. The physical system is running out of memory because of all the virtual machines that are currently active. You want to stop three virtual machines to free up more system resources. You want to stop the virtual machines so that when they start again, all open applications are still open and running. What should you do?

Save the virtual machine.

Which of the following tasks does the Event Viewer MMC snap-in allow you to perform?

Save useful event filters as custom views that can be reused.

Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?

Screen lock

You have been put in charge of providing a VPN solution for all members of the Sales team. Sales team members have been issued new laptop computers running Windows 8. All remote access servers run Windows Server 2012. Salesmen complain that with the previous VPN solution, there were many times that they were unable to establish the VPN solution because the hotel or airport firewalls blocked the necessary VPN ports. You need to come up with a solution that will work in both instances. Which VPN method should you choose?

Secure Socket Tunneling Protocol (SSTP)

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?

Security Options

Which term applies to the Transport layer's Protocol Data Unit (PDU):

Segment

You are the network administrator for your company. Your company uses Windows 8 as its desktop operating system. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions. You want to use an advanced audit policy to accomplish this. What should you do? (Choose two. Both selections are part of the complete solution.)

Select *Failure* for *Audit File System*. Enable *File system*; then configure the security principles and types of access you want to audit.

You are the network administrator for your company. Your company uses Windows 8 as its desktop operating system. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its Security event log. You want to use an advanced audit policy to accomplish this. What should you do?

Select *Failure* for *Audit Logon*.

You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its Security database. You want to create a policy that meets these requirements. What should you do?

Select *Failure* for *Audit account logon events*.

You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to change a user's group membership in a computer's local database. You want to create a policy that meets these requirements. What should you do?

Select *Failure* for *Audit account management*.

You are the network administrator for your company. Your company uses Windows 7 Professional as its desktop operating system. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify denied attempts to manipulate files on computers that have been secured through NTFS permissions. You want to create a policy that meets these requirements. What should you do?

Select *Failure* for *Audit object access*.

You are the network administrator for *eastsim.com*. The network consists of a single domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. A server at the main office named NP1 runs the Network Access Policy (NPS) server role. You need to disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback address. What should you do?

Select *Properties* of the Local Area Connection and uncheck *Internet Protocol Versions 6 (TCP/IPv6)*.

An 8-port switch receives a frame on port number 1. The frame is addressed to an unknown device. What will the switch do?

Send the frame out ports 2-8.

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to verify the integrity of the transmission?

Sender's public key

Your organization uses one primary DNS zone that is backed up by seven secondary DNS zones on other servers. You haven't made any changes to your primary zone. However, you want to be sure that all of your secondaries are up to date. To do this, you want to force a zone transfer to the secondary zones as soon as possible. Click the option in the zone properties that you would use to force a zone transfer.

Serial number: 65 Increment

You are reviewing the configuration of a router that uses EIGRP for its routing protocol. Shown below is the output from the show ip eigrp topology all-links command: Router# show ip eigrp topology all-links IP-EIGRP Topology Table for process 77 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776 via 172.16.80.28 (46251776/46226176), Ethernet0 via 172.16.81.28 (46251776/46226176), Ethernet1 via 172.16.80.31 (46277376/46251000), Serial0 via 172.16.81.31 (46277400/46251800), Serial1 Based on the output, which of the following are true? (Select two.)

Serial0 is a feasible successor route Ethernet0 and Ethernet1 are successor routes

____ certificates enable clients connecting to the Web server to examine the identity of the server's owner.

Server digital

Which of the following is defined as a contract which prescribes the technical support parameters that a provider will bestow to its client?

Service level agreement

Which command is used to manually encrypt your passwords?

Service password-encryption

A client computer starts to download some files from an FTP server named FTPSrv1. While the first download is in progress, the user opens a second instance of the FTP program and initiates a second download. What does the server and the client use to keep each download separate?

Session ID

____ is an attack in which an attacker attempts to impersonate the user by using his session token.

Session hijacking

You are the network administrator for your network. Your network consists of a single Active Directory domain. All servers run Windows Server 2012. Your company recently mandated the following user account criteria: • User accounts must be deactivated after three unsuccessful logon attempts. • User account passwords must be at least 12 characters long. • User accounts must be manually reset by an administrator once they are locked out. You must make the changes to affect everyone in the domain. You are editing the Default Domain Group Policy object. What should you do? (Choose three. Each correct choice represents part of the solution.)

Set *Account lockout threshold* to *3*. Set *Account lockout duration* to *0*. Set *Minimum password length* to *12*.

You are the network administrator for your network. Your network consists of a single Active Directory domain. All servers run Windows Server 2012. Your company recently mandated the following user account criteria: ● User accounts must be deactivated after three unsuccessful logon attempts. ● User account passwords must be at least 12 characters long. ● User accounts must be manually reset by an administrator once they are locked out. You must make the changes to affect everyone in the domain. You are editing the Default Domain Group Policy object. What should you do? (Choose three. Each correct choice represents part of the solution.)

Set *Minimum password length* to 12. Set *Account lockout duration* to 0. Set *Account lockout threshold* to 3.

The image shows the current scavenging settings for the *eastsim.com* zone. Automatic scavenging has been configured on the zone to run every hour. You want to modify the existing settings so that DNS records are deleted within 10 days after they have not been refreshed. What should you do?

Set the *refresh interval* to *3*.

You manage several computers that run Windows 7. You would like to have better control over the applications that run on these computers, so you have decided to implement AppLocker. You have created default rules and an executable rule that allows the company's accounting application to run. You notice that you can still run any program on your test client. What should you do? (Select two. Each choice is a possible solution.)

Set the enforcement mode for executable rules to Enforce rules. Start the Application Identity service on the client.

You have a laptop running Windows 7 Professional. The computer is a member of the mydomain.local Active Directory domain. You travel to a branch office in your company. The branch office has 5 computers running Windows 7 Ultimate edition. Computers in the branch office are not domain members. All computers use a HomeGroup for file sharing. You want to join the HomeGroup in the branch office. What should you do?

Set the network location for the connection to Home.

You have decided to redirect the contents of the local Documents folder for all domain users on all workstations to a Windows Server 2012 system named FS3. The server is a member of the eastsim.com domain. You want each user's Documents folder redirected to their home directory. Click on the settings in the folder redirection policy for Documents that you must configure to accomplish this.

Settings

You manage the network infrastructure for the *westsim.com* domain. All servers run Windows Server 2012, and all clients run Windows 8. All server and client computers are members of the domain. You have just created a stand-alone DFS root with the namespace of *SharedFiles* on Srv1. You create a folder in DFS named *Reports* that points to the *2011-rep* shared folder on Srv2. You would like to configure Srv3 to provide redundancy so that data in the shared folder is still accessible, even if Srv2 goes down. What should you do?

Share a folder on Srv3. Add this folder as a target to the *Reports* folder. Configure DFS replication.

Your Windows 7 computer has a folder named D:\SalesDept. The D: drive is formatted with FAT32. You need to allow network access to the folder as follows: ● Members of the Sales group should have read-only access to the content in the folder. ● Members of the SalesAdmin group should be able to open, edit, and add new files to the folder. ● No other users should have access. Members of the SalesAdmin group are also members of the Sales group. You want to assign as few permissions as possible. What should you do?

Share the SalesDept folder. Grant Read permission to the Sales group and Change permission to the SalesAdmin group. Remove Everyone from the access control list.

You're responsible for implementing network cabling in a new network installation. The cabling will be installed in a manufacturing environment where there is a great deal of electromagnetic interference. (EMI). Which type of cabling would operate best in this environment? (Choose two.)

Shielded twisted pair cable Fiber-optic cable

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs?

Shredding

In the scenario where you are installing Windows 8 on a new computer and plan to dispose of an old computer running Windows XP, which Windows Easy Transfer method would be most appropriate to use?

Side-by-Side

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?

Signature based.

You are working on a Windows system that is a member of a domain. You need to discover if there are any drivers on the computer which do not have a digital signature. Which of the tools should you use?

Sigverif.exe

You want to implement an Ethernet network using the 100BaseFX standard using the minimum hardware specifications possible. You need to support distances of up to 1,000 meters. Which of the following should you include in your plan? (Select two.)

Single-mode fiber optic cable. LC connectors.

Which touch gesture requires you to press a point on the screen and draw your finger across it without pausing?

Slide

Which Hyper-V feature found in Windows Server 2012 provides temporary memory to allow a virtual machine to restart even when there is not enough physical memory available?

Smart Paging

Users report that the Internet is no longer accessible. You suspect that the line connecting your building to the Internet is not working properly. Which of the following allows the service provider to remotely test the local loop?

Smart jack

What technology is used with IE 8 to help defend against phishing?

SmartScreen Filtering

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf.

What is the captured image of the state, data, and hardware configuration of a VM at a particular moment in time?

Snapshot

What type of attack is most likely to succeed against communications between Instant Messaging clients?

Sniffing

What is the purpose of setting up e-mail notifications for users who violate storage quotas?

So that administrators can proactively assist users in resolving the problem.

What is the purpose of implementing new audit subsettings?

So that you can focus on important audit items

What is the term given to the attempt to penetrate the security of a computer system by convincing people to disclose secret information?

Social engineering

What would be the biggest problem with configuring text files for accounting logging?

Space; filling up the C drive has catastrophic effects.

Which of the following features dynamically places switch ports in blocking or forwarding states?

Spanning tree

Which of the following solutions would you implement to eliminate switching loops?

Spanning tree

You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support?

Spanning tree

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?

Spanning tree

You are managing a Windows Server 2012 virtual machine on a Hyper=V hypervisor host. Dynamic Memory is enabled in the virtual machine's configuration. The virtual machine will run several web applications that are known to create system memory utilization spikes during heavy use. Because Dynamic Memory is enabled, you are concerned that memory could be unallocated from this virtual machine reallocated to another, resulting in insufficient memory should utilization suddenly increase. You need to ensure that some physical RAM is held in reserve to prevent this from happening. Click on the option you would use in the virtual machine's memory configuration to do this.

Specify the percentage of memory that Hyper-V should try to reserve as a buffer. Hyper-V uses the percentage and the current demand for memory to determine an amount of memory for the buffer. Memory buffer: 20%

Which of the following methods of preventing the count-to-infinity problem with distance vector routers will send a hop count of 16 back up the path from which the information was obtained?

Split horizon with poison reverse

A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on the Internet-facing interface. This is an example of what form of attack?

Spoofing

A ________ _________ _________ describes when and how people will be added to the project team and taken off it:

Staffing management plan

You are the network administrator for *northsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. While working in Active Directory Users and Computers, you discover that an organizational unit (OU) which contained several group objects missing. You do not know how long the OU has been missing. You select a backup from the previous week.. You need to determine whether this backup contains the missing OU. You attempt to mount the snapshot using *NTDSUtil* but are not successful. You must mount the backup as an Active Directory snapshot. What should you do?

Start the Volume Shadow Copy service (VSS).

You are the network administrator for westsim.com. The network consists of a single domain. All of the servers run Windows Server 2012. All of the clients run Windows 8. A server named RODC1 is a read-only domain controller located in a branch office. RODC1 uses Bitlocker to encrypt all drives for extra security. You have been notified that RODC1 failed. After obtaining the necessary hardware to repair the server, you need to perform a bare metal restore of the server. What should you do?

Start the computer from the Windows Server 2012 installation disk.

The amount of memory that you want to allocate to the VM when it starts is called ______.

Startup RAM

____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Stateless packet filtering

You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these 5 servers?

Static

What is the cryptography mechanism which hides secret communications within various forms of data?

Steganography

You want to use Hyper-V to create two virtual machines, with each using a common parent installation. Listed below are the steps necessary to complete the configuration. Drag each required step from the list on the left to the spaces on the right. Use only the necessary steps to complete the configuration.

Step 1 Create one fixed disk. Step 2 Create the virtual machine(s) Step 3 Install the operating system Step 4 Install integration services Step 5 Make the disk(s) read only Step 6 Create two differencing disks Step 7 Create the virtual machine(s) Step 8 Step 9

What is used to specify which bits of an IPv4 address are used for the network identifier and which bits are used for the host identifier?

Subnet mask

Which of the following are benefits of EIGRP? (Select two.) Operates within a controlled hierarchy. Uses an open standard. Supports manual route summarization. Rapid convergence.

Supports manual route summarization. Rapid convergence.

Which of the following are benefits of EIGRP? (Select two.) Operates within a controlled hierarchy. Supports multiple protocols. Low use of network resources. Uses an open standard.

Supports multiple protocols. Low use of network resources.

Which of the following is the least effective power loss protection for computer systems?

Surge protector

In a(n) infection, a virus injects itself into the program's executable code instead of at the end of the file.

Swiss cheese

Angela is the network administrator for a rapidly growing company with a 100BaseT network. Users have recently complained about the slow file transfers. In a check of network traffic, Angela discovers a high number of collisions. Which connectivity device would best reduce the number of collisions and provide for future growth?

Switch

Which of the following LAN devices receives a signal on one port, and forwards that signal only to the port where the destination device is connected?

Switch

You want to reduce collisions by creating separate collision domains and virtual LANs. Which of the following devices should you choose?

Switch

When protection of the content of a message is required, which of the following cryptography solutions should be employed?

Symmetric encryption

What form of cryptography is best suited for bulk encryption because it is so fast?

Symmetric key cryptography

What do you use to synchronize between your computer, offline drives, and mobile devices?

Sync Center

You have decided to implement Network Access Protection (NAP) on your network. You want to impose the following restrictions: • Computers without antivirus software should not be allowed to connect. • Computers without the latest security updates should not be allowed to connect. • No other health checks should be performed. Which NAP component would you modify to enable the health checks that should be performed when clients attempt to connect?

