Exam 3 1. What is used to translate private addresses to public ...

painveilNetworking and Communications

Oct 24, 2013 (3 years and 11 months ago)

68 views

Exam
3

1.

What is used to translate private addresses to public addresses?


A.

active hub


B.

NAT device


C.

intelligent switch


D.

gateway



Answer: B


Network address translation (NAT) is a Network
-
layer routing technology
that enables a group of worksta
tions to share a single
public

address
.
A
NAT
device

has two network interfaces: one connected to a private
network and one to the Internet
.
When a workstation on the private
network wants to access an Internet resource, it sends a request to the
NAT
devic
e
.


2.

Which mechanism incorporates the IP
v
4 connection into the IPv6
infrastructure by expressing the IPv4 address in IPv6 format and
encapsulating IPv6 traffic into IPv4 packets?


A.

6to4


B.

ISATAP


C.

Teredo


D.

4to6



Answer: A


The 6to4 mechanism ess
entially incorporates the IPv4 connections in a
network into the IPv6 infrastructure by defining a method for expressing
IPv4 addresses in IPv6 format and encapsulating IPv6 traffic into IPv4
packets
.
To enable IPv4 links to function as part of the IPv6 in
frastructure,
6to4 translates public IPv4 addresses into IPv6.


3
.

Which WINS replication mechanism updates its partners after a set
amount of time?


A.

push


B.

pull


C.

dynamic


D.

static



Answer: B


Push partners trigger replication events after a spec
ific number of database
changes occur, whereas pull partners initiate replication according to a
predetermined schedule
.
Pull partnerships are preferable for servers
connected by slower links, such as WAN connections, because you can
schedule replication t
o occur during off hours, when traffic is low.


4.

What evolved to improve flexibility for public Internet service providers
(ISPs) to allocate many small networks to their customers?


A.

CIDR


B.

NAT


C.

Proxy


D.

HGH



Answer: A


Because of its wastefuln
ess, classful addressing was gradually obsolesced
by a series of subnetting methods, including variable
-
length subnet
masking (VLSM) and eventually Classless Inter
-
Domain Routing
.
CIDR
is a subnetting method that enables
you

to place the division between t
he
network bits and the host bits anywhere in the address, not just between
octets
.

This makes creat
ing

networks of almost any size

possible
.


5.

You have a network address of 162.23.76.167 with a subnet mask of
255.255.255.224
.

How many hosts can each sub
net have?


A.

24


B.

30


C.

26


D.

46



Answer: B


Because the default subnet mask for a 162.23.76.0 network is
255.255.255.224, you are using 11 bits to define subnets and the last 5 bits
to define the host addresses
.
With
five

subnet bits, you take 2^5

2
, which
gives you 30 host addresses.


6.

Before designing your forests and domains, you must collect information
for all the following except ___________.


A.

organization infrastructure


B.

operating system versions and service packs


C.

geographical infr
astructure


D.

network infrastructure



Answer: B


Before you can begin designing your forests and domain, you must collect
the following information:



Organizational infrastructure

consists of the political divisions of
your organization, including compani
es, divisions, and departments.



Geographical infrastructure

is made up of the locations of the
organization’s various elements, in both large and small scale,
including continents, countries, states, and counties or cities.



Network infrastructure

consists
of the network facilities at each
organization’s locations, including all links between them and their
speeds.


7.

Which forest model would you choose that is based on organizational or
political divisions within your organization?


A.

organizational fores
t model


B.

resource forest model


C.

restricted access forest model


D.

domain lookup forest model



Answer:
A


After you decide to create multiple forests, you can use several models to
separate the enterprise resources
.
In the organizational forest mode
l, the
divisions between the forests are based on organizational or political
divisions within the enterprise
.
Administrators frequently use this model
when an enterprise consists of distinctly separate business units due to
acquisitions, mergers, or geogr
aphical separation.


8.

