70-680 Configuring Windows 7 Objective 400

Front 1

You have a Windows 7 computer that you would like to manage remotely.

You enable Remote Desktop on the computer.

While working from home, you find that your home firewall is blocking Remote Desktop, preventing a connection to the Windows 7 computer

What should you do?
- Open port 3389 in the network firewall.
- Open port 22 in the network firewall.
- Open ports 135 and 445 in the network firewall.
- Open port 23 in the network firewall.

Back 1

- Open port 3389 in the network firewall.

Explanation
Remote Desktop requires port 3389.

Secure Shell (SSH) uses port 22. Telnet uses port 23. MMC snap-ins require an exception for Remote Administration which opens port 135 and 445.

Section 7.8

Front 2

You have a small network with three subnets as shown in the graphic. IP addresses for each router interface are also indicated.

You need to connect Wrk1_A to SubnetA and Wrk5_c to SubnetC.

Which IP addresses should you use? (Select two.)
- Wrk1_A = 192.168.111.32
- Wrk1_A = 192.168.111.62
- Wrk1_A = 192.168.111.65
- Wrk5_C = 10.155.64.97
- Wrk5_C = 10.155.64.111
- Wrk5_C = 10.155.64.114

Back 2

- Wrk1_A = 192.168.111.62
- Wrk5_C = 10.155.64.97

Explanation
For Wrk1_A, use 192.168.111.62; for Wrk5_C, use 10.155.64.97.

* SubnetA uses a 27-bit mask. The subnet used by the router has a subnet address of 192.168.111.32, with a broadcast address of 192.168.111.63.
* SubnetC uses a 28-bit mas. The subnet used by the router has a subnet address of 10.156.64.96, with a broadcast address of 10.155.64.111.

Host on the same subnet must have IP addresses within the subnet range. Neither the subnet address nor the broadcast address can be assigned to hosts.

Section 4.1

Front 3

You have a Windows 7 Ultimate laptop computer that you use both at home and in the office. The laptop has both an Ethernet and a wireless network connection.

At home you have created a simple Ethernet network that connects your home computers to the Internet through a cable modem.

A friend comes over to your house for some help configuring his new laptop computer. His computer has a wireless network adapter but not an Ethernet network adapter. He wants to connect his laptop through you network to the Internet to download some drivers.

What should you do? ( Select two. Each choice is a required part of the solution.)
- On your laptop, configure a network bridge. Setup an infrastructure wireless connection between his computer and yours.
- Configure the wireless connection to use WPA-Personal.
- On your laptop, configure a network bridge. Setup an ad hoc wireless connection between his computer and yours.
- Configure the wireless connection to use 802.1x

Back 3

- Configure the wireless connection to use WPA-Personal.
- On your laptop, configure a network bridge. Setup an ad hoc wireless connection between his computer and yours.

Explanation
To allow a wireless computer to access the wired network through your computer:
* Setup an ad hoc connection between the two computers. Infrastructure connections are made between your computer and a wireless access point.
* Configure a network bridge on your computer. The bridge allows wireless clients to access your wired network (and therefore your Internet connection).
* Use WPA-Personal security. 802.1x requires a domain controller and a RADIUS server for authentication. Because of the security weakness in WEP, do not use WEP if another choice such as WPA is available to you.

Section 4.5

Front 4

You are configuring a small wireless network with 10 client laptops that require network access.

You have configured a new wireless access point with an SSID that is not broadcasting. You have manually created a network profile on one computer, which successfully connects to the network.

You would like to configure the network profile on the remaining clients with the least amount of effort.

What should you do?
- Use "netsh wlan export profile" to save the wireless network settings to the desktop. Create an ad hoc network to transfer the files to each additional client, then use "netsh wlan add profile" to add the profile setting to each client.
- On each additional client, select the network from the wireless network icon and then click connect.
- On each additional client, use the "Manually Create A Network Profile" option to set up each client individually with network information.
- Use the "Copy this network profile to a USB flash drive" option to save the wireless network settings to a USB flash drive. On each additional client, insert the USB drive and run the utility to copy the profile settings to the client.

Back 4

- Use the "Copy this network profile to a USB flash drive" option to save the wireless network settings to a USB flash drive. On each additional client, insert the USB drive and run the utility to copy the profile settings to the client.

Explanation
To easily set up the network on the remaining clients, use the "Copy this network profile to a USB flash drive" option to save the wireless network settings to a USB flash drive. On each client, insert the USB drive and run the utility to copy the profile settings to the client.

You could use the "Manually Create A Network Profile" option to set up each client individually with network information, but that would require additional effort. You could also use the "netsh wlan export profile" to save the wireless network settings to the desktop, but creating an ad hoc network to transfer the files to each additional client would require more effort than setting up the connections manually. You won't be able to select the network from the wireless network icon since the SSID is not being broadcast.

Front 5

You have several computers running Windows 7. The computers are members of a domain.

Your company uses Remote Assistance to help diagnose user desktop issues. All computers are configured to allow Remote Assistance.

One day you receive a Remote Assistance acceptance from someone you don't know from an invitation file you created several weeks ago. You need to prevent this from happening again.

What should you do? (Select two.)
- Require a password on invitation files.
- Create a rule in Windows Firewall to block Remote Assistance.
- Decrease the timeout in invitation files.
- Increase the timeout in invitation files

Back 5

- Require a password on invitation files.
- Decrease the timeout in invitation files.

Explanation
To help control Remote Assistance access, require a password on invitation files and decrease the time an invitation file is still valid.

Increasing the timeout value on invitation files would make the problem worse. Blocking Remote Assistance with the Windows Firewall would block all offers including valid ones.

Section 7.9

Front 6

You have a new laptop computer running windows 7 Professional.

You need to connect your computer to a wired network at work and a wireless network at home. while connected to your work network, you set the default printer.

You want to configure a different default printer to use when connected to your home network.

In Devices and Printers, you click Manage default printers. Your home wireless network does not appear in the list of available networks.

What should you do?
- Create a HomeGroup. Edit the shared resources properties for the printer in the HomeGroup.
- Connect to the wireless network.
- Make sure the printer is being shared and that you have the necessary permissions.
- Set the location type for the network to "Work network."

Back 6

- Connect to the wireless network.

Explanation
Location-aware printing sets a default printer for each of the network connections on a mobile client. to configure a default printer for a wireless network, you must have connected at least once to the wireless network. Creating a profile for the wireless network is not sufficient unless you connect after creating the profile.

The printer will need to be shared and you will need the necessary permissions to the printer, but this would not prevent the network from appearing in the list of possible networks. It would, however, affect the printer from showing in the list of possible printers. The network location type does not have to be configured for a Work network to be able to configure a different default printer.

Section 5.4

Front 7

You have a computer that runs Windows 7.

Your company has started toe migration to IPv6 on your network. Your network administrator tells you that the network is using stateless autoconfiguration.

You need to configure your computer for IPv6 so it is correctly configured with the IPv6 address, default gateway, and DNS server addresses.

The computer is currently configured to get all IPv6 information automatically.