System Health Validator (SHV)

You need to configure when Windows updates are checked for and downloaded from Microsoft's update servers on a Windows 7 system. Which option in Control Panel should you use to do this?

System and Security

What type of backup creates a separate backup of the computer?s system disk and reserve partition that Windows 7 creates on the disk during installation and saves to a VHD file on the backup device?

System image backup

You have just installed a new domain on a new domain controller running Windows Server 2012. You would like to use Windows Server Backup to back up Active Directory. You would like to perform the backup so that you can restore the domain controller if the domain controller is able to boot but when Active Directory is corrupt. Which type of backup should you create?

System state backup.

Which of the following terms describes a framework of the phases involved in developing information systems:

Systems developing life cycle

Which of the following is the name of the type of port scan which does not complete the full three-way handshake of TCP, but rather listens only for either SYN/ACK or RST/ACK packets?

TCP SYN scan

You have been asked to document the wiring in your building. You would like to identify the length of each Cat5 cable to verify that it meets Ethernet standards. You need to identify the length of the cables, but most cables run through walls and ceilings, making them difficult to trace. Which tool should you use?

TDR

___ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.

Tailgate sensors

You manage Group Policy for the *westsim.com*. You have set up a lab with a separate forest named *westsim.test*. In the lab domain, you create a GPO named *UserSettings*. You test this GPO in the lab and then decide that you want to use it in your production domain. You need to move the GPO to the *westsim.com* domain. What should you do?

Take a backup of the *UserSettings* GPO. In *westsim.com*, create a new GPO. Import the settings from the backup.

You currently manage a virtual machine named VM18 that has been installed on the Srv5 physical server. The virtual machine runs Windows Server 2012 Enterprise edition and a custom application. You receive an update to the application. You want to save the current state so that if the update causes any problem,s you can easily revert back to the state before the update was installed. What should you do?

Take a snapshot of the virtual machine.

Which of the following is NOT a basic printer permission?

Take ownership

An employee has a Windows 7 laptop. The employee has just been fired, but not before he assigned Deny Full Control permission to Everyone to all the files and folders on the laptop. All users, including you, are now blocked from accessing these important files. You are the administrator and you need to make these files available as quickly as possible. What should you do?

Take ownership of the files, and change the permissions.

Which of the following are associated with the application layer of the OSI model?

Telnet

You are an administrator for a large company. You are setting up a computer at a worker's home so he can telecommute while he recovers from surgery. You want to connect to the UNIX server at the office to update his account information. Which utility should you use to accomplish this task?

Telnet

You are physically seated at a Host connected to the console of the Seattle router as shown in the exhibit. You need to know what IP address has been configured on the E0 interface on the New York router. What are your options? (Select two.)

Telnet to Toronto. From privileged mode type show cdp neighbors detail. Telnet to New York. From privileged mode, type show interface E0.

You are a network administrator for your company. A user calls and tells you that after stepping on the network cable in her office, that she can no longer access the network. You go to the office and see that one of the user's stiletto heels has broken and exposed some of the wires in the Cat 5 network cable. You make another cable and attach it from the wall plate to the user's computer. What should you do next in your troubleshooting strategy?

Test the solution.

WSUS allows you to automatically approve every update, but you shouldn't necessarily do that. What should you do before approving updates to be installed?

Test the updates on your own systems before approving for rollout.

Susan is the administrator for a Windows 2012 domain named *internal.widgets.com*. This domain spans a single site (the Default-First-Site-Name site). She wants to configure password and account lockout policies that Active Directory domain controllers will enforce. She has created a Group Policy object with the settings she wants to apply. Most of the domain controllers are located in the Domain Controllers OU, although she has moved some domain controllers to a sub OU called Secure Domain Controllers. Where should Susan link the Group Policy object that she has created?

The *internal.widgets.com* domain.

You just configured Router_London as show in in the Exhibit. The router is part of EIRGP autonomous system 200. Both directly connected networks 172.17.0.0 and 172.18.0.0 are to be advertised to neighbor routers within AS200. When testing your router, you discover the neighboring routers have no entries in their routing table for your subnets. What is the problem?

The AS has been incorrectly configured.

You manage a single domain running Windows Server 2012. You have configured a Restricted Group policy as shown in the image. When this policy is applied, which action will occur? The image shows "Desktop Admins" in the bottom box (This group is a member of:).

The Backup Operators group will be made a member of the Desktop Admins group.

An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?

The CA's public key must validate must validate the CA's digital signature on the server certificate.

A workstation configured to use DHCP for IP addressing sends a DHCP Discover frame on the local network segment. The frame is received by the DHCP service running on a Windows Server 2012 system. What happens next?

The DHCP server responds with a DHCP Offer.

You manage a single domain running Windows Server 2012. You have configured a Restricted Group policy as shown in the image. When this policy is applied, which actions will occur? (Select two.) The image shows "Desktop Admins" in the top box (Members of this group:).

The Desktop Admins group will be made a member of the Backup Operators group. Any other members of the Backup Operators group will be removed.

What actions can a typical passive Intrusion Detection System (IDS) take when it detects and attack? (Select two.)

The IDS logs all pertinent data about the intrusion. An alert is generated and delivered via Email, the console, or an SNMP trap.

You have configured to routers, LondonA and LondonB for OSPF routing. Serial0/0 on LondonA is connected to Serial0/1 on LondonB. The partial configuration of each router is shown below: When you check the routing table on LondonA, you find that it has not learned about network 172.17.1.16 from LondonB. What is the problem?

The IP address assigned to Serial0/0 on LondonA is not the same subnet as the Ip address assigned to Serial0/1 on LondonB.

You are implementing NAT on a Windows Server 2012 system using Routing and Remote Access. You installed two network interfaces in the server: • The *Ethernet* connection is connected to external network that uses registered IP addresses. • The *Ethernet1* connection is connected to the internal network where private IP addressing is used. The Ethernet connection is assigned an IP address of 137.65.1.23/16, while the Ethernet1 connection is assigned an IP address of 172.17.1.1/16. You enabled Routing and Remote Access on the server and configured it for NAT. You defined the Ethernet1 connection as the private interface and the Ethernet connection as the public interface with NAT enabled. Which of the following is true regarding this implementation?

The NAT router can forward DNS requests to the DNS servers on the public network.

You've booted your home PC from a Windows To Go drive you created at work from your Windows 8 desktop system. Which of the following are true of your PC while the Windows To Go environment is running? (Choose two.)

The Windows Recovery Environment isn't available. The Windows Store is disabled by default.

Which of the following are features of an IPS system? (Select two.)

The ability to detect Denial of Service (DoS) attacks and fragmented packets. The ability to look for malicious traffic patterns across multiple packets.

What must happen if a DHCP IP conflict occurs?

The administrator must fix the conflict by hand at the DHCP server

What special feature do Windows apps have that is particularly attractive for an organization with many various types of Windows 8 devices in use?

The apps use the new Windows user interface (UI) designed to display and work across Windows 8 devices with different form factors and display sizes.

You have configured two routers, LondonA and LondonB for OSPF routing. Serial0/0 on LondonA is connected to Serial0/1 on LondonB. The partial configuration of each router is shown below: When you check the routing table on LondonA, you find that it has not learned about network 172.17.1.16 from LondonB. What is the problem?

The areas defined in the network statements do not match.

Which action is taken when the private key associated with a digital certificate becomes compromised?

The certificate is revoked and added to the Certificate Revocation List.

Certificate revocation should occur under all but which of the following conditions?

The certificate owner has held the certificate beyond the established lifetime timer.

Although the changes are easy to make, why is changing the AD Schema such a big deal?

The changes could corrupt the database.

Which of the following best describes an IP address class?

The class defines the default network address portion of the IP address.

Due to widespread network expansion, you have decided to upgrade the network by configuring a DHCP server for the network. The network uses Linux, Windows, and Mac OS X client systems. You configure the server to distribute IP addresses from 132.168.2.1 to 192.168.2.100. You use the subnet mask of 255.255.255.0. After making all setting changes on the DHCP server, you reboot each client system but they are not able to obtain an IP address from the DHCP server. Which of the following would explain the failure?

The clients must be configured to obtain IP addressing from a DHCP server.

What happens to a computer that isn't running Windows Firewall?

The computer is isolated.

What is the first thing that happens when a collision occurs on an Ethernet network?

The device that detected the collision transmits a jam signal.

What is the net effect of deleting a device using Device Manager and then restarting the computer?

The device will be detected by Windows during the restart and Windows will try to reinstall it automatically.

While working in Device Manager, you notice the display shown in the exhibit. What does the icon next to the USB Mass Storage Device indicate?

The driver for the device is unavailable.

Which of the following are true about the distance vector method of sharing routing table information? (Select two.)

The entire routing table is sent to other routers. Routers send routing information only to their neighbor routers.

Which part of a MAC address is called the organizationally unique identifier (OUI)?

The first 24 bits, or 3 bytes

The Houston router is connected to the Dallas router with a serial link. You have configured both routers with OSPF. You use the debug ip ospf events command and see the following output: What is the problem?

The hello timer configured on the Dallas router is incorrect.

Hold downs use triggered updates to help prevent routing loops by letting routers know of changes in the network. Which of the following events can reset the hold-down timer? (Select two.)

The hold-down timer runs out. The hold-down timer receives notification of a change in network status.

How does a host on an Ethernet network know when to resume transmissions after a collision has occurred?

The hosts will attempt to resume transmission after a time delay has expired.

A virtual domain controller has been powered on and begins to boot. When it does, the hypervisor host detects that the value of the VM-Generation-ID in the virtual machine's configuration and the value of the VM-Generation-ID in the virtual domain controller's computer object in Active Directory don't match. What happens next?

The hypervisor pushes the latest RID pool and USN to the virtual domain controller.

A virtual domain controller has been powered on and begins to boot. When it does, the hypervisor host detects that the value of the VM-Generation-ID in the virtual machine's configuration and the value of the VM-Generation-ID in the virtual domain controller's object in Active Directory don't match. What happens next?

The hypervisor pushes the latest RID pool and USN to the virtual domain controller.

You are in the process of integrating AD FS with Windows Azure cloud services. All prerequisite software has been installed on the Windows server along with the Windows Azure Pack. You now need to configure the AD FS server to support Windows Azure Pack. Which entities need to be added as relying parties on the AD FS server to do this? (Select two.)

The management portal for tenants. The management portal for administrators.

When would you use the degauss feature on a CRT monitor? (Select two.)

The monitor displays distorted images. The monitor displays strange colors.

Which of the following is true of a network using the 10Base-T standard? (Select two.)

The network operates at ten megabits per second. The maximum cable distance is 100 meters.

Which of the following is true of a network using the 1000Base-T standard? (Select two.)

The network uses copper UTP cables. The network operates at one gigabit per second.

You have an Ethernet network using the 10Base-T standard. Network devices are connected together using hubs. Which of the following is true?

The network uses half-duplex communications.

A switch has a port that is alternating between green and amber. Which condition could this indicate?

The port is experiencing errors

The desktop workstations you recently purchased for the employees in your organization's Denver office came with two network boards installed: • A RealTek PCIe Fast Ethernet interface integrated into the motherboard. • A Broadcom NetXtreme 57xx Gigabit Ethernet interface installed in a motherboard slot. You used the gigabit controller to connect these systems to the network. Because the integrated interface is not used, you set up a Devices Group Policy preference that disables the RealTek adapter. However, because this affects only the employees in the Denver office, you set up an item-level target that specifies that the preference only be applied to hoses in the Denver site in Active Directory. Which of the following is true concerning this Group Policy preference when it is applied?

The preference will be applied but not enforced.

Which of the following would require that a certificate be placed on the CRL?

The private key is compromised.

If one of the replicated folders isn't available, what happens when a user requests a file?

The request is rerouted to another replicated folder.

You are reviewing the configuration for a router that uses EIGRP for its routing protocol. Shown below is the output from the show ip eigrp topology all-links command: Router# show ip eigrp topology all-links IP-EIGRP Topology Table for process 77 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776 via 172.16.80.28 (46251776/46226776), Ethernet0 via 172.16.81.28 (46251776/46226776), Ethernet1 via 172.16.80.31 (46277376/46251889), Serial0 P 172.16.81.0 255.255.255.0, 1 successors, FD is 307200 via 172.16.82.28 (307200/281600), Ethernet1 via 172.16.80.28 (308500/281600), Ethernet0 via 172.16.80.31 (332800/307900), Serial0 Based on the output, which of the following is true for the route to network 172.16.81.0/24?

The route through Ethernet1 is the successor route.

You are reviewing the configuration of a router that uses EIGRP for its routing protocol. Shown below is the output from the show ip eigrp topology all-links command: Router# show ip eigrp topology all-links IP-EIGRP Topology Table for process 77 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776 via 172.16.80.28 (46251776/46226176), Ethernet0 via 172.16.81.28 (46251776/46226176), Ethernet1 via 172.16.80.31 (46277376/46251000), Serial0 P 172.16.81.0 255.255.255.0, 1 successors, FD is 397200 via 172.16.82.28 (307200/281600), Ethernet1 via 172.16.80.28 (308500/281600), Ethernet0 via 172.16.80.31 (332800/307900), Serial0 Based on the output, what will happen when both successor routes to network 172.16.90.0/24 are lost?

The route through Serial0 will automatically be used.