Which of the following is not a reason for creating an organizational unit?


A.

assigning Group Policy settings


B.

duplicating organizational divisions


C.

implementing domains


D.

delegating administration



Answer: C


The correct

reasons for creating an OU include duplicating organizational
divisions, assigning Group Policy settings, and delegating administration.


9.

How are user rights assigned?


A.

Active Directory Users and Computers


B.

Active Directory Sites and Services


C.

Registry Editor


D.

Group Policies



Answer: D


To assign user rights, you use Group Policy objects (GPOs)
.
The 44 user
rights can provide individuals with various system privileges, ranging
from remote access to changing the system time.


10.

Every objec
t consists of __________ that store information about the
object.

A.

SIDs


B.

a topology


C.

schema


D.

Attributes



Answer: D



Answer: A
ttributes


A user object has as its attributes various types of information about the
user, such as names and addresse
s
.
A group object has as its attributes a
list of its members
.
The

structure of an AD DS database



that is, the
types of objects it can contain and the attributes allowed for each object
type is dictated by the Active Directory schema.


11.

Active Directo
ry creates a __________ with the idea that all writeable
domain controllers in a domain should communicate AD information to
each other, in addition to communicating forest
-
wide information with
other domains.


A.

replication topology


B.

domain topology


C.

replication strategy


D.

domain strategy



Answer: A


Active Directory creates a replication topology with the idea that all
writeable domain controllers in a domain should communicate AD
information to each other, in addition to communicating forest
-
wi
de
information with other domains
.
Sites and subnets defined within AD will
dictate the path used by replication traffic on the network, as well as form
the basis for how AD information is distributed.


12.

The ISTG automatically assigns one server in each

site as the bridgehead
server unless you override this by establishing a list of __________
bridgehead servers.


A.

manual


B.

preferred


C.

static


D.

designated



Answer: B


The
Inter
-
Site Topology Generator (
ISTG
)

automatically assigns one
server in ea
ch site as the bridgehead server unless you override this by
establishing a list of preferred bridgehead servers
.
The advantage of
administratively assigning a preferred bridgehead server list is that you
can determine which servers have the best processin
g power for handling
replication traffic.


13.

What represents the physical connection between remote sites?


A.

OU connector


B.

LAN link


C.

site
-
link object


D.

WAN link



Answer: C


To enable replication between two sites, you must have a site
-
link obj
ect
associated with both
.
A site
-
link object represents the physical connection
between remote sites
.
The purpose of the site link is to indicate which sites
are connected and to provide details about the cost and availability of the
physical connection.


14.

What is the sum of the policies applied to a user or computer after all
filters, security group permissions, and inheritance settings, such as Block
Policy Inheritance and Enforce, finish processing?


A.

Effective Permissions


B.

Resultant Set of Polic
y


C.

Effective Set of Policy


D.

Applied Policy



Answer: B


Resultant Set of Policy (RSoP) is the sum of the policies applied to a user
or computer after all filters, security group permissions, and inheritance
settings, such as Block Policy Inheritance
and Enforce, finish processing.


15.

When developing a migration path to upgrade a domain to Windows
Server 2008 R2, which of the following is not a criterion to consider?


A.

time


B.

number of OUs


C.

budget


D.

manpower



Answer: B


One of the first ste
ps in the planning process is to decide which migration
path you want to use
.
Some criteria that you should consider as part of that
decision are design, time, budget, productivity, and manpower.


16.

Which of the following statements is true when creating

inter
-
forest
connections?


A.

Share DNS information


B.

Share WINS information


C.

Share DHCP information


D.

Share a PDC Emulator



Answer: A


Your first concern is that the domain controllers in the two forests know of
each others’ existence
.
This means

that the forests must share Domain
Name System (DNS) information about each other.


17.

What does every object in Active Directory

including users, computers
and groups

have?


A.

security identifier


B.

group owner


C.

assigned administrator


D.

