MCSE 70-291 Exam Quiz Test 2

1. The address space used by your organization is 207.46.1.21–207.46.1.254. This space is not large enough to accommodate all 300 workers at once; as a result, your network frequently runs out of DHCP leases. Nevertheless, no more than 30 part-time employees work in the office on any given day. How can you make more efficient use of your current address space and provide enough leases for all workers?

Assign all laptops an alternate configuration address within a compatible address space.

Create a user class for part-time employees and adjust the lease duration in this user class to 1 day.

Increase conflict detection attempts on the DHCP server so as to prevent address conflicts.

Assign part-time employees addresses within one of the private address ranges.

By creating a user class for part-time employees and adjusting the lease duration to 1 day, the DHCP server can allocate and recycle IP addresses more efficiently. This ensures that addresses are not being held for longer than necessary, allowing for a larger pool of available addresses to accommodate all workers. This solution addresses the issue of running out of DHCP leases while considering the fact that only a maximum of 30 part-time employees work in the office on any given day.

Explanation

By creating a user class for part-time employees and adjusting the lease duration to 1 day, the DHCP server can allocate and recycle IP addresses more efficiently. This ensures that addresses are not being held for longer than necessary, allowing for a larger pool of available addresses to accommodate all workers. This solution addresses the issue of running out of DHCP leases while considering the fact that only a maximum of 30 part-time employees work in the office on any given day.

2. During a communication session between two computers, the IP Security Monitor snap-in shows the status in Figure 11-48. What does this status mean?

Troubleshooting by viewing statistics

The communication is not encrypted as expected.

The communication is encrypted as expected.

The communication is not occurring.

The communication is not being received at this computer.

The status shown in Figure 11-48 indicates that the communication is encrypted as expected.

Explanation

The status shown in Figure 11-48 indicates that the communication is encrypted as expected.

3. Which of the following messages is not exchanged as part of a DHCP lease initialization?

Renew

Request

ACK

Discover

During the DHCP lease initialization process, the client sends a Discover message to find available DHCP servers. The server responds with an Offer message, indicating that it can provide an IP address to the client. The client then sends a Request message to confirm its desire to obtain the offered IP address. The server acknowledges this request by sending an ACK message, indicating that the lease has been successfully initialized. The Renew message, however, is not exchanged during the lease initialization process. It is used later in the lease lifecycle to request an extension of the lease duration.

Explanation

During the DHCP lease initialization process, the client sends a Discover message to find available DHCP servers. The server responds with an Offer message, indicating that it can provide an IP address to the client. The client then sends a Request message to confirm its desire to obtain the offered IP address. The server acknowledges this request by sending an ACK message, indicating that the lease has been successfully initialized. The Renew message, however, is not exchanged during the lease initialization process. It is used later in the lease lifecycle to request an extension of the lease duration.

4. You install a new application on a member server. The application reports that it is installing a service on the computer. The installation for the service requests a user name and password for which to run the service. You provide the name DOMAIN1\Service1. However, when you run the application for the first time, it is unable to start. You suspect that the account has not been given enough rights to start. What do you do?

On the member server, grant the Service1 account the Log on as a Service right.

In the domain, grant the Service1 account the Log on as a Service right.

On the member server, grant the Service1 account the Log on as a Batch Job right.

In the domain, grant the Service1 account the Log on as a Batch Job right.

You should grant the Service1 account the "Log on as a Service" right on the member server. This right allows the account to start and run services on the server. By granting this right specifically on the member server, you ensure that the account has the necessary permissions to start the service successfully.

Explanation

You should grant the Service1 account the "Log on as a Service" right on the member server. This right allows the account to start and run services on the server. By granting this right specifically on the member server, you ensure that the account has the necessary permissions to start the service successfully.

