TS: Upgrading MCSA on Windows serv 2003 to Windows Serv 2008

1. Your company has an IPv6 network. The IPv6 network has 25 segments. You deploy a server on the IPv6 network.   You need to ensure that the server can communicate with systems on all segments of the IPv6 network.   What should you do?
A. Configure the IPv6 address as fd00::2b0:d0ff:fee9:4143/8.
B. Configure the IPv6 address as fe80::2b0:d0ff:fee9:4143/64.
C. Configure the IPv6 address as ff80::2b0:d0ff:fee9:4143/64.
D. Configure the IPv6 address as 0000::2b0:d0ff:fee9:4143/64.
Answer: A

2. Your company has a single Active Directory domain. All servers run Windows Server 2008. Your company uses an Enterprise Certificate Authority.   Company security policy requires that revoked certificate information be made available.   You need to ensure that revoked certificate information is highly available.   What should you do?
A. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
B. Publish an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
C. Publish the trusted certificate authorities list to the domain by using a group policy object.
D. Create a new group policy object that allows users to trust peer certificates. Link the group policy object (GPO) to the domain.
Answer: A

3. Your corporate network has a member server named RAS1 that runs Windows Server 2008. RAS1 provides Routing and Remote Access Service.   The companys remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees to increase remote access security.   You need to configure RAS1 and your remote access policy to support the use of the smart cards for dial-up connections.   What should you do?
A. Install the Network Policy Server (NPS) on the RAS1 server.
B. Create a remote access policy that requires users to authenticate by using Shiva Password Authentication Protocol (SPAP).
C. Create a remote access policy that requires users to authenticate by using Extensible Authentication ProtocolCTransport Layer Security (EAP-TLS).
D. Create a remote access policy that requires users to authenticate by using version 2 of the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP v2).
Answer: C

4. You deploy a Windows Server 2008 server that has routing and remote access installed. You configure the server that runs Windows Server 2008 to function as the corporate Virtual Private Network (VPN) server. All the portable computers in your company run Microsoft Windows 2000 Professional, Microsoft Windows XP or Windows Vista.   The remote users in the company use this server for domain connectivity into the company network. Confidential research data will be transmitted from the portable computers of the remote users to the VPN server.   The company security policy requires public key infrastructure (PKI) based user and computer authentication for the transmission of confidential data.   You need to ensure that the VPN connection meets the security policy requirements.   What should you do?
A. Create certificate-based authentication with an L2TP/Ipsec policy.
B. Create a custom IPSec policy by using the Kerberos version 5 authentication protocol.
C. Create a policy by using a Pre-shared authentication for most secure data transmission.
D. Run the secedit /refreshpolicy machine_policy command at the command line of the server.
Answer: A

5. Your company is deploying notebook computers that will be used to connect to the wireless network.   You create a group policy and configure profiles by using the names of approved wireless networks. You link the group policy object (GPO) to the Notebook organizational unit.   The new notebook computer users report that they cannot connect to the wireless network.   You need to ensure that the group policy wireless settings are applied to the notebook computers.   What should you do?
A. Run the gpupdate /boot command on the notebook computers.
B. Run the gpupdate /target:computer command on the notebook computers.
C. Connect the notebook computers to the wired network. Log off the notebook computers, and then log on again.
D. Run the Add a network that is in range of this computer wizard on the notebook computers and leave the service set identifier (SSID) blank.
Answer: C

6. Your company plans to open a new branch office as a part of its Active Directory infrastructure. Users from the engineering department have to dial in to the company network when they work at the new branch office. You create a template account for new users in the engineering department.   You need to ensure that all new user accounts in the engineering department hold the appropriate dial-in rights.   What should you do?
A. Add the group membership information to the template account, and then create a connection request policy that includes the new group.
B. Add the group membership information to the template account, and then create a group policy that grants the new group local logon permissions
C. Modify the schema for the account by changing the Logon Hours to 6:00-18:00 hours Monday through Friday.
D. Modify the schema for the group membership attribute by selecting the Index this attribute in the Active Directory check box.
Answer: A

