Your network contains an Active Directory forest named contoso.com. Contoso.com contains three
domain controllers that run Windows Server 2008 R2 and three domain controllers that run
Windows Server 2003. All domain controllers are configured as DNS servers. You configure the
contoso.com zone to use DNSSEC. You need to ensure that the zone only replicates to DNS servers
that support DNSSEC. What should you do first?

Your company has a single Active Directory domain. The company network is protected by a firewall.
Remote users connect to your network through a VPN server by using PPTP. When the users try to
connect to the VPN server, they receive the following error message: “Error 721: The remote
computer is not responding.” You need to ensure that users can establish a VPN connection. What
should you do?

DRAG DROP
You need to configure Computer 1 to use a different DNS server than the other client computers on the network. What should you do?

Your company has a single Active Directory domain. The domain has servers that run Windows
Server 2008 R2. You have a server named NAT1 that functions as a NAT server. You need to ensure
that administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP). What
should you do?

Your company has a main office and 15 branch offices. The company has a single Active Directory
domain. All servers run Windows Server 2008 R2. You need to ensure that the VPN connections
between the main office and the branch offices meet the following requirements:
• All data must be encrypted by using end-to-end encryption.
• The VPN connection must use computer-level authentication.
• User names and passwords cannot be used for authentication.
What should you do?

Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You
configure RAS1 to use the Routing and Remote Access Services (RRAS). The company’s remote
access policy allows members of the Domain Users group to dial in to RAS1. The company issues
smart cards to all employees. You need to ensure that smart card users are able to connect to RAS1
by using a dial-up connection. What should you do?

Your network contains an Active Directory domain named contoso.com. Contoso.com contains three
servers. The servers are configured as shown in the following table.

You plan to give users access to the files shares on Server2 by using DirectAccess. You need to
ensure that you can deploy DirectAccess on Server3. What should you do?

Your network contains one Active Directory domain. You have a member server named Server1 that
runs Windows Server 2008 R2. The server has the Routing and Remote Access Services role service
installed. You implement Network Access Protection (NAP) for the domain. You need to configure
the Point-to-Point Protocol (PPP) authentication method on Server1. Which authentication method
should you use?

You deploy a Windows Server 2008 R2 VPN server behind a firewall. Remote users connect to the
VPN by using portable computers that run Windows 7. The firewall is configured to allow only
secured Web communications. You need to enable remote users to connect as securely as possible.
You must achieve this goal without opening any additional ports on the firewall. What should you
do?

Your network contains a server that runs Windows Server 2008 R2. The server has the Network
Policy and Access Services server role installed. You need to allow only members of a global group
named Group1 VPN access to the network. What should you do?