Microsoft Certification 70-642

A. Correct: The address shown is an APIPA address, which is assigned automatically to a DHCP client if a DHCP server cannot be found. An APIPA address usually results in a loss of connectivity to network resources. To fix the problem, you should first attempt to obtain a new address from a DHCP server. To do that, use the Ipconfig /renew command.
B. Incorrect: This command will merely verify that you can connect to your own address. It will not help establish network connectivity.
C. Incorrect: This command will merely verify that you can trace a path to your own address. It will not help establish network connectivity.
D. Incorrect: This command displays the list of IP address-to-MAC address mappings stored on the computer. It will not fix any problems in network connectivity.

A. Incorrect: Use the FileScrn tool to configure file screening for folders, which configures Windows to block specific file types.
B. Correct: You can use the DirQuota tool configure disk quotas from the command prompt.
C. Incorrect: The StorRept tool configures storage reports from the command prompt.
D. Incorrect: You can use the Net tool to configure folder sharing from the command prompt. It cannot configure disk quotas.

A. Correct: Global addresses are routable addresses that can communicate directly with IPv6-only hosts on public networks. This is the kind of address you need if you want a static IPv6 address to which other computers can connect from across the IPv6 Internet.
B. Incorrect: A link-local address is not routable and cannot be used on a public network.
C. Incorrect: A unique-local address is routable but cannot be used on a public network.
D. Incorrect: A site-local address is a version of a unique local address, but these address types

A. Incorrect: You should not configure a DNS server as a DHCP client. A DNS server needs the most stable address available, which is a manually configured static address.
B. Incorrect: An APIPA address is an address that signifies a network problem. It is not a stable address and should not be assigned to a server.
C. Incorrect: An alternate configuration is not a stable address because it can be replaced by a DHCP-assigned address. You should assign the most stable address
type—a static address—to a DNS server.
D. Correct: The addresses of infrastructure servers such as DHCP and DNS servers should never change. Therefore, these server types should be

A. Incorrect: A /23 network can support 512 addresses but only 510 devices.
B. Incorrect: A /22 network can support 1024 addresses but only 1022 devices.
C. Incorrect: A /23 network can support 510 devices, but a /22 network can support more.
D. Correct: A /22 network can support 1024 addresses but only 1022 devices because two addresses in every block are reserved for network communications.

A. Correct: This command flushes the DNS server cache. If you know that a DNS server is responding to queries with outdated cache data, it’s best to clear the server cache. This way, the next time the DNS server receives a query for the name, it will attempt to resolve that name by querying other computers.
B. Incorrect: Restarting the DNS Client service will flush the DNS client cache on the computer in question. It won’t affect the way the DNS server responds to the query for that computer’s name.
C. Incorrect: Typing ipconfig /flushdns simply clears the DNS client cache. It won’t affect the way the DNS server responds to the query for that computer’s name.
D. Incorrect: Restarting all client computers will not fix the problem. It merely has the effect of clearing the DNS client cache on all computers. This could fix problems related to outdated client cache data, but it will not fix the problem on the DNS server itself.

A. Correct: If computers cannot communicate beyond the local subnet even when you specify an IP address, the problem is most likely that the computers do not have a default gateway specified. To assign a default gateway address to DHCP clients, configure the 003 Router option.
B. Incorrect: If the DHCP clients needed to have a DNS server assigned to them, they would be able to connect to computers when specified by address but not by name.
C. Incorrect: The 015 Domain Name option provides DHCP clients with a connection- specific DNS suffix assigned to them. If clients needed such a suffix, the problem
reported would be that clients could not connect to servers when users specified a single-label computer name such as “Server1” (instead of a fully qualified domain name [FQDN] such as “Server1.contoso.com”).
D. Incorrect: The 044 WINS/NBNS Server option configures DHCP clients with the address of a WINS server. A WINS server would not enable you to connect to computers
on remote subnets when you specify those computers by address.