5. A team of 20 of Fabrikam’s scientists are conducting research for 10 months in Ottawa, Ontario. They have set up a computer network that they want to connect periodically to the main office in Ithaca. How can you ensure that the incoming calls you receive to the network router at the main office are in fact originating from the router at the temporary Ottawa office?

Configure the answering router at the Ithaca office to authenticate all incoming calls.

Configure callback on the answering router at the Ithaca office.

Configure callback on the calling router at the Ottawa office.

Disable autostatic routes on both routers.

To ensure that the incoming calls received at the network router at the main office are originating from the router at the temporary Ottawa office, configuring callback on the answering router at the Ithaca office is the correct solution. Callback authentication is a security feature that verifies the caller's identity before establishing a connection. By enabling callback on the answering router, it will only accept incoming calls from the specific router at the Ottawa office, ensuring the authenticity of the connection and preventing unauthorized access.

Explanation

To ensure that the incoming calls received at the network router at the main office are originating from the router at the temporary Ottawa office, configuring callback on the answering router at the Ithaca office is the correct solution. Callback authentication is a security feature that verifies the caller's identity before establishing a connection. By enabling callback on the answering router, it will only accept incoming calls from the specific router at the Ottawa office, ensuring the authenticity of the connection and preventing unauthorized access.

6. You install a new application, which reports that it is installing a service on the computer. However, when you run the application for the first time, it is unable to start. You inspect the service dependencies for the new service and notice that a service that is required is not started. However, your security policy states that services must remain stopped unless another application requires them to be on. How should you configure the dependent service to start?

Automatic

Automatic, but pause the service

Manual

Disabled

The dependent service should be configured to start manually. This means that it will not start automatically when the computer starts up, but it can be started manually when needed. This configuration aligns with the security policy that states services must remain stopped unless another application requires them to be on. By setting the service to start manually, it ensures that it will only start when explicitly requested, reducing the risk of unnecessary services running in the background.

Explanation

The dependent service should be configured to start manually. This means that it will not start automatically when the computer starts up, but it can be started manually when needed. This configuration aligns with the security policy that states services must remain stopped unless another application requires them to be on. By setting the service to start manually, it ensures that it will only start when explicitly requested, reducing the risk of unnecessary services running in the background.

7. Netsh is used to create and assign an IPSec policy for a stand-alone server running Windows Server 2003. One of the commands used is the following, executed from the Netsh IPSec Static context: Add rule name=”SMTPBlock” policy=”smtp” filterlist=“smtp computerlist” filteraction=”negotiate smtp” description=”this rule negotiates smtp” Why is the policy not working?

The policy is set with the wrong IP addresses.

Each policy specifies a different encryption algorithm.

No encryption is taking place. The evidence is revealed in the soft SAs.

The policy is using Kerberos for authentication and the computer is not a member of a domain.

The policy is not working because it is using Kerberos for authentication, but the computer is not a member of a domain. Kerberos requires a domain environment to function properly, so if the computer is not part of a domain, the authentication process will fail and the policy will not be applied.

Explanation

The policy is not working because it is using Kerberos for authentication, but the computer is not a member of a domain. Kerberos requires a domain environment to function properly, so if the computer is not part of a domain, the authentication process will fail and the policy will not be applied.

8. You are setting up 50 new client machines in the branch office. Another administrator has already configured DHCP in the branch office. When you bring the first client computer online, you notice that DHCP is not providing Primary or Alternate DNS servers along with the IP address. You need to troubleshoot DHCP and configure it so the client computers can gain access to internal resources as well as browse the Internet. How should you configure the DHCP server? (Choose all that apply.)

Set the DHCP server to provide clients the address to DNS1.

Set the DHCP server to provide clients the address to ISPDNS1.

Set the DHCP server to provide clients the address to DNS2.

Set the DHCP server to provide clients the address to ISPDNS2.

The DHCP server should be configured to provide clients with the address to DNS1 and DNS2. This will ensure that the client computers can gain access to internal resources and browse the Internet. By providing the addresses of both DNS servers, the client computers will be able to resolve both internal and external domain names.

