Latest MCSA 70-642 Real Exam Download 201-210

Ensurepass

QUESTION 201

Your company has a single Active Directory domain. The domain has servers that run Windows Server 2008 R2. You have a server named NAT1 that functions as a NAT server. You need to ensure that administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP). What should you do?

 

A.      Configure NAT1 to forward port 389 to RDP1.

B.      Configure NAT1 to forward port 1432 to RDP1.

C.      Configure NAT1 to forward port 3339 to RDP1.

D.      Configure NAT1 to forward port 3389 to RDP1.

 

Correct Answer: D

 

 

QUESTION 202

Your company has a main office and 15 branch offices. The company has a single Active Directory domain. All servers run Windows Server 2008 R2. You need to ensure that the VPN connections between the main office and the branch offices meet the following requirements:

 

Ÿ   All data must be encrypted by using end-to-end encryption.

Ÿ   The VPN connection must use computer-level authentication.

Ÿ   User names and passwords cannot be used for authentication.

 

What should you do?

 

A.      Configure an IPsec connection to use tunnel mode and preshared key authentication.

B.      Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.

C.      Configure a L2TP/IPsec connection to use the EAP-TLS authentication.

D.      Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.

 

Correct Answer: C

 

 

QUESTION 203

Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS). The company’s remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees. You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What should you do?

A.      Install the Network Policy Server (NPS) server role on RAS1.

B.      Create a remote access policy that requires users to authenticate by using SPAP.

C.      Create a remote access policy that requires users to authenticate by using EAP-TLS.

D.      Create a remote access policy that requires users to authenticate by using MS-CHAP v2.

 

Correct Answer: C

 

 

QUESTION 204

Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers. The servers are configured as shown in the following table.

 

clip_image002

 

You plan to give users access to the files shares on Server2 by using DirectAccess. You need to ensure that you can deploy DirectAccess on Server3. What should you do?

 

A.      Add a static IPv6 address to DC1.

B.      Add a static IPv6 address to Server2.

C.      Upgrade DC1 to Windows Server 2008 R2.

D.      Upgrade Server2 to Windows Server 2008 R2.

 

Correct Answer: C

 

 

QUESTION 205

Your network contains one Active Directory domain. You have a member server named Server1 that runs Windows Server 2008 R2. The server has the Routing and Remote Access Services role service installed. You implement Network Access Protection (NAP) for the domain. You need to configure the Point-to-Point Protocol (PPP) authentication method on Server1. Which authentication method should you use?

 

A.      Challenge Handshake Authentication Protocol (CHAP)

B.      Extensible Authentication Protocol (EAP)

C.      Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

D.      Password Authentication Protocol (PAP)

 

Correct Answer: B

 

 

QUESTION 206

You deploy a Windows Server 2008 R2 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows 7. The firewall is configured to allow only secured Web communications. You need to enable remote users to connect as securely as possible. You must achieve this goal without opening any additional ports on the firewall. What should you do?

 

A.      Create an IPsec tunnel.

B.      Create an SSTP VPN connection.

C.      Create a PPTP VPN connection.

D.      Create an L2TP VPN connection.

 

Correct Answer: B

 

 

QUESTION 207

Your network contains a server that runs Windows Server 2008 R2. The server has the Network Policy and Access Services server role installed. You need to allow only members of a global group named Group1 VPN access to the network. What should you do?

 

A.      Add Group1 to the RAS and IAS Servers group.

B.      Add Group1 to the Network Configuration Operators group.

C.      Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1.

D.      Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 3.

 

Correct Answer: C

 

 

QUESTION 208

Network Access Protection (NAP) is configured for the corporate network. Users connect to the corporate network by using portable computers. The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers. You need to ensure that users can access network resources only from computers that comply with the company policy. What should you do?

 

A.      Create an IPsec Enforcement Network policy.

B.      Create an 802.1X Enforcement Network policy.

C.      Create a Wired Network (IEEE 802.3) Group policy.

D.      Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.

 

Correct Answer: A

 

 

QUESTION 209

Your company uses Network Access Protection (NAP) to enforce policies on client computers that connect to the network. Client computers run Windows 7. A Group Policy is used to configure client computers to obtain updates from Windows Server Update Services (WSUS). Company policy requires that updates labeled Important and Critical must be applied before client computers can access network resources. You need to ensure that client computers meet the company policy requirement. What should you do?

 

A.      Enable automatic updates on each client.

B.      Enable the Security Center on each client.

C.      Quarantine clients that do not have all available security updates installed.

D.      Disconnect the connection until the required updates are installed.

 

Correct Answer: C

 

 

QUESTION 210

Your company has deployed Network Access Protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?

A.      Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.

B.      Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).

C.      Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.

D.      Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).

 

Correct Answer: A

 

Download Latest 70-642 Real Free Tests , help you to pass exam 100%.