7. Your company has a single Active Directory domain. All servers run the Windows Server 2008 operating system.   The company network has 10 servers that perform as Web servers. All confidential files are located on a server named FSS1.   The company security policy states that all confidential data must be transmitted in the most secure manner.   You activate Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the Data Decryption Field (DDF) of the confidential files for the users who want to access them.   When you monitor the network, you notice that the confidential files that are stored on the FSS1 server are being transmitted over the network without encryption.   You need to ensure that encryption is always used when the confidential files on the FSS1 server are transmitted over the network.   What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Deactivate all LM and NTLM authentication methods on the FSS1 server.
B. Use IIS to publish the confidential files, activate SSL on the IIS server, and then open the files as a Web folder.
C. Use IPSec encryption between the FSS1 server and the computers of the users who want to access the confidential files.
D. Use the Server Message Block (SMB) signing between the FSS1 server and the computers of the users who want to access the confidential files.
E. Activate offline files for the confidential files that are stored on the FSS1 server. In the Folder Advanced Properties dialog box, select the Encrypt contents to secure data option.
Answer: BC

8. Network Access Protection is configured for the corporate network. The company policy requires confidentiality of data when the data is in transit between the client computers and the servers.   Users connect their personal portable computers to the corporate network and access the network resources.   You need to prevent computers that do not comply with the company policy requirements from accessing network resources.   What should you do?
A. Create an IPSec Enforcement Network policy.
B. Create an 802.1X Enforcement Network policy.
C. Create a Wired Network (IEEE 802.3) Group policy.
D. Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.
Answer: A

9. You company has Network Access Protection and Active Directory Certificate Services (AD CS) deployed on the network.   You set up new portable computers to connect to the company's wireless network. The portable computers will use PEAP-MS-CHAP V2 for authentication.   You need to ensure that the portable computers can join the domain when users restart their portable computers.   What should you do?
A. Run the netsh wlan export profile command on each portable computer.
B. Configure each portable computer with a Bootstrap Wireless profile.
C. Configure a group policy with the Use Windows WLAN Auto Config service for clients policy setting enabled.
D. Configure a group policy with the Use Windows Wired Auto Config service for clients policy setting disabled.
Answer: B

10. Your company uses Routing and Remote Access Service (RRAS) for remote user access. The remote users' computers are not domain members. You discover that the remote users' computers are the source of a virus on internal member servers.   You need to protect the corporate network against viruses that are transmitted from remote users.   What should you do?
A. Deploy file-level antivirus software on the RRAS server and configure automatic updates for the antivirus software.
B. Configure a network health policy to require that an antivirus application is running and that the antivirus application is up to date.
C. Configure a network health policy to require that an anti-spyware application is running and that the anti-spyware application is up to date.
D. Create an organizational unit for remote users. Deploy antivirus software to the organizational unit by using a group policy object (GPO).
Answer: B

11. Your company has a main office and 15 branch offices. The company has a single Active Directory domain. All servers run Windows Server 2008.  
The main office network and the branch office networks are connected by using Routing and Remote Access Servers (RRASs) at each office.  
The networks will be connected by virtual private network (VPN) connections over the Internet.  
The companys security policy has the following requirements for VPN connections:  
    All data must be encrypted by using end-to-end encryption.
     The VPN connection must use computer-level authentication.
     Usernames and passwords cannot be used for authentication.  
You need to ensure that the VPN connections between the main office and the branch offices meet the requirements.  
What should you do?
A. Configure an IPSec connection to use tunnel mode and preshared key authentication.
B. Configure a Point-to-Point Tunneling Protocol (PPTP) connection to use version 2 of the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP v2) authentication.
C. Configure a Layer Two Tunneling Protocol/Internet Protocol Security (L2TP/IPSec) connection to use the Extensible Authentication ProtocolCTransport Layer Security (EAP-TLS) authentication.
D. Configure a Layer Two Tunneling Protocol/Internet Protocol Security (L2TP/IPSec) connection to use version 2 of the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP v2) authentication.
Answer: C

12. Your company has a single Active Directory domain. The company runs an ISA 2006 server as a firewall.   You set up access for users to connect through a virtual private network (VPN) service by using Point-to-Point Tunneling Protocol (PPTP). When the users try to connect to the VPN server, the following error message is displayed:   "Error 721: The remote computer is not responding."   You need to ensure that the users can successfully establish a VPN connection.   What should you do?
A. Open up port 1423 on the firewall.
B. Open up port 1723 on the firewall.
C. Open up port 3389 on the firewall.
D. Open up port 6000 on the firewall.
Answer: B

13. Your company has Network Access Protection (NAP) configured for the corporate network with the default settings.   You deploy an application to client computers that run Windows Vista. The application connects to a remote database server. The application fails on the client computers. You discover that the anti-spyware software on the client computers is incompatible with the new application.   You disable the anti-spyware software on the client computers. The application continues to fail on the client computers.   You need to ensure that all client computers can run the new application.   What should you do?
A. Disable the An anti-spyware application is on setting on the Windows Security Health Validator dialog box.
B. Disable the Anti-spyware is up to date setting on the Windows Security Health Validator dialog box.
C. Configure the Error code resolution setting for the System health agent failure option to Healthy.
D. Configure the Windows Defender service to the Manual Startup type on the client computers. Re-start the Windows Defender service.
Answer: A

14. You install the Windows Server 2008 operating system on a new computer named SRV1. You run six driver installation programs from third-party CDs.   When you restart the computer, SRV1 fails to start correctly. The following error message is displayed:   "Windows could not start because the following file is missing or corrupt: \WINNT\SYSTEM32\CONFIG\SYSTEM."   You need to repair the registry on SRV1.   What should you do?
A. Shut down SRV1. Restart SRV1 by using the installation media. Perform a System Restore on SRV1.
B. Shut down SRV1. Restart SRV1 by using the installation media. Start Recovery Console and run the fixboot command.
C. Restart SRV1 in Safe Mode and run the bootcfg command at the command line with the appropriate switches.
D. Restart SRV1 in Safe Mode and run the bcdedit command at the command line with the appropriate switches.
Answer: A

15. A server on your corporate network runs a Windows Server 2008 Core Edition installation of Windows Server 2008. The server runs the DNS Server role.  
You run the sc stop dns command. You then run the sc continue dns command. The following output is displayed: 
C:\Users\Administrator>sc continue DNS
[SC] ControlService FAILED 1062:  
The service has not been started.  
You need to ensure that the DNS service functions properly.  
What should you do?
A. Run the sc continue dns command at the command prompt.
B. Run the net start dns command at the command prompt.
C. Run the start /w ocsetup DNS-Server-Core-Role command at the command prompt.
D. Run the net stop dns command and then the net continue dns command at the command prompt.
Answer: B

16. You install Microsoft Windows Deployment Services (WDS) on a server that runs Windows Server 2008.   You test an image. You discover that the image is out of date.   You need to remove the image from the server.   What should you do?
A. Run the WDSUTIL command with the /Remove-Image and /ImageType:install options at the WDS server command prompt.
B. Run the WDSUTIL command with the /Remove-Image and /ImageType:boot options at the WDS server command prompt.
C. Run the WDSUTIL command with the /Export-Image and /ImageType:install options at the WDS server command prompt.
D. Run the WDSUTIL command with the /Export-Image and /ImageType:boot options at the WDS server command prompt.
Answer: A

17. You install Microsoft Windows Deployment Services (WDS) on a server that runs Windows Server 2008.   When you attempt to upload spanned image files to the WDS server, you receive an error message.   You need to ensure that the image files can be uploaded.   What should you do?
A. Combine the spanned image files into a single WIM file.
B. Grant the Authenticated Users group Full Control on the \REMINST directory.
C. Run the wdsutil /Convert command at the command line on the WDS server.
D. Run the wdsutil /add-image /imagefile:\\server\share\sources\install.wim /image type:install command for each component file individually at the command line on the WDS server.
Answer: A

18. Your company has a server named VS1 that runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. VS1 hosts ten virtual servers.   One of the virtual servers named WinNT runs a database application. The WinNT virtual server is supported by a dedicated administrator. The administrator user account name is WinNT_Admin.   You plan to provide the WinNT_Admin administration account access to the Virtual Server standard tools on the VS1 server. You also plan that the WinNT_Admin administration account will only be able to view and access the WinNT virtual server.   You need to configure the VS1 server for the WinNT_Admin account.   Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Open the Virtual Server Administration Web site and connect to VS1. Configure the WinNT virtual server to run under the WinNT_Admin account.
B. Open the Virtual Server Administration Web site and connect to VS1. Configure the VS1 security settings to set the Deny Modify permission for the WinNT_Admin account.
C. Open the Virtual Server Administration Web site and connect to VS1. Configure the VS1 security settings to grant the WinNT_Admin account the Allow View and Allow Control permissions.
D. Set the Deny Read permission for the WinNT_Admin account on all virtual server configuration files except the virtual server configuration file for the WinNT virtual server.
E. Set the Deny Read permission for the WinNT_Admin account on all virtual hard disk files except the virtual hard disk files that are used by the WinNT virtual server.
Answer: CD