Explanation

The DHCP server should be configured to provide clients with the address to DNS1 and DNS2. This will ensure that the client computers can gain access to internal resources and browse the Internet. By providing the addresses of both DNS servers, the client computers will be able to resolve both internal and external domain names.

Submit

9. Which action needs to be taken if you want to configure a DHCP server to update both A resource records and PTR resource records on behalf of a Windows NT 4 client?

No action is required.

On the DNS tab of the DHCP server properties dialog box, select Always Dynamically Update DNS a and PTR Records.

Register the client as a dynamic host with the DHCP server.

To configure a DHCP server to update both A resource records and PTR resource records on behalf of a Windows NT 4 client, you need to select the option "Dynamically Update DNS a and PTR Records For DHCP Clients That Do Not Request Updates" on the DNS tab of the DHCP server properties dialog box. This ensures that the DHCP server will automatically update the DNS and PTR records for clients that do not specifically request updates.

Explanation

To configure a DHCP server to update both A resource records and PTR resource records on behalf of a Windows NT 4 client, you need to select the option "Dynamically Update DNS a and PTR Records For DHCP Clients That Do Not Request Updates" on the DNS tab of the DHCP server properties dialog box. This ensures that the DHCP server will automatically update the DNS and PTR records for clients that do not specifically request updates.

10. You install a new application, which reports that it is installing a service on the computer. However, when you run the application for the first time, it is unable to start. You inspect the event log to determine the nature of the problem. You receive an error stating “The service did not start due to a logon failure.” What should you do?

Grant the account the Logon As A Service right.

Change the password to the same name as the account.

Verify the user name of the account being used to run the service.

Grant the account administrative rights.

The error message suggests that there is a problem with the user name of the account being used to run the service. It is possible that the account does not have the necessary permissions or the correct user name is not specified. To resolve the issue, it is recommended to verify the user name of the account being used to run the service and ensure that it has the appropriate permissions to start the service.

Explanation

The error message suggests that there is a problem with the user name of the account being used to run the service. It is possible that the account does not have the necessary permissions or the correct user name is not specified. To resolve the issue, it is recommended to verify the user name of the account being used to run the service and ensure that it has the appropriate permissions to start the service.

11. How can you ensure that only members of the R&D Subnet 2 can access the route to the new secure subnet?

Deploy OSPF on the network and configure the router connected to the secure subnet as an area border router.

Configure peer filtering on the router connected to the secure subnet.

Encrypt the routes using MPPE.

not-available-via-ai

Explanation

not-available-via-ai

12. Which steps might be necessary to recover from the application of a security template to a file server that prevented all users from accessing the server over the network? Choose the most efficient way.

Log on locally to the file server as Administrator and apply the root security template.

Log on locally to the file server as Administrator and apply the rollback template produced from the bad security template.

Log on remotely to the file server as Administrator and apply the rollback template produced from the security template.

The most efficient way to recover from the application of a security template that prevented all users from accessing the server over the network is to log on locally to the file server as Administrator and apply the rollback template produced from the bad security template. This will revert the changes made by the bad security template and restore the server's previous settings, allowing users to access the server over the network again.

Explanation

The most efficient way to recover from the application of a security template that prevented all users from accessing the server over the network is to log on locally to the file server as Administrator and apply the rollback template produced from the bad security template. This will revert the changes made by the bad security template and restore the server's previous settings, allowing users to access the server over the network again.

13. By default, how long do logged events last in DHCP server logs?

One day

One week

One month

Until the log grows beyond 1 MB

The logged events in DHCP server logs last for one week by default. This means that the server will keep track of the events that occur within the network for a period of seven days. After this time, the events will be automatically deleted from the logs. This duration allows administrators to review and analyze the events within a reasonable timeframe, ensuring that any issues or problems can be identified and addressed in a timely manner.

