NEW QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx

NEW QUESTION 2
Your network contains an Active Directory domain. The domain contains a certification authority (CA) and a Network Policy Server (NPS) server.
You plan to deploy Remote Access Always On VPN. Which authentication method should you use?

• A. Microsoft: EAP-TTLS
• B. Microsoft: Secured password
• C. Microsoft: Protected EAP
• D. Microsoft: EAP-AKA

Answer: C

NEW QUESTION 3
You have a server named Server1 that runs Windows Server 2021. Server1 is a Hyper-V host that hosts a virtual machine named VM1.
Server1 has three network adapter cards that are connected to virtual switches named vSwitch1, vSwitch2 and vSwitch3.
You configure NIC Teaming on VM1 as shown in the exhibit. (Click the Exhibit button.)


You need to ensure that VM1 will retain access to the network if a physical network adapter card fails on Server1.
What should you do?

• A. From Windows PowerShell on VM1, run the Set-VmNetworkAdapterTeamMapping cmdlet.
• B. From Windows PowerShell on Server1, run Set-VmNetworkAdapter cmdlet.
• C. From Windows PowerShell on Server1, run the Set-VmNetworkAdapterFailoverConfiguration cmdlet.
• D. From the properties of the NIC team on VM1, add the adapter named Ethernet to the NIC team.

Answer: B

Explanation: References: https://www.techsupportpk.com/2021/01/nic-teaming-in-hyper-v-on-windows-server-2021.html

NEW QUESTION 4
You are implementing a secure network. The network contains a DHCP server named Server1 that runs Windows Server 2021.
You create a DHCP allow filter that contains all of the computers on the network that are authorized to receive IP addresses.
You discover that unauthorized computers can obtain an IP address from Server1.
You need to ensure that only authorized computers can receive an IP address from Server1. Solution: You run the following command.
Add-DHCPServer4Filter -ComputerName Server1 -MacAddress -List Allow Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: References:
https://docs.microsoft.com/en-us/powershell/module/dhcpserver/add-dhcpserverv4filter?view=win10-ps

NEW QUESTION 5
Your network contains multiple wireless access points (WAPs) that use WPA2-Personal authentication. The network contains an enterprise root certification authority (CA).
The security administrator at your company plans to implement WPA2-Enterprise authentication on the WAPs.
To support the authentication change, you deploy a server that has Network Policy Server (NPS) installed. You need to configure NPS to authenticate the wireless clients.
What should you do on the NPS server?

• A. Add RADIUS clients and configure network policies.
• B. Create a remote RADIUS server group and configure connection request policies.
• C. Create a remote RADIUS server group and install a server certificate.
• D. Add RADIUS clients and configure connection request policies.

Answer: A

Explanation: https://ittrainingday.com/2013/12/25/how-to-configure-a-windows-radius-server-for-802-1x-wireless-or-wired-c

NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. You enable Response Rate Limiting on Server1. You need to prevent Response Rate Limiting from applying to hosts that reside on the network of 10.0.0.0/24. Which
cmdlets should you run? To answer, select the appropriate options in the answer area.

Answer:

Explanation: Set-DnsServerResponseRateLimiting
Add-DnsServerResponseRateLimitingExceptionlist
https://docs.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverresponseratelimiting?view=win10-p

NEW QUESTION 7
You have an IP Address Management (IPAM) server named IPAM1 that runs Windows Server 2021. IPAM1 manages 10 DHCP servers.
You need to provide a user with the ability to track which clients receive which IP addresses from DHCP. The solution must minimize administrative privileges.

• A. IPAM MSM Administrators
• B. IPAM ASM Administrators
• C. IPAM IP Audit Administrators
• D. IPAM User

Answer: C

Explanation: References: https://technet.microsoft.com/en-us/library/jj878348(v=ws.11).aspx

NEW QUESTION 8
You have a DHCP server named Server1.
Server1 has an IPv4 scope that serves 75 client computers that run Windows 10.
When you review the address leases in the DHCP console, you discover several leases for devices that you do not recognize.
You need to ensure that only the 75 Windows 10 computers can obtain a lease from the scope. What should you do?

• A. Run the Add-DhcpServerv4ExclusionRange cmdlet.
• B. Create and enable a DHCP filter.
• C. Create a DHCP policy for the scope.
• D. Run the Add-DhcpServerv4OptionDefinition cmdlet.

Answer: A

Explanation: References: https://technet.microsoft.com/en-us/library/jj590721(v=wps.630).aspx

NEW QUESTION 9
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have a DHCP server named Server1 that has three network cards. Each network card is configured to use a static IP address.
You need to prevent all client computers that have physical address beginning with 98-5F from leasing an IP address from Server1.
What should you do?

• A. From the properties of Scope1, modify the Conflict detection attempts setting.
• B. From the properties of Scope1, configure Name Protection.
• C. From the properties of IPv4, configure the bindings.
• D. From IPv4, create a new filter.
• E. From the properties of Scope1, create an exclusion range.
• F. From IPv4, run the DHCP Policy Configuration Wizard.
• G. From Control Panel, modify the properties of Ethernet.
• H. From Scope1, create a reservation.

Answer: E

Explanation: https://technet.microsoft.com/en-us/library/ee941125(v=ws.10).aspx

NEW QUESTION 10
You implement Software Defined Networking (SDN) by using the network Controller server role. You have a virtual network named VNET1 that contains servers used by developers.
You need to ensure that only devices from the 192.168.0.0/24 subnet can access the virtual machine in VNET1.
What should you configure?