19. Your company has a server named VS1 that runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. VS1 hosts 10 virtual machines that are connected to the built-in internal virtual network.   The company uses a DHCP server to assign IP addresses to all client computers on the intranet.   You configure a virtual server named VM-DC1 on the VS1 server. You configure and authorize a DHCP server on VM-DC1. You configure and activate a scope for the built-in internal virtual network.   You discover that all virtual machines get their IP address from an unknown scope.   You need to assign IP addresses and scope options, including the domain name option, to all virtual machines by using the DHCP scope from VM-DC1.   What should you do?
A. Activate ICS on the physical interface on the VS1 server.
B. Deactivate the default virtual DHCP server on the built-in internal virtual network.
C. Uninstall the DHCP server from the VM-DC1 virtual machine. Configure a new scope on the default virtual DHCP server on the built-in internal virtual network.
D. Uninstall the DHCP server from the VM-DC1 virtual machine. Configure a new scope for the virtual machines on the intranet DHCP server.
Answer: B

20. Your company has a single Active Directory forest. All servers run Windows Server 2008.   You install Microsoft Windows Deployment Services (WDS) on the network. You capture an image of a reference computer. You deploy the image to 300 client computers. The client computers have the same name.   You need to ensure that the client computers receive unique identities.   What should you do?
A. Create an image group by using the WDS snap-in. Redeploy the image to the client computers.
B. Run the wdsutil /enable command at the command line on the WDS server. Redeploy the image to the client computers.
C. Run the Sysprep utility on the reference computer. Capture a new image of the reference computer. Deploy the new image to the client computers.
D. Configure read permissions for the Authenticated Users group in the directory that contains the image files. Redeploy the image to the client computers.
Answer: C

21. You install Windows Server 2008 on a server in a test environment. The server is configured to dual boot with Microsoft Windows Server 2003.   An administrator reconfigures options on the server. After the options are reconfigured, the server defaults to boot into Windows Server 2003.   You need to configure the server to boot into Windows Server 2008 by default.   What should you do?
A. Run the bcdedit command with the /default option.
B. Run the bcdedit command with the /bootsequence option.
C. Add an entry on the Startup tab in the msconfig.exe utility.
D. Edit the Boot.ini file to configure the default operating system.
Answer: A

22. Your company has a single Active Directory forest. All servers run Windows Server 2008. You install Microsoft Windows Deployment Services (WDS) and the DHCP server role on the server that runs Windows Server 2008.   When users attempt to deploy images to new computers, the new computers do not receive a response from the WDS server.   You need to successfully configure the WDS server to deploy the images.   Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure port 67 TCP to listen on the WDS server.
B. Configure port 60 TCP to avoid listening on the WDS server.
C. Run the WDSUTIL /set-server /autodiscovery:yes command at the WDS server command prompt.
D. Run the WDSUTIL /set-server /DHCPOption60:yes command at the WDS server command prompt.
E. Run the WDSUTIL /set-server /usedhcpports:no command at the WDS server command prompt.
Answer: DE

23. Your company has 4 regional offices. You install Microsoft Windows Deployment Services (WDS) on the network.   Your company creates 4 images for each of the four regional offices. There are a total of 16 images for the company. The images are to be used as standard images for workstations. You deploy the images by using WDS.   An administrator from one of the regional offices reports that when she boots the WDS client computer, some of the images for her regional office do not appear on the boot menu.   You need to ensure that each administrator can view the images for his or her regional office.   What should you do?
A. Place each regional office into a separate image group on the WDS server.
B. Create a global group for each regional office, and place the computers in the appropriate global group.
C. Create an organizational unit for each regional office, and place the computers in the appropriate organizational unit.
D. Pre-stage each computer account by using the individual computer Global Unique Identifier (GUID) to identify its regional office.
Answer: A

