JPR-934 Online Practice Questions and Answers

The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server.

ABC.com contains a Development department. ABC.com contains a domain controller named ABC-SR24 which is also configured as a DNS Server. A ABC.com employee named Clive Wilson works in the Development department. One

morning Clive Wilson complains that he cannot connect to another network server.

During investigation, you notice that nslookup queries sometimes take a long time and sometimes fail altogether.

You suspect that there is a problem with ABC-SR24.

How would you configure monitoring on ABC-SR24 so that you can review individual name resolution queries?

A. Use System Monitor to monitor host resolution queries on ABC-SR24.

B. Use Event Viewer to view the DNS event log on ABC-SR24.

C. Select the Log packets for debugging option on the Debug Logging tab in the DNS server properties on ABC-SR24.

D. Use Network Monitor to capture DNS query packets on ABC-SR24.

You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a two-node Network Load Balancing cluster, which

is located in a data centre that is physically impenetrable to unauthorized persons.

The cluster servers run Windows Server Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet.

What can you do to mitigate the cluster's most obvious security vulnerability?

A. Configure the cluster to require IPSec.

B. Configure the network cards to use packet filtering on all inbound traffic to the cluster.

C. Use EFS on the server hard disks.

D. Configure intrusion detection the servers on the DMZ.

E. Configure Mac addressing on the servers in the DMZ.

The ABC.com network consists of a single Active Directory domain named ABC.com. ABC.com has its headquarters in Chicago and several branch offices at various locations throughout the country. All servers on the ABC.com network run Windows Server.

You are in the process of configuring a VPN connection between the Chicago office and a branch office in Dallas using Windows Server computers running Routing and Remote Access (RRAS).

A ABC.com written security policy states that the requirements below must be met:

Data transmitted over the VPN must be encrypted with end to end encryption.

The VPN connection authentication should be at the computer level rather than at user level and with no credential information transmitted over the internet.

How should you configure the VPN? (Choose two.)

A. Use a PPTP connection.

B. Use EAP-TLS authentication.

C. Use a PPP connection.

D. Use MS-CHAP v2 authentication.

E. Use MS-CHAP authentication.

F. Use PAP authentication.

G. Use an L2TP/IPSec connection.

The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server. The ABC.com network also contains a file server named ABC-SR10.

A ABC.com user named Rory Allen complains that when connecting to ABC-SR10, it often takes quite some time to respond. Other users report the same problem.

Your investigations reveal that the network interface on ABC-SR10 has a large load during times when the server is slow to respond. You suspect that one of the network computers is causing the problem.

How would you identify the problematic machine?

A. By examining the event logs on ABC-SR10.

B. By viewing the Local Area Connection status on ABC-SR10.

C. By using Network Monitor to inspect the network traffic on the client computers.

D. By using System Monitor to inspect the performance monitor counters on ABC-SR10.

E. By examining the event logs on the client computers.

F. By using System Monitor to inspect the performance monitor counters on the client computers.

G. By using Network Monitor to inspect the network traffic on ABC-SR10.

The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run Windows Server. Your instruction is to set up a child domain named us.ABC.com.

You install Windows Server on a new standalone server named ABC-DC03 and manually assign an IP address. You attempt to run dcpromo to promote ABC-DC03 to a domain controller. You select the new domain in an existing forest

option. The wizard prompts you for the network credentials to join the us.ABC.com to the ABC.com forest. You then receive an error message indicating that a domain controller in the ABC.com domain cannot be found.

How can you ensure that ABC-DC03 can be promoted to a domain controller in the us.ABC.com domain?

A. By installing the DNS Server service on ABC-DC03.

B. By creating a host (A) record for ABC-DC03 on a DNS server in the ABC.com domain.

C. By first joining ABC-DC03 to a workgroup named us.ABC.com.

D. By having the ABC-DC03 client DNS settings configured to use a DNS server in the ABC.com domain.

E. By creating a delegation on a ABC.com DNS server to delegate the us.ABC.com zone to ABC-DC03.

You work as a Network Administrator for ABC.com. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server. The company's headquarters is located at Los Angeles. The company has three branch offices located at San Jose, Oakland, and San Francisco. The company's network is shown in the image below:

All the offices are connected to each other by using 56Kbps demand-dial connections. The branch offices and the headquarters are required to communicate with each other on a regular basis. As you are using demand-dial connections, you do not want the routing updates to be broadcast throughout the network. However, for reliable communications, any changes to the network should be sent to the routers configured on the network. Every router in the network is a server running Windows Server. Which of the following protocols will you use on the routers?

A. RIP 1

B. CHAP

C. RIP 2

D. OSPF

You are the network administrator for your company's network. The network consists of two Active Directory domains: lmiweb.com and hr.lmiweb.com. The lmiweb.com domain supports most of the company's user accounts and resources.