A. Correct: If both domains are in the same Active Directory forest, you can use the Kerberos protocol built into Active Directory to provide authentication for IPsec
communication.
B. Incorrect: You do not need to configure certificates for authentication. Active Directory already provides the Kerberos protocol that you can use with IPsec.
C. Incorrect: You do not need to configure a preshared key as the authentication method. The Kerberos protocol is already available, and it is more secure than a preshared key.
D. Incorrect: NTLM is a backup authentication method for Active Directory, but it is not a valid authentication method for IPsec

A. Incorrect: The Internet network adapter should have the IP address that was assigned by your ISP, not the internal network adapter.
B. Incorrect: You should configure the ICS server to send queries to the DNS server and client computers to send DNS queries to the ICS server. However, you should not configure the internal network adapter with the DNS server’s IP address.
C. Correct: ICS always assigns the IP address 192.168.0.1 to the internal network adapter.
D. Incorrect: 192.168.0.0/24 is the internal network that ICS assigns to clients. 192.168.0.0 is not a valid IP address, however.

A. Incorrect: A /28 network supports 16 addresses and 14 computers. You need to support 18 addresses and 16 computers.
B. Correct: You need to support 18 addresses and 16 computers. A /27 network supports 32 addresses and 30 computers. This is the smallest option that provides you
with the address space you need.
C. Incorrect: A /26 network supports 64 addresses and 62 computers. This is larger than you need, so it would violate company policy.
D. Incorrect: The current /29 network supports eight addresses and six computers. It cannot support the 16 computers you need.

A. Correct: The file Cache.dns, located in the %systemroot%\system32\dns\ folder, contains the list of the root DNS servers that the local DNS server will query if it
cannot itself answer a query. By default, this file contains the list of Internet root servers, but you can replace it with the list of your company root servers.
B. Incorrect: A HOSTS file specifies a list of resolved names that are preloaded into the DNS client cache. It does not specify root servers.
C. Incorrect: The Lmhosts file is used to resolve NetBIOS names. It does not specify DNS root servers.
D. Incorrect: Specifying a forwarder is not the same as specifying root servers. If the connection to a forwarder fails, a DNS server will query its root servers.

A. Incorrect: Windows 95 does not support acting as a WSUS client.
B. Incorrect: Windows 98 does not support acting as a WSUS client.
C. Correct: Windows 2000, with Service Pack 3 or later, can act as a WSUS client.
D. Correct: Windows XP can act as a WSUS client without any service pack.

A. Incorrect: The wireless client cannot log detailed information about authentication failures because RADIUS does not provide detailed information about why credentials were rejected. Instead, you should examine the Security event log on the RADIUS server.
B. Incorrect: Same as answer A.
C. Correct: The Windows Server 2008 RADIUS service adds events to the local Security event log. These events have information useful for identifying the cause of the
problem, such as the user name submitted.
D. Incorrect: The Windows Server 2008 RADIUS service adds events to the local Security event log, not to the System event log.

A. Incorrect: When you enable IPv6 on a computer running Windows Server 2008, no extra functionality is enabled in connections to a computer running Windows XP.
B. Incorrect: IPv6 never blocks network functionality, so disabling it would never enable a feature like connectivity through a UNC.
C. Incorrect: Enabling LLMNR on WS08A could enable UNC connectivity to another computer running Windows Server 2008 or Windows Vista, but it would not enable UNC connectivity to a computer running Windows XP.
D. Correct: If NetBIOS were disabled, it would block UNC connectivity to a computer running Windows XP.

A. Incorrect: This answer has the incorrect router. The router with the IP address 192.168.1.1 is currently the default gateway, so all traffic will be sent to that router
anyway.
B. Correct: When using the Route Add command, specify the destination network first and then the subnet mask. Finally, provide the router that will be used to access the remote network.
C. Incorrect: In this answer the parameters are reversed—the destination network should be listed as the first parameter after Route Add.
D. Incorrect: In this answer the parameters are reversed and the wrong router is listed.