You are reviewing the configuration of a router that uses EIGRP for its routing protocol.. Shown below is the output from the show ip eigrp topology all-links command: Router# show ip eigrp topology all-links IP-EIGRP Topology Table for process 77 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 172.16.90.0 255.255.255.0, 2 successors, FD is 46251776 via 172.16.80.28 (46251776/46226176), Ethernet0 via 172.16.81.28 (46251776/46226176), Ethernet1 via 172.16.80.31 (46277376/46251889), Serial0 P 172.16.81.0 255.255.255.0, 1 successors, FD is 397200 via 172.16.82.28 (307200/281600), Ethernet1 via 172.16.80.28 (308500/281600), Ethernet0 via 172.16.80.31 (332800/307900), Serial0 Based on the output, what will happen when both successor routes to network 172.16.90.0/24 are lost?

The router will recalculate the route to network 172.16.90.0/24.

You are reviewing the configuration of a router that uses EIGRP for its routing protocol. Shown below is the output from the show ip protocols command: Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP maximum hopcount 100 EIGRP maximum metric variance 2 Redistributing: eigrp 1 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is in effect Maximum path: 5 Routing for Networks: 192.168.1.12 90 00:55:50 192.168.2.15 90 00:55:50 Distance: internal 90 external 170 Based on the output, what is true of this configuration? (Select two.)

The routing process has 2 neighbors. EIGRP is sharing information about 3 networks.

When none of your configured Software Restriction Policies are matched, what happens

The settings in the default rule are used.

What will be displayed after the following program segment is coded and run, assuming the user enters the number 49 at the prompt? *Write "Enter a number."* *Write "This program will display its square root."* *Input Number* *Write "The aquare root of "+Number+" is* *"Sqrt(Number)+ "."*

The square root of 49 is 7.

Two connected routers are configured only with RIP routing. What will be the result when a router receives a routing update that contains a higher-cost path to a network already in its routing table?

The update will be ignored and no further action will occur.

Your organization uses an 802.11b wireless network.Recently, other tenants installed the following equipment in your building: A wireless television distribution system running at 2.4 GHz A wireless phone system running at 5.8 GHz A wireless phone system running at 900 MHz An 802.11a wireless network running in the 5.725 - 5.850 GHz frequency range An 802.11j wireless network running in the 4.9 - 5.0 GHz frequency range. Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

The wireless TV system

Your organization uses an 802.11b wireless network. Recently, other tenants installed the following equipment in your building: A wireless television distribution system running at 2.4 GHz. A wireless phone system running at 5.8 GHz. A wireless phone system running at 900 MHz. An 802.11a wireless network running in the 5.725 - 5.850 GHz frequency range. An 802.11j wireless network running in the 4.9 - 5.0 GHz frequency range. Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

The wireless TV system.

Why are phone lines and ISDN not used today for remote access services (RAS)?

They no longer supply acceptable bandwidth.

Which of the following is not true regarding cookies?

They operate within a security sandbox.

Your organization's security policy dictates that the security level for the Local Intranet and Trusted Sites zones in Internet Explorer be set to Medium-High on all user workstations. Rather than configure each workstation individually, you decide to use a Group Policy preference setting in a GPO to make the change. Which of the following is true concerning this Group Policy preference? (Choose two.)

This preference is not available in local Group Policy. The preference can be applied to specific systems based on criteria you specify.

You have a WAN link that connects two sites. The WAN link is supposed to provide 1.5 Mbps of bandwidth. You want to perform a test to see the actual bandwidth of the link. Which tool should you use?

Throughput tester

The Seven Basic Tools of Quality include all of the following except:

Time management tools

Why is there a No Encryption option for network connections?

To accommodate devices (clients) that don't support encryption

What purposes does a wireless site survey serve? (Choose two.)

To identify existing or potential sources of interference. To identify the coverage area and preferred placement of access points.

Why is monitoring system health so important?

To maintain a safe computing environment

Which of the following is a good reason to install a firewall?

To prevent hackers from accessing your network.

Why should backup media be stored offsite?

To prevent the same disaster from affecting the both network and the backup media.

What is the purpose of Spanning Tree Protocol in a switched LAN?

To provide a mechanism for network monitoring in switched environments

You manage a server that runs your company Web Site. The Web site includes streaming video that shows features of some of your products. The link connecting your server to the Internet charges based o bandwidth use. When the bandwidth spikes, so does your bill. You would like to implement a solution to prevent the amount of traffic sent over the WAN link from exceeding a specific level. Which solution should you implement?

Traffic shaper

Which of the following solutions are most likely implemented with VoIP to ensure timely delivery of voice data? (Select two.)

Traffic shaper QoS

You have just installed anti-virus software on all computers on your company network. Which additional actions should you take to help protect systems from malicious software? (Select two.)

Train users to scan removable storage devices before copying files. Train users to update the virus definition files frequently.

Your network currently has the following Active Directory domains: *westsim.com*, *emea.westsim.com*, *uk.emea.westsim.com*, and *us.westsim.com*. Your company is closing its offices in the United States. Previously, most of the network administration took place in that office. Now all IT administration will take place in your London offices. You have removed all domain controllers from the *us.westsim.com* domain except for the DC1 server. This server hosts the following roles: • RID master • PDC emulator • Domain naming master • Infrastructure master Prior to removing Active Directory from the domain controller, you need to transfer the necessary operation master roles to servers in the *westsim.com* domain. The *westsim.com* domain has the following domain controllers: WS1, WS2, WS3, and WS4. All servers are also global catalog servers except for WS3. What should you do to prepare for Active Directory removal on DC1?

Transfer the domain naming master to WS1, WS2. or WS4.

Your network currently has two domains: *eastsim.com* and *sales.eastsim.com*. You need to remove the *sales.eastsim.com* domain. You have removed all domain controllers in the domain except for the DC1.sales.eastsim.com server. This server holds the following infrastructure master roles: • RID master • PDC emulator • Infrastructure master • Domain naming master You are getting ready to remove Active Directory from DC1. What should you do first?

Transfer the domain naming master to a domain controller in *eastsim.com*.

A healthy security posture results from a sound and workable strategy toward managing risks.

True

ANSI is an organization composed of more than 1000 representatives who together determine standards for electronics industry in addition to other fields.

True

Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.

True

Computers can be positioned on a network in different ways relative to each other.

True

Data, once restricted to papers in the office filing cabinet, now flows freely both in and out of organizations, among employees, customers, contractors, and business partners.

True

Developing the project business case is not part of the project integration management.

True

Digital signatures actually only show that the public key labeled as belonging to person was used to encrypt the digital signature.

True

Most metadata about a file is generated and recorded automatically without the user's knowledge.

True

Most organizations follow a three-phase cycle in the development and maintenance of a security policy.

True

Network management is a general term that means different things to different networking professionals.

True

One attribute of a project is that it requires resources, sometimes coming from various areas

True

PRINCE2 defines 45 separate sub-processes and organizes them into eight process groups.

True

Part of the process of controlling project costs includes monitoring cost performance

True

Public keys can be stored by embedding them within digital certificates, while private keys can be stored on the user's local system.

True

Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.

True

The term "integrity" refers to the soundness of a network's programs, data, services, devices and connections.

True

The use of port numbers simplifies TCP/IP communication and ensures that data are transmitted to the correct application.

True

Using route distribution, routers within an autonomous system can use different AS numbers to communicate routing information.

True

When defining activities for your project, this will involve identifying the specific actions that will produce the project deliverable in enough detail to determine resource and schedule estimates.

True

You are configuring certificates for a federation trust. You've already issued SSL certificates to the root CAs in both the accounts and partner forests and exported both root root CAs' certificates. Now, you need to import these certificates in the opposite forests. The accounts partner's certificate needs to be imported into the resource partner's CA and vice-versa. Click on the option you would use in the Certificates MMC console to do this.

Trusted Root Certification Authorities

Which IE security zone contains the web sites that you would not expect to damage the computer?

Trusted sites

You have a laptop running Windows 7 Professional. The computer is a member of the mydomain.local Active Directory domain. You take your laptop home and connect it on your home network using a wireless connection. You would like to join the HomeGroup from your laptop that has already been created on your home network. What should you do?

Turn on Network Discovery.

Drag each application compatibility setting on the left and drop it on the corresponding function that the setting performs.

Turns off automatic resizing of applications when using large-scale fonts > Disable display scaling on high DPI settings. Disables Aero features > Disable desktop composition. Allows applications with limited color palette to display properly > Run in 256 colors. Resolves display problems with menus and buttons > Disable visual themes. Allows low resolution applications to display properly > Run in 640 x 480 screen resolution.

Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry? (Select two.)

Turnstile Double-entry door

You are planning to install Windows 7 on a new 64-bit computer. The computer will be joined to a domain and you plan to configure the computer to boot from a .VHD image. Which Windows 7 edition should you use?

Ultimate (64-bit)

You are planning to install Windows 7 on a new 64-bit computer. The computer will be joined to a domain and you plan to configure the computer to boot from a .VHD image. Which Windows 7 editon should you use?

Ultimate (64-bit)

When a cryptographic system is used to protect the confidentiality of data, what is actually protected?

Unauthorized users are prevented from viewing or accessing the resource

Which of the following best describes Bluesnarfing?

Unauthorized viewing calendar, e-mails, and messages on a mobile device.

You administer a network with Windows 2000 and UNIX servers, and Windows 2000 Professional, Windows 98, and Macintosh clients. A user of a Windows 98 computer calls you one day and says he is unable to access resources on the network. You type ipconfig on the user's computer and receive the following output: 0 Ethernet adapter: IP address ........................:169.254.1.17 Subnet Mask......................:255.255.0.0 Default Gateway.................: You also check your NIC and see the link light on. What might the problem be?

Unavailable DHCP server

You are the administrator for a domain named *widgets.local*. You have created a Group Policy object (GPO) named Deploy Virus Detection, configured it to assign virus detection software to all computers in the domain, and linked the GPO to the *widgets.local* domain. The virus detection software is installed using a Windows Installer (.msi) file that has all installation data integrated into it. You now want to update the virus detection software on all computers. You do not want this update to be optional. What should you do? (Select two. Each choice is a required part of the solution.)

Update the Windows Installer (.msi) file in the shared folder acting as a software distribution point. Redeploy the Deploy Virus Detection GPO. Assign a new software package to computers in the domain. Configure the new software package to upgrade over the existing virus detection software.

Which of the following should be used to locate hardware inadequacies in the computer that might prevent a successful upgrade to Windows 8?

Upgrade Assistant

You have a laptop computer that runs Windows 8 Enterprise. The computer is a member of a domain. You want to use DirectAccess to access application servers on your corporate intranet. Application servers run Windows Server 2008 R2. You need to implement a solution that does the following: • All communications sent to the private network over the Internet are encrypted. • Client computers authenticate the application servers on the intranet. • Following authentication, traffic on the intranet is not encrypted. What should you do? (Select two. Each choice is a required part of the solution.)

Upgrade application servers to Windows Server 2008 R2. Configure selected server access (modified end-to-edge).

You manage desktop systems for a small organization. Currently, all of your systems have the following hardware installed: • CPU: AMD Sempron 2.8 GHz • Memory: 4 GB • Hard disk: 500 GB • Video: 1 GB video memory • Monitor: LCD with native resolution of 1280 x 768 The Professional edition of Windows 8 came pre-installed on all of these systems and they are currently joined to your organization's Active Directory domain. Several users have complained that they can't view apps from the Windows Store side by side on screen. What should you do?

Upgrade the LCD monitors to models with a native resolution of at least 1366 x 768.

You manage desktop systems for a small organization. Currently, all of your systems have the following hardware installed: CPU: AMD Sempron 2.8 GHz Memory: 2 GB Hard disk: 500 GB Windows 7 Home Premium edition came pre-installed on all of the systems and they are currently configured to run in a workgroup environment. Your organization recently decided to implement a Windows Server 2012 system with an Active Directory installed. Management has asked you to join your Windows 7 client systems to the new domain. What should you do?

Upgrade the desktop systems to Windows 7 Professional.

You manage desktop systems for a small organization. Currently, all of your systems have the following hardware installed: • CPU: AMD Sempron 2.8 GHz • Memory: 4 GB • Hard disk: 500 GB The base edition of Windows 8.1 came pre-installed on all of the systems and they are currently configured to run in a workgroup environment. The managers of your organization recently decided to install a Windows Server 2008 R2 system and would like to install Active Directory on it. They have asked you to join your Windows 8.1 client systems to the new domain. What should you do? (Choose two. Each option is a complete solution.)

Upgrade the desktop systems to Windows 8.1 Professional edition. Upgrade the desktop systems to Windows 8.1 Enterprise edition.

You manage the network for the *eastsim.com* domain. The domain functional level is at Windows 2000 Native. You want to enable Linked-value replication. You want to take the minimum action that is possible. What should you do?

Upgrade the forest functional level to Windows Server 2003.

Management has decided to purchase new desktop systems for the users in Accounting. After conducting a needs assessment, they have determined that the new systems must meet the following requirements: • They must be joined to the organization's existing Active Directory domain. • Application restrictions must be implemented with AppLocker. • Whole-disk encryption must be implemented with BitLocker. • As sales reps travel frequently, the notebooks must support remote connections to your organization's DirectAccess server. A sales rep from a computer manufacturer recently offered you a very competitive price on notebook systems with the following specifications. • CPU: 64-bit AMD 3.0 GHz quad-core • RAM: 4 GB • Hard disk: 500 GB • Operating system: Windows 8.1 Professional What should you do?

Upgrade the operating system to Windows 8.1 Enterprise.

Your motherboard has two memory slots and supports a maximum of 8 GB of RAM. After installing two 4 GB modules and booting your system, you find that Windows only recognizes 3.5 GB of RAM. What should you do?