The hr.lmiweb.com domain contains the user accounts and resources for the company's human resources department.

The company has deployed an extensive 802.11b wireless network. Access points (APs) have been deployed throughout the company to provide users in all departments with wireless connectivity and serve as bridges to the wired LAN. A

total of 325 users, including all members of hr.lmiweb.com, have been issued laptops with 802.11bcompliant network adapters. No other computers have wireless connectivity. All wireless LANs have Wired Equivalent Privacy (WEP) enabled

to secure these communications.

Human resources users work throughout the company providing employee training and informational seminars. These users require access to the wireless LAN in all company locations. You must ensure that all human resources data is as

secure as possible as it is transmitted across the wireless LAN. Only users with accounts in only specific users/computers groups should be able to access the human resources division's wireless LAN. In addition, users without accounts in

this domain should not be able to view or select the LAN from their list of available networks.

What should you do? Each correct answer presents part of the solution. (Choose three.)

A. Configure MAC filtering on each department's wireless LAN.

B. Configure MAC filtering on the human resources wireless LAN.

C. Enable Service Set Identifier (SSID) broadcasting on each department's access point.

D. Configure a unique Service Set Identifier (SSID) for each department's wireless LAN.

E. Configure a unique Service Set Identifier (SSID) for the human resources wireless LAN.

F. Enable Service Set Identifier (SSID) broadcasting on all the human resources access points.

G. Disable Service Set Identifier (SSID) broadcasting on all the human resources access points.

You administer your company's Windows network. The network consists of 25 Windows Server computers. The network contains an offline root Certification Authority (CA) located in the main office and a subordinate issuing CA in the main

office and each of the remaining four retail locations.

One of the four retail locations has been purchased and will operate as a franchise. You must ensure that resources on the company network will not accept certificates from the associated subordinate CA in this retail location after the sale is

completed. Your solution must use a minimum amount of administrative effort.

What should you do? (Choose three. Each correct answer presents part of the solution.)

A. On the company's root CA, revoke the certificate of the subordinate CA.

B. Disconnect the subordinate CA from the network.

C. On the subordinate CA, remove the CA software and remove the CA files.

D. On the subordinate CA, revoke the certificates that it has issued.

E. Publish a new Certificate Revocation List.

F. Copy the Edb.log file from the root CA to its Certification Distribution Point on your network.

G. Copy the Edb.log file from the subordinate CA to its Certification Distribution Point on your network.

H. Copy the Certificate Revocation List file to the Certificate Distribution Point on your network.

Which of the following addresses is suitable for dividing into at least nine subnets, each with the ability to support 200 hosts per network?

A. 10.1.1.0/24

B. 10.1.1.0/20

C. 10.1.1.0/19

D. 10.1.1.0/22

You have configured an RRAS server on one Windows Server computer and an IAS server on another, and configured the RRAS server to use the IAS server for authentication. In RADIUS terminology, which computer(s) are referred to as network access servers?

A. The IAS server

B. The RRAS servers

C. The clients of the RRAS server

D. Both the IAS and RRAS servers

You have configured a WAP using the EAP-TLS protocol. The WAP is connected to a LAN with a Windows Server server. Which of the following additional tasks may be necessary to ensure that wireless clients can connect? (Choose all that apply.)

A. Enable PPP authentication.

B. Issue computer certificates to clients.

C. Issue user certificates or smart cards to users.

D. Install and configure IAS.

You have recently purchased a new single-CPU, Intel Xeon-based server. This hardware will be used to run a multithreaded CPU-intensive application. How can you ensure that the application performs at its best on the hardware provided?

A. Turn on hyperthreading.

B. Add a second CPU.

C. Boost the processing priority of the applications threads.

D. Disable hyperthreading.

You have been hired as a consultant to help deploy IPSec for the network of a mediumsize manufacturing firm that is developing a number of new products and must share sensitive data about its products over the network. As part of the planning process, you must determine the best authentication method to use with IPSec. What are the authentication methods that can be used with IPSec? (Select all that apply.)

A. Kerberos v5

B. Perfect Forward Secrecy (PFS)

C. Shared secret

D. Diffie-Hellman groups

You are setting up a procedure to keep documents exchanged between members of the R and D department secret. They will be sending these documents across the Internet to each other. Which PKI process will you need to employ to achieve this?

A. Confidentiality

B. Non-repudiation

C. Authentication

D. Data Integrity

You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com.

ABC.com has several subsidiary companies whose Web sites and DNS zones are hosted on servers at ABC.com.

What actions must you take to allow the DNS server at ABC.com to generate a report of the listed zones on a weekly basis?

A. You need to utilize the ipconfig/registerdns.

B. You need to NetMon utility on the DNS server.

C. You need to utilize the dnscmd utility on the DNS server.

D. You need to utilize the ADSIEdit utility on the DNS server.