Explanation

The logged events in DHCP server logs last for one week by default. This means that the server will keep track of the events that occur within the network for a period of seven days. After this time, the events will be automatically deleted from the logs. This duration allows administrators to review and analyze the events within a reasonable timeframe, ensuring that any issues or problems can be identified and addressed in a timely manner.

14. You want to migrate a subnet to a new scope. You create a new scope and then deactivate the old scope. Which of the following is an appropriate next step?

Run the Ipconfig /release command and then the Ipconfig /renew command on every client computer.

Restart the DHCP Server service.

Delete the old scope.

Authorize the DHCP server.

not-available-via-ai

Explanation

not-available-via-ai

15. Your DHCP server crashes and cannot be brought back online. Your last backup is four days old. How can you best preserve the current address space without restarting all company computers?

Deploy a new DHCP server with the same address scope, and raise conflict detection attempts to 3.

Deploy a new DHCP server with the same address scope, and increase the new lease duration to 15 days.

Restore the previous DHCP database from a backup.

Run the Ipconfig /renew command on all computers.

To preserve the current address space without restarting all company computers after the DHCP server crash, the best solution is to deploy a new DHCP server with the same address scope and raise conflict detection attempts to 3. This ensures that any conflicts or overlapping IP addresses are properly detected and resolved before assigning them to the computers. By doing so, the company can maintain the current address space without causing any disruptions or conflicts among the computers on the network.

Explanation

To preserve the current address space without restarting all company computers after the DHCP server crash, the best solution is to deploy a new DHCP server with the same address scope and raise conflict detection attempts to 3. This ensures that any conflicts or overlapping IP addresses are properly detected and resolved before assigning them to the computers. By doing so, the company can maintain the current address space without causing any disruptions or conflicts among the computers on the network.

16. A user in the branch office reports that he cannot use Internet Explorer to view a commonly used Web site on the Internet. At your client computer in the main office, you run Nslookup to verify the target address and receive the correct address. At the user’s client computer, you also run Nslookup, but the address returned is incorrect. What should you do to troubleshoot? (Choose all that apply.)

Verify that the client is using the correct DNS servers.

Run Ipconfig /flushdns.

Select the Network Connections icon in Accessories.

Run Ipconfig /renew.

To troubleshoot the issue, you should verify that the client is using the correct DNS servers. This is important because if the client is using incorrect DNS servers, it may not be able to resolve the correct address for the website. Additionally, running Ipconfig /flushdns can help clear any cached DNS entries on the client's computer, which may be causing the incorrect address to be returned.

Explanation

To troubleshoot the issue, you should verify that the client is using the correct DNS servers. This is important because if the client is using incorrect DNS servers, it may not be able to resolve the correct address for the website. Additionally, running Ipconfig /flushdns can help clear any cached DNS entries on the client's computer, which may be causing the incorrect address to be returned.

Submit

17. Your boss wants to reserve 20 computers in a special subnet within the 192.168.0.0/24 range and place these computers on the same network segment as the other computers. To achieve this task, you deploy a new DHCP server to issue leases in the 192.168.0.0/24 address range and create 20 lease reservations for the new set of computers. However, after the new DHCP server is deployed, the scope does not issue any new leases even though it is activated. Which of the following would most likely cause this scenario?

You have not reconciled the scopes on the new DHCP server.

You have not verified the database consistency.

You have not excluded the range of addresses issued by the original DHCP computer.

You have not assigned the new DHCP server an address within the 192.168.0.0/24 range.

The most likely cause of the scenario where the new DHCP server is not issuing any new leases, despite being activated, is that the new DHCP server has not been assigned an address within the 192.168.0.0/24 range. In order for the DHCP server to function properly and issue leases within a specific subnet, it needs to have an IP address that falls within that subnet. Since the boss wants to reserve 20 computers in the 192.168.0.0/24 range, the new DHCP server should also have an IP address within that range to be able to issue leases effectively.

