JPR-961 Online Practice Questions and Answers

You are your company's network administrator. The network consists of a single subnet. All servers run Windows Server. The network is connected to the Internet through a private WAN link. A computer named Server1 provides Internet

access for the network. Server1 is equipped with two NICs, and Internet Connection Sharing (ICS) is enabled on the NIC that is connected to the Internet.

Your company employs several telecommuters who work from their homes. The remote employees require some files that contain information about the company's business operations. Those files are updated on a daily basis. To provide the

remote employees with those files, you set up an FTP site on a computer named FTPSrv.

You must ensure that the users on the corporate network can access Internet Web sites and that the remote employees can download the necessary files from FTPSrv. The corporate network must be protected against possible Internet-

based attacks. Access to the corporate network from the Internet must be restricted to only the FTP site on FTPSrv.

What should you do?

A. On FTPSrv, enable Internet Connection Firewall, and specify that FTP traffic be allowed to pass to FTPSrv.

B. On Server1, enable Internet Connection Firewall, and specify that FTP traffic be allowed to pass to FTPSrv.

C. Configure Server1 to use IPSec for all communications on the NIC that is connected to the Internet.

D. On Server1, enable Internet Connection Firewall, and configure it to allow only HTTP and FTP traffic to pass to the corporate network.

Andrew works as a Network Administrator for ABC.com. The company has a Windows domain-based network. The company has two Windows servers and 150 Windows Professional client computers.

The company has a Windows server named NATSERV that has a dial-up connection to the Internet.

NATSERV has two network interfaces named EthernetA and EthernetB .

EthernetA is connected to the LAN and has an IP address of 192.168.1.121. EthernetB is connected to the Internet and has an IP address of 132.103.102.71. The client computers on the LAN connect to the Internet by using NATSERV. NAT

also has Routing and Remote Access installed.

Andrew enables the NAT/Basic Firewall routing protocol on NATSERV. The configuration of the NAT/Basic Firewall routing on NATSERV is shown in the image below:

The client computers on the network are unable to connect to the Internet. When Andrew tries to ping

132.103.102.71 from the client computers on the local network, he receives a message as shown in the image below:

Andrew wants to ensure that the client computers on the local network are able to connect to the Internet.

What will he do to accomplish this?

Each correct answer represents a part of the solution. (Choose two.)

A. For EthernetB, configure Outbound Filters under Static packet filters.

B. For EthernetA, configure Inbound Filters under Static packet filters.

C. For EthernetA, configure NAT/Basic Firewall as 'Private interface connected to private network'.

D. For EthernetB, configure NAT/Basic Firewall as 'Public interface connected to the Internet'.

Mark works as a Network Administrator for ABC.com. The company has a Windows domainbased network. The network contains two domain controllers, four Windows member servers, and 300 Windows XP Professional client computers. One of the member servers named RRASSRV works as a Routing and Remote Access Server. RRAS is configured as a VPN server. A company employee named Rick works from a remote location. Rick daily connects to RRASSRV by using a VPN connection and uploads daily reports on RRASSRV. He is the only person who connects to RRASSRV by using the VPN connection. Mark notices that Rick is able to access the other computers on the network while he is connected to RRASSRV. Mark wants to prevent Rick from accessing the other computers on the network. What will he do to accomplish this?

A. In the Routing and Remote Access management console on RRASSRV, click the IP tab page in the server properties dialog box and deselect the Enable IP routing check box.

B. In the Routing and Remote Access management console on RRASSRV, click the General tab page in the server properties dialog box and deselect the Remote access server check box.

C. In the Routing and Remote Access management console on RRASSRV, click the PPP tab page in the server properties dialog box and deselect the Multilink connections check box.

D. In the Routing and Remote Access management console on RRASSRV, click the IP tab page in the server properties dialog box and disable the IP routing radio button.

Ceste has been working for the client services department at a local bank in Richmond, Virginia for over a year. He is responsible for client connectivity to the corporate network backbone. Ceste is a member of the DHCP Users group and uses his privileges as a member of this group to gauge the status of DHCP leases and available IP addresses. Jamie is a systems engineer for the same bank, and is responsible for the back-end configuration of all DHCP servers and scope configuration. He is a member of both the Domain Users and DHCP Administrators groups. On Monday morning, SERVER2, the DHCP server servicing the first and second floor of the bank, crashes. SERVER2 sits on the same network segment as the first floor users

Katherine has been asked for her opinion on increasing the fault tolerance of the corporate network, which uses TCP/IP, Active Directory, and Windows 2000 computers. Specifically, the one DNS server on subnet A. Users may run into serious problems if that machine ever experiences downtime, or if the link between the two subnets goes down. Each subnet has its own Windows domain controller. What would you suggest to provide fault tolerance for the network?

A. Set up a secondary DNS server on subnet B Configure the primary DNS server on subnet A to send notifications of zone changes to the secondary DNS server.