What should you do?
- Run "netsh interface ipv6 add address" and "netsh interface ipv6 add dnsserver"
- Run "netsh interface ipv6 set address" and "netsh interface ipv6 set dnsserver"
- Run "netsh interface ipv6 add dnsserver"
- Run "netsh interface ipv6 set address"

Back 7

- Run "netsh interface ipv6 add dnsserver"

Explanation
Use the "netsh interface ipv6 add dnsserver" (or "set dnsserver") command to configure a static DNS server address.
Using stateless autoconfiguration, the client generates its own interface ID, then receives the prefix and default gateway through the Neighbor Discovery (ND) protocol. Clients send requests to network routers for configuration information and receive back the IPv6 subnet prefix and the default gateway address. Because the router does not respond with a DNS server address you will need to manually configure DNS server addresses.

Use "netsh interface ipv6 add address" to configure a statics IPv6 address. use "netsh interface ipv6 set address" to modify address properties such as the address type and valid lifetime.

Section 4.3

Front 8

You want to connect a laptop computer running windows 7 to a wireless network.

The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled.

What should you do?
- Configure the connection to use 802.1x authentication and TKIP encryption.
- Configure the connection with a preshared key and TKIP encryption.
- Configure the connection to use 802.1x authentication and AES encryption.
- Configure the connection with a preshared key and AES encryption.

Back 8

- Configure the connection with a preshared key and AES encryption.

Explanation
To connect to the wireless network using WPA2-Personal, you will need to use a preshared key for authentication. AES encryption is supported by WPA2 and is the strongest encryption method.

WPA and WPA2 designations that include Personal or PSK use a preshared key for authentication. Methods that include Enterprise use a RADIUS server for authentication and use 802.1x authentication with usernames and passwords.

Section 4.5

Front 9

You manage a windows 7 computer connected to a business network using switches and multiple subnets.

One day you find that the computer is unable to connect to the Internet, although it can communicate with a few other computers on the local subnet.

You type ipconfig /all on the computer and see the following output:

Ethernet adapter Local Area connection:
Connection-specific DNS Suffix.: mydomain.local
Description : Broadcom network adapter
Physical Address : 00-AA-BB-CC-74-EF
DHCP Enabled : Yes
Autoconfiguration Enabled : yes
IPv4 Address : 169.254.155.1 (Preferred)
Subnet Mask : 255.255.0.0
Default Gateway :
DNS Servers :

What should you do?
- Manually configure all IPv4 configuration values for the computer.
- Manually configure a default gateway value.
- Verify that the DHCP server is up and functional.
- Change the cable connecting the computer to the switch.

Back 9

- Verify that the DHCP server is up and functional.

Explanation
If a Windows client computer is configured to use DHCP and cannot locate a DHCP server to receive IP addressing information, it assigns itself an IP address from the APIPA (Automatic Private IP Addressing) range of IP addresses.
APIPA addresses include IP addresses from 169.254.0.0 to 169.254.255.254 and are reserved for this purpose.

If the cable were bad or unplugged, the computer would not have connection to the network and no IPv4 configuration information would be shown. configuring a static default gateway value would not work without also configuring other values. Because the network uses DHCP server, you should correct the problem with the DHCP server instead of manually configuring IPv4 configuration values

Section 4.3

Front 10

You have two computers running Windows 7, named Comp1 and Comp2.

Both Comp1 and Comp2 receive their IP addresses from a DHCP server in the network, and accessed the Internet through a common default gateway.

After several changes in the network infrastructure , Comp1 is the only computer with a connection to the Internet. In addition, Comp1 is now acting as the default gateway and is sharing its Internet connection with Comp2.

On Comp2, you are unable to access the Internet. You use the "ipconfig /all" command and discover the IP address for the Local Area Connection is 192.168.0.25 with subnet mask of 255.255.255.0.

What should you do first?
- On Comp2, run "ping 192.168.0.1"
- On Comp2, run "netstat"
- On Comp2, run "ipconfig /flushdns"
- On Comp2, run "ipconfig /renew"

Back 10

- On Comp2, run "ipconfig /renew"

Explanation
In this scenario, Comp2 is an Internet connection Sharing (ICS) client. ICS clients are computers on the private network that access the Internet through the shared connection on the ICS host. while running windows 7, Comp2 should have an IP address in the range of 192.168.137.0 with a mask of 255.255.255.0. This is the default DHCP address range for all ICS clients. Because a separate DHCP server was being used previously, you need to run "ipconfig /renew" on Comp2 to request an address from the ICS host.

Use "ipconfig /flushdns" to force the client to flush its DNS cache. Use "netstat" to display IP-related statistics, such as current connections, active sessions, and the local routing table. Use "ping" to check the IP-level connectivity between two nodes in the network. IN this scenario, you may want to ping 192.168.137.1 after you request an address from the ICS host.

Section 4.4

Front 11

You manage a Windows 7 computer connected to a business network using switches and multiple subnets.

You connect a workstation to the 192.168.1.0/24 subnet.

The workstation can communicate with some hosts on the private network, but not with other hosts. You run "ipconfig /all" and see the following:

Ethernet adapter Local Area connection:
Connection-specific DNS Suffix: mydomain.local
Description: Broadcom network adapter
Physical Address: 00-AA-BB-CC-74-EF
DHCP Enabled : No
Autoconfiguration Enabled : Yes
IPv4 Address : 192.168.1.102 (Preferred)
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.2.1
DNS Servers : 192.168.2.20

What should you do?
- Edit the IPv4 properties and change the default gateway.
- Edit the IPv4 properties and change the DNS server address.
- Edit the IPv4 properties and modify the subnet mask.
- Edit the IPv4 properties and modify the IP address.

Back 11

- Edit the IPv4 properties and change the default gateway.

Explanation
In this example, the default gateway address is incorrect. The default gateway address must be on the same subnet as the IP address for the host. The host address is on the 192.168.1.0/24 subnet, but the default gateway address is on the 192.168.2.0 subnet.

Section 4.3

Front 12

You have a laptop running Windows 7 Enterprise.

The laptop is used both in a public network and a private (work) network.

The work network contains FTP servers which hold sensitive data. To protect the data, you need to ensure that the computer can connect to FTP servers only while it is connected to the private (work) network.

What should you do?
- From Windows Firewall with Advanced Security, create a new rule.
- From Network and Sharing Center, modify the Advanced Sharing settings.
- From the local Group Policy, modify the application control policies.
- From Windows Firewall, modify the Allowed Programs and Features list.

Back 12

- From Windows Firewall with Advanced Security, create a new rule.

Explanation
In this scenario, you should create a new rule with Windows Firewall with Advanced Security (WFAS). WFAS provides advanced firewall settings beyond the program or service rules enforced by Windows Firewall. The rule should be based on ports used by FTP, the network profile, and can also include restrictions for computers.

Windows Firewall does not configure exceptions based on specific ports or protocols, and it does not include a predefined exception for FTP. AppLocker policies (also known as application control policies) apply to restrict specific applications, not the port an application uses, from running on a computer. Advanced Sharing settings in the Network and Sharing Center includes different network profile options, but does not control access based on protocol or port.

Section 4.6

Front 13

You mange a network with all Windows 7 clients.