Explanation

The most likely cause of the scenario where the new DHCP server is not issuing any new leases, despite being activated, is that the new DHCP server has not been assigned an address within the 192.168.0.0/24 range. In order for the DHCP server to function properly and issue leases within a specific subnet, it needs to have an IP address that falls within that subnet. Since the boss wants to reserve 20 computers in the 192.168.0.0/24 range, the new DHCP server should also have an IP address within that range to be able to issue leases effectively.

18. You log on to the domain, map a drive to the share \\192.168.5.55\share, and then copy some files. You then use Kerbtray.exe to examine the Kerberos tickets. You find a ticket for your account and the service krgbt. You do not find a ticket for CIFS for this server. What is the most likely reason for this problem?

The ticket with the service krgbt is the ticket for this type of connection.

Using the IP address instead of server name means NTLM will be used.

The Kerbtray.exe utility shows only TGT tickets, and the share ticket is a user or session ticket.

The Kerbtray.exe utility shows only session tickets, and the share ticket is a TGT ticket.

The most likely reason for not finding a ticket for CIFS for this server is that using the IP address instead of the server name means NTLM will be used. NTLM is an authentication protocol that is used when the server name is not specified, and it does not use Kerberos tickets. Therefore, if the user logs on to the domain and maps a drive using the IP address, it is likely that NTLM authentication is being used instead of Kerberos, which is why there is no ticket for CIFS.

Explanation

The most likely reason for not finding a ticket for CIFS for this server is that using the IP address instead of the server name means NTLM will be used. NTLM is an authentication protocol that is used when the server name is not specified, and it does not use Kerberos tickets. Therefore, if the user logs on to the domain and maps a drive using the IP address, it is likely that NTLM authentication is being used instead of Kerberos, which is why there is no ticket for CIFS.

19. You set up Performance Logs And Alerts to send a message to Computer2 to notify an operator when the network use on Computer1 gets too high. However, Computer2 never receives the message sent from Computer1. What must you do to enable messages to be sent by Computer1 and received by Computer2? (Choose all that apply.)

On Computer1, start the Messenger service.

On Computer1, start the Alerter service.

On Computer2, start the Messenger service.

On Computer2, start the Alerter service.

To enable messages to be sent from Computer1 and received by Computer2, you need to start the Alerter service on Computer1 and start the Messenger service on Computer2. The Alerter service on Computer1 will allow it to send messages, while the Messenger service on Computer2 will enable it to receive the messages sent from Computer1.

Explanation

To enable messages to be sent from Computer1 and received by Computer2, you need to start the Alerter service on Computer1 and start the Messenger service on Computer2. The Alerter service on Computer1 will allow it to send messages, while the Messenger service on Computer2 will enable it to receive the messages sent from Computer1.

Submit

20. You suspect that a virus has infected your computer running Windows Server 2003. You believe this virus is transmitting data from your server over the network using a specific port. You want to determine which process is using a specific port. Which command should you run?

Nbtstat –RR

Nbtstat –r

Netstat –a

Netstat –o

The correct answer is "Netstat -o". Netstat is a command-line tool used to display active network connections and listening ports on a computer. The "-o" option will display the process ID (PID) associated with each connection, allowing you to identify which process is using a specific port. By running this command, you can determine if any process on your Windows Server 2003 is using the suspected port and potentially identify the virus transmitting data over the network.

Explanation

The correct answer is "Netstat -o". Netstat is a command-line tool used to display active network connections and listening ports on a computer. The "-o" option will display the process ID (PID) associated with each connection, allowing you to identify which process is using a specific port. By running this command, you can determine if any process on your Windows Server 2003 is using the suspected port and potentially identify the virus transmitting data over the network.

21. What is a good reason for assigning a policy by means of Netsh when Group Policy can be used to simply assign an IPSec policy across multiple computers?