A. Incorrect: This command configures the DHCP Server service to start automatically when Windows starts.
B. Correct: This is a command you can use on a Server Core installation of Windows Server 2008 to install the DHCP Server role.
C. Incorrect: This command starts the DHCP Server service after it is already installed.
D. Incorrect: You can use this command on a full installation of Windows Server 2008 to install the DHCP Server role. You cannot use this command on a Server
Core installation.

A. Incorrect: The computer running Windows Server 2008 will need to make outbound connections on TCP port 290; however, Windows Firewall allows outbound connections by default. Therefore, you do not need to create a firewall rule.
B. Correct: By default, Windows Server 2008 will block inbound connections that do not have a firewall rule. There is no firewall rule for TCP port 39 by default. Therefore, you will need to add one.
C. Incorrect: The computer running Windows Server 2008 needs to make outbound connections on TCP port 290, but it does not need to allow inbound connections on that port.
D. Incorrect: Windows Vista allows any outbound connection by default. Therefore, you do not need to create a firewall rule to allow outbound connections.

A. Incorrect: Creating a hard quota at 80 MB would prevent the user from saving more than 80 MB of files, which does not meet your requirements.
B. Incorrect: Creating a soft quota with a 100 MB limit would not prevent users from exceeding the quota.
C. Correct: The most efficient way to meet your requirements is to create a single hard quota with a 100 MB limit. The hard quota prevents users from saving files if
they exceed their quota limit. Creating a warning at 80 percent would allow you to configure the quota to send an e-mail to the user when the user has consumed 80 MB of disk space.
D. Incorrect: Soft quotas allow the user to continue to save files once the user has exceeded the quota. For this reason, it would not meet your requirements.

A. Incorrect: Merely configuring a connection-specific suffix does not enable a computer to register with DNS if all the other settings are left at the default values.
B. Incorrect: Enabling this option registers a connection-specific suffix only if one is configured. If the other settings are left at the default values for a non-DHCP client, this setting would have no effect.
C. Incorrect: This option is already enabled if the DNS client settings are left at the default values.
D. Correct: This answer choice provides the only solution that is not a default value and that, when configured, enables a DNS client to register its static address with a DNS server.

A. Correct: This is the only solution that will improve name resolution response times, keep an updated list of remote name servers, and minimize zone transfer traffic.
B. Incorrect: Conditional forwarding would improve name resolution response times and minimize zone transfer traffic, but it would not allow you to keep an updated list of remote name servers.
C. Incorrect: A secondary zone would improve name resolution response times and allow you to keep an updated list of remote name servers, but it would not minimize
zone transfer traffic because the entire zone would need to be copied periodically from the remote office.
D. Incorrect: You cannot perform a delegation in this case. You can perform a delegation only for a child domain in the DNS namespace. For example, a child domain of the ny.us.nwtraders.msft domain might be uptown.ny.us.nwtraders.msft.

A. Incorrect: Network Address Translation (NAT) allows clients with private IP addresses to connect to computers on the public Internet. NAT does not automatically configure routing.
B. Incorrect: Although OSPF is a routing protocol and would meet the requirements of this scenario, Windows Server 2008 does not support OSPF. Earlier versions of Windows do support OSPF.
C. Correct: RIP is a routing protocol. Routing protocols allow routers to communicate a list of subnets that each router provides access to. If you enable RIP on a computer running Windows Server 2008, it can automatically identify neighboring routers and forward traffic to remote subnets.
D. Incorrect: Although you could use static routes to reach remote subnets, the question requires you to configure Windows Server 2008 to automatically identify the
remote networks.

A. Correct: Setting NAP Enforcement to Allow Limited Access limits the client to the remediation servers you list. If you do not list any remediation servers, clients will be completely denied network access.
B. Incorrect: Setting the Access Permission to Deny Access prevents clients from performing a health check. Therefore, both compliant and noncompliant clients will be blocked.
C. Incorrect: The Session Timeout disconnects remote access connections after a specific amount of time. You cannot set a Session Timeout of 0.
D. Incorrect: IP filters should be used for remote access connections. They do not apply to NAP network policies.