As part of your IPv6 migration strategy, you have implemented Teredo on your network.

You would like to test the communication of a client computer using Teredo.

What should you do?
- Ping the address beginning with FE80:
- Ping the address beginning with 2001:
- Ping the address beginning ::FFFF
- Ping the address beginning with 2002:

Back 13

- Ping the address beginning with 2001:

Explanation
Teredo (also known as NAT traversal or NAT-T0 establishes a tunnel between individual IPv6 hosts so they can communicate through a private or public IPv4 network. Teredo addresses have a 2001::/32 prefix followed by the IPv4 public address converted to hexadecimal. For example, the IPv4 public address of 207.142.131.202 would provide clients with prefix of 2001:0:CF8E:83CA::/64.

A 6-4 address begins with 2002:. An ISATAP address begins with FE80:. An IPv4-mapped address begins with 0:0:0:0:0:FFFF or ::FFFF.

Section 4.2

Front 14

You have a computer running Windows 7 Professional. The computer is a member of a domain.

The computer is used by several different users belonging to different groups.

You have a custom application on the computer. you want to configure the firewall as follows:

* Allow a specific port used by the application.
* Open the port only for members of the Sales group.

You want to make the change using the least amount of effort possible.

What should you do?
- In Windows Firewall, add an exception for the program.
- In Windows firewall with Advanced Security, add an outbound rule. Require only secure connections for the rule, and add the Sales group to the list of authorized groups.
- In Windows Firewall with Advanced Security, add an outbound rule. Edit the scope for the rule.
- In Windows Firewall with Advanced Security, add an outbound rule. Require only secure connections for the rule and edit the scope.

Back 14

- In Windows firewall with Advanced Security, add an outbound rule. Require only secure connections for the rule, and add the Sales group to the list of authorized groups.

Explanation
In this scenario, you want to allow access by a group with Windows Firewall with Advanced Security. To configure a list of allowed users, create a new rule, select the "Allow only secure connections" from these users options, and then add the group to the list of authorized groups.

The scope setting for an exception or rule identifies the IP addresses that are allowed to use the rule. Creating an exception to the program using Windows Firewall will not limit which users can make a connection through the firewall.

Section 4.6

Front 15

You have a computer that runs Windows 7.

Your company has started the migration to IPv6 on your network.

You need to configure your computer with a static IPv6 address.

What should you do?
- Run "netstat"
- Run "ipconfig"
- Run "net use"
- Run "netsh"

Back 15

- Run "netsh"

Explanation
Use the "netsh" command to configure configuration settings for a network interface such as the IP address, default gateway, and DNS server addresses.

Use "ipconfig" to view configuration information, purge the DNS cache, or release and renew DHCP leases. use net sue to map drives to shared resources. Use "netstat" to view protocol statistics and TCP/IP connections.

Section 4.3

Front 16

You have a computer running Windows 7 Ultimate.

You need to configure Windows Firewall to allow traffic for an application that dynamically opens multiple ports on an as-needed basis.

What should you do?
- Add a program exception.
- Disable Windows Firewall only on the interface that application uses.
- Add a port exception for each necessary port.
- Configure ICMP exceptions

Back 16

- Add a program exception.

Explanation
When you add a program exception, any ports required by the application are allowed through the firewall automatically.
When the application runs, the ports are allowed; when the application stops, ports are closed (after a period of inactivity).

Configuring ICMP exceptions will not solve this problem. Disabling the Firewall on any interface is not best security practice. You must use Windows Firewall with Advanced security to create a port exception.

Section 4.6

Front 17

You have a laptop computer that runs Windows 7.

Your computer is configured to conect to the wireless network at work using a wireless profile named Company1. The profile is confguired to conect using 802.11b

During a recent upgrade, your company has added an 802.11n wirless router. The router is confgiured to support 802.11n using one radio, and 802.11b/g with the other radio.

You create a second profile on your computer for the 802.11n network.

You notice that your computer is connecting automatically using 802.11b. you want the computer to connect first using 802.n, and only use 802.11b if 802.11n is unavailable.

What should you do?
- Edit the company1 profile. Modify the profile to use 802.11n.
- Move 802.11n profile up in the list of the preferred networks.
- Delete the Company1 profile.
- Move the 802.11n profile down in the list of the preferred networks.

Back 17

- Move 802.11n profile up in the list of the preferred networks.

Explanation
Move the profile up in the list of preferred networks. The computer will attempt to connect to the networks in the order listed (if they are in range). If multiple preferred networks are in range, the computer will connect to the profile closest to the top of the list.

Deleting the existing profile could make the computer connect to the 802.11n network, but would not allow the computer to connect if the 802.11n network were unavailable. You cannot configure the wireless standard used by a wireless profile.

Section 4.5

Front 18

You have several computers running Windows 7 Ultimate.

Corporate policy states that a specific connection-oriented application must be blocked from accessing the Internet.

You must use Windows Firewall with Advanced Security to complete the task.

What should you do?
- Create an inbound rule blocking the corresponding UDP port on each machine.
- Create an outbound rule blocking the corresponding UDP port on each machine.
- Create an inbound rule blocking the corresponding TCP port on each machine.
- Create an outbound rule blocking the corresponding TCP port on each machine.

Back 18

- Create an outbound rule blocking the corresponding TCP port on each machine.

Explanation
An application accessing the Internet would be using outbound traffic, so you must use an outbound rule to block the traffic. The scenario states that the application is connection-oriented so you must block the TCP port. UDP is a connectionless protocol

Section 4.6

Front 19

You have just received a new laptop at work that you will use on your company network and at home. The company network uses dynamic addressing, while your home network uses static addressing.

You connect the laptop to the company network and everything works fine. When you take your laptop home, you cannot connect to devices on your home network or the Internet.

You run "ipconfig" on the laptop and receive the following output:

connection-specific DNS Suffix:
IP Address : 169.254.22.74.
Subnet Mask : 255.255.0.0
Default Gateway :

You need to be able to connect to both the company network and your home network with the least amount of configuration and cost.

What should you do?
- Add a DHCP server to your home network.
- Configure a static IP address when connecting at home. When connecting at work, change the configuration to use the DHCP server.
- Configure your home network to use APIPA.
- Configure an alternate TCP/IP configuration.

Back 19

- Configure an alternate TCP/IP configuration.

Explanation
You should use an alternate IP configuration for your laptop. When you connect to the company network, DHCP will be used. When you connect at home, no DHCP server will be found and the alternate configuration eliminates the need to reconfigure the computer to use DHCP or static addressing when moving between one network that has a DHCP server and another network that does not have a DHCP server. Adding a DHCP server to your home network would likely incur additional cost (although many Internet routers come with DHCP capabilities).

Using APIPA on your home network will not work because APIPA will not configure a default gateway setting to allow inter-network communication.

Section 4.3

Front 20

You manage a small office network with a single subnet. The network is connected to the Internet.

All client computers run Windows 7. A single server runs Windows Server 2008 RS. Computers are not a member of a domain.

Hosts use IPv6 addresses on the private network. all hosts on the private network are assigned host names such as Computer1, Computer2, etc. All computers use a DNS server at the Internet service Provider (ISP) to resolve hostnames for Internet hosts.