Using Netsh is more easily implemented when multiple machines need to be configured.

You can use Netsh to create a persistent policy that will be used if Group Policy cannot be used.

Using Netsh allows for the creation of a persistent policy that can be used when Group Policy is not available. This means that even if the computers are not joined in a domain or if Group Policy cannot be used for any reason, the policy created using Netsh will still be applied. This provides a reliable and consistent way to assign a policy across multiple computers, ensuring that the desired settings are enforced regardless of the limitations of Group Policy.

Explanation

Using Netsh allows for the creation of a persistent policy that can be used when Group Policy is not available. This means that even if the computers are not joined in a domain or if Group Policy cannot be used for any reason, the policy created using Netsh will still be applied. This provides a reliable and consistent way to assign a policy across multiple computers, ensuring that the desired settings are enforced regardless of the limitations of Group Policy.

22. What most likely accounts for the errors shown in the following DHCP audit log? 00,5/24/03,08:21:57,Started,,,, 54,5/24/03,08:21:58,Authorization failed,,domain1.local,,

The server has been started for the first time.

The server cannot communicate on the network.

The server has been unauthorized by a senior network manager.

The server is not running Windows Server 2003.

The errors in the DHCP audit log most likely occurred because the server has been started for the first time. This can be inferred from the timestamp in the log entry, which shows the server starting at 08:21:57. Since the server is being started for the first time, it is possible that there are some configuration or authorization issues that need to be resolved, leading to the authorization failure mentioned in the log entry.

Explanation

The errors in the DHCP audit log most likely occurred because the server has been started for the first time. This can be inferred from the timestamp in the log entry, which shows the server starting at 08:21:57. Since the server is being started for the first time, it is possible that there are some configuration or authorization issues that need to be resolved, leading to the authorization failure mentioned in the log entry.

23. An IPSec policy has been assigned and communication is failing between two computers. The event shown in Figure 11-47 is found in the IP Security Monitor. Its timestamp indicates the event happened during the failure. What is the most likely reason for the failure?

The failure is due to an authentication error.

Main Mode negotiation is failing.

Quick Mode negotiation is failing.

The specific type of packets that the policy is supposed to be blocking are being blocked.

The most likely reason for the failure is that the Quick Mode negotiation is failing. Quick Mode is the second phase of IPSec negotiation and is responsible for establishing the actual security associations and cryptographic keys between the two computers. If Quick Mode negotiation fails, it means that the computers are unable to establish a secure connection and therefore communication between them will fail.

Explanation

The most likely reason for the failure is that the Quick Mode negotiation is failing. Quick Mode is the second phase of IPSec negotiation and is responsible for establishing the actual security associations and cryptographic keys between the two computers. If Quick Mode negotiation fails, it means that the computers are unable to establish a secure connection and therefore communication between them will fail.

24. You receive a report that Computer1 is responding slowly to user requests. You want a quick way to see which network traffic the server is using. You use Network Monitor. You want to see whether any general broadcast traffic is being sent to Computer1. Which counter should you enable?

Nonunicasts/Interval

Unicasts/Interval

Bytes Sent/Interval

Bytes Received/Interval

Enabling the "Nonunicasts/Interval" counter in Network Monitor will allow you to see whether any general broadcast traffic is being sent to Computer1. This counter specifically monitors the non-unicast traffic, which includes broadcast traffic. By monitoring this counter, you can quickly identify if there is any excessive broadcast traffic that may be causing the slow response to user requests on Computer1.

Explanation

Enabling the "Nonunicasts/Interval" counter in Network Monitor will allow you to see whether any general broadcast traffic is being sent to Computer1. This counter specifically monitors the non-unicast traffic, which includes broadcast traffic. By monitoring this counter, you can quickly identify if there is any excessive broadcast traffic that may be causing the slow response to user requests on Computer1.