A. Incorrect: If you disable scavenging on the zone, it will affect all records. You want to prevent a single record from being scavenged.
B. Incorrect: If you disable scavenging on the server, it will prevent all records on the server from being scavenged. You want to prevent only a single record from being scavenged.
C. Incorrect: Computers with a static address register their addresses in the same way that the DHCP clients do.
D. Correct: Manually created records are never scavenged. If you need to prevent a certain record from being scavenged in a zone, the best way to achieve that is to
delete the original record and re-create it manually.

A. Incorrect: AH provides data authentication but not data encryption.
B. Correct: ESP is the protocol that provides encryption for IPsec.
C. Incorrect: Using IPsec with both AH and ESP is not the best answer because only ESP is needed to encrypt data. Using AH with ESP increases the processing overhead
unnecessarily.
D. Incorrect: Tunnel mode is used to provide compatibility for some gateway-to-gateway VPN communications.

A. Correct: By default, NAT does not allow connections from the Internet to the intranet. You can support them, however, by configuring port forwarding on the NAT
server. With port forwarding, the NAT device accepts the TCP connection and forwards it to a specific server on the intranet.
B. Incorrect: NAT allows clients to establish TCP connections to servers on the Internet.
C. Incorrect: Streaming video often uses User Datagram Protocol (UDP), which often fails when a NAT device is in use. However, streaming video connections that use TCP should always work. For that reason, most streaming media protocols support both UDP (for performance) and TCP (for compatibility with NAT).
D. Incorrect: HTTPs functions exactly like any other TCP connection. Therefore, NAT clients do not have any problem establishing an HTTPS connection to a server on the Internet.

A. Incorrect: Configuring a scope option that assigns clients the DNS server address does nothing to prevent the potential conflict of the scope leasing out the same
address owned by the DNS server.
B. Incorrect: It is not recommended to assign reservations to infrastructure servers such as DNS servers. DNS servers should be assigned static addresses.
C. Incorrect: You can configure only one contiguous address range per scope.
D. Correct: Creating an exclusion for the DNS server address is the simplest way to solve the problem. When you configure the exclusion, the DHCP server will not lease the address and the DNS server preserves its static conguration.

A. Correct: PathPing uses ICMP to detect routers between your computer and a specified destination. Then PathPing computes the latency to each router in the path.
B. Incorrect: Ping tests connectivity to a single destination. You cannot easily use Ping to determine the routers in a path.
C. Incorrect: Although you can use Ipconfig to determine the default gateway, you cannot use it to determine all routers in a path.
D. Correct: TraceRt provides very similar functionality to PathPing, using ICMP to contact every router between your computer and a specified destination. The key different between TraceRt and PathPing is that PathPing computes accurate performance statistics over a period of time, while TraceRt sends only three packets to each router in the path and displays the latency for each of those three packets.

A. Correct: You can use the Wecutil utility to automatically configure a computer to collect events.
B. Incorrect: This command should be run on the forwarding computer.
C. Incorrect: This command should be run on the forwarding computer.
D. Incorrect: You don’t need to add the forwarding computer to the Event Log Readers group. Only the collecting computer should be a member of that group.

A. Incorrect: The StorRept tool configures storage reports from the command prompt.
B. Incorrect: FileScrn is a command-line tool for configuring file screening. It cannot be used to create backups.
C. Incorrect: You can use DirQuota to configure disk quotas. It does not create backups, however.
D. Correct: VSSAdmin allows you to initiate a shadow copy, which you can use to restore files after they have been modified.