You need to implement a solution so that hosts on your private network can resolve hostnames for other hosts on the private network. You want to implement the solution with the least amount of effort.

What should you do?
- Create a Hosts file that includes the hostname and IP address of all hosts on the private network. Copy the file to all computers.
- Have the ISP add host AAAA records for your private hosts to their DNS server.
- Make sure that LLMNR is enabled on all computers.
- Install the DNS service on the server; configure AAAA records for each client computer.

Back 20

- Make sure that LLMNR is enabled on all computers.

Explanation
LLMNR is a name resolution protocol that provides peer-to-peer name resolution when DNS is unavailable. LLMNR uses multicast messages (also known as multicast DNS) to resolve local host names.

* LLMNR is supported on Windows Vista, Windows 7, and Server 2008.
* LLMNR is enabled by default. It can be disabled by adding a registry setting to each client.
* You can use LLMNR to create ad hoc networks, or to find hosts on the local subnet without the use of a DNS server. LLMNR replaces the NetBIOS broadcast capabilities, but requires LLMNR-capable hosts.
* LLMNR is used to resolve single-label hostnames with or without a DNS server. If name resolution to the DNS server fails, the client then uses LLMNR to try and resolve the hostname.

Configuring a DNS server on your network, adding host records to the ISP DNS server, or editing the Hosts file would be more work than using LLMNR.

Section 4.2

Front 21

You have received a new Windows 7 Business edition laptop for use at work.

You configure the wireless adapter to connect to the network. You also have a wireless network at home. You configure a second profile for your home network.

For several weeks, the wireless connection works fine. Whether you are at home or at work, you can start your computer and make a connection without browsing for the list of available networks.

One day you come in to work to find that you can't connect. You check with the network administrator, and he states that they have prevented the SSID of the company network from being visible.

You need to make it as easy as you can to connect to the company wireless network now and in the future.

What should you do?
- In the wireless network profile, select "Connect even if the network is not broadcasting."
- In the wireless network profile, select "Connect to a more preferred network if available."
- In the wireless network profile, select "Connect automatically when this network is in range."
- Open the "Connect to a network" dialog and manually select the network name from the list to make the connection.
- Create a new network profile with the correct SSID value.

Back 21

- In the wireless network profile, select "Connect even if the network is not broadcasting."

Section 4.5

Front 22

You have a laptop that runs Windows 7. The laptop has a built-in Ethernet and wireless network card.

The wireless card stops working. You use the PCMCIA slot to add a wireless card to your laptop.

After installing the wireless card, the adapter does not show in the list of available network adapters in the Network and Sharing Center.

What should you do to troubleshoot the problem?
- In the Network and Sharing Center, select "Manage wireless networks."
- In the Network Connections in Network and Sharing Center, select "Diagnose this connection."
- In the Device Manager, right-click the wireless device and choose "Properties." Examine the device configuration.
- In the Network and Sharing Center, select "Set up a new connection or network."

Back 22

- In the Device Manager, right-click the wireless device and choose "Properties." Examine the device configuration.

Explanation
The Network Connections list in the Network and Sharing Center shows the physical devices (such as wired and wireless network adapters) and the logical connections (such as VPN connections) for your computer. A device must show in this list before you can create a network connection based on the device. if a device does not show in the list, use Device Manager to troubleshoot the device. For example, you might need to re-detect Plug and Play devices, or update the driver for the device to allow Windows to use the device.

Choosing select "Diagnose this connection" in the Network connections list is only possible if the device is recognized and shows in the Network connections list. You cannot set up a new connection until the device shows int he list. Use the "Manage wireless networks" to mange the wireless profiles for networks you have connected to.

Section 4.5

Front 23

YOu manage a small network with Windows 7 clients, multiple subnets, and servers.

You want your computer to be able to resolve a host name for a server on your network to it IPv4 address.

What should you do? (Select two. Each choice is a possible solution.)
- Add a NS record on the DNS server.
- Add an A record on the DNS server.
- Edit the Hosts file on the computer.
- Edit the Lmhosts file on the computer.
- Add a PTR record on the DNS server.

Back 23

- Add an A record on the DNS server.
- Edit the Hosts file on the computer.

Explanation
For name resolution, computers use the Hosts file on the computer or query a DNS server. the DNS server associates a host name with its IP address using an A record. When a host name is used, the computer checks its Hosts file or queries the DNS server and gets back the IP address that corresponds to the host name.

The PTR record is used for reverse name resolution, where the client submits the IP address and gets the host name in response. The NS record identifies name servers that hold DNS records for a domain.

The Lmhosts file is used for NetBIOS name resolution.

Section 4.1

Front 24

You have a laptop that runs Windows 7.

The laptop uses DHCP for IPv4 addressing information.

You need to see the IPv4 address, subnet mask, and DNS server addresses that the network connection is currently using.

What should you do? (Select two. Each choice is a possible solution.)
- Run the "netsh" command
- Edit the properties for the network connection. Select "Internet Protocol Version 4 (TCP/IPv4) and view the properties.
- Run the "net config command"
- In the Network and Sharing Center, view the full network map. Double-click your device in the map.
- View the status for the network connection. Click the "Details" button

Back 24

- Run the "netsh" command
- View the status for the network connection. Click the "Details" button

Explanation
To see the current IP addressing information for a computer that is configured to use DHCP, use the following methods:
* Run the "netsh interface ipv4 show config" command. Other parameters can also be used with the netsh command to view configuration information for the network interface.
* View the status for the network connection. click the "Details" button.
* Run the ipconfig and ipconfig /all commands.

If you view the "Internet Protocol Version 4 (TCP/IPv4) properties for the connection, you will see that the connection is configured to use DHCP, but you will not see the current IP addressing information. Clicking your device in the network map opens the System Properties if you are viewing the local computer. The computer name and other information is shown, but not the IP address. The "net config" command shows running services that can be controlled.

Section 4.3

Front 25

You have a laptop computer running Windows 7 Home Premium.

You connect your computer to a wired network at work and a wireless network at home.

You want to configure your computer to use a different default printer for each network.

What should you do first?
- In Devices and Printers, click "Manage default printers."
- Upgrade your computer to Windows 7 Professional.
- Connect your computer at least once to each network.
- Set the network location of each network to Home or Work (not Public).

Back 25

- Upgrade your computer to Windows 7 Professional.

Explanation
Location-aware printing sets a default printer for each of the network connections on a mobile client. Location-aware printing requires windows 7 Professional, Ultimate, or Enterprise edition. You will need to upgrade the computer before you can configure location-aware printing.

Section 5.4

Front 26

You manage a laptop computer that runs Windows 7.

You would like to log all of the packets that are dropped by the firewall on your computer.

What should you do?
- In the Windows Firewall, modify notification settings for the public network location. View logged packets in the system log in Event Viewer.
- In the local security policy, configure object access policies for the Windows Filtering Platform (WFP). View audit entries in the Security log in Event Viewer.
- In the local security policy, configure object access policies for the windows Filtering Platform (WFP). View audit entries in the Windows Firewall with Advanced Security logs in Event Viewer.
- In the Windows Firewall, modify notification settings for the public network location. view logged packets in the Windows Firewall with Advanced Security logs in Event Viewer.