Upgrade to a 64-bit version of the operating system.

You have a two computers: Comp1 is running Windows XP Professional and Comp2 is running Windows 7 Professional. After moving EFS-encrypted files from Comp1 to Comp2, no one can open the files and access the data. You need to open the EFS-encrypted files on Comp1. What should you do? (Select two. Each answer is a complete solution.)

Use *Cipher.exe* to transfer the encryption certificates. Use USMT to transfer the encryption certificates.

You are the network administrator for *southsim.com*. The company has one main office along with several branch offices. All the domain controllers run Windows Server 2012 and all the client computers run Windows 7 or Windows 8. The domain functional level is set to Windows Server 2008 R2. The forest functional level is set to Windows Server 2008. You need to enable the Active Directory Recycle Bin feature. What should you do? (Select two. Each selection is a part of the required solution.)

Use *ldp.exe* to enable the Active Directory Recycle Bin. Raise the forest functional level to Windows Server 2008 R2.

You are the manager of a multiple domain network. You need to raise the domain and forest functional levels. Which tools can you use? (Select two.)

Use Active Directory Domains and Trusts to raise the forest functional level. Use Active Directory Users and Computers or Active Directory Domains and Trusts to raise the domain functional level.

You have several computers running Windows 7 Ultimate. The computers are members of a domain. For all the computers, you want to remove access to administrative tools from the Start menu and hide notifications from the System Tray. What should you do?

Use Group Policy

You have a computer that runs Windows 7. While manually configuring Windows Update, you notice that several settings are grayed out and unchangeable as shown in the image. You want to enable the settings so you can manually configure them. What should you do?

Use Group Policy to modify the Windows Update settings.

You have configured NAT on your router to connect your small company network to the Internet. Shown below is a partial configuration for the router: hostname RouterA ! ip address 192.168.11.1 255.255.255.0 speed auto duplex auto ip nat inside ! interface FastEthernet0/1 ip address 192.168.12.1 255.255.255.0 speed auto duplex auto ip nat inside ! interface Serial0/1/0 ip address 116.12.11.155 255.255.255.248 ip nat outside ! ip nat inside source list 7 interface FastEthernet0/1 overload ! access-list 7 permit 192.168.11.0 0.0.0.255 access-list 7 permit 192.168.12.0 0.0.0.255 ! Users on either subnet are unable to access the Internet. What should you do?

Use S0/1/0 for the ip nat inside source list interface.

You want to add a role to several Windows Server 2012 systems on the network. Which of the following is correct?

Use Server Manager on any Windows Server 2012 to connect and install the role to all the systems.

On a Windows Server 2012 server, you decide to change the interface. Select the best answer to convert a GUI server to Server Core.

Use Server Manager to start the Remove Roles and Features Wizard.

You decide to change the interface on your Windows Server 2012 server. Select the best answer to convert a GUI server to Server Core.

Use Server Manager to start the Remove Roles and Features Wizard.

You have a new Windows 7 Ultimate computer with both a wired and a wireless connection. You want to configure a small wireless network at home. You install a router that connects your network to the Internet and which is the wireless access point. You have turned off SSID broadcast on the Internet router. You will connect devices using a preshared key. You need to configure your laptop to connect to the wireless network, and would like to use the most secure method available to you. What should you do? (Select two. Each choice is a required part of the solution.)

Use WPA2-Personal security. Manually create a network profile.

You have a computer that runs Windows 7. You have just read about a new security patch for Windows 7. You install the patch as a Windows Update, but after you reboot and log back on your computer is unstable. What action should you take?

Use Windows Update in the Control Panel to uninstall the update.

While configuring a new 802.11g wireless network, you discover another wireless network within range that uses the same channel ID that you intend to use. Which of the following strategies are you most likely to adopt in order to avoid the conflict between the networks?

Use a different Channel ID.

You are troubleshooting a connectivity problem in which one client system is unable to connect to a server. both the server and client system are connected to the same Ethernet network switch. No other users have complained of a problem, and you suspect that faulty network cabling might be to blame. Which of the following troubleshooting steps are you most likely to perform first?

Use a media tester to test the cable between the computer system and the network switch.

You have just been hired as a network administrator. A user has just changed offices and needs you to activate the network and telephone connections in his office. However, the wiring at the punch down block is labeled poorly and you are unable to tell which wires go to the user's office. What should you do?

Use a tone generator to locate the correct wiring.

You have a single computer running Windows Vista. You are about to complete a clean installation of Windows 7 on the computer, and you need to migrate user profiles and user data from the previous installation of Windows Vista. What should you do? (Select two. Each choice is a required part of the solution.)

Use a wipe-and-load migration. Run WET and use *External hard disk or USB flash drive* as the transfer method.

You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ.

You are the network administrator for *westsim.com*. The network will consist of one Active Directory domain that contains 100 users. You install Windows Server 2012 on a server named DC1. You then install Active Directory Domain Services (AD DS) and promote DC1 to a domain controller. After creating the new domain, you create a replica domain controller named DC2. Several months after installation, DC1 fails. Parts to restore the server will not be available for several weeks. You need to transfer the Flexible Single Master Operations (FSMO) roles to DC2. What should you do first?

Use the *NTDSUtil* in an elevated command prompt on DC2 to seize the roles.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. The forest functional level is set to Windows Server 2008 R2. The Active Directory Recycle Bin has been enabled. While working in Active Directory Users and Computers, you accidentally delete a group. You need to restore the group using the least amount of administrative effort. What should you do?

Use the *Restore-ADObject* PowerShell command to restore the group.

How can you quickly obtain an upgrade to install the Windows 8 Media Center Pack on your Windows 8 computer?

Use the Add features to Windows 8 application

You want to view the logs shown in the Event Viewer on a remote computer. What should you do?

Use the Connect To Another Computer command in the Action Menu within the Event Viewer.

You are configuring a small wireless network with 10 client laptops that require network access. You have configured a new wireless access point with an SSID that is not broadcasting. You have manually created a network profile on one computer, which successfully connects to the network. You would like to configure the network profile on the remaining clients with the least amount of effort. What should you do?

Use the Copy this network profile to a USB flash drive option to save the wireless network settings to a USB flash drive. On each additional client, insert the USB drive and run the utility to copy the profile settings to the client.

You are the administrator for WestSim Corporation. The network has a single domain, *westsim.com*. Five domain controllers, all running Windows 2008 server, are located on the network. The Active Directory Structure is shown in the image. All user and computer accounts have been placed in the department OUs. Main offices are located in Orlando, with additional offices in Boston and New York and a small branch office in Chicago. There are three departments within the company: Sales, Marketing, and Accounting. Employees from each department are at each location. You want to appoint an employee in each department to help with changing passwords for users within their department. They should not be able to perform any other tasks. What should you do?

Use the Delegation of Control wizard. Grant each user administrator permissions to modify passwords for their OU.

You are the administrator for WestSim Corporation. The network has a single domain, *westsim.com*, running at the Windows 2008 functional level. Five domain controllers, all running Windows Server 2012 R2, are located on the network. The Active Directory Structure is shown in in the image. All user and computer accounts have been placed in the department OUs. Main offices are located in Orland, with additional offices in Boston and New York and a small branch office in Chicago. There are three departments within the company: Sales, Marketing, and Accounting. Employees from each department are at each location. You want to appoint an employee in each department to help with changing passwords for users within their department. They should not be able to perform any other tasks. What should you do?

Use the Delegation of Control wizard. Grant each user administrator permissions to modify the passwords for their department OU.

You manage a network with 30 computers. Each computer is currently running Windows XP. All computers are members of a domain. You need to upgrade the computers to Windows 7 Professional. You will use a system image to deploy a clean installation of Windows 7 to each computer. Before you begin the upgrading process, you need to identify which applications installed on computers can run on Windows 7. What should you do?

Use the Microsoft Application Compatibility Toolkit (ACT).

You are the network administrator for Corpnet.com. You have several virtual machines hosted on a third-party virtualization platform. You have installed a new Windows Server 2012 server that has the Hyper-V Role installed. You need to migrate the virtual machines hosted on the third-party server to Hyper-V. What should you do?

Use the Microsoft Virtual Machine Converter (MVMC) tool.

When a specific file type, such as .mp3, can be opened by many different applications, how can you configure Windows 8 to use a specific application to open an .mp3 file that is double-clicked?

Use the Pick an application to open this file link in the Default Programs control panel.

You have several computers in a network. Some of the computers do not have an optical drive. Your boss has asked you to install Windows 7 on each of the computers. What should you do? (Select two. Each choice is a required part of the solution.)

Use the bootsect command to make the USB flash drive bootable. Copy the product DVD to a USB flask drive and boot from the drive.

You have configured EIGRP routing on Router A. A partial configuration is shown below: hostname RouterA ! interface FastEthernet 0/0 ip address 192.168.1.65 255.255.255.224 duplex auto speed auto ! interface FastEthernet 0/1 ip address 192.168.1.97 255.255.255.240 duplex auto ! interface Serial 0/1/0 ip address 10.21.177.85 255.255.255.252 encapsulation ppp ! router eigrp 100 network 192.168.1.0 network 10.0.0.0 auto-summary ! RouterA is connected to RouterB through the serial link. When you check the routing table on RouterA, you see a single route reported learned through EIGRP to network 192.168.1.0/24. You want RouterA to have routes to the individual networks connected to RouterA. How should you modify the configuration of RouterA?

Use the no auto-summary command.

What does crashing in a project not involve:

Used by the project manager to decide which of the team works on which tasks

What are the two interfaces available for creating and managing user accounts in Windows Server 2012?

User Accounts control panel and the Local Users and Groups snap-in for MMC

You are the administrator for the *widgets.com* domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You have two OUs that contain temporary users: TempSales and TempMarketing. For all users within these OUs, you want to restrict what the users are able to do. For example, you want to prevent them from shutting down the system or access computers through a network connection. Which GPO category would you edit to make the necessary changes?

User Rights

As a part of your organization's security policy, you have been instructed to lock down all workstations by restricting remote access via Remote Desktop Services to specific users and groups. You have decided to configure and test local security policies to meet this requirement and then import them into the appropriate domain GPOs. Click on the GPO security setting category where the required policies are located.

User Rights Assignment

Select the policy node you would choose to configure who is allowed to manage the auditing and security logs.

User Rights Assignment

Which of the following is a series of folders associated with a specific user account that contains personal documents and personal settings?

User profile

Which of the following enables users to perform specific operating system tasks such as shut down the system or perform backups?

User rights

You need to create a domain-based namespace on a Windows Server 2012 server in the westsim.com domain. Which of the following is true concerning this type of namespace? (Select two.)

Users access the namespace using the Active Directory domain name instead of the server name. It can be hosted by multiple namespace servers to increase availability.

You are the administrator of a network with a single Active Directory domain. Your domain contains three domain controllers and five member servers. Your security policy states that all accounts should be locked out after three unsuccessful logon attempts, and that accounts must be reset only by an administrator. A GPO enforces these settings. You receive a call Monday morning from the Help Desk. There are seven users who are unable to log in to the domain. Upon further investigation, you notice all seven accounts have been locked-out. You need to unlock the user accounts with the least amount of administrative effort while complying with your security policy. What should you do next?

Using Active Directory Users and Computers, select *Unlock Account* for each account.

You want to create a VHD file with the following settings: • Size = *200 GB* • Location = *F:\VHDS* • Name = *Win7vhd* What should you do?

Using DiskPart, type *create vdisk file=f:\VHDS\Win7vhd.vhd maximum=204800*

What format supports Virtual PCs that contain the entire content of a hard disk in a single, portal file?

VHD

As of Windows Server 2012, what virtual image file provides for the largest size?

VHDX files, up to 64 TB

You have three switches connected together as shown in the Exhibit. The VTP configuration status of each switch is shown. What is true of the network configuration of these switches? (Select two.)

VLAN changes made on switch A will not be forwarded through switch B to switch C. The switches must be manually configured before trunking will happen.

You manage a server at work that has just been configured with a new application. Consequently, the server has crashed several times during the last week. You think you have the problem resolved, but you would like to be able to manage the server remotely in case there is a problem. Which of the following protocols would you use for remote management? (Select two.)

VNC ICA

Which of the following is the best countermeasure for packet sniffing?

VPN

Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e. zoom in or out)?

Varifocal

A user has called to complain that her computer won't boot. It stops at the BIOS startup screen right after the memory has been tested and displays a 301 keyboard error. What should you do first?

Verify that no keys are being pressed down during POST.

You manage a Windows 7 computer connected to a business network using switches and multiple subnets. One day you find that the computer is unable to connect to the Internet, although it can communicate with a few other computers on the local subnet. You type ipconfig /all on the computer and see the following output: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : mydomain.local Description : Broadcom network adapter Physical Address : 00-AA-BB-CC-74-EF DHCP Enabled : Yes Autoconfiguration Enabled : Yes IPv4 Address : 160.254.155.1 (Preferred) Subnet Mask : 255.255.0.0 Default Gateway : DNS Servers : What should you do?

Verify that the DHCP server is up and functional.

You have a laptop that runs Windows 7. The laptop uses IPv6. The network connection is configured to obtain an IPv6 address automatically. You need to see the IPv6 address that the network connection is currently using. What should you do? (Select two. Each choice is a possible solution.)

View the status for the network connection. Click the Details button. Run the netsh command.

What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?

Virus.

You need to upgrade a 64-bit Windows Vista Business edition desktop to Windows 8.1 Professional. Which of the following is true regarding this upgrade path?

Vista SP1 or later must be installed prior to running the upgrade.