A. Incorrect: When you choose this option, computers running Windows 2000 Server cannot see the ForestDnsZones partition in which zone data is stored.
B. Incorrect: When you choose this option, computers running Windows 2000 Server cannot see the DomainDnsZones partition in which zone data is stored.
C. Correct: When you choose this option, zone data is stored in the domain partition, which is visible to computers running Windows 2000 Server.
D. Incorrect: Computers running Windows 2000 Server would not be able to see any new application directory partitions that you create, so creating one and choosing
the associated option would not resolve the problem.

A. Incorrect: 128-bit WEP provides much better security than 64-bit WEP. However, 128-bit WEP is still considered extremely unsecure because it uses static keys and can be cracked in a relatively short time.
B. Incorrect: WPA-PSK uses static keys, making it vulnerable to brute force attacks. WPA-PSK should be used only for testing.
C. Incorrect: 64-bit WEP is the original wireless security standard, and it is now considered outdated. 64-bit WEP uses small, static keys and contains several cryptographic
weaknesses that allow it to be cracked in a short time.
D. Correct: WPA-EAP (and WPA2-EAP) provide the highest level of security by authenticating users to a central RADIUS server, such as a server running Windows Server 2008. As of the time of this writing, breaking WPA-EAP security using brute force techniques would be much more difficult than any other wireless security standard.

A. Incorrect: Enabling this setting configures the Windows Update client to immediately install updates that do not require the computer to be restarted.
B. Correct: This Group Policy setting allows you to configure whether updates are installed automatically and when they are installed. By default, however, Windows
Update clients will notify users of the updates and prompt them to perform the installation.
C. Incorrect: Enabling this setting prevents the Windows Update client from automatically restarting the computer. By default, this setting is disabled, which is required for automatically restarting computers, as outlined in the scenario.
D. Incorrect: You can use this setting to configure client computers as members of a computer group. It has no impact on how updates are installed.

A. Incorrect: Users have No Access permission if no access control entry applies to them or if they explicitly have a Deny permission assigned. In this case, Mary has Read access because she has both NTFS and share permissions assigned.
B. Correct: When connecting to a shared folder, users always have the fewest privileges allowed by both share permissions and NTFS permissions. In this case, the
only share permission grants the Everyone group Reader access—which limits Mary’s permission to read-only.
C. Incorrect: If Mary were to log on locally to the computer and access the files on the local hard disk, share permissions would not be a factor and Mary would be able
to update the files. However, because Mary is accessing the folder using a share and the share has only Reader permissions assigned, Mary will be able to only read
the files.
D. Incorrect: Full Control permissions allow users to change permissions. Having this level of access would require Mary to have both Full Control NTFS permissions and Co-owner share permissions.

A. Incorrect: We know that clients are already configured as DHCP clients because they have received addresses in the APIPA range of 169.254.0.0/16.
B. Incorrect: Dhcp1 does not need to be running the DHCP client service because itis not acting as a DHCP client.
C. Correct: If you want the DHCP server to assign addresses to computers on the local subnet, the server needs to be assigned an address that is also located on the same subnet. With its current configuration, the server is configured with an address in the 10.10.0.0/24 subnet but is attempting to lease addresses in the 10.10.1.0/24 range. To fix this problem, you can either change the address of the DHCP server or change the address range of the scope.
D. Incorrect: This command would enable other computers to connect to Dhcp1 if a user specified Dhcp1 by name. However, the ability to connect to a DHCP server by
specifying its name is not a requirement for DHCP to function correctly. DHCP exchanges do not rely on computer names.

A. Incorrect: The PrintUI command is a graphical interface and cannot be called from a command line. Also, the -b parameter is used to export printer configurations,
not to import them.
B. Correct: You use the PrintBRM command to export and import printer settings from a command prompt. Use the -R parameter to specify an import.
C. Incorrect: The PrintBRMEngine executable file is used by PrintBRM and PrintBMRUI, but it cannot be directly called.
D. Incorrect: Netsh is used to configure network settings and cannot be used to import or export printer settings.

