← Back to exam page

JN0-250 Mist AI. Associate (JNCIA-MistAI)

Loading demo links...

Showing 7–9 of 10 questions

Question 7

You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. The servers at the ABC.com network run Windows Server and the workstations, Windows Professional.

The Default Domain Policy has been updated recently through a security template file. The security template file contained a number of security configuration settings.

You notice that a server named ABC-SR05 can no longer run a program that is operational on other network servers which have a similar configuration. You suspect that additional security settings could have been added to the local security policy on ABC-SR05.

You want to run a utility on ABC-SR05 to compare the current security settings on ABC-SR05 to that of the security template file. You want to use a tool that will automatically identify all settings that might have been added to the local security policy on ABC-SR05.

What actions must you take on ABC-SR05?

Select an option, then click Submit answer.

  • Run the ADSIEdit on ABC-SR05.

  • Run the Security Configuration and Analysis console on ABC-SR05.

  • Run gpresult.exe on ABC-SR05.

  • Run the Dcgpofix on ABC-SR05.
Question 8

You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a two-node Network Load Balancing cluster, which is located in a data centre that is physically impenetrable to unauthorized persons.

The cluster servers run Windows Server Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet.

What can you do to mitigate the cluster’s most obvious security vulnerability?

Select an option, then click Submit answer.

  • Configure the cluster to require IPSec.

  • Configure the network cards to use packet filtering on all inbound traffic to the cluster.

  • Use EFS on the server hard disks.

  • Configure intrusion detection the servers on the DMZ.

  • Configure Mac addressing on the servers in the DMZ.
Question 9

You administer your company's Windows domain. The domain contains 10 Windows Server computers, 750 Windows Professional computers, and 300 Windows NT 4.0 Workstation computers Four of the Windows Server computers are DHCP servers, and two of the Windows Server computers are DNS servers. All network computers are configured to use DHCP. All four DHCP servers are configured with scopes for every subnet in the network.

You configure the DHCP servers to always register and update client computer information in DNS. To increase security, you configure DNS to only allow secure updates.

Immediately following this, you discover that the resource records for the DHCP clients are no longer updated when IP addresses change. You want the resource records for the client computers to have the most recent information. What should you do?

Select an option, then click Submit answer.

  • Add the computer accounts of the four DHCP servers to the DNSUpdateProxy global security group.

  • Add the computer accounts of the two DNS servers to the DHCP Users domain local security group.

  • Add the computer accounts of the four DHCP servers to the DNSAdmins domain local security group.

  • Configure the four DHCP servers to enable updates for DNS client computers that do not support dynamic update.

  • Configure the DHCP server to not release the DHCP lease for Windows Professional computers and the Windows NT 4.0 Workstation computers at shutdown.

  • Configure the two DNS servers to use a Time to Live (TTL) interval on resource records that are shorter than the lease time used by the DHCP servers.