Back 26

- In the local security policy, configure object access policies for the Windows Filtering Platform (WFP). View audit entries in the Security log in Event Viewer.

Explanation
Using the local security policy, you can enable auditing of policies that record firewall events. In the Advance Audit Policy Configuration, go to Object Access where you can enable logging for packet drops or connections. Audit success events to track allowed packets or connections, or audit Failure events to track dropped packets or connections. Auditing tracks all packets or connections, and does not filter events by profile. When using auditing for packets or connections, go to the Security log in Event Viewer to view auditing events.

Notifications settings in Windows firewall control the balloon notifications you see when a program is blocked by the firewall

Section 4.6 and 5.5

Front 27

You have a computer that runs Windows 7.

Your company has started the migration to IPv6 on your network. Your network administrator tells you that the network is using stateless autoconfiguration.

You need to configure your computer for IPv6 so it is correctly configured with the IPv6 address, default gateway, and DNS server addresses

What should you do?
- Edit the Internet Protocol Version 6 (TCP/IPv6) properties for the network adapter. Select "Use the following IPv6 address" and "Obtain DNS server address automatically"
- Edit the Internet Protocol Version 6 (TCP/IPv6) properties for the network adapter. Select "Use the following IPv6 address" and "use the following DNS server addresses."
- Edit the Internet Protocol Version 6 (TCP/IPv6) properties for the network adapter. Select "Obtain an IPv6 address" and "Obtain DNS server address automatically."
- Edit the Internet Protocol Version 6 (TCP/IPv6) properties for the network adapter. Select "Obtain an IPv6 address automatically" and "Use the following DNS server addresses."

Back 27

- Edit the Internet Protocol Version 6 (TCP/IPv6) properties for the network adapter. Select "Obtain an IPv6 address automatically" and "Use the following DNS server addresses."

Explanation
Configure the interface to get the IPv6 address automatically, then configure static DNS server addresses. Stateless autoconfiguration is where clients automatically generate the interface ID, and learn the subnet prefix and default gateway through the Neighbor Discovery (ND) protocol. Clients send requests to network routers for configuration information and receive back the IPv6 subnet prefix and the default gateway address. Because the router does not respond with a DNS server address, you will need to manually configure DNS server addresses.

Stateful DHCPv6 uses a DHCP server to assign the IPv6 address, default gateway, and DNS server addresses. Stateless DHCPv6 uses a DHCP server to supply the DNS server address, the IPv6 address, default gateway, and DNS server addresses. Stateless DHCPv6 uses a DHCP server to supply the DNS server address, the IPv6 address is generated automatically by the client using the prefix received from the router, and the default gateway address comes from the router. When using either method, configure the client to obtain both address and DNS information automatically.

You cannot configure a static IPv6 address and obtain DNS server addresses automatically.

Section 4.3

Front 28

You have a computer running Windows 7 Enterprise.

You need to change how Windows provides notifications when the firewall blocks a new program.

Select the link that you would choose to make this change.

Back 28

- Change notification settings
- Turn Windows Firewall on or off

Explanation

To change how Windows provides notification when the firewall blocks a new program:

* Use the "Change Notifications Settings" link.
* Use the "Turn Windows Firewall on or off" link.

Both links take you to the same page in Windows Firewall where you can enable the "Notify me when Windows Firewall blocks a new program" option.

Use the "Advanced settings" link in Windows firewall to launch the Windows Firewall with Advanced Security MMC snap-in. Use the "Allow a program or feature through Windows Firewall" to enable firewall exceptions.

Section 4.3

Front 29

You have installed a test network with one server and two workstations, all running IPv6. You have disabled IPv4, and now want to test to make sure the IPv6 is used to communicate between hosts.

You want to ping the link-local address for a host.

What should you do?
- ping FE80::AB134:7845:10C:9956
- ping FEC0::AB134:7845:10C:9956%12
- ping FE80::AB134:7845:10C:9956%12
- ping 2001::AB134:7845:10C:9956%12
- ping 2001::AB134:7845:10C:9956
- ping FEC0::AB134:7845:10C:9956

Back 29

- ping FE80::AB134:7845:10C:9956%12

Explanation
A link-local address has a FE80::/10 prefix, and the host ID portion of the address is automatically assigned. Because each interface has a link-local address, you must append the scope ( or zone) ID to the address. The scope identifies the interface that will be used by ping.

Site-local addresses have a FEC0::/10 prefix. Global unicast addresses have a 2000::/3 prefix. For both site local and global unicast addresses, you can omit the scope ID because each interface will have a unique network identifier.

Section 4.3

Front 30

You have a laptop that runs Windows 7.

The laptop uses IPv6. The network connection is configured to obtain an IPv6 address automatically.

You need to see the IPv6 address that the network connection is currently using.

What should you do? (Select two. Each choice is a possible solution.)
- In the Network and Sharing Center, view the full network map. double-click your device int he map.
- Edit the properties for the network connections. Select "Internet Protocol Version 6 (TCP/IPv6) and view the properties.
- Run the "netsh" command
- Run the "net config" command.
- View the status for the network connection. Click the "Details" button.

Back 30

- Run the "netsh" command
- View the status for the network connection. Click the "Details" button.

Explanation
To see the current TCP/IP configuration information for a computer, use the following methods:

* Run the "netsh interface ipv6 show addresses" command. Other parameters can also be used with the netsh command to view configuration information for the network interface.
* View the status for the network connection. Click the 'Details button.
* Run the "ipconfig" and "ipconfig /all" commands

If you view the Internet Protocol version 6 (TCP/IPv6) properties for the connection, you will see that the connection is configured to get an address automatically, but you will not see the current IP addressing information. Clicking your device in the network map opens the System Properties if you are viewing the local computer. The computer name and other information is shown, but not the IP address. The "net config" command shows running services that can be controlled.

Section 4.3

Front 31

You have a computer running Windows 7 Professional. The computer is a member of a domain.

You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption.

What should you do?
- Configure the connection to use WPA-Personal.
- Configure the connection to use WPA2-Personal.
- Configure the connection to use WPA2-Enterprise.
- Configure the connection to use WPA-Enterprise.

Back 31

- Configure the connection to use WPA2-Enterprise.

Explanation
Select WPA2-Enterprise for the wireless connection. WPA2 is required to support AES encryption. An Enterprise configuration (using either WPA or WPA2) authenticates using usernames and passwords and 802.1x authentications. A RADIUS server is required for using 802.1x.

A Personal (or PSK) configuration uses a preshared key for authentication. All clients are configured using the same preshared key. WPA uses TKIP for encryption.

Section 4.5

Front 32

You have a computer that runs Windows 7.

your network has just transitioned from IPv4 to IPv6.

IPv6 configuration is performed automatically using information received by network routers. The network does not use a DHCPv6 server.

Your computer is unable to communicate with a server named Srv1. A ping test to the server using its IPv6 address works, but fails when you use its host name.