____ data is the most difficult type of data to capture.

Volatile

What are duplicates of files that Windows creates as part of a restore point?

Volume shadow copy

Which wireless technology is considered a weak encryption protocol?

WEP

Your organization has decided to implement a wireless infrastructure. They require that the infrastructure be capable of central administration and logging. Based on this information what is the best solution?

WPA-Enterprise

What is the difference between UXGA and WUXGA displays?

WUXGA has a widescreen aspect ratio.

Which of the following describes marks that attackers place outside a building to identify an open wireless network?

War chalking

Which of the following are examples of social engineering? (Select two.)

War dialing Shoulder surfing

The process of walking around an office building with an 802.11 signal detector is known as what?

War driving

If your mission critical services have a maximum tolerable downtime (MTD) (or a recovery time objective (RTO)) of 36 hours, what would be the optimum form of recovery site you should choose?

Warm

Daily backups are done at the ABD company location and only a weekly backup is maintained at antoher network location. Which of the following disaster recovery strategies is ABD using?

Warm site

You are configuring a firewall to allow access to a server hosted on the demilitarized zone of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, what applications are most likely to be hosted on the server?

Web server, e-mail server

You manage a Web site for your company. The Web site uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point of failure?

Website storage

Windows Server 2012 provides hardware-independent NIC teaming or bonding to allow for better network performance and adapter fault tolerance. However, in what scenario is the NIC teaming limited?

When network traffic consists of large TCP sequences

When would you need to create a user account through Control Panel?

When you join a computer to an AD DS domain, you can create new local user accounts with the Local Users and Groups snap-in. Control Panel is used when the computer is not a member of an AD DS domain.

You have a computer that currently has Windows 7 installed. You need to perform a clean installation Windows 8 onto the computer, but you would like to retain the existing system settings and user files from the Windows 7 installation. What should you do?

While running the Windows 8 installation, select the *Custom (advanced)* option.

You have configured two routers, LondonA and LondonB for OSPF routing. Serial0/0 on LondonA is connected to Serial0/1 on LondonB. The partial configuration of each router is shown below: When you check the routing table on LondonA, you find that it has not learned about network 172.17.1.16 from LondonB. What is the problem?

Wildcard mask values for the network statements are incorrect.

You need to upgrade a notebook system running 64-bit Windows 7 Home Premium edition to 64-bit Windows 8 Enterprise. Which of the following is true regarding this upgrade path?

Windows 7 Home Premium cannot be upgraded to Windows 8 Enterprise.

Your organization has launched a new initiative that will require hiring a large number of new employees. You have been asked to implement a large-scale deployment of new Windows 8.1 workstations for these employees. One of the specifications you received for this deployment indicates that activation for all of these workstations must be handled using an internally-hosted Key Management Service (KMS) server. Given this specification, which editions of Windows 8.1 can you use in the deployment? (Select two.)

Windows 8.1 Professional Windows 8.1 Enterprise

You are in the process of integrating AD FS with Windows Azure cloud services. All prerequisite software has been installed on the Windows server. You now need to install the Windows Azure Pack using the Web Platform Installer. Click on the Windows Azure product that will install the components required to support integration with Windows Azure on the server with the least effort.

Windows Azure Pack: Portal and API Express

Which tool in Windows would you use to browse all networks and shared folders to which a user has access? (Select three.)

Windows Explorer Computer Network

Which tool set is designed specifically for mobile PCs?

Windows Mobility Center

Considering the different ways to remotely manage servers, what allows administrators to use their web browser as a remote management gateway?

Windows PowerShell Web Access Gateway

Which one of the following operating systems may not act as a DirectAccess client?

Windows Server 2008

What is the central location included in Windows 8 for the distribution and purchase of Windows apps?

Windows Store

If you have a program that ran in Windows XP but does not run in Windows 7, what should you load to run the program?

Windows XP Mode

GPPs are divided into which two sections?

Windows and Control Panel

Considering the different ways to remotely manage servers, what does Microsoft recommend we connect to other servers instead of a Window Server 2012?

Windows workstation

What keyboard combination can you use to open the Windows tool context menu, which contains options such as Power Options and Disk Management?

Windows+X

You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?

Wireshark

Which of the following documents would likely identify that drop cables on your network use the T568A standard?

Wiring schematic

Which type of documentation would you consult to find the location of RJ-45 wall jacks and their endpoints in the intermediate distribution closet?

Wiring schematic

You are troubleshooting the connection of a computer in an office to the punchdown block in the distribution closet. Which document would you consult to identify the termination of the cable on the punchdown block based on the wall jack location in the office?

Wiring schematic

You intend to create a new virtual hard disk, specifying a 700 GB VHDX image file with a logical sector size of 4 KB. How do you proceed?

With PowerShell, use the New-VHD cmdlet with appropriate parameters.

____ involves horizontally separating words, although it is still readable by the human eye.

Word splitting

Which of the following do you have to create the same user account for on each computer that a user needs to access?

Workgroups

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?

XSS

Can a domain user, who does not possess explicit object creation permissions, create computer objects?

Yes, authenticated users can create workstation, but not server objects

Can an administrator launch the Group Policy Management console from a workstation?

Yes, if the workstation is running the Remote Server Administration Tools package.

You grant a user the NTFS permissions needed to access a file. You then move the file to a different location. Is the user still able to access the file?

Yes, when you move the file, its permissions go with it.

Which of the following statements apply only to extended IP access lists and not to both standard and extended lists? (Select two.)

You can filter traffic based on destination IP addresses. You can filter traffic for a specific TCP/IP protocol.

You use the show vtp status on a switch and see the following: VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 255 Number of existing VLANs : 16 VTP Operating Mode : Transparent VTP Domain Name : CCNA VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x55 0x16 0x9C 0x6F 0x83 0xD9 0x8F 0xCD Which of the following is true of the configuration? (Select two.)

You can make VLAN changes at this switch. The switch saves VLAN configuration information in NVRAM.

You need to build a virtual environment with several groups of identical OS installs. How do you accomplish this using minimal disk space?

You clone VMs using differencing disks, pointing multiple VMs to the same parent image.

You are the network administrator for *northsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. *northsim.com* has one main office with 1,500 users. There are two domain controllers named DC1 and DC2, as well as several file servers and an application server. DC1 hosts a standard primary zone for the *northsim.com* domain. DC2 hosts a standard secondary zone for the *northsim.com* domain. A new corporate security policy requires that all clients perform Secure Dynamic Updates to DNS records. You open the Properties of the *northsim.com* forward lookup zone. However, the *Secure Only* option is missing from the Dynamic Updates drop-down combo box. You must ensure that all updates to the *northsim.com* DNS domain are secure. What should you do?

You should convert the *northsim.com* zone to an Active Directory Integrated zone.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 8. A server named App1 is running an application that uses a service named Custom App Service. This service is required to contact an internal database running on a server named SQL1. After installing the application, you determine that Custom App Service is not able to contact SQL1. You need to enable the Custom App Service to contact SQL1. What should you do?

You should create a custom rule using the Windows Firewall with Advanced Security.

You are the network administrator for *northsim.com*. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012 and all of the clients run Windows7. A server named HV1 is installed with the Hyper-V role. HV1 hosts a virtual machine named VM1. You export VM1 to to an external hard drive and then perform a System Image backup of HV1. Later, VM1 fails. You need to restore VM1 to functionality. You must run the virtual machine from the HV1 hard drive. Your solution must minimize downtime for HV1 and all other virtual machines hosted on HV1. What should you do?

You should delete VM1 from HV1 and then import VM1 from the external hard drive using the *Copy on Import* option.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. *westsim.com* has one main office and several satellite locations. The main office consists of three internal subnets and a perimeter network. A server named RRAS1 has been purchased to function as a router between the internal network and the perimeter network. The Routing and Remote Access (RRAS) service has been installed and configured. The server has also been configured to support Network Address Translation (NAT). RRAS1 has two network interfaces, one connected to the internal network and the other connected to the perimeter network, that are configured as shown in the table below.

You should remove the default gateway entry from the internal network interface on RRAS1.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. *westsim.com* has one main office and several satellite locations. The main office consists of three internal subnets and a perimeter network. The Routing and Remote Access (RRAS) service has been installed and configured. The server has also been configured to support Network Address Translation (NAT). RRAS1 has two network interfaces, one connected to the internal network and the other connected to the perimeter network, that are configured as shown in the table below. Internal Perimeter IP Address : 10.1.1.13 172.16.0.3 Subnet Mask: 255.255.255.0 255.255.255.0 Default Gateway: 10.1.1.1 172.16.0.1 During testing, you discover that you cannot ping servers on the Internet from the internal network. You can ping servers in the perimeter network from the internal network. You need to ensure that you can contact servers on the Internet from the internal network. What should you do?

You should remove the default gateway entry from the internal network interface on RRAS1.

You are the network administrator for *westsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. There is one main office and several branch offices, one of which is located in New York. The main office has four domain controllers and each branch office has two domain controllers. The domain controllers in the New York branch office are named NYDC1 and NYDC2. Users in the New York office complain that after maintenance was performed on NYDC2, it now takes a considerably longer time to log on to the network. You determine that the problem is that NYDC1 is servicing all the logon requests. No logon requests are being serviced by NYDC2. You further discover that the IP address entered in the NYDC2 network interface for DNS is incorrect. Investigation of the *_msdcs.westsim.com* zone reveals that there are no SRV records present relating to NYDC2. You enter the correct IP address for DNS in the network interface on NYDC2. You need to make sure that the appropriate SRV records identifying NYDC2 as a domain controller are registered in DNS in the minimum amount of time. What should you do?

You should restart the *netlogon* service on NYDC2.

You are the network administrator for *northsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 or Windows 8. *northsim.com* is interested in implementing remote access for Product Specialists that travel across the country. You install the Routing and Remote Access Service (RRAS) on a member server and configure the server to accept VPN connections. You need to select a remote access authentication protocol. Your solution must offer the highest degree of security. What should you do?

You should select Extensible Authentication Protocol (EAP).

You are the network administrator for *eastsim.com*. The network consists of a single Active Directory domain. All the servers run Windows Server 2012. All the clients run Windows 7 and Windows 8. There is one main office and seven branch offices. There are two writable domain controllers in the main office. There is one read-only domain controller (RODC) in each branch office. The domain functional level is set to Windows Server 2003. While visiting one of the branch offices, you accidentally delete a folder from the SYSVOL share on the local RODC. You need to restore the contents of the SYSVOL on the RODC. What should you do?

You should set the *Burflags* registry setting on one of the writable domain controllers to *D2*.

You are the network administrator for *southsim.com*. The network consists of a single Active Directory domain. All of the servers run Windows Server 2012. All of the clients run Windows 7 or 8. *southsim.com* has one main office and five branch sites. The main office has two writable domain controllers. All of the branch offices have a local read-only domain controller (RODC). A branch office user named Henry Higgins calls to have his password reset. After you reset his password, the user attempts to log on to the domain, but is unsuccessful. You need to force replication of the user's password to the branch office RODC. What should you do?

You should use the *Repadmin /rodcpwdrepl* command.

In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

You want to protect a public Web server from attack.

In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

You want to protect a public Web server from the attack.

In which of the following situations should you install a firewall?

You want to restrict Internet users from accessing private data on your network.

You're trying to access your office network with your Windows XP workstation from home using your organization's virtual private network (VPN). Your modem has dialed and connected to your ISP, but you can't connect to your office network. You issue the ipconfig command from the shell prompt and learn that your system has been assigned an IP address of 169.254.1.12 What's causing the problem?

Your ISP's DHCP server isn't working properly.

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file?

Your copy is the same as the copy posted on the website.

You manage the network infrastructure for *westsim.com* domain. All servers have recently been upgraded to Windows Server 2012, and all clients run Windows 8. All server and client computers are members of the domain. You've implemented a stand-alone DFS solution with Srv1 as the namespace server and *Accounting* as the namespace root. You create a folder named *Payroll* with a target that points to the *AccPay* shared folder on Srv2. Which UNC path should you use to access data in the AccPay shared folder from a Windows 8 client system?

\\Srv1\Accounting

You manage the network infrastructure for the *westsim.com* domain. All servers have recently been upgraded to Windows Server 2012, and all clients run Windows 8. All server and client computers are members of the domain. You've implemented a stand-alone DFS solution with Srv1 as the namespace server and *Accounting* as the namespace root. You create a folder named *Payroll* with a target that points to the *AccPay* shared folder on Srv2. Which UNC path should you use to access data in the AccPay shared folder from a Windows 8 client system?

\\Srv1\Accounting

You are the network administrator for the *westsim.com* domain. You have created a domain-based namespace named *PublicFiles* with Srv1 as a namespace server. The D:\Data2 shared folder on Srv2 has been shared with a share name of *Data*. You want to make this share available through DFS using a name of *ReportData*. Which UNC path should you use to configure the folder target in DFS?

\\Srv2\Data

You are the network administrator for the *westsim.com* domain. You have created a domain-based namespace named *PublicFiles* with Srv1 as the namespace server. The D:\Data2 shared folder on Srv2 has been shared with a share name of *Data*. You want to make this share available though DFS using a name of *ReportData*. Which UNC path should you use to configure the folder target in DFS?

\\Srv2\Data

You manage a network infrastructure for the *westsim.com* domain. All servers have recently been upgraded to Windows Server 2012 R2, and all clients run Windows 8. All server and client computers are members of the domain. You implement a domain-based DFS solution with Srv1 as the namespace server and *Accounting* as the namespace root. You create a folder named *Payroll* with a target that points to the *AccPay* shared folder on Srv2. Srv3 holds a replica of the *AccPay* shared folder. You configure the namespace to support access-based enumeration and to replicate data using DFS replication. You want to create a script so that users of the Accounting department can access the files in the *AccPay* shared folder through DFS. Which UNC path should you use?