History r
ights



Answer: A


Every object in an AD or AD DS database has a unique security identifier
(SID)
.
Just as TCP/IP networks rely on IP addresses to identify hosts,
providing names only for the convenience of human operators, AD DS
uses SIDs internally to id
entify objects.


18.

In ADFS, what gathers certain agreed
-
upon attributes from user accounts,
such as group memberships, and packages them in a security token that it
sends to the resource partner?


A.

magic token


B.

trusted token


C.

packet claim


D.

fed
eration claim



Answer: D


Because users are located on the account partner side, the Federation
Service on that side is responsible for authenticating the users against the
AD DS or AD LDS database
.

The service also gathers certain agreed
-
upon
attributes
from the user accounts (known as federation claims), such as
group memberships
,
and packages them in a security token, which it sends
to the resource partner.


19.

In UNIX, what is the account name assigned to?


A.

user identifier


B.

user mapping


C.

user

container


D.

user identity



Answer: A


When a user successfully authenticates with an account name and
password in UNIX, the operating system assigns him a user identifier
(UI
D)
value and a group identifier (GI
D)
value
.
The NFS client includes
the UID a
nd GID in the file access request messages it sends to the NFS
server.


20.

What is the minimum number of users for a branch office to be considered
a medium size?


A.

10


B.

100


C.

250


D.

500



Answer: B


Picture an organization with branches in three s
izes: a large office with
1,000 users, a medium
-
sized office with 100 users, and a small office with
10 users
.
Medium offices typically have
only
one administrator.


21.

What is the minimum connection a medium branch office should have to
the HQ connection
?


A.

1.0 Mbps


B.

1.5 Mbps


C.

10 Mbps


D.

45 Mb
p
s



Answer: B


A medium size branch office should have a minimum of 1.544 Mbps or a
T
-
1 line.


22.

What is the minimum number of users for a branch office to be considered
a
small

size?


A.

10


B.

100


C.

2
50


D.

500



Answer:
A

A

large office with 1,000 users, a medium
-
sized office with 100 users, and
a small office with 10 users
.
Each office has users that must access
resources hosted by the corporate head
quarters, but each also
has

varying
amounts of mone
y, equipment, and administrative expertise with which to
do that.


23.

How many domain controllers should you have at large branch office
running its own domain?


A.

1


B.

2


C.

3


D.

4



Answer: B


A large branch office running its own domain should have
at least two AD
DS

domain controllers, for fault
-
tolerance purposes, with one or both also
functioning as Domain Name Service (DNS) servers.


24.

What command can you use to run the Active Directory Installation
Wizard?


A.

adpromo


B.

dcpromo


C.

domainpr
omo


D.

adcreate



Answer: B

The Active Directory Installation Wizard,
dcpromo
, will guide you
through adding a domain controller to an existing environment, creating
an entirely new forest structure, adding a child domain to an existing
domain, adding a n
ew domain tree to an existing forest, and demoting
domain controllers and eventually removing a domain or forest.


25.

How do you control access to remote administrators so that they can
manage
only
the users at their site?


A.

Use the RODC console.


B.

Us
e the Computer Management console.


C.

Use the Delegat
ion

of Control Wizard
.


D.

Use the Server Management console
.



Answer: C


One main reason for dedicating an entire organizational unit to a branch
office is so that you can grant the branch office admi
nistrators access to
the AD DS objects they are responsible for managing without granting
them access to anything else
.
The Delegation of Control Wizard enables
you to select security principals

users or groups

and grant them access
to the contents of an O
U in
various

ways.


26.

If you want to have different password policies per site using only one
domain, what would you use?


A.

fine
-
grained password policy


B.

local security policies


C.

override option in Active Directory Users and Computers


D.

block d
omain password policies



Answer: A


One Windows Server 2008 R2 feature that makes a dedicated branch
office OU a practical solution in more situations is the ability to assign
fine
-
grained password policies.