24. Your company, Contoso, Ltd., has a software evaluation lab. The lab has a server named VS1 that runs Windows Server 2008 and Microsoft Virtual Server 2005 R2.   VS1 hosts 100 virtual servers on an isolated virtual segment that is used for software evaluation. VS1 has one physical network interface card.   All physical servers in Contoso have access to the Internet.   The company security policy requires that the IP address space that is used by the software evaluation lab must not be used on the production network. The policy also states that no production IP addresses must be used on the evaluation lab network.   You discover that software updates for the applications that are tested in the evaluation lab are available only through the application that connects directly to the vendors update servers on the Internet.   You need to configure Internet access for all virtual servers that run on VS1. You also need to meet the company security policy requirements.   Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure Contoso intranet IP addresses on all the virtual servers on VS1.
B. Activate Internet Connection Sharing (ICS) on the physical network interface on VS1.
C. Activate the Virtual DHCP server for the External virtual network. Run the ipconfig / renew command on each virtual server.
D. Add a Microsoft Loopback Adapter network interface to VS1. Create a new virtual network by using the new network interface. Configure the virtual network adapters on all virtual servers to use only the new virtual network.
Answer: BD

25. Your company has a main office and a branch office. The main office has 20 servers that run Windows Server 2008 and 125 workstations that run Microsoft Windows XP Professional.   The branch office has three servers that run Windows Server 2008 and 50 workstations that run Windows XP Professional.   Only computers in the main office have access to the Internet. All servers have the same security configuration. There are no plans to add new servers or workstations to the network in the near future.   You install Volume Activation Management Tool (VAMT) on a server named DC1 in the main office. You add all servers to the VAMT server and configure the servers for Multiple Activation Key (MAK) Independent Activation.   You discover that the servers in the branch office are unable to activate Windows Server 2008.   You need to activate Windows Server 2008 on all servers.   What should you do?
A. Install a Key Management Service (KMS) server on the network.
B. Configure MAK Proxy Activation on all servers in the branch office.
C. Configure Windows Management Instrumentation (WMI) Firewall Exception on all servers in the branch office.
D. Open VAMT on DC1 and export the Computer Information List (CIL). Send this file to Microsoft Technical Support for activation.
Answer: B

26. Your company has an Active Directory domain. All servers run Windows Server 2008. You install Microsoft Windows Deployment Services (WDS) on the network. You plan to deploy an image to 150 computers that have no operating system installed.   When you deploy the image to a test computer, a driver error occurs.   You need to modify the image to include the correct driver.   What should you do?
A. Mount the image file, and run the sysprep utility.
B. Mount the image file, and modify the image file by using the System Image Manager (SIM) utility.
C. Map the image file to an installation point that holds the correct driver.
D. Update the driver in the Device Manager of the WDS server.
Answer: B

27. You need to remotely connect to a computer that runs a Windows server core installation of the Windows Server 2008.   What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Run the Slmgr.vbs - ato script on the Windows Server Core computer.
B. Run Server Manager on your client computer and connect to the Windows Server Core computer.
C. Run the netsh add set portstatus command on the Windows Server Core computer.
D. Run the winrs - r: <server core name> dir c:\Windows command on your client computer.
Answer: BD

28. You have a Windows server core installation of Windows Server 2008. The installation was completed by using the default settings.   You plan to make the server accessible to the domain users.   You need to change the server name. You also need to join the server to the domain.   Which tool should you run?
A. Netsh.exe
B. Netdom.exe
C. Ocsetup.exe
D. Oclist.exe
Answer: B

29. Your company has a single-domain Active Directory forest. You plan to install an Active Directory Enterprise certification authority (CA) on a dedicated stand-alone server. When you attempt to add the Active Directory Certificate Services (AD CS) role, you find that the Enterprise CA option is not available in the Specify Setup Type selection dialog box.   You need to install the AD CS role on the server.   What should you do?
A. Enable the DNS Server role.
B. Enable the Active Directory Domain Services (AD DS) role.
C. Enable the Active Directory Lightweight Directory Service (AD LDS) role.
D. Enable the Web server (IIS) and the AD CS roles.
Answer: B

30. Your company has an Active Directory forest that has a single domain. The company also hosts other applications on its perimeter network.   The company wants employees to have single sign-on access to applications that are hosted on the perimeter network.   The company has a domain member server that has an Active Directory Federation Services (AD FS) role installed.   You need to configure the AD FS trust policy to populate AD FS tokens with employees information from the Active Directory domain.   What should you do?
A. Add and configure a new account store.
B. Add and configure a new organization claim.
C. Add and configure a new account partner.
D. Add and configure a new application.
Answer: A