\\westsim.com\Accounting

You manage the network infrastructure for the *westsim.com* domain. All servers have recently have been upgraded to Windows Server 2012, and all clients run Windows 8. All server and client computers are members of the domain. You implement a domain-based DFS solution with Srv1 as the namespace server and *Accounting* as the namespace root. You create a folder named *Payroll* with a target that points to the *AccPay* shared folder on Srv2. Srv3 holds a replica of the *AccPay* shared folder. You configure the namespace to support access-based enumeration and to replicate data using DFS replication. You want to create a script so that users of the Accounting department can access the files in the *AccPay* shared folder through DFS. Which UNC path should you have?

\\westsim.com\Accounting

You can use FSRM to create several different types of storage reports that show the state of server volumes and anyone who exceeds the quotas or uses files that aren't allowed. What does a Least Recently Accessed Files storage report show?

a list of files that have not been accessed for a specified number of days

When you manage permissions in any of the Windows Server 2012 permission systems, you are actually creating and modifying the _______ in an _______.

access control entries; access control list

In Windows Server 2012, after a user logs on to Active Directory, a(an) ________ is created that identifies the user and all the user's group memberships.

access token

Which privileged EXEC commands begin with the letters ac? (Select all that apply)

access-enable access-template

Which of the following parameters are valid second-level parameters for the ip command in FastEthernet interface configuration mode? (Select all that apply)

access-group dhcp igmp

You want to configure NAT so that packets from all hosts on network 192.168.2.0 will share the registered IP address 24.1.2.8 as shown in the graphic. You have already identified the inside and outside NAT interfaces on the router. Which of the following command(s) will translate all inside host addresses to the single registered IP address?

access-list 1 permit 192.168.2.0 0.0.0.255 ip nat inside source list 1 interface serial 0 overload

You are configuring ACLs for a router. You need to create a standard IP access list that permits all outgoing traffic except traffic from the 10.0.0.0 network. To verify that the ACL is configured correctly and functioning as intended, you want to view extended information about matches for each line in the ACL as packets are processed by the router. Which commands should use? (Select two. Each option is part of the complete solution.)

access-list 1 permit any log access-list 1 deny 10.0.0.0 0.255.255.255 log

Your company has two subnets, 172.16.1.0 and 172.16.2.0 as shown in the exhibit. You want to prevent public Telnet traffic from entering your company, but allow all other traffic. Which of the following set of statements will accomplish your goal?

access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23 access0list 101 permit ip any 172.16.2.0 0.0.255.255 interface serial 0 ip access-group 101 in

You want to create an access list that permits and restricts traffic to meet the following specifications. 1. Allow all TCP/IP traffic coming from any host on network 10.0.0.0, while denying all TCP/IP traffic from other sources. 2. Deny all TCP traffic coming from network 10.0.0.0 3. Allow TCP traffic coming from any source directed to host 10.1.1.2 4. Deny all TCP/IP traffic coming from host 10.1.1.1 Which access list statement should come last in the access list?

access-list 101 permit ip 10.0.0.0 0.255.255.255 any

Which of the following ACL statements allows all TCP/IP traffic?

access-list 101 permit ip any any

You are the administrator for the 172.16.0.0 network shown in the exhibit. You need to block Telnet traffic from entering your network while allowing other traffic to pass through. You decide to apply an access list to the incoming side of the Serial 0 interface. Which statements should be included in your access-list? (Select two.)

access-list 101 permit ip any any access-list deny tcp any any eq 23

You are configuring ACLs for a router. You need to create a standard IP access list that rejects all traffic except traffic from host 10.12.12.16. To verify that the ACL is configured correctly and functioning as intended, you want to view extended matching information for each line in the ACL as packets are processed by the router. Which command should you use?

access-list 2 permit 10.12.12.16 log

Which of the follow partial commands are unique, first-level commands in global configuration mode (i.e. recognized as valid commands without typing additional characters)? (Select all that apply)

al q rm

Which TCP/IP utility gives you the following output? Interface: 192.168.4.101 Internet Address Physical Address Type 192.168.1.23 00-d1-b6-b7-c2-af dynamic

arp

Which of the following tools would you use to view the MAC addresses associated with IP addresses that the local workstation has contacted recently?

arp

Which TCP/IP utility gives you the following output? Interface: 192.168.1.111 on Interface 0x2 Internet Address Physical Address Type 192.168.1.102 00-60-08-bd-62-5a dynamic 192.168.1.168 00-06-5b-1c-48-76 dynamic

arp -a

The ____ for software is the code that can be executed by unauthorized users.

attack surface

____ learners tend to sit in the middle of the class and learn best through lectures and discussions.

auditory

What you call the process of confirming a user's identity by using a known value such as a password, a smart card, or a fingerprint?

authentication

Round-robin DNS is a term that refers to what kind of distribution mechanism for DNS responses to queries?

balanced

If you wanted administrators to see a message when logging into the router, which command would you use?

banner motd

When troubleshooting services on your system, why might you want to start up in Safe mode?

because the system starts only the core services

With the ____ model, there is one CA that acts as a "facilitator" to interconnect all other CAs.

bridge trust

How does a switch populate the switch table?

by reading the source hardware address of a frame

The basic unit of memory in a computer is:

bytes

A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object.

cable lock

What is another designation for an Alias?

canonical name or CNAME

Which of the following commands would you use to modify the CDP packet exchange interval to send CDP packets every 30 seconds?

cdp timer 30

The set of letters, symbols, and characters that make up the password are known as a ____ set.

character

If you're a command-line user, what command will encrypt files and folders?

cipher.exe

A(n) ____ policy is designed to produce a standardized framework for classifying information assets.

classification and information

A(n) ____ indicates that no process is listening at this port.

closed port

While the code for a program is being written, it is being analyzed by a ____.

code review

A project life cycle is ________ of project phases:

collection

If a user typically accesses his bank's Web site from his home computer on nights and weekends, then this information can be used to establish a ____ of typical access.

computer footprint

When data is encapsulated, which is the correct order?

data, segment, packet, frame, bit

Which command displays RIP routing updates?

debug ip rip

A receiving host has failed to receive all of the segments that it should acknowledge. What can the host do to improve the reliability of this communication session?

decrease the window size

An encrypted file can be converted back to its original format by a process known as what?

decryption

If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?

denies

What should you enter into the Run dialog box to open the Device Manager console?

devmgmt.msc

Which Hyper-V feature in Windows Server 2012 allows you to create read-only parent virtual hard disk files that are linked to child virtual hard disk files that contain only changes made to the parent disk?

differencing disks

What command will take you from privileged mode to user mode?

disable

The ____ model is the basis for digital certificates issued to Internet users.

distributed trust

Which domain users are automatically granted permissions to perform Group Policy Management tasks?

domain administrators

Which term describes a collection of domains grouped together in hierarchical structures that share a common root domain?

domain trees

Your network has a single Active Directory forest with two domains: *eastsim.private* and *HQ.eastsim.private*. Organizational units Accounting, Marketing, and Sales represent departments of the HQ domain. Additional OUs (not pictured) exist in both the *eastsim.private* and *HQ.eastsim.private* domains. All user and computer accounts for all departments company-wide are in their respective departmental OUs. You are the process of designing Group Policy for the network. You want to accomplish the following goals: ● You want to enforce strong passwords throughout the entire forest for all computers. All computers in both domains should use the same password settings. ● The Accounting department has a custom software application that needs to be installed on computers in that department. ● Computers in the Marketing and Sales departments need to use a custom background and prevent access to the Run command. You create the following three GPOs with the appropriate settings: Password Settings, Accounting App, and Desktop Settings. How should you link the GPOs to meet the design objectives? To answer, drag the label corresponding to the GPO to the appropriate boxes.

eastsim.private - Password Settings HQ.eastsim.private - Password Settings Accounting - Accounting App Marketing - Desktop Settings Sales - Desktop Settings

What is the secpol.msc utility used for?

editing local security policies

Which switch IOS command allows access to high-level commands, such as debug?

enable

What is the key difference between preferences and policy settings?

enforcement

Which command will delete the contents of NVRAM on a router?

erase start

____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.

ethics

At the ____ stage of the certificate life cycle, the certificate can no longer be used.

expiration

When DFS Replication and DFS Namespace are combined into a single service offering, the pair creates what type of file sharing service?

fault tolerant

Windows Live ID was originally designed as a ____ system that would be used by a wide variety of Web servers.

federated identity management

Some exemptions might be required for certain groups to store otherwise restricted file types. What type of exemption can you set up on folders?

file screen exception

A diagram that uses special symbols to display pictorially the flow of execution of a program or program module is a(n):

flowchart

Why would you set Verify Caller ID on a remote dial-up connection for a user?

for enhanced security

Which term describes a collection of domain trees that share a common Active Directory Domain Services (AD DS)?

forests

By default, which service accounts will the Windows PowerShell cmdlets manage?

group MSAs

A ____ is a network set up with intentional vulnerabilities.

honeynet

Which replication topology is more efficient than the default replication topology and allows you to set bandwidth, timing, and directionality to your configuration?

hub/spoke

You are troubleshooting a connectivity problem on a Linux server. You are able to connect to another system on the local network, but are not able to connect to a server on a remote network. You suspect that the default gateway information for the system may be configured incorrectly. Which of the following commands would you use to view the default gateway information on the Linux server?

ifconfig

You work in an office that uses Linux servers, NetWare servers, and Windows NT 4.0 servers. The network uses both the TCP/IP and IPX/SPX protocols. The Linux server is used as an FTP server. Today you have received several calls from people who are unable to contact the Linux server at its known IP address. You are sitting at the Linux server and want to check its IP address. Which command should you use?

ifconfig

What do you call the process that after you link a GPO to a site with multiple domains, the Group Policy settings are applied to all the domains and the child objects beneath them?

inheritance

Which TCP/IP utility gives you the following output? Ethernet adapter Local Area Connection: Connection-specific DNS Suffix : testout.com IP Address................................. :192.168.1.111 Subnet Mask.............................. : 255.255.255.0 Default Gateway......................... : 192.168.1.1

ipconfig

You have been called in to troubleshoot a connectivity problem on a newly installed Windows Server 2003 system. The system is operating satisfactorily and is able to communicate with other systems on the local network. However it is unable to access any systems on other segments of the corporate network. You suspect that the default gateway parameter for the system has not been configured, or may be configured incorrectly. Which of the following utilities are you most likely to use to view the default gateway information for the system?

ipconfig

Your organization has been assigned a registered global routing prefix of 2001:FEED:BEEF::/48 by an ISP. Using your organization's IPv6 addressing scheme, you've used the next 16 bits beyond the global routing prefix to define the following subnets: 2001:FEED:BEEF:0001::/64 2001:FEED:BEEF:0002::/64 2001:FEED:BEEF:0003::/64 2001:FEED:BEEF:0004::/64 You need to strategically assign an interface ID of 0000:0000:0000:0001 to the router interface connected to the 2001:FEED:BEEF:0003::/64 subnet. Which interface configuration command would you use to do this?

ipv6 address 2001:FEED:BEEF:0003: :1/64

This setting defines the minimum number of characters that a user's password must contain.

minimum password length

A(n) ____ backup is an evidence-grade backup because its accuracy meets evidence standards.

mirror image

When a programmer breaks tasks down into smaller pieces, this is called:

modular programming

By using the Active Directory-integrated zone, DNS follows what kind of model?

multi-master

What capability allows you to create specific GPO settings for one or more local users configured on a workstation?

multiple local GPOs

You administer a NetBIOS-based network that uses the TCP/IP protocol. You are trying to troubleshoot a computer that is unable to contact a server by it's NetBIOS name. Which command can you use to check the connection?

nbtstat

A stub zone is a zone copy that contains only what type of records?

necessary resource entries

Examine the following output: Active Connections Proto Local Address Foreign Address State TCP SERVER1:1036 localhost:4832 TIME_WAIT TCP SERVER1:4798 localhost:1032 TIME_WAIT TCP SERVER1:1258 pool-141-150-16-231.mad.east.ttr:24076 CLOSE_WAIT TCP SERVER1:2150 cpe-66-67-225-118 .roc.res.rr.com: 14100 ESTABLISHED TCP SERVER1:268 C872c-032-.cpe.net.cale.rers.com:46360 ESTABLISHED TCP SERVER1:2995 ip68-97-96-186.ok.ok.cox.net: 23135 Which of the following utilities produced this output?

netstat

Which TCP/IP utility gives you the following output? Active Connections Proto Local Address Foreign Address State TCP me:epmap me:0 LISTENING TCP me:microsoft-ds me:0 LISTENING TCP me:1025 me:0 LISTENING TCP me:1026 me:0 LISTENING TCP me:3372 me:0 LISTENING TCP me:netbios-ssn me:0 LISTENING TCP me:1028 wellw2k:netbios-ssn TIME_WAIT UDP me:epmap *:* UDP me:microsoft-ds *:* UDP me:1027 *:* UDP me:netbios-ns *:* UDP me:netbios-dgn *:* UDP me:isakmp *:*

netstat -a

Which TCP/IP utility gives you the following output? Local Area Connection: Node IpAddress: [192.168.1.111] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] NTIME.ES <54> UNIQUE 192.168.1.23 395 NTINE <20> UNIQUE 192.168.1.23 45 AUDIO <00> UNIQUE 192.168.1.168 585

netstat -c

Which TCP/IP utility gives you the following output? Route Table =================== Interface List 0x1........................MS TCP Loopback interface (etc. It's long).

