Microsoft 70-642 TS: Windows Server 2008 Network Infrastructure, Configuring Certification 71-75
71. Your company has an Active Directory domain that has two domain controllers named DC1 and DC2.
You prepare both servers to support event subscriptions. On DC1, you create a new default subscription for DC2.
You need to review system events for DC2.
Which event log should you select?
A. system log on DC1
B. application log on DC2
C. Forwarded Events log on DC1
D. Forwarded Events log on DC2
72. Your company has a network that has an Active Directory domain. The domain has two servers named DC1 and DC2.
You plan to collect events from DC2 and transfer them to DC1. You configure the required subscriptions by selecting the Normal option for the Event delivery optimization setting and by using the HTTP protocol.
You discover that none of the subscriptions work.
You need to ensure that the servers support the event collectors.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Run the wecutil qc command on DC1.
B. Run the wecutil qc command on DC2.
C. Run the winrm quickconfig command on DC1.
D. Run the winrm quickconfig command on DC2.
E. Add the DC2 account to the Administrators group on DC1.
F. Add the DC1 account to the Administrators group on DC2.
73. Your company has a main office and a branch office. The branch office has three servers that run a Server Core installation of Windows Server 2008 R2. The servers are named Server1, Server2, and Server3.
You want to configure the Event Logs subscription on Server1 to collect events from Server2 and Server3.
You discover that you cannot create a subscription on Server1 from another computer.
You need to configure a subscription on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Run the wecutil cs subscription.xml command on Server1.
B. Run the wevtutil im subscription.xml command on Server1.
C. Create an event collector subscription configuration file. Name the file subscription.xml.
D. Create a custom view on Server1 by using Event Viewer. Export the custom view to a file named subscription.xml.
74. Your company has a server named DC1 that runs Windows Server 2008 R2. Server1 has the DHCP Server server role installed.
You find that a desktop computer named Computer1 is unable to obtain an IP configuration from the DHCP server.
You install the Microsoft Network Monitor 3.0 application on Server1. You enable P-mode in the Network Monitor application configuration. You plan to capture only the DHCP server-related traffic between Server1 and Computer1.
The network interface configuration for the two computers is shown in the following table.
?Server1Computer1IP address192.168.2.116220.127.116.11MAC address00-0A-5E-1C-7F-6700-17-31-D5-5E-FFYou need to build a filter in the Network Monitor application to capture the DHCP traffic between Server1 and Computer1.
Which filter should you use?
A. IPv4.Address == 169.254.15.84 && DHCP
B. IPv4.Address == 192.168.2.1 && DHCP
C. Ethernet.Address == 0x000A5E1C7F67 && DHCP
D. Ethernet.Address == 0x001731D55EFF && DHCP
75. You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server.
You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB.
You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data.
What should you do?
A. Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
B. Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
C. Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.