• A. a network security group (NSG)
• B. role-based access control
• C. a universal security group
• D. Dynamic Access Control

Answer: A

NEW QUESTION 11
You have a DHCP server named Server1 that runs Windows Server 2021. You plan to implement IPv6 on your network.
You need to configure Server1 for stateless DHCPv6. What should you do from the DHCP console?

• A. Configure the Advanced Properties for Server1
• B. Configure the IPv6 Server Options
• C. Create an IPv6 scope
• D. Configure the General IPv6 Properties

Answer: B

NEW QUESTION 12
You are implementing a secure network. The network contains a DHCP server named Server1 that runs Windows Server 2021.
You create a DHCP allow filter that contains all of the computers on the network that are authorized to receive IP addresses.
You discover that unauthorized computers can obtain an IP address from Server1.
You need to ensure that only authorized computers can receive an IP address from Server1. Solution: You run the following command.
Add-DHCPServer4Filter -ComputerName Server1 -MacAddress -List Deny
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: References:
https://docs.microsoft.com/en-us/powershell/module/dhcpserver/add-dhcpserverv4filter?view=win10-ps

NEW QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named adatum.com. The domain contains two DHCP servers named Server1 and Server2.
Server1 has the following IP configuration.

Server2 has the following IP configuration.

Some users report that sometimes they cannot access the network because of conflicting IP addresses. You need to configure DHCP to avoid leasing addresses that are in use already.
Solution: On Server2, you modify the StartRange IP address of the scope. Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 than run Windows Server 2021.
Server1 has IP Address Management (IPAM) installed. Server2, Server3, and Server4 have the DHCP Server role installed. IPAM manages Server2, Server3, and Server4.
A domain user named User1 is a member of the groups shown in the following table.

Which actions can User1 perform? To answer, select the appropriate options in the answer area.

Answer:

Explanation: https://technet.microsoft.com/en-us/library/jj878351(v=ws.11).aspx#SM_menu https://technet.microsoft.com/en-us/library/dd183605(v=ws.10).aspx

NEW QUESTION 15
You have a DHCP server named Server1 that runs Windows Server 2021. You have a single IP subnet.
Server1 has an IPv4 scope named Scope1. Scope1 has an IP address range of 10.0.1.10 to 10.0.1.200 and a length of 24 bits.
You need to create a second logical IP network on the subnet. The subnet will use an IP address range of
10.1.2.10 to 10.0.2.200 and a length of 24 bits.
What should you do?

• A. Create a second scope, and then create a superscope.
• B. Create a superscope, and then configure an exclusion range in Scope1.
• C. Create a new scope, and then modify the IPv4 bindings.
• D. Create a second scope, and then run the DHCP Split-Scope Configuration Wizard.

Answer: A

NEW QUESTION 16
Your network contains an Active Directory domain named contoso.com that contains a domain controller named DC1. All DNS servers for the network run BIND 10.
Your perimeter network contains a DHCP server named DHCP1 that runs Windows Server 2021. DHCP1 is a member of a workgroup named WORKGROUP. DHCP1 provides IP address leases to guests accessing the Wi-Fi network.
Several engineers access the network remotely by using a VPN connection to a remote access server that runs Windows Server 2021. All of the VPN connections use certificate-based authentication and are subject to access policies in Network Policy Server (NPS). Certificates are issued by an enterprise certification authority (CA) named CA1.
All Windows computers on the network are activated by using Key Management Service (KMS). On-premises users use Remote Desktop Services (RDS).
You plan to deploy IP Address Management (IPAM) to the network. Which action can you perform on the network by using IPAM?

• A. Audit user and device logon event from NPS.
• B. Audit logon events on the RDS server.
• C. Audit configuration changes to the remote access server.
• D. Audit certificate enrollment requests on CA1.

Answer: A

Explanation: References:
https://blogs.technet.microsoft.com/canitpro/2013/08/15/step-by-step-setup-windows-server-2012-ipam-in-your-

NEW QUESTION 17
Your network contains an Active Directory forest named contoso.com.
The forest contains five domains. You manage DNS for the contoso.com domain only. You are not responsible for managing DNS for the child domains.
The DNS servers in a child domain named research.contoso.com are reconfigured often.
You need to ensure that clients in contoso.com can resolve addresses in research.contoso.com. The solution must minimize zone replication traffic.
What should you do?

• A. Create a primary zone for research.contoso.com on the DNS servers of contoso.com
• B. Create a secondary zone for research.contoso.com on the DNS servers of contoso.com
• C. Create a stub zone for research.contoso.com on the DNS servers of contoso.com
• D. Create a delegation for research.contoso.com

Answer: D

Explanation: References:
https://blogs.msmvps.com/acefekay/2010/10/01/dns-parent-child-dns-delegation-how-to-create-a-dns-delegation

NEW QUESTION 18
Your network contains an Active Directory domain named adatum.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2021. The domain contains three users named User1, User 2 and User 3.
Server 1 has a share named Share1 that has the following configurations.

The Share permissions for Share1 are configured as shown in Share1 Exhibit.

Share1 contains a file named File1.txt. The Advanced Security settings for File1.txt are configured as shown in the File1.txt exhibit.

Select the appropriate statement from below. Select Yes if the state is true, otherwise no.

Answer:

Explanation: