Braindump2go Promise You Pass New Exam 70-642 One Time Just Using 70-642 Latest Released Exam Questions (1-10)
Try 2015 Latet Updated 70-642 Practice Exam Questions and Answers, Pass 70-642 Actual Test 100% in 2015 New Year! Braindump2go Latest released Free Sample 70-642 Exam Questions are shared for instant download! Braindump2go holds the confidence of 70-642 exam candiates with Microsoft Official Guaranteed 70-642 Exa Dumps Products! 448 New Updated Questions and Answers! 2015 Microsoft 70-642 100% Success! Vendor: Microsoft Exam Code: 70-642 Exam Name: TS: Windows Server 2008 Network Infrastructure, Configuring Keywords: 70-642 Exam Dumps,70-642 Practice Tests,70-642 Practice Exams,70-642 Exam Questions,70-642 Dumps,70-642 PDF,70-642 VCE,70-642 Study Guide | QUESTION 1
Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS).
The company's remote access policy allows members of the Domain Users group to dial in to RAS1.
The company issues smart cards to all employees.
You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection.
What should you do?
A. Install the Network Policy Server (NPS) server role on RAS1.
B. Create a remote access policy that requires users to authenticate by using SPAP.
C. Create a remote access policy that requires users to authenticate by using EAP-TLS.
D. Create a remote access policy that requires users to authenticate by using MS-CHAP v2.
Answer: C
Explanation:
EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is wellsupported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles' heel.
EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards.[4] This is because there is no way to steal a certificate's corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.[5] There are client and server implementations of EAP-TLS in 3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2
QUESTION 2
Your network contains an Active Directory domain named contoso.com.
Contoso.com contains three servers.
The servers are configured as shown in the following table.
You plan to give users access to the files shares on Server2 by using DirectAccess.
You need to ensure that you can deploy DirectAccess on Server3.
What should you do?
A. Add a static IPv6 address to DC1.
B. Add a static IPv6 address to Server2.
C. Upgrade DC1 to Windows Server 2008 R2.
D. Upgrade Server2 to Windows Server 2008 R2.
Answer: C
Explanation:
- One or more DirectAccess servers running Windows Server 2008 R2 (with or without UAG) with two network adapters: one that is connected directly to the Internet and one that is connected to the intranet. DirectAccess servers must be a member of an AD DS domain.
- On the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to the network adapter that is connected to the Internet.
- DirectAccess client computers that are running Windows 7 Enterprise or Windows 7 Ultimate. DirectAccess clients must be members of an AD DS domain.
- At least one domain controller and DNS server that is running Windows Server 2008 SP2 or Windows Server 2008 R2. When UAG is used, DirectAccess can be deployed with DNS servers and domain controllers that are running Windows Server 2003 when NAT64 functionality is enabled.
- A public key infrastructure (PKI) to issue computer certificates, and optionally, smart card certificates for smart card authentication and health certificates for NAP.
For more information, see Public Key Infrastructure on the Microsoft Web site.
- Without UAG, an optional NAT64 device to provide access to IPv4-only resources for DirectAccess clients.
DirectAccess with UAG provides a built-in NAT64.
http://technet.microsoft.com/en-us/library/dd637797(v=ws.10).aspx
QUESTION 3
Your network contains one Active Directory domain.
You have a member server named Server1 that runs Windows Server 2008 R2.
The server has the Routing and Remote Access Services role service installed.
You implement Network Access Protection (NAP) for the domain.
You need to configure the Point-to-Point Protocol (PPP) authentication method on Server1.
Which authentication method should you use?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Extensible Authentication Protocol (EAP)
C. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)
D. Password Authentication Protocol (PAP)
Answer: B
Explanation:
With EAP, the specific authentication mechanism is not chosen during the link establishment phase of the PPP connection; instead, the PPP peers negotiate to perform EAP during the connection authentication phase. When the connection authentication phase is reached, the peers negotiate the use of a specific EAP authentication scheme known as an EAP method.
After the EAP method is agreed upon, EAP allows for an open-ended exchange of messages between the access client and the authenticating server that can vary based on the parameters of the connection. The conversation consists of requests and responses for authentication information. The EAP method determines the length and details of the authentication conversation.
http://technet.microsoft.com/en-us/library/bb457039.aspx
QUESTION 4
You deploy a Windows Server 2008 R2 VPN server behind a firewall.
Remote users connect to the VPN by using portable computers that run Windows 7.
The firewall is configured to allow only secured Web communications.