What should you do?
- Create a PTR record for the server on the DNS server.
- Run "netsh" with the "add dnsserver" option.
- Run "netsh" with the "set address" option
- Create an A record for the server on the DNS server

Back 32

- Run "netsh" with the "add dnsserver" option.

Explanation
Run "netsh" with the "add dnsserver" option to configure a DNS server address on your computer. When your computer receives IPv6 configuration information from the router, it receives the prefix and default gateway information, but not the DNS server address. you will need to configure a static DNS server address.

Because you can contact the server by address but not by name, you should recognize that the problem is related to name resolution, not IPv6 addressing. To resolve a host name to an IPv6 address, the DNS server requires an AAAA record for the host. the A record identifies the IPv5 address. A PTR record identifies the host name for a given IP address.

Section 4.3

Front 33

You have a computer running Windows 7 Ultimate.

The computer has both wired and wireless network connections. The wired connection is on the internal private network, but the wireless connection is a public connection.

you need to allow help desk users to use Remote Assistance to help you across the wired network, but want to block any such access from the wireless network.

you want to configure Windows Firewall to allow and deny access as described.

What should you do?
- Create a rule that specifically blocks Remote Assistance on the public profile.
- Enable the Remote Assistance exception only on the private profile.
- For the Remote Assistance exception, identify the help desk users that are allowed for the exception.
- For the Remote Assistance exception, configure the scope to identify the IP addresses of the help desk computers.

Back 33

- Enable the Remote Assistance exception only on the private profile.

Explanation
To meet the scenario requirements, you must allow Remote Assistance on the private profile, but block it on the public profile. When you configure allowed programs and features in Windows Firewall, you can allow the program for private or public network profiles (or both).

Creating a rule to block Remote Assistance on the public interface is unnecessary because all externally-initiated traffic is blocked by default, and this will still not allow Remote Assistance through the private interface. Allowing specific users or computers to use the exception does not restrict traffic on a specific interface, and would require using Windows Firewall with Advanced Security.

Front 34

You have several computers running Windows 7 Ultimate. The computers are members of a workgroup.

you need to create many custom firewall rules on each computer. The rules must be specific for the Private network profile.

You should complete the task with the least amount of effort as possible.

What should you do? (Select two. Each answer is a complete solution.)
- Configure one computer with the Windows Firewall with Advanced Security MMC snap-in. Then use the same tool to export the settings and import settings on the remaining machines.
- Configure each computer individually.
- Configure one computer. Use "Netsh advfirewall" to export the firewall settings. Import the settings on the remaining machines.
- Configure one computer. use "Secedit.exe" to import a custom security policy on the remaining machines.

Back 34

- Configure one computer with the Windows Firewall with Advanced Security MMC snap-in. Then use the same tool to export the settings and import settings on the remaining machines.
- Configure one computer. Use "Netsh advfirewall" to export the firewall settings. Import the settings on the remaining machines.

Explanation
Both the Windows Firewall and Advanced Security MMC snap-in and the "netsh advfirewall" commands are helpful in organizations that do not use Group Policy in a domain.

Configuring each computer individually would not be least administrative effort. Secedit.exe cannot be used to import and export settings on Windows Firewall.

Section 4.6

Front 35

You have a small wireless network with 10 client computers configured in a workgroup.

you upgrade the firmware on two wireless devices so you can use a better security standard than WEP. Now you need to implement the new security standard.

You need the greatest amount of security with the least amount of effort, and without replacing any of the wireless infrastructure.

What should you do?(Select two.)
- Configure each client to use a different key
- Implement WPA-PSK
- Configure each client with the same key
- Implement WPA Enterprise

Back 35

- Implement WPA-PSK
- Configure each client with the same key

Explanation
In this case, implementing WPA-PSK and using the same pre-shared key on each client provides the greatest amount of security with the least amount of effort, and does not require the replacement of any of the wireless infrastructure.

WPA Enterprise uses 802.1x for authentication and requires the configuration of an authentication server. WPA can typically be implemented in WEP-capable devices through a software/firmware update. WPA2 is more secure than WPA-PSK but it requires new hardware for implementation.

Section 4.5

Front 36

You have a computer that runs Windows 7 connected to a domain network.

After reconfiguring the static address of an internal Web server named WEB3, your computer can no longer connect to WEB3. However, other users are still able to connect to the same Web server.

You need to be able to connect to the website on the WEB3 server.

What should you do?
- Run ipconfig /renew.
- Assign an IP address to WEB3 that is not already assigned to another computer.
- Enable Network Discovery.
- Run ipconfig /flushdns

Back 36

- Run ipconfig /flushdns

Explanation
You should run ipconfig /flushdns. Whenever a server IP address changes, some clients will continue to try to connect to that server by using the server's old address. This problem occurs when a client computer connects to the server just before its address change and stores the now-defunct IP address in its client DNS cache. To solve this problem, force the client to flush its DNS cache. This action will make the client query the DNS server once again and obtain the new address.

Section 4.3

Front 37

You manage a laptop computer that runs Windows 7.

As part of your security auditing strategy, you would like the system to record packets that have been dropped by firewall rules on your computer. You want to record only the packets dropped on public interfaces. You do not want to record information about allowed packets.

What should you do?
- In Event Viewer, create a custom view using filter criteria.
- In Windows Firewall with Advanced Security, configure logging for the public profile.
- In the Windows Firewall, modify notification settings for the public network location.
- In the local security policy, configure the "Audit Filtering Platform Packet Drop" audit policy.

Back 37

- In Windows Firewall with Advanced Security, configure logging for the public profile.

Explanation
Use logging in Windows Firewall with Advanced Security to track dropped or allowed packets. Logging is configured on a per-profile basis, meaning that you can enable logging of only dropped packets for a specific profile type (such as the public profile).

Using the local security policy, you can enable auditing of policies that record firewall events. In the Advanced Audit Policy Configuration, go to Object Access where you can enable logging for packet drops or connections. Audit success events to track allowed packets or connections, or audit Failure events to track dropped packets or connections. Auditing tracks all packets or connections, and doe snot filter events by profile.

When using auditing for packets or connections, go to the Security log in Event Viewer to view auditing events. While you can use filters to narrow down your view of all the events in the log, there will not be any entries unless you enable audit policies. in addition, filtering does not prevent recording those events, it only removes events from view based on your filter criteria.

Notification settings in Windows Firewall control the balloon notifications you see when a program is blocked by the firewall.

Section 4.6

Front 38

You are the desktop administrator for your company. You manage 20 Windows 7 comptuers.

You would like to manage the computers remotely using the Windows Remote Shell.

You need to enable remote management on each computer.

What should you do?
- Start the Telnet service on each computer.
- Run "Netsh" to open the Remote Desktop firewall exception.
- Run "Winrm quickconfig".
- Run "Netsh" to open the Remote Administration firewall exception.

Back 38

- Run "Winrm quickconfig".

Explanation
To enable the target computer to support remote shell connections, run "Winrm quickconfig". Because Remote Shell sets up HTTP listeners on port 80 or 443, you will not need to open any additional firewall ports. To connect to the target computer, run Winrs along with the command you want to execute.

Open the Remote Administration firewall exception to enable MMC consoles to communicate with the servers remotely.
Open the Remote Desktop firewall exception to allow Remote Desktop connections.