B. Configure DNS on both domain controllers using Active Directory Integrated zones.

C. Install a caching-only DNS server on subnet B.

D. Set up a secondary DNS server on subnet B and configure it to request refreshes from the master DNS server on subnet A.

You work as the network administrator at ABC.com. The ABC.com network consists of a domain named ABC.com. The servers at the ABC.com network run Windows Server.

The ABC.com network has a Web server named ABC-SR11. During a routine monitoring you notice an increase in network traffic. Due to this you need to find out the MAC address of the workstation that initiated the transfers and the

command that was used. However, you action must not effect ABC-SR11.

What actions must you take?

A. You must run the ipconfig/registerdns.

B. You must use the Netmon utility.

C. You must capture the IP traffic to ABC-SR11.

D. You must Enable Server Message Block (SMB) signing on all the workstations.

You are working as the administrator at ABC.com. The network consists of a single Active Directory domain named ABC.com with the domain functional level set at Windows Server. All network servers run Windows Server and all client computers run Windows XP Professional.

The ABC.com domain is divided into organizational units (OU). All the resource servers are contained in an OU named ABC_SERVERS and the workstations are contained in an OU named ABC_CLIENTS. All resource servers operate at near capacity during business hours. All workstations have low resource usage during business hours.

You received instructions to configure baseline security templates for the resource servers and the workstations. To this end you configured two baseline security templates named ABC_SERVERS.inf and ABC_CLIENTS.inf respectively. The ABC_SERVERS.inf template contains many configuration settings. Applying the ABC_SERVERS.inf template would have a performance impact on the servers. The ABC_CLIENTS.inf contains just a few settings so applying this template would not adversely affect the performance of the workstations.

How would you apply the security templates so that the settings will be periodically enforced whilst ensuring that the solution reduces the impact on the resource servers? (Choose three.)

A. By setting up a GPO named SERVER-GPO and link it to the ABC_SERVERS OU.

B. By having the ABC_SERVERS.inf template imported into SERVER-GPO.

C. By having the ABC_SERVERS.inf and the ABC_CLIENTS.inf templates imported into the Default Domain Policy GPO.

D. By scheduling SECEDIT on each resource server to regularly apply the ABC_SERVERS.inf settings during off-peak hours.

E. By having a GPO named CLIENT-GPO created and linked to the ABC_CLIENTS OU.

F. By having the ABC_CLIENTS.inf template imported into CLIENT-GPO.

G. By having SERVER-GPO and CLIENT-GPO linked to the domain.

You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a two-node Network Load Balancing cluster, which

is located in a data centre that is physically impenetrable to unauthorized persons.

The cluster servers run Windows Server Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet.

What can you do to mitigate the cluster's most obvious security vulnerability?

A. Configure the cluster to require IPSec.

B. Configure the network cards to use packet filtering on all inbound traffic to the cluster.

C. Use EFS on the server hard disks.

D. Configure intrusion detection the servers on the DMZ.

E. Configure Mac addressing on the servers in the DMZ.

You are working as an administrator for ABC.com. The network consists of a single Active Directory domain named ABC.com. All server run Windows Server and all client computer run Windows XP Professional.

The ABC.com departments are organized into organizational units (OUs). The Administration OU is named ABC_ADMIN, and the Sales OU is named PABC_SALES. All file servers for all departments are located in their respective OUs. The ABC_SALES OU is a child OU of the ABC_ADMIN OU. A new ABC.com written security policy states that servers in the ABC_ADMIN OU should be highly secure. All communications with ABC-ADMIN servers should be encrypted. The security policy also states that auditing should be enabled for

file and folder deletion on Sales servers. Communications with the Sales servers should not be encrypted. How should you configure Group Policy for the ABC_Admin and ABC_Sales OU? (Choose three.)

A. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_ADMIN OU.

B. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this GPO to the ABC_SALES OU.

C. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_Sales OU.

D. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this GPO to the ABC_ADMIN OU.

E. Block group policy inheritance on the ABC_ADMIN OU.

F. Block group policy inheritance on the ABC_SALES OU.

All servers on the corporate network run Windows Server and all clients run Windows XP.

You have been asked to install a new application called App1 for the network users. The application needs two processors and 3GB RAM to run successfully.

To test App1, you assemble a server named ABC-AppSrv with 4GB RAM and two processors and install Windows Standard Edition 32-bit on it. You install App1 on the server and install the client component of the application on 20 client

computers.

When you execute the application, you discover that the application is running very slowly on the 20 client computers. When you disconnect some of the client computers, the application runs faster on the remaining client computers.

How can you improve the performance of App1?

A. Install the 64-bit version of Windows Server on ABC-AppSrv.

B. Use Task Manager to increase the priority of App1 on ABC-AppSrv.

C. Add more RAM to ABC-AppSrv.

D. Change the operating system on ABC-AppSrv to Windows Server Enterprise Edition.

E. Add the /3GB switch to the boot.ini file.