netstat -r

Which command displays network activity statistics for TCP, UDP, and IP?

netstat -s

Which one of the following is correct for querying a PTR record?

nslookup 192.168.1.50

What is the name of the physical database file in which all directory data is stored?

ntds.nit

If a switch has three computers connected to it, with no VLANs present, how many broadcast and collision domains is the switch creating?

one broadcast and three collision

Examine the following output. Reply from 64.78.193.84: bytes=32 time=86ms TTL=115 Reply from 64.78.193.84: bytes=32 time=43ms TTL=115 Reply from 64.78.193.84: bytes=32 time=44ms TTL=115 Reply from 64.78.193.84: bytes=32 time=47ms TTL=115 Reply from 64.78.193.84: bytes=32 time=44ms TTL=115 Reply from 64.78.193.84: bytes=32 time=44ms TTL=115 Reply from 64.78.193.84: bytes=32 time=73ms TTL=115 Reply from 64.78.193.84: bytes=32 time=46ms TTL=115 Which of the following utilities produced this output?

ping

Which TCP/IP utility gives you the following output? Reply from 192.168.1.168: bytes=32 time<10ms TTL=128 Reply from 192.168.1.168: bytes=32 time<10ms TTL=128 Reply from 192.168.1.168: bytes=32 time<10ms TTL=128 Reply from 192.168.1.168: bytes=32 time<10ms TTL=128 Packets: Sent = 4, Received = 4, Lost = 0 <0% loss>, Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

ping

You have installed a test network with one server and two workstations, all running IPv6. You have disabled Ipv4, and now what to test to make sure that the Ipv6 is used to communicate between hosts. Yo want to ping the link-local address for a host. What should you do?

ping FE80::AB134:7845:10C:9956%12

You work in an office that uses NetWare servers and Windows NT 4.0 servers. The network uses both the TCP/IP and IPX/SPX protocols. You are sitting at a workstation that uses Windows 95 OSR2. An application you are using is unable to contact a Windows NT server named FileSrv2. Which command can you use to determine whether your computer can still contact the server?

ping.

What is XML Paper Specification (XPS)?

print job files stay a single document format to the print device, rather than conversion through EMS and PCL

The signal from an ID badge is detected as the owner moves near a ____, which receives the signal.

proximity reader

Although brute force and dictionary attacks were once the primary tools used by attackers to crack an encrypted password, today attackers usually prefer ____.

rainbow tables

Which of the following utilities would you use to view the routing table?

route

Which of the following commands would display the output shown here? Route Table ========================================================================== Interface List 0x1 ................. MS TCP Loopback interface 0x2 ... 00 10 4b 73 0e 0e .... 3Com 3C90x Ethernet Adapter =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.111 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.111 192.168.1.111 1 192.168.1.111 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.1.255 255.255.255.255 192.168.1.111 192.168.1.111 1 224.0.0.0 224.0.0.0 192.168.1.111 192.168.1.111 1 255.255.255.255 255.255.255.255 192.168.1.111 192.168.1.111 1 Default Gateway: 192.168.1.1 ============================================================================== Persistent Routes: None

route print

A ____ is a network device that can forward packets across computer networks.

router

You want to configure Router B to run EIGRP. The networks attached to both interfaces S0 and S1 on router B are to be advertised with Autonomous System 100. Which set of commands should you enter?

router eigrp 100 network 172.16.0.0 network 172.17.0.0

To configure EIGRP on a router, what are the minimum commands you must use? (Select two.)

router eigrp 12 network 1.0.0.0

What is the name of the USMT application that is used to save user profile data for a migration?

scanstate.exe

When you add attributes to an Active Directory object, what part of the domain database are you actually changing?

schema

A ____ is a written document that states how an organization plans to protect the company's information technology assets.

security policy

A class 2 certificate is known as a ____ certificate.

server digital

A ____ is a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service.

service level agreement

RRAS has multiple options from which you can select one or more services to provide your users. Select the correct description for the Secure connection between two private networks option.

sets up a demand-dial or persistent connection between two private networks

What command will display the forward/filter table?

show mac address-table

A ____ is a component or entity in a system which, if it no longer functions, will disable the entire system.

single point of failure

If you decide to use this method for authentication, you will need certificates that include the Client Authentication purpose.

smart card

An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing.

spiked collar

Click on the item in the image below that defines a security and replication boundary.

testoutdemo.com

When you're about to reset domain policy and domain controllers policy back to default with the dcgpofix.exe command, what final warning are you given before you accept the change?

that all User Rights Assignments will be replaced

Setting up a NAT gateway is an excellent way to provide Internet access to a LAN. What is the best reason for setting up Internet access via NAT?

to use private IP addresses on the LAN

While troubleshooting a problem on a Linux system, you run a utility that generates the following output: 5. s3232.gw.Seat.someisp.net (63.201.72.9) 38.433 ms 38.713 ms 39.085 ms 6. st11122.garl.Seat.someisp.net (211.242.9.121) 38.620 ms 38.593 ms 38.050 ms 7. oc48-6yy.Seat.someisp.net (14.248.154.129) 57.440 ms 56.678 ms 57.675 ms 8. t223hgh-ytry.swa.someisp.net (142.133.89.232) 103.041 ms 57.181 ms 56.619 ms 9. t8343mmd.cgssel.someisp.net (152.191.10261) 91.977 ms 93.971 ms 93.767 ms 10. twirem2.cgssfdl.ip.someisp.net (145.97.133.23) 92.453 ms 92.337 ms 93.523 ms 11. twerrm1.nfffsiny.ip.someisp.net (117.116.141.38) 106.000 ms 106.007 ms 106.007 ms 105.283 ms 12. gbed22repp0.n5ddsdsy.ip.someisp.net (123.194.132.8) 103.198 ms 105.447 ms 104.263 ms Which of the following utilities were you using?

traceroute

While working on a Linux server, you are unable to connect to Windows Server 2003 system across the Internet. You are able to ping the default gateway on your own network, so you suspect that the problem lies outside of the local network. What utility would you use to track the route a packet takes as it crosses the network?

traceroute.

Examine the following output: 4 22 ms 21 ms 22 ms sttwa01gr02.bb.ispxy.com [124.11.10.62] 5 39 ms 39 ms 65 ms plalca01gr00.bb.ispxy.com [124.11.12.11] 6 39 ms 39 ms 39 ms Rwest.plalca01gr00.bb.ispxy.com [154.11.3.14] 7 40 ms 39 ms 46 ms sv1-core-03.inet.ispxy.net [205.171.205.28] 8 75 ms 117 ms 63 ms dia-core-01.inet.ispxy.net [205.171.142.1] Which of these commands produced this output?

tracert

Which TCP/IP utility gives you the following output? 2 14 ms <10 ms 14 ms Loopback0.GW1.SLT1.ALTER.NET [137.39.2.123] 3 14 ms <10 ms 13 ms 122.at-6-0-0.XR1.SLT4.ALTER.NET [152.63.91.85] 4 <10 ms 14 ms <10 ms 0.so-0-1-0.TL1.SLT4.ALTER.NET [152.63.1.210] 5 41 ms 41 ms 41 ms 0.so-7-0-0.TL1.POR3.ALTER.NET [152.63.32.41] 6 42 ms 41 ms 41 ms 0.so-6-0-0.XL1.SEA1.ALTER.NET [152.63.38.82] 7 41 ms 41 ms 42 ms P0S6-0.GW11.SEA1.ALTER.NET [152.63.107.17]

tracert

You are the network administrator of a branch office of your company. The branch office network is part of a WAN that covers most of the United States. The office has two Windows 2000 servers, two UNIX servers, one Windows NT server, 90 Windows 98 clients, 40 Windows 2000 Professional clients, and five Macintosh clients. Users have been complaining that they are unable to access resources over the WAN at the main headquarters. You suspect that one of the routers between your office and the main headquarters is not working properly. What TCP/IP utility can you use to see if a router is not working properly?

tracert

You are troubleshooting your network and want to determine the path that your communications is taking to get to its destination. What command line utility can you use to determine the path that the packets have taken?

tracert

What special hardware configuration should a RAS server have?

two network interface cards

What is the purpose of flow control?

two provide a means for the receiver to govern be amounts of data sent by the sender

After you create a new VHD, it appears as a _________ in the Disk Management snap-in and in Server Manager.

uninitialized disk

A(n) ____ is a device that maintains power to equipment in the event of an interruption in the primary electrical power source.

uninterruptible power supply

These Windows computers are not usually connected directly to the network but connect through a VPN connection. Because they are usually personal computers, they are not part of the domain. Therefore, they usually do not get security updates and might not have an up-to-date anti-virus/anti-malware software package.

unmanaged home computers

____ learners learn through taking notes, being at the front of the class, and watching presentations.

visual

You are adding a new switch to your VLAN network. You want to be able to create, modify and delete local VLANs on this new switch and forward network VTP advertisements , but you do not want the local VLANs to be advertised to other switches on the network. Which command should you use on the new switch before introducing it to the network?

vtp mode transparent

A ____ in effect takes a snapshot of the current security of the organization.

vulnerability appraisal

A ____ has all of the equipment installed, but does not have active Internet or telecommunications facilities, and does not have current backups of data.

warm site

The SQL injection statement ____ determines the names of different fields in a database.

whatever' AND email IS NULL;--

What is the primary difference between domain-based namespace and stand-alone namespace?

where the namespaces are stored

Which type of system must you connect to and use to make changes to Active Directory?

writable domain controller

When DNS servers exchange information among themselves it is known as a ____.

zone transfer

Command line options for the *Scanstate* command are listed on the left. Drag each command line option and drop it onto the correct description of the function it performs on the right.

*/o* Allow overwriting existing data. */ue* Specify user(s) to omit from migration */ui* Specify user(s) to be migrated. */offlineWinOld* Path to the offline Windows.old folder. */p /nocompress* Generate a space estimate.

Command line options for the *Loadstate* command are listed on the left. Drag each command line option and drop it onto the correct description of the function it performs on the right.

*/ui* Specify user(s) to be migrated */hardlink* Restore from a linked migration store. */lae* Enable user accounts */ue* Specify user(s) to omit from migration */lac* Create user accounts

Drag each command line for the Sysprep utility listed on the left to the correct description of its function on the right.

/oobe > Starts the computer in the Windows Welcome mode. /unattend: answerfile >Applies settings in an answer file. /reboot > Restarts the computer when Sysprep completes. /generalize > Removes machine-specific information from the installation. /audit > Allows you to add additional drivers or applications and test your image.

You have a single computer without an operating system installed. The computer will eventually store sensitive information and will require the encryption of the operating system partition. You have a previously-captured image which contains a Windows 7 Enterprise installation. The image is on a network share. You want to manually deploy the image to the computer. What should you do?

1. Boot the new computer using WinPE. 2. Use Diskpart to create a BitLocker partition. 3. Use Diskpart to create a system partition for the Windows 7 image. 4. Use ImageX to apply the image to the local drive.

You want to capture a system image to deploy Windows 7 to multiple computers. You want to install Windows 7 on the reference computer using an answer file. You need to create the answer file. What should you do?

1. On a technician computer, insert the Windows 7 product DVD. 2. Run Windows SIM and load a preloaded install image (install.wim) from the DVD. 3. Select and edit the responses to the questions presented during product installation. 4. Validate the file in Windows SIM. 5. Save the answer file.

You have a 32-bit computer that runs Windows XP Professional. You would like to upgrade the computer to Windows 7 Ultimate. Your computer has the following specifications: Service pack 2 1 GHz processor 512 MB RAM 256 MB video card 40 GB free disk space DVD drive You would like to perform the upgrade with the least amount of effort possible. What should you do first?

Add more memory

You are planning to install Windows 7 Home Premium edition on a new 64-bit computer. The computer has the following hardware specifications: 500 GB hard drive. 1 GB of RAM, one additional socket available. One Pentium 2.8 GHz processor, one additional socket available. Video card with 256 MB of memory. You need to ensure that the hardware will support Windows 7 Home Premium. What should you do?

Add more memory.

What is an XML script that provides the Windows 7 Setup program with the information it needs to perform an unattended installation?

Answer file

You need to deploy Windows 7 Enterprise to multiple new computers using a previously-captured system image. Before deploying the image, you insert the third-party drivers from the C:\Drivers\Network and C:\Drivers|Custom directories into the system image. What should you do? (Select two. Both answers are complete solutions.)

At the command prompt, run dism /add-driver /driver:c:\drivers\network /driver:c:\drivers\custom At the command prompt, run dism /add-driver /driver:c:\drivers /recurse

You need to deploy Windows 7 Professional to multiple new computers using a previously-captured system image. Before deploying the image, you need to make sure there is a specific Windows application on the image. What should you do? (Select two. Both answers are complete solutions.)

At the command prompt, run dism /get-apps At the command prompt, run dism /get-appinfo

You are working on a computer running Windows 7. You recently installed a device that you only need temporarily. After several days of using the device, you remove it from the computer, and now you would like to remove the device driver as well. What should you do? (Select two. Both answers are complete solutions.)

At the command prompt, run pnputil -d. In Device Manager, uninstall the device.

You have a computer running Windows 7 Enterprise. You plan to capture the installation on this computer and use the image to deploy to other computers. You create an answer file named win7ent_answer.xml with Windows SIM. You want to remove computer-specific information and apply the settings in the answer file before you capture the installation. What should you do?

At the command prompt, run sysprep.exe/audit/oobe/unattend:win7ent_answer.xml

You have a computer running Windows 7 Ultimate. Prior to capturing the system image, you need to remove machine-specific information from the installation. What should you do?