Section 7.8

Front 39

Your company has started the transition to IPv6.

You need to configure records on the DNS server so that clients can submit a host name query and receive back an IPv6 address for the specified host.

What should you do?
- Create AAAA records
- Create PTR records
- Create A records
- Create NS records

Back 39

- Create AAAA records

Explanation
The AAAA record maps an IPv6 (128-bit) DNS host name to an IP address.

The A record maps an IPv4 (32-bit) DNS host name to an IP address. The PTR record maps an IP address to a host name. The NS resource record identifies all name servers that can perform name resolution for the zone.

Section 4.2

Front 40

You have two computers running Windows 7: comp1 and Comp2.

You need to use the command-line to remotely manage comp1 from Comp2.

What should you do? (Select two. Each choice is a required part of the solution.)
- On comp1, install PsExec.
- Authenticate Comp2 to Comp1.
- On Comp1, run "winrm qc"
- On Comp2, run "Winrm qc"

Back 40

- On Comp1, run "winrm qc"

Explanation
In this scenario, you must:
* Run "winrm qc" on Comp1. This enables the Windows remote Management (WinRM) service so you can execute commands on the remote computer.
* Authenticate Comp2 to Comp1. You need to authenticate the local computer and the remote computer because authentication credentials will be forwarded to the remote computer. In a domain, Active directory provides authentication for remote management; however, in this scenario there is no domain and you should authenticate the computer with the "winrm set winrm/config/client@{TrustedHosts="computername"} command.

Running winrm qc on Comp2 is not necessary. Before executing the commands on the remote computer, you must enable the Windows remote management (WinRm) service on the remote computer. PsExec is a remote management application that is part of the PSTools tool suite from Microsoft. PSExec does not require client-side software (i.e. software for the remote computer).

Section 7.8

Front 41

You have a computer that runs windows 7 connected to a domain network.

One day you find that your computer cannot connect to any network resources.

You run the "ipconfig" command and find that the network connection has been assigned the address of 169.254.12.155 with a mask of 255.255.0.0

What should you do?
- In the Network Connections window, enable the Local Area Connection.
- Run the Ipconfig /flushdns command.
- Run the Ipconfig /release and ipconfig /renew commands.
- Ensure that the network cable is connected to your computer.

Back 41

- Run the Ipconfig /release and ipconfig /renew commands.

Explanation
Because your computer is receiving an APIPA address, the first step in troubleshooting is to try to obtain a new address lease from a DHCp server. You can perform this step by using the ipconfig /release and ipconfig /renew commands.

You know that the Local Area Connection is already enabled and that a network cable is already attached--otherwise, your computer would not be obtaining an address at all. use ipconfig /flushdns to clear the local DNS cache.

Section 4.3

Front 42

Network Diagram

[*]-------------66.11.177.12--(_)--10.0.0.204------------10.0.0.205--(_)--10.0.0.110------------[HostA]

Key:
[*] = Internet
(_) = Router
[HostA] = Computer

You manage the small network that is connected to the Internet as shown in the graphic. You add Host A to the network. All hosts use manually-assigned TCP/IP values. The subnet where Host A resides uses a 28-bit subnet mask.

Which TCP/IP configuration values should you choose for HostA?

Choose: IP Address, Subnet Mask and Default Gateway

Possible IPs and Gateways: 66.11.177.12, 66.11.117.13, 10.0.0.204, 10.0.0.205, 10.0.0.97, 10.0.0.110, 10.0.0.111

Subnet Masks: 255.255.255.248, 255.255.255.192, 255.255.255.224, 255.255.255.240

Subnet Masks:

Back 42

IP Address = 10.0.0.97
Subnet Mask = 255.255.255.240
Default Gateway = 10.0.0.110

Explanation
Use the following values:
* IP address = 10.0.0.97. Host A is on a subnet 10.0.0.96. Valid host addresses are 10.0.0.97 through 10.0.0.110. 10.0.0.110 cannot be used by Host A because it is used by the router.
* Subnet mask = 255.255.255.240. A 28-bit mask covers an extra 4-bits. The last octet has a value of 11110000, which is 240 decimal.
* Default gateway = 10.0.0.110. The default gateway is the IP address of the router interface that is ont he same subnet as Host A

Section 4.1

Front 43

You have a computer that runs Windows 7.

Your network has just transitioned from using IPv4 to IPv6.

IPv6 configuration is performed automatically using stateful DHCPv6. a DNS server on your network provides name resolution for IPv6.

Your computer is having problems communicating on the network. You would like to receive new configuration information from the DHCP server as well as remove all old DNS entries in your local DNS cache.

What should you do? (Select two. Each choice is a required part of the solution.)
- Run "ipconfig /release" and "ipconfig /renew"
- Run "ipconfig /release6" and "ipconfig /renew6"
- Run "ipconfig /flushdns6"
- Run "netsh interface ipv6 dump"
- Run "ipconfig /flushdns

Back 43

- Run "ipconfig /release6" and "ipconfig /renew6"
- Run "ipconfig /flushdns

Explanation
To renew IPv6 configuration information, run "ipconfig /release6". To clear the local DNS cache, run "ipconfig /flushdns" (this clears both IPv4 and IPv6 information).

Use "ipconfig /release" and "ipconfig /renew" for an IPv4 configuration. You can use the "netsh interface ipv6 reset" command to reset the configuration to the default (autoconfiguration), but this command requires a reboot to take effect.

Section 4.3

Front 44

You have two computers running Windows 7: comp1 and Comp2. Both computers are members of a domain.

You need to ensure that you can remotely execute commands on comp2 from comp1.

What should you do?
- On Comp2, enable Windows Remote Management (WinRM) through Windows Firewall.
- On Comp2, run "winrm qc"
- On Comp1, enable Windows Remote Management (WinRM) through Windows Firewall.
- On Comp1, run "winrm qc"

Back 44

- On Comp2, run "winrm qc"

Explanation
To execute the commands on a remote computer, the Windows remote Management (WinRM) service must first be enabled on the remote computer with the "winrm qc" command. Enabling WinRm configures necessary firewall exceptions.

Section 7.8

Front 45

You have a new laptop computer running Windows 7 Professional.

You need to connect your computer to a wired network at work and a wireless network at home. While connected to your work network, you set the default printer.

You want to configure a different default printer to use when connected to your home network.

What should you do?
- Create a HomeGroup. edit the shared resource properties for the printer in the HomeGroup.
- Edit the wireless profile for the home network.
- In Devices and Printers, click "Manage default printers."
- Edit the properties for the printer at home.

Back 45

- In Devices and Printers, click "Manage default printers."

Explanation
Location-aware printing sets a default printer for each of the network connections on a mobile client. To identify a different default printer for a network, click "Manage default printers" in Devices and Printers.

Section 5.4

Front 46

You have two computers running Windows 7: comp1 and Comp2. both computers are members of a domain.

Windows Remote Management (WinRM) is enabled on both computers.

From comp2, you need to create an additional disk volume on comp1.