27.

__________ files are used to apply service

packs and hot fixes to installed
software.


A.

Update


B.

Patch


C.

Upgrade


D.

Enhanced



Answer: B


Windows Installer files with the .msp extension serve as
patch files
, which
are used to apply service packs and hot fixes to installed software
.
Unlike
a
n .msi file, a patch package does not include a complete database
.
Instead, it contains (at minimum) a database transform procedure that adds
patching information to the target installation package database.


28.

Which of the following is an advantage of u
sing Microsoft Remote
Desktop Services?


A.

single application installation


B.

low bandwidth consumption


C.

conservation of licenses


D.

all of the above



Answer: D


Using Remote Desktop Services to deploy applications offers several
advantages to netwo
rk administrators, including single application
installation, low bandwidth consumption, board
-
based client support, and
conservation of licenses.


29.

What role service provides the functionality that enables users running the
RDC client to run full deskt
op sessions?


A.

File Server Terminal Manager


B.

Remote Desktop Server


C.

Terminal Search Services


D.

Terminal Instance Store



Answer:
B


The Remote Desktop Server role service provides the core Remote
Desktop Services functionality that enables users
running the RDC client
to run full desktop sessions
.
This role service also includes the
RemoteApp feature that enables clients to run individual applications in
separate windows.


30.

The Remote Desktop Licensing service requires only about 10 MB of
memor
y, and the license database requires 1 MB of storage space for
every __________ licenses.


A.

100


B.

200


C.

500


D.

1
,
200



Answer: D


An RDS deployment needs only one Remote Desktop Licensing server for
the entire installation, no matter how many RDS se
rvers you have on your
network
.

The Remote Desktop Licensing service requires only about 10
megabytes of memory and the license database requires one megabyte of
storage space for every 1,200 licenses. The processor requirements are
negligible, because the

service issues a license to each client only once.

31.

Which WSUS architecture has servers that get updates from a central
server
,

but administrators at each site are responsible for evaluating and
approving updates?


A.

single WSUS server


B.

replica WSU
S servers


C.

disconnected WSUS servers


D.

autonomous WSUS servers



Answer: D


Autonomous WSUS servers function in much the same way as replica

WSUS server
s
, except that the remote servers download all available
updates from the central server, and admin
istrators at each site are
responsible for evaluating and approving updates for their own users.


32.

What would you use to provide high availability for WSUS servers?


A.

load balancing for the front
-
end servers and a failover cluster for
the SQL server


B.

load balancing for the SQL server


C.

failover cluster for the front
-
end servers


D.

network balancing for the front
-
end servers and SQL server



Answer: A


You can install multiple WSUS servers and join them together into a
Network Load Balancing clust
er, using a shared failover cluster running
SQL Server as the back end
.
In an arrangement like this, you must use a
full SQL Server installation, because multiple WSUS servers cannot share
the single database instance created by Windows Internal Database s
erver.


33.

Which of the following software prerequisites do you need to use the
WSUS administrative user interface?


A.

Oracle Connector


B.

Access Connector


C.

Microsoft Report Viewer Redistributable 2008 or later


D.

Windows Update Group Policy plug
-
in



Answer: C


To use the administrative user interface provided with WSUS, you must
install Microsoft Report Viewer Redistributable 2008 or later
.
After you
agree to the terms of the End
-
User License Agreement, the wizard detects
whether you have this comp
onent and prompts you to install it, if
necessary
.
However, the wizard does not abort the WSUS installation if
this component is not present on the server
.
You can install Microsoft
Report Viewer before or after the WSUS installation.


34.

What technology
used with WSUS and SCCM uses idle bandwidth to
transfer data and is usually in the background?


A.

SSTP


B.

RDP


C.

BITS


D.

IPProxy



Answer: C


The
Background Intelligent Transfer Service (
BITS
)

Windows component
uses idle network bandwidth to facilitate

prioritized, throttled, and transfer
files between machines.