At the command prompt, run sysprep.ext/generalize

Your company has started the transition to Ipv6. You need to configure records on the DNS server so that clients can submit a host name query and receive back an IPv6 address for the specified host. What should you do?

Create AAAA records

You have a Windows 7 computer that you manage at work. Because of the security requirements of your company, you need to prevent all users from being able to use USB flash devices on this computer. What should you do?

Configure removable storage policies in the local security policy.

Which script is used to create the Windows PE build?

Copype.cmd

You need to install Windows 7 Enterprise edition on multiple computers. Each computer has a single SATA hard drive, a PXE-compliant network card, a DVD drive, and several open USB ports. You will not be using WDS or MDT for the installation. When you start each computer, you would like the computer to boot and start the installation process automatically without any intervention. You want to minimize the actions that you must perform on each computer. What should you do next?

Create an Unattended file on a USB drive. One each computer, edit the BIOS to boot from the optical drive firist. Insert the Windows installation disc into the DVD drive and the USB drive into a USB port.

You intend to install Windows 7 by using a Windows 7 installation DVD on several computers. To save time, you would like to automate the installation of Windows 7 for each computer. What should you do?

Create an answer file named autounattend.xml. Place the file on a USB flash drive, and run setup.exe.

You have a workstation running the 32-bit version of Windows Vista Business that you would like to upgrade to the 64-bit version

Custom (advanced)

You have a Windows image file for Windows 7. You need to add a device driver to the image file. What utility should you use?

DISM.exe

What command is used to partition and format a disk?

Diskpart.exe

You are working on a computer running Windows 7. You wold like to update the video driver that is used on the computer. Select the area in Device Manager where you would make this change.

Display Adapters

You have a computer running Windows 7. The computer is part of a domain. You need to transfer user profiles and data files to the computer from a network share using USMT; however, you do not have USMT. What should you do?

Download the Windows Automated Installation Kit (Windows AIK) from Microsoft.

You manage a small network with Windows 7 clients, multiple subnets, and servers.You want your computer to be able to resolve a host name for a server on your network to it's IPv4 address. What should you do? (Select two. Each choice is a possible solution.)

Edit the Hosts file on the computer. Add an A record on the DNS server.

You have two computers: ComputerA is running Windows Vista Business and ComputerB is running Windows 7 Professional. You are using USMT to migrate only the user profiles and user data from ComputerA to ComputerB. You need to specify the fules used for the migration to include all .jpg files. What should you do?

Edit the MigUser.xml file.

You are working on a computer running Windows 7. You have several standard users needing permission to install devices on this computer because Windows 7 does not include the necessary drivers for the devices. What should you do? (Select two. Both answers are complete solutions.)

Enable Allow non-administrators to install drivers for these device setup classes in Group Policy. Run pnputil -i -a to add the drivers to the driver store.

You need to install Windows 7 Enterprise edition on multiple computers. You have an ISO image of the Windows 7 Enterprise edition installation disc that you will use for the installation. You want to boot the computer to a command prompt, connect to a network share, and then run setup from the shared folder. You create a shared folder named WinInstall on a server. What should you do? (Select two. Each choice is a required part of the solution.)

Extract the ISO image and copy all files in the image to the shared folder. Create a bootable disc with WinPE and the necessary network drivers. Edit the BIOS to boot from the optical drive first.

You manage the small network that is connected to the Internet as shown in the graphic. You add Host A to the network. All hosts use manually-assigned TCP/IP values. The subnet where Host A resides uses a 28-bit subnet mask. Which TCP/IP configuration values should you choose for Host A? To answer, drag a value to each TCP/IP parameter shown in the diagram.

IP Address 10.0.0.97 Subnet Mask 255.255.255.240 Default Gateway 10.0.0.110

You have a computer running Windows7 Ultimate. You will use this computer as a reference computer to install Windows 7 from a system image. You have already used Sysprep to remove machine-specific information from the reference computer. You need to capture the image using compression, but excluding some file types from being compressed. You create a file named myCaptureSettings.ini to identify the compression settings. You need to edit the compression settings in the file. What should you do? (Choose the best answer.)

Identify files that are not compressed using the CompressionExclusionList section.

You are getting ready to deploy Windows 7 to multiple enterprise workstations. What do you use to hold the information captured from the reference computer?

Image file

You are working on a computer running Windows 7. You try to listen to Audio CDs, but no audio is coming from the speakers. After checking the speaker cables, the volume level, and the mute feature, you check Device Manager and see the dialog shown in the image. What should you do?

In Device Manager, enable the Soundmax Integrated Digital HD Audio Driver device.

You are working on a computer running Windows 7. Your audio card is working, but you learn about an updated driver that adds some new features to the device. You download and install the new driver. After you restart and log on to Windows 7, you can no longer play audio files. Using a minimum of administrative tasks, you need to find a solution to be able to play audio. What should you do?

In Device Manager, roll back the driver.

You have a Windows 7 computer that you manage at work. Because of security requirements for your company, you need to prevent all users from being able to save files to any removable storage device on the computer. Users are allowed to copy files from these devices. You want to accomplish this with the least amount of effort as possible. What should you do?

In removable storage access in Group Policy, configure the policy for each device type to deny write access.

You have two computers: ComputerA is running Windows Vista and ComputerB is running Windows 7. You need to migrate all user profiles and data files from ComputerA to ComputerB. You need to ensure the user accounts on the destination computer are created and enabled during the migration. What should you do?

On ComputerB, run loadstate with the /lae and /lac options.

You need to install Windows 7 Enterprise edition on multiple computers. Each computer has a single SATA hard drive, a PXE-compliant network card, a DVD drive, and several open USB ports. You have decided to use Windows Deployment Services (WDS) to simplify installation. You configure the WDS server with everything necessary to perform the installation. When you start each computer, you would like the computer to boot, connect to the WDS server, and start the installation process automatically without any intervention. You want to minimize the actions that you must perform on each computer. What should you do next?

On each computer, edit the BIOS to boot from the network first.

You manage a network with all Windows 7 clients. As part of your Ipv6 migration strategy, you have implemented Teredo on your network. You would like to test the communication of a client computer using Teredo. What should you do?

Ping the address beginning with 2001:

You decide to use a system image to deploy Windows 7 to multiple computers. You have configured a reference computer with Windows 7 and are ready to capture and deploy the image. You want to save the image file using three smaller files instead of one large file. Then you need to install the image to the new computers. You want to perform these actions with the least amount of effort possible. What should you do? (Select two. Each choice is a required part of the solution.)

On the reference computer, run imagex /capture. After the image is captured, run imagex /split. On the target computer, run imagex /apply /ref.

You are installing Windows 7 on a new computer. Using the RAID controller on the motherboard, you configure three hard disks in a RAID5 array. You leave the array unpartitioned and unformatted. You edit the BIOS boot order to boot from the optical drive. You insert the installation DVD, boot to the disc, and start the installation. When you are prompted to select the disk where you want to install Windows, the RAID array you created does not show as a possible destination disk. What should you do?

On the screen where you select the disk to install Windows, click Load Driver.

You have a computer that runs Windows XP Professional. You want to upgrade your computer to Windows 7 Professional. You want your user profile settings to be applied to Windows 7, with all user files available following the upgrade. You want to perform the upgrade with the least amount of effort possible. What should you do?

Perform a custom (advanced) installation of Windows 7 to the existing hard drive. After the installation, boot into Windows 7 and run Scanstate and then Loadstate.

You have a workstation running the 32-bit version of Windows Vista Business that you would like to upgrade to the 32-bit version of Windows 7 Professional. You want to perform the upgrade with the least amount of effort and cost. What should you do first?

Perform and Upgrade using the Windows 7 installation disc.

You are researching the network requirements needed to support WDS on your network. One of your workstation requirements is that the network interface adapter has to support _______.

Pre-boot Execution Environment

You are working on a computer running Windows 7. It is part of a domain. You recently installed Windows 7 Professional edition. After installation, you are not able to connect to resources on the network. You check Device Manager and see the dialog shown in the image. What should you do?

Right-click the Broadcom NetXtreme Gigabit Controller and select Update Driver.

You have a computer that runs Windows XP Professional. You want to upgrade your computer to Windows 7 Professional. You want to customize the migration of application, user profile, and user data. What should you do? (Select two. Each choice is a required part of the solution.)

Run *scanstate* with the */genconfig* option. Edit the *config.xml* file.

You have two computers: ComputerA is running Windows Vista and ComputerB is running Windows 7. You need to migrate specific application settings from ComputerA to ComputerB by using USMT. What should you do? (Select two. Each choice is a required part of the solution.)

Run *scanstate* with the */genconfig* option. Edit the *config.xml* file.

You have a single computer running Windows XP. You perform a Custom (advanced) installation of Windows 7 to the existing disk partition on the computer. You need to migrate user profiles and user data from the Windows XP installation to the Windows 7 installation. What should you do?

Run *scanstate* with the */offlineWinOld:* option

You have a workstation running the 32-bit version of Windows 7 Professional that you would like to upgrade to the 32-bit version of Windows 7 Ultimate. You want to perform the upgrade with the least amount of effort and cost while maintaining as much user data as possible. What should you do first?

Run Anytime Upgrade

You want to deploy Windows 7 Enterprise to multiple computers from a previously-captured system image. You have received some operating system updates and would like to add these to the existing install image without recapturing the entire image. What should you do?

Run DISM

You have a computer without an operating system installed. You have a previously-captured image which contains a Windows 7 Enterprise installation. The image is on the following network share: \\imgserve\images. You need to manually deploy the image onto the computer. You boot the computer using WinPE and map a drive to the network share. What should you do next?

Run Diskpart to partition and format the disk.

You have computer that runs Windows XP Professional. You want to upgrade your computer to Windows 7 Professional. You want to maintain as much of the application, user profile, and user data as possible. You want to perform the upgrade with the least amount of effort possible. What should you do?

Run Scanstate in Windows XP. Perform a custom (advanced) installation of Windows 7 to the existing hard drive. Boot into Windows 7 and re-install all applications. Run Loadstate.

You have a computer running Windows 7 Professional. You want to capture the installation as a system image. You need to remove any computer-specific information from the computer prior to capturing the image. What should you do?

Run Sysprep

You decide to use a system image to deploy Windows 7 to multiple computers. You have installed Windows on a reference computer. You need to restart Windows and manually install applications and make other changes prior to capturing the image. You want to prevent the Windows Welcome screen from showing when the system reboots prior to customizing the installation. You do not want any changes you make to prevent the end-user from seeing the full Out-of-Box Experience after the image is applied. What should you do?

Run Sysprep with the /audit option.

You have two computers: ComputerA is running Windows XP Professional and ComputerB is running Windows 7 Professional. You need to transfer user profiles and data files from ComputerA to ComputerB. What should you do? (Select two. Each answer is a complete solution.)

Run Windows Easy Transfer Run USMT

You have a computer running Windows 7 Ultimate. You will use this computer as a reference computer to install Windows 7 from a system image. You have already used Sysprep to remove machine-specific information from the reference computer. You need to capture the image using compression, but excluding some file types from being compressed. You create a file named myCaptureSettings.ini to identify the compression settings. What should you do next?

Run imagex.exe with the /capture, /compress, and /config options.

You have a computer running Windows 7. You need to see a list of third-party drivers on the system. What should you do?

Run pnputil -e at the command prompt.

You have a Windows Vista system that you would like to upgrade to Windows 7. You want to make sure that everything in your current system is compatible with windows 7. What should you do?

Run the Windows 7 Upgrade Advisor.

What is a command line program that installers can use to prepare Windows 7 computers for imaging, auditing, and deployment including preparing a reference computer?

Sysprep.exe

Which type of image contains all of the elements of a workstation configuration, including applications drivers, updates, and all configuration settings?

Thick images

You need to deploy Windows 7 Professional to multiple new computers using a previously-captured system image on a network share. You have updated the offline image with a Windows Update Stand-alone Installer (.msu) file. You believe the new .msu file is causing a problem on the system image. What should you do?

Use the dism /cleanup-image and /revertpendingactions options.

You have a computer without an operating system installed. You have a previously-captured image which contains a Windows 7 Enterprise installation. The image is on the following network share: \\imgserv\images. You need to manually deploy the image onto the computer. After booting the computer into WinPE, you partitioned and formatted the local hard drive with DiskPart. What should you do next? (Select two. Each choice is a required part of the solution.)

Use the net use command to connect to the network share and map the drive with a letter. Use imagex.exe with the /apply option to copy the image from the network share to the local drive.

You need to deploy Windows 7 Enterprise to multiple new computers using a previously-captured system image. Before deploying the image, you need to append several files to the image. You want to compress the appended files to minimize disk space. What should you do?

Use the same compression type as the initial capture.

What is the file-based disk image format used to deploy its latest Windows operating system releases, Windows 7, and Windows Server 2008?

WIM

You have a computer that runs Windows Vista. You need to perform a clean installation of Windows 7 onto the computer. You would also like to retain the system and user files from the Windows Vista installation. What should you do?

While running setup.exe on the Windows 7 installation media, select the Custom (advanced) option.

What is the graphical utility that installers can use to create distribution shares and answer files that automate and customize Windows 7 installations?

Windows SIM


Related study sets

NU143- Chapter 15: Postpartum Adaptations

View Set

Exam 1: Communication Practice 30 Questions

View Set

Unit 9- Policy Provisions (in life insurance)

View Set

Endocrine Anatomy: Hypothalamus and Pituitary Gland

View Set

Interactions between Body Systems

View Set