A. Correct: To allow a client to connect from behind a firewall that allows only Web connections, you will need to use Internet printing. To connect to printers shared with Internet printing, specify the path in the format http:///Printers//.printer.
B. Incorrect: Although connecting through the firewall will require you to use HTTP, you must specify the URL using the format http:///Printers/ Name>/.printer.
C. Incorrect: You do not need to specify the Printers folder or the printer name as part of a Universal Naming Convention (UNC) path. Also, a UNC path would not
allow you to bypass the firewall.
D. Incorrect: This would be the correct format if you were connecting to a printer across a local area network using a standard Universal Naming Convention (UNC) path. However, you must specify a URL to use Internet printing, which will allow you to bypass the firewall.

A. Incorrect: Windows XP Professional does not support SSTP.
B. Incorrect: Windows 2000 Professional does not support SSTP.
C. Correct: Windows Vista with Service Pack 1 supports being an SSTP VPN client. It does not support being a VPN server. Windows Vista without Service Pack 1 does not support SSTP.
D. Correct: Windows Server 2008 supports being either an SSTP VPN client or server.

A. Correct: Random Order configures clients to connect to DFS servers at their local site first. If no local DFS server is available, clients randomly choose another DFS server.
B. Incorrect: The Lowest Cost algorithm uses Active Directory site costs to determine which DFS server to connect to if no DFS server is available at the local site.
Although this algorithm is often more efficient than Random Order, the scenario requires clients to randomly connect to DFS servers at different sites.
C. Incorrect: This algorithm prevents clients from connecting to DFS servers at different sites.
D. Incorrect: Selecting this check box configures how clients connect to DFS servers when a DFS server is offline and then later online. It does not configure how clients
initially select a DFS server

A. Incorrect: You would need global addresses only if you wanted your network to connect to the public IPv6 network.
B. Incorrect: Link-local addresses are not routable so they would not allow your subnets to intercommunicate.
C. Correct: Unique local addresses resemble private address ranges in IPv4. They are used for private routing within organizations.
D. Incorrect: Site-local addresses were once defined as a way to provide routing within a private network, but this address type has been deprecated.

A. Incorrect: 802.11b is one of the original wireless standards, and newer standards, including both 802.11g and 802.11n, provide much better performance with
backward-compatibility.
B. Incorrect: 802.11g provides better performance than 802.11b and is backwardcompatible. However, 802.11n provides even better performance than 802.11g.
C. Incorrect: 802.11a uses a different frequency from 802.11b and thus would not provide compatibility with your 802.11b clients.
D. Correct: 802.11n provides the highest performance of the wireless protocols listed, and it is capable of providing backward compatibility with 802.11b clients.

A. Incorrect: Both Windows XP (configured using the Windows Firewall node) and Windows Vista (configured using either the Windows Firewall node or the Windows Firewall With Advanced Security node) support filtering UDP traffic.
B. Incorrect: Both the Windows Firewall and the Windows Firewall With Advanced Security nodes support creating a rule for an executable.
C. Incorrect: Both the Windows Firewall and the Windows Firewall With Advanced Security nodes support configuring scope for a rule.
D. Correct: The Windows Firewall With Advanced Security node supports firewall features available only for Windows Vista and Windows Server 2008, not Windows XP. One of the most important features is the ability to require IPsec connection security and to authenticate and authorize users or computers using IPsec.

A. Incorrect: Refer to the explanation for answer B for more information.
B. Correct: Windows creates a WindowsImageBackup folder in the root of the backup media. Inside that folder, it creates a folder with the current computer’s name.
C. Incorrect: Refer to the explanation for answer B for more information.
D. Incorrect: Refer to the explanation for answer B for more information.

A. Correct: Enabling ICS changes the IP address of the internal network adapter to 192.168.0.1.
B. Incorrect: Enabling ICS does not change the IP address of the external network adapter, which is typically a public IP address defined by your ISP.
C. Correct: Enabling ICS automatically enables a DHCP server on your internal interface, so that clients on the internal network can receive the proper IP configuration.
D. Incorrect: Enabling ICS enables a DHCP server on your internal interface, but not on your external interface.

A. Incorrect: The PrnMngr.vbs tool adds and removes printers.
B. Incorrect: The PrnCnfg.vbs tool configures printer names, locations, permissions, and other basic configuration settings.
C. Incorrect: The PrnQctrl.vbs tool prints a test page, pauses or resumes a printer, and clears the print queue.
D. Correct: The PubPrn.vbs tool publishes a printer to the Active Directory.

A. Incorrect: VPN connections almost always provide better performance than dialup connections. However, dial-up connections are not adequate for streaming video.
B. Correct: Dial-up connections can connect directly to a server on your intranet, bypassing the Internet entirely.
C. Incorrect: VPNs include encryption, preventing an attacker with access to the transmission from interpreting the data.
D. Correct: Both VPN and dial-up servers can authenticate to a central RADIUS server.

A. Incorrect: Because you have a centralized IT department, having local IT departments manage the WSUS servers would be inefficient. Instead, you should configure the remote offices as replicas of the WSUS servr at the headquarters, allowing you to manage all updates using a single WSUS server.
B. Incorrect: Although this architecture would work, it would be extremely wasteful of Internet bandwidth. The bandwidth required for 1200 client computers to each download a service pack from the Internet would be so extreme that for many computers the updates might never succeed.
C. Incorrect: Like answer B, this architecture would work. However, the WAN links would likely be saturated with update traffic as every computer at each remote office transfers large updates. To resolve this, place WSUS servers at each office.
D. Correct: To make best use of WAN and Internet bandwidth, configure a WSUS server at each office and have each computer download updates from your central WSUS server.

A. Incorrect: Users have No Access permission if no access control entry applies to them or if they explicitly have a Deny permission assigned. In this case, Mary has Write access because she has the Modify NTFS permission assigned.
B. Incorrect: Share permissions apply only when users access a folder across the network. Because Mary is accessing the folder from the local computer, only NTFS
permissions apply. The Marketing group is granted Modify NTFS permissions, which allows Mary to write to the folder (in addition to being able to read the contents of the folder).
C. Correct: Through Mary’s membership in the Marketing group, Mary has the Modify NTFS permission. Because Mary is not accessing the files using the share, share
permissions do not affect Mary’s effective permissions. Therefore, Mary can write to the folder.
D. Incorrect: Full Control permissions allow users to change permissions. Having this level of access would require Mary to have Full Control NTFS permissions.

A. Incorrect: You cannot configure notifications directly from the driver’s properties. Instead, you should create a custom filter and then create a notification for the filter.
B. Incorrect: PrintBRM is used to export and import printer settings and cannot configure e-mail notifications.
C. Incorrect: You cannot configure notifications directly from the printer’s properties. Instead, you should create a custom filter and then create a notification for the filter.
D. Correct: You can create a custom filter with criteria that match the printer name and a problem status. Then, you can create a notification for the custom filter to send an e-mail.

A. Correct: You can use the Net Share command to create shared folders.
B. Incorrect: You can use Netsh for a wide variety of network configuration tasks, but you cannot use it to share folders.
C. Incorrect: Share is an executable program used for file locking by legacy MS-DOS applications.
D. Incorrect: The Ipconfig tool displays IP configuration information, but it cannot be used to add shares.

A. Correct: Selecting Allow Only Secure Connections requires IPsec, which you must use to require domain authentication at the firewall level.
B. Incorrect: Specifying a profile for the firewall rule simply means the rule won’t apply if the server isn’t connected to the domain network. You can’t use profiles to require client connection authentication.
C. Correct: After requiring IPsec on the General tab, you can use this tab to limit connections only to users who are members of specific groups.
D. Incorrect: Configuring scope can be a very powerful tool for limiting connections from users. Although it might be advisable to also limit scope to connections from client computers on your internal network, that doesn’t necessarily require users to be a member of your domain. Additionally, you would need to configure the Remote IP Address settings, not the Local IP Address settings.