35.

Which of the following will you not find on the DMZ?


A.

FTP servers


B.

SQL servers


C.

SMTP servers


D.

proxy servers



Answer: B


It is common today for perimeter servers to host many se
rvices other than
web servers
.
Some other devices commonly found on perimeter networks
include

File Transfer Protocol (FTP), Simple Mail Transfer Protocol
(SMTP), network address translation (NAT), proxy server, virtual private
network (VPN), Remote Authen
tication Dial
-
In User Service (RADIUS),
and Remote Desktop Gateway
.
You would not typically find a SQL server
running in the DMZ.


36.

What encryption type is used for dial
-
up and PPTP
-
based VPN
connections with a 40
-
bit key?


A.

basic encryption


B.

stron
g encryption


C.

strongest encryption


D.

no encryption



Answer: A


Basic encryption is used for dial
-
up and PPTP
-
based VPN connections;
MPPE is used with a 40
-
bit key
.
For L2TP/IPSec VPN connections, 56
-
bit
DES encryption is used.


37.

What port does IKE
v2 use?


A.

TCP port 80


B.

TCP port 443


C.

TCP port 500


D.

TCP port 8080



Answer: C


IKEv2 uses TCP port 500.


38.

Which VPN protocol does DirectAccess use?


A.

PPTP


B.

IPSec


C.

MS
-
CHAPv2


D.

SSTP



Answer: B


IPsec uses tunneling to protect communic
ations between computers
connecting over a private network
.
During the DirectAccess connection
process, the client uses one IPsec tunnel to access the DNS server and AD
DS domain controller on the host network
.
Then the systems negotiate the
creation of a
second tunnel that provides the client with access to the other
resources on the network.


39.

What is the minimum number of disks needed to create a RAID 5 disk?


A.

2


B.

3


C.

4


D.

5



Answer: B


A common form of RAID is RAID 5, which is similar to str
iping, except
one of the hard drives is used for parity (error correction) to provide fault
tolerance
.
To increase performance, error correction is spread across all
hard drives in the array to avoid having the one drive doing all the work in
calculating t
he parity bits
.
If one drive fails, you still keep working
because the missing data can be filled in by doing parity calculations with
the remaining drives.


40.

For network users to be able to access a shared folder on an NTFS drive,
what kind of permissi
ons must
you grant them?


A.

share


B.

NTFS


C.

both
A

and
B


D.

registry



Answer: C


For network users to be able to access a shared folder on an NTFS drive,
you must grant them both share permissions and NTFS permissions.


41.

Replication groups use whi
ch topology to limit the replication traffic to
specific pairs of members?


A.

full mesh topology


B.

limited mesh topology


C.

hub and spoke topology


D.

both a and b



Answer: C


By default, replication groups use a full mesh topology, which means that
e
very member in a group replicates with every other member
.
This is a
satisfactory solution for relatively small DFS deployments, but on larger
installations, the full mesh topology can generate a huge amount of
network traffic
.
In such cases, you might wan
t to opt for a hub and spoke
topology that enables you to limit the replication traffic to specific pairs of
members.


42.

What Windows technology enables you to encrypt individual files or
folders?


A.

BitLocker


B.

BitLocker to Go


C.

EFS


D.

Encrypt
-
a
-
F
ile



Answer: C


Encrypting File System (EFS) is a core file
-
encryption technology used to
store encrypted files on NTFS file system volumes
.

Encrypted files cannot
be used unless the user has access to the keys required to decrypt the
information
.
After a

file is encrypted, you do not have to decrypt it
manually before you can use it
.
When you encrypt a file or folder, you
work with the encrypted file or folder just as you do with any other file or
folder.


43.

What number of virtual instances is included
in Windows Server 2008
Dat
acenter?

A.

4


B.

8


C.

16


D.

u
nlimited



Answer: D


Windows Server 2008 Datacenter includes unlimited licenses.