25. The DNS domain proseware.local is an Active Directory–integrated domain that requires secure dynamic updates. Your DHCP server is configured to register DNS records for downlevel clients, and is not a member of the DnsUpdateProxy group. Fifty client computers have recently been upgraded to Windows XP Professional from Windows NT 4. After the upgrade, users start reporting that they can no longer access some network resources. Which of the following solutions enables you to fix the problem with the least amount of administrative effort?

Shut down and restart the upgraded client computers.

Run Ipconfig /renew, and then Ipconfig /registerdns on all client computers.

Enable aging and scavenging in the proseware.local zone, and then decrease the no-refresh and refresh intervals in aging/scavenging properties.

Add the DHCP server to the DnsUpdateProxy Windows security group.

not-available-via-ai

Explanation

not-available-via-ai

26. You have configured a subnet with two DHCP servers, DHCP1 and DHCP2. DHCP1 provides addresses within the first 80 percent of the subnet’s scope range, and DHCP2 provides addresses for the remaining 20 percent of the scope range. Computer ClientA obtains a fresh address from DHCP1, after which you immediately take DHCP1 off the network. How long will it take before ClientA attempts to obtain a new address from DHCP2?

Four days

Five days

Seven days

Eight days

When ClientA obtains a fresh address from DHCP1 and DHCP1 is taken off the network immediately, ClientA will continue to use the obtained address until the lease expires. By default, the lease duration is 8 days. Therefore, it will take 7 days before ClientA attempts to obtain a new address from DHCP2, as it will wait for the lease to expire before attempting to renew it.

Explanation

When ClientA obtains a fresh address from DHCP1 and DHCP1 is taken off the network immediately, ClientA will continue to use the obtained address until the lease expires. By default, the lease duration is 8 days. Therefore, it will take 7 days before ClientA attempts to obtain a new address from DHCP2, as it will wait for the lease to expire before attempting to renew it.

27. With the least amount of administrative effort, how can you best provide enough addresses for the 290 clients that require dynamic addressing and still allow for connectivity among all networked computers? (Choose only one answer.)

Create a new superscope and then add the 10.0.0.0/24 and 10.0.1.0/24 scopes to the new superscope.

Add a second DHCP server on the network segment to distribute address leases through the 10.0.1.0/24 scope.

not-available-via-ai

Explanation

not-available-via-ai

28. You have not modified the default settings for DNS on the DHCP client or server. Which of the following client record or records will be updated in DNS by the DHCP server? (Assume that the clients are running Windows XP.)

The PTR resource record

The A resource record

Both the PTR and A resource records

Neither the PTR nor the A resource record

The PTR resource record is used for reverse DNS lookup, which maps an IP address to a hostname. In this scenario, since the default settings for DNS on the DHCP client or server have not been modified, the DHCP server will update the PTR resource record in DNS. This allows for reverse DNS lookup to function properly. The A resource record, on the other hand, is used for forward DNS lookup, which maps a hostname to an IP address. Since the question states that the default settings have not been modified, it can be inferred that the A resource record will not be updated by the DHCP server. Therefore, the correct answer is the PTR resource record.

Explanation

The PTR resource record is used for reverse DNS lookup, which maps an IP address to a hostname. In this scenario, since the default settings for DNS on the DHCP client or server have not been modified, the DHCP server will update the PTR resource record in DNS. This allows for reverse DNS lookup to function properly. The A resource record, on the other hand, is used for forward DNS lookup, which maps a hostname to an IP address. Since the question states that the default settings have not been modified, it can be inferred that the A resource record will not be updated by the DHCP server. Therefore, the correct answer is the PTR resource record.

29. A user in the branch office reports that he cannot use Internet Explorer to open a commonly used Web site on the Internet. At your client computer in the main office, you are able to ping the target address. At the user’s client computer, you cannot ping the target address. What should you do to troubleshoot? (Choose all that apply.)

From the user’s client computer, run ping destination address.