What should you do?
- On Comp1, install the Telnet client. On comp2, use "diskmgmt.msc"
- On Comp2, run "winrs" and then run "diskmgmt.msc"
- On Comp1, install the Telnet client. On Comp2, run "diskpart"
- On Comp2, run "winrs" and then run "diskpart"

Back 46

- On Comp2, run "winrs" and then run "diskpart"

Explanation
To create an additional disk volume on a remote computer, run "winrs" and then run "diskpart" from the local computer. Windows Remote Shell (WinRS) uses the command-line interface to manage a remote computer. DiskPart is a command line utility used to configure and manage disks and volumes.

The Disk Management MMC snap-in (diskmgmt.msc) performs disk-related tasks similar to diskpart; however, it requires the use of a mouse as it is graphically-based, instead of command line-based. You would also need Remote Desktop or Remote Assistance in order to use Disk Management on a remote computer.

The Microsoft Telnet client is a text-based program that runs at the command prompt window. it allows you to connect to another computer. In this scenario, you are not working from comp1, and cannot install the Telnet client. If you were working from comp1, you could use Disk Management or DiskPart to create the additional disk volume as required in the scenario.

Section 7.8

Front 47

You have two computers running windows 7 named Comp1 and Comp2.

Both comp1 and comp2 receive their IP addresses from a DHCp server in the network, and accessed the Internet through a common default gateway.

After several changes in the network infrastructure, comp1 is the only computer with a connection to the Internet. In addition, Comp1 is now acting as the default gateway and is sharing its Internet connection with Comp2.

On Comp2, you are unable to access the Internet. You use the "ipconfig /all" command and discover the IP address for the Local Area connection is 192.168.0.25.

What should you do first?
- On Comp2, run "ipconfig /renew"
- On Comp2, run "ipconfig /flushdns"
- On Comp2, run "ping 192.168.0.1"
- On Comp2, run "netstat"

Back 47

- On Comp2, run "ipconfig /renew"

Explanation
In this scenario, Comp2 is an Internet Connection Sharing (ICS) client. ICS clients are computers on the private network that access the Internet through the shared connection on the ICS host. While running Windows7, Comp2 should have an IP address int he range of 192.168.137.0 with a mask of 255.255.255.0. This is the default DHCP address range for all ICS clients. Because a separate DHCP server was being used previously, you need to run "ipconfig /renew" on comp2 to request an address from the ICS host.

Use "ipconfig /flushdns" to force the client to flush its DNS cache. use "netstat" to display IP-related statistics, such as current connections, active sessions, and the local routing table. Use "ping" to check IP-level connectivity between two nodes in the network. In this scenario, you should ping 192.168.137.1 after you request an address from the ICS host.

Section 4.4

Front 48

You have a new Windows 7 Ultimate computer with both a wired and a wireless connection.

You want to configure a small wireless network at home. You install a router that connects your network to the Internet and which is the wireless access point.

you have turned off SSID broadcast on the Internet router. You will connect devices using a preshared key.

You need to configure your laptop to connect to the wireless network, and would like to use the most secure method available to you.

What should you do? (Select two. Each choice is a required part of the solution.)
- Use WPA2-Enterprise security.
- Manually create a network profile.
- Use WPA2-Personal security.
- Open the list of available wireless networks and choose your network from the list.

Back 48

- Manually create a network profile.
- Use WPA2-Personal security.

Explanation
Because SSID broadcast is turned off on the Internet router, you will need to manually create the wireless network profile. use WPA2-Personal security.

You will not be able to select your network in the available list because SSID broadcast is turned off. WPA2-Enterprise requires a RADIUS server and a domain controller for authentications. use a network bridge to allow wireless clients to connect to your computer and access the wired network.

Section 4.5

Front 49

You have a Windows 7 computer that you would like to manage remotely.

The computer connects to the network behind a firewall that blocks all but the most common ports.

You need to use a remote management solution that does not require additional firewall ports opened.

What should you do?
- Use Remote Desktop.
- Use an MMC console and connect to the remote computer instead of the local computer.
- Use Remote Shell.
- Use Telnet.

Back 49

- Use Remote Shell.

Explanation
Remote Shell sets up HTTP listeners on port 80 or 443 (which are allowed by most firewalls).

MMC snap-ins require an exception for Remote Administration which opens ports 135 and 445, Remote requires port 3389. Telnet uses port 23.

Section 7.8

Front 50

You are the desktop administrator for your company. You manage 20 Windows 7 computers

You would like to manage the computers remotely using a tool with a graphical user interface (GUI).

What should you do? (Select two.
Each choice is a possible solution.)
- Establish a Remote Desktop connection to each computer.
- Run Remote Shell to manage each computer.
- Use Telnet to connect to each computer.
- Open computer Management and connect to each remote computer.

Back 50

- Establish a Remote Desktop connection to each computer.
- Open computer Management and connect to each remote computer.

Explanation
To remotely manage computers using a graphical user interface, you can use Remote Desktop or most MMC snap-ins and preconfigured consoles such as Computer Management. When using computer Management, connect to the remote computer, then use the snap-ins to view and manage the components of the computer.

Use Remote Shell and Telnet to execute commands on a remote computer.

Section 7.8

Front 51

You have two computers: Comp1 is running Windows 7 and comp2 is running Windows XP. Both computers are members of a domain.

You need to use PowerShell commands to remotely manage Comp1 from comp2. comp1 has the Windows remote Management (WinRM) service enabled.

What should you do? (Select two. Each choice is a required part of the solution.)
- On Comp1, enable PowerShell 2.0.
- On Comp1, enable PsExec.
- On Comp2, download and install PowerShell 2.0.
- On Comp2, use the "icm" command

Back 51

- On Comp2, download and install PowerShell 2.0.
- On Comp2, use the "icm" command

Explanation
To manage Windows 7 from a computer running Windows XP, download and install PowerShell 2.0. To run PowerShell commands on a remote computer, at the PowerShell prompt use "icm" along with the command you want to execute.

you do not need to enable PowerShell on the remote computer; however, the remote computer must allow traffic on Port 80 (the default port used by PowerShell). The PowerShell remoting features are supported by the Windows Remote Management (WinRM) service. PsExec is remote management application that is part of the PsTools tool suite from Microsoft. PsExec is not necessary on the remote computer in this scenario.

Section 7.8

Front 52

You have several computers running Windows 7 Enterprise. Computer are unable to ping each other on the network. They can access external websites.

Which of the following is most likely to resolve the issue?
- Create a static route between Computers
- Permit ICMPv4 traffic through the firewalls of Windows 7 machines.
- Change computers addresses to be on the same subnet.
- Change the default gateway on all machines

Back 52

- Permit ICMPv4 traffic through the firewalls of Windows 7 machines.

Explanation
By default, computers running Windows 7 block ICMP traffic, which includes ping messages. To allow the ping messages to succeed between the computers, you must configure the firewall to allow ICMP traffic. use windows Firewall with Advanced Security or the "netsh advfirewall" command to configure exception based on protocol and port.

The computers are correctly configured in the same IP subnet, and do not require a default gateway to communicate. Configuring a static route is unnecessary work and will not allow the ping to succeed because of the default firewall rules.

*Adaptation of question with an image.

Section 4.6