44.

What is the maximum total amount of memory supported by Hyper
-
V
2008 R2 Server?


A.

256 GB


B.

512 GB


C.

1 TB


D.

2 TB



Answer: C


Hyper
-
V Server support
s

up to 1 TB of memory.


45.

In Hyper
-
V, what file is created to a new working disk while a snapshot is
created?


A.

.
vmc


B.

.
vhd


C.

.
vsv


D.

.
avhd



Answer: D

Snapshot files consist of the following:



A copy o
f the VM configuration .xml file



Any save state files



A differencing disk (.avh
d)
that is the new working disk for all writes
that is the child of the working disk before the snapshot


46.

When deciding which servers to virtualize for Hyper
-
V, what can

you

use
to generate a virtualization candidate report?


A.

System Center Operations Manager


B.

Virtual Server Migration Toolkit


C.

System Center Virtual Machine Manager


D.

Virtual Machine Console



Answer: A


To help you decide which servers should be virt
ualized, run the System
Center Operations Manager (SCOM) to generate a virtualization candidate
report that will list the servers that should be virtualized based on current
usage levels.


47.

What
employs

a cryptographic system that uses two keys (public
and
private) to encrypt data and whose public key is published in a digital
certificate that confirms the web server’s identity?


A.

S/MIME


B.

PGP


C.

EFS


D.

SSL



Answer: D


Secure Sockets Layer (SSL) uses a cryptographic system that uses two
keys to en
crypt data
:

a public key known to everyone and a private or
secret key known only to the message recipient
.
The public key is
published in a digital certificate, which also confirms the web server’s
identity
.
When you connect to a site secured with SSL, a
gold lock appears
in the address bar, along with the name of the organization to which the
CA issued the certificate.


48.

What is a mathematical scheme used to demonstrate the authenticity of a
digital message or document?


A.

digital signature


B.

digita
l check


C.

smart check


D.

MS Authenticity Check



Answer: A


A digital signature is a mathematical scheme used to demonstrate the
authenticity of a digital message or document
.
It is also used to ensure that
the message or document has not been modified
.

The sender uses the
receiver’s public key to create a hash of the message, which
is
stored in
the message digest
.
The message is then sent to the receiver
.
The receiver
will then use his or her private key to decrypt the hash value, perform the
same hash
function on the message, and compare the two hash values
.
If
the message has not been changed, the hash values will match.


49.

What do you call an instance of an operating system running on Hyper
-
V?


A.

component


B.

agent


C.

virtual machine


D.

hypervis
or



Answer: C


Virtualization is the process of deploying and maintaining multiple
instances of an operating system, called virtual machines (VMs), on a
single computer
.
Virtualization has become quite popular during the last
few years.


50.

What was Micr
osoft’s virtual server before Hyper
-
V?


A.

VMWare


B.

Virtual Server 2007


C.

Virtual Server 2005 R2


D.

HyperVisor 2005



Answer: C


Over the last several years, Microsoft has had several software packages
that allow a Windows system to host multiple virt
ual systems
.
Virtual
Server 2005 R2 SP1 is a product that you can download and install for free
from Microsoft’s website.


51.

What is the maximum number of virtual machines that can run on Hyper
V 2008 R2 Server?


A.

24


B.

128


C.

256


D.

384



Answer: D


Hyper
-
V Server virtual machines support up to 384 virtual machines or as
many that fit within 1 TB of memory, whichever comes first.


52.

What tool do you use to translate a physical machine to a virtual machine?


A.

Microsoft System Center Virtual Machi
ne Manager


B.

P2VConvert.exe


C.

P2VTranslate.exe


D.

VMConvert.exe



Answer: A


Many organizations might need to consolidate several physical servers to
one machine running multiple virtual servers
.
Microsoft System Center
Virtual Machine Manager (VMM) a
llows you to convert existing physical
computers into virtual machines through a process known as
physical
-
to
-
virtual

(P2V) conversion
.
VMM simplifies P2V by providing a task
-
based
wizard to automate much of the conversion process
.