From the user’s client computer, select To Repair The Network Connection.

From the DNS server, perform a simple query test.

From the DNS server, perform a recursive query test.

not-available-via-ai

Explanation

not-available-via-ai

Submit

30. Which of the following settings can be applied using Security Configuration and analysis and a security template? (Choose all that apply.)

The password must be 15 characters long.

The Accountants group is not allowed to access this computer over the network.

IPSec must be used for all communications between Computer1 and Computer2.

The root file permissions should be Everyone Full Control.

Security Configuration and Analysis and a security template can be used to apply settings such as password length requirements, network access restrictions for specific user groups, and file permissions. In this case, the correct answer includes the settings for password length, network access for the Accountants group, and file permissions for the root folder.

Explanation

Security Configuration and Analysis and a security template can be used to apply settings such as password length requirements, network access restrictions for specific user groups, and file permissions. In this case, the correct answer includes the settings for password length, network access for the Accountants group, and file permissions for the root folder.

Submit

31. IPSec can be used to secure communications between two computers. What else can it do? (Choose all that apply.)

Examine Kerberos tickets

Block transfer of specific protocol packets

Allow transfer of packets with a destination TCP port of 23 from any computer to the host computer

Permit one user to use telnet to access the computer while denying another user

IPSec can block the transfer of specific protocol packets, allowing the user to specify which protocols should be blocked. It can also allow the transfer of packets with a destination TCP port of 23 from any computer to the host computer, enabling telnet access.

Explanation

IPSec can block the transfer of specific protocol packets, allowing the user to specify which protocols should be blocked. It can also allow the transfer of packets with a destination TCP port of 23 from any computer to the host computer, enabling telnet access.

Submit

32. Company executives want to improve router security on the network and have made clear that they would not be satisfied with a solution that merely authenticates routers with a plaintext password. What other measures can you take to ensure that rogue routers are not deployed on the network and that network routes are not intercepted? (Choose all that apply.)

Deploy Active Directory directory service.

Configure RIP to use autostatic routes.

Configure RIP neighbors.

Configure peer filtering.

Configure route filtering.

not-available-via-ai

Explanation

not-available-via-ai

Submit

33. After you enable the new scopes to issue addresses, some users begin to complain that they can no longer access network resources. Checking the DHCP server audit logs, you find several NACK messages. What steps should you take to resolve this problem? (Choose all that apply.)

Create a superscope on each DHCP server consisting of the active scopes deployed on the network segment.

Create client reservations for all appropriate clients on the original DHCP server.

On the original DHCP server, exclude the full range of addresses within the special 192.168.0.0/24 subnet.

On the new DHCP server, exclude the full range of addresses issued by the original DHCP server.

To resolve the problem of users being unable to access network resources after enabling new scopes to issue addresses, the following steps should be taken:
- Create a superscope on each DHCP server consisting of the active scopes deployed on the network segment. This will allow the DHCP server to manage multiple scopes and provide IP addresses to clients.
- On the original DHCP server, exclude the full range of addresses within the special 192.168.0.0/24 subnet. This ensures that the addresses within this subnet are not assigned by the DHCP server.
- On the new DHCP server, exclude the full range of addresses issued by the original DHCP server. This prevents the new DHCP server from assigning addresses that are already assigned by the original DHCP server.

Explanation

To resolve the problem of users being unable to access network resources after enabling new scopes to issue addresses, the following steps should be taken:
- Create a superscope on each DHCP server consisting of the active scopes deployed on the network segment. This will allow the DHCP server to manage multiple scopes and provide IP addresses to clients.
- On the original DHCP server, exclude the full range of addresses within the special 192.168.0.0/24 subnet. This ensures that the addresses within this subnet are not assigned by the DHCP server.
- On the new DHCP server, exclude the full range of addresses issued by the original DHCP server. This prevents the new DHCP server from assigning addresses that are already assigned by the original DHCP server.

Submit