You need to enable remote users to connect as securely as possible.
You must achieve this goal without opening any additional ports on the firewall.
What should you do?
A. Create an IPsec tunnel.
B. Create an SSTP VPN connection.
C. Create a PPTP VPN connection.
D. Create an L2TP VPN connection.
Answer: B
Explanation:
Secure Socket Tunneling Protocol (SSTP) is a tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAP-TLS. SSL provides transport-level security with enhanced key negotiation, encryption, and integrity checking. Although it is closely related to SSL, a direct comparison can not be made between SSL and SSTP as SSTP is only a tunneling protocol unlike SSL. Many reasons exist for choosing SSL and not IPSec as the basis for SSTP.
IPSec is directed at supporting site- to- site VPN connectivity and thus SSL was a better base for SSTP development, as it supports roaming.
http://technet.microsoft.com/en-us/library/dd469817(v=ws.10).aspx
QUESTION 5
Your network contains a server that runs Windows Server 2008 R2.
The server has the Network Policy and Access Services server role installed.
You need to allow only members of a global group named Group1 VPN access to the network.
What should you do?
A. Add Group1 to the RAS and IAS Servers group.
B. Add Group1 to the Network Configuration Operators group.
C. Create a new network policy and define a group-based condition for Group1.
Set the access permission of the policy to Access granted.
Set the processing order of the policy to 1.
D. Create a new network policy and define a group-based condition for Group1.
Set the access permission of the policy to Access granted.
Set the processing order of the policy to 3.
Answer: C
QUESTION 6
Network Access Protection (NAP) is configured for the corporate network.
Users connect to the corporate network by using portable computers.
The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers.
You need to ensure that users can access network resources only from computers that comply with the company policy.
What should you do?
A. Create an IPsec Enforcement Network policy.
B. Create an 802.1X Enforcement Network policy.
C. Create a Wired Network (IEEE 802.3) Group policy.
D. Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.
Answer: A
QUESTION 7
Your company uses Network Access Protection (NAP) to enforce policies on client computers that connect to the network.
Client computers run Windows 7.
A Group Policy is used to configure client computers to obtain updates from Windows Server Update Services (WSUS). Company policy requires that updates labeled Important and Critical must be applied before client computers can access network resources.
You need to ensure that client computers meet the company policy requirement.
What should you do?
A. Enable automatic updates on each client.
B. Enable the Security Center on each client.
C. Quarantine clients that do not have all available security updates installed.
D. Disconnect the connection until the required updates are installed.
Answer: C
QUESTION 8
Your company has deployed Network Access Protection (NAP) enforcement for VPNs.
You need to ensure that the health of all clients can be monitored and reported.
What should you do?
A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the
domain.
B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the
Domain Controllers organizational unit (OU).
C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry
option to Enabled. Link the policy to the domain.
D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry
option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
Answer: A
QUESTION 9
Your company has a server named FS1.
FS1 hosts the domain-based DFS namespace named \contoso.comdfs.
All domain users store their data in subfolders within the DFS namespace.
You need to prevent all users, except administrators, from creating new folders or new files at the root of the \contoso.comdfs share.
What should you do?
A. Run the dfscmd.exe \FS1dfs /restore command on FS1.
B. Configure the NTFS permissions for the C:DFSrootsdfs folder on FS1.
Set the Create folders/append data special permission to Deny for the Authenticated Users
group.
Set the Full Control permission to Allow for the Administrators group.
C. Start the Delegate Management Permissions Wizard for the DFS namespace named
\contoso.comdfs.
Remove all groups that have the permission type Explicit except the Administrators group.
D. Configure the \FS1dfs shared folder permissions.
Set the permissions for the Authenticated Users group to Reader.
Set the permissions for the Administrators group to Co-owner.
Answer: D
QUESTION 10
Your company has a domain with multiple sites.
You have a domain-based DFS namespace called contoso.comManagement.
The \contoso.comManagement namespace hierarchy is updated frequently.
You need to configure the contoso.comManagement namespace to reduce the workload of the PDC emulator.
What should you do?
A. Enable the Optimize for scalability option.
B. Enable the Optimize for consistency option.
C. Set the Ordering method option to Lowest cost.
D. Set the Ordering method option to Random order.
Answer: A
Braindump2go New Published Exam Dumps: Microsoft 70-642 Practice Tests Questions, 448 Latest Questions and Answers from Official Exam Centre Guarantee You a 100% Pass! Free Download Instantly! http://www.braindump2go.com/70-642.html