Because the P2V
process
is completely scriptable, you can initiate large
-
scale P2V
conversions through the Windows PowerShell command line.


53.

What is the maximum number of snapshot levels that you can create for a
virtual machine in Hyper
-
V?


A.

1


B.

4


C.

8


D.

10


Answer: d


With Hyper
-
V, you can create 10 levels of snapshots per virtual server.


54
.

What do you call one or more virtual machines configured to access local
or external network resources?


A.

virtual network


B.

magic link


C.

VM group


D.

VM Connection group



Answer: A


Virtual networks consist of one or more virtual machines configured to
access local or external network resources
.
Each virtual network is
configured to use a network adapter in the physical computer.


55
.

In Hyper
-
V, what enables multiple Wind
ows Servers to access SAN
storage using a single consistent namespace for all volumes on all hosts?


A.

live migration


B.

P2P


C.

SAN Checker


D.

Cluster Shared Volumes



Answer: D


With Windows Server 2008 R2, Hyper
-
V uses Cluster Shared Volumes
(CSV) st
orage as part of the Windows Failover Clustering feature
.
CSV
enables multiple Windows Servers to access SAN storage using a single
consistent namespace for all volumes on all hosts
.
Multiple hosts can
access the same Logical Unit Number (LUN) on SAN stora
ge
.
CSV
enables faster live migration and easier storage management for Hyper
-
V
when used in a cluster configuration
.
Also, the CSV architecture
implements a mechanism, known as dynamic I/O redirection, in which I/O
can be rerouted within the failover clus
ter based on connection
availability.


56
.

What was App
-
V formerly known as?


A.

Microsoft SoftGrid


B.

MagicApp


C.

SeeApp


D.

RemoteApp



Answer: A


Microsoft Application Virtualization, known as App
-
V, is formerly
Microsoft SoftGrid
.

The main difference

between the two is that
with
App
-
V
, the server actually transfers the virtual environment to the client,
enabling the client to run the application using its own hardware, without
the need to perform an application installation
.
With App
-
V, desktop and
ne
twork users can reduce application installation time and eliminate
potential conflicts between applications.


57
.

Which of the following allows designated recovery agents to create public
keys that can decode encrypted information?


A.

Internet authenticat
ion


B.

digital signatures


C.

Encrypting File System


D.

IP Security



Answer: C


To prevent a loss of data resulting from users leaving the organization or
losing their encryption keys, EFS allows designated recovery agents to
create public keys that can

decode the encrypted information.


58
.

Which of the following authentication devices verifies a user’s identity
during logon?


A.

IP Security


B.

smart card


C.

software code signing


D.

Internet authentication



Answer: B


Windows Server 2008 can use a s
mart card as an authentication device
that verifies a user’s identity during logon.


5
9.

What is used to prove where an executable or driver came from and
whether the file has not been modified?


A.

smart card


B.

software code signing


C.

PGP


D.

S/MIME



Answer: B


Today, executable files, scripts, and drivers can be
signed

to prove where
it came from and whether the software, script, or driver has been modified
.
Microsoft’s Authenticode is one technology that uses certificates to
confirm that the softwar
e a user downloads and installs actually come
from the publisher and has not been modified
.
In today’s 64
-
bit versions
of Windows, you cannot install a driver that has not been signed.


6
0.

To which format can you export a digital certificate that includes

the
public key and has a .cer or .crt extension?


A.

Personal Information Exchange


B.

DER
-
encoded binary X.509


C.

Base64
-
encoded X.509


D.

SMS
-
encoded X.509



Answer: B


The Distinguished Encoding Rules (DER) format supports storage of a
single certific
ate
.
This format does not support storage of the private key
or certification path
.
It will usually have a .cer, crt, or .der filename
extension.