MCSA 70-290 Exam Questions

Standard Edition

Enterprise Edition

Web Edition

Datacenter Edition

Standard Edition

Enterprise Edition

Web Edition

Datacenter Edition

Standard Edition

Enterprise Edition

Web Edition

Datacenter Edition

Setup can be launched by booting to the CD-ROM.

Setup can be launched by booting to setup floppies.

Setup requires a non-blank password to meet complexity requirements.

Setup will allow you to enter all 1’s for the Product ID.

Administrative

Guest

Print operator

Yes

No

Yes

No

0

1

2

3

4

Don’t do anything; they already have access because they are administrators.

Remove the Administrators from the permission list on the Terminal Server connection, and put their administrator account in the Remote Desktop for Administration Group

Create a separate, lower-authorization user account for Administrators to use daily, and place that account in the Remote Desktop for Administration Group.

Terminal Services Manager

Terminal Services Configuration

System properties in Control Panel

Terminal Services Licensing

Port 3389 must be open.

NAT cannot be used.

Internet Connection Sharing is not possible.

You cannot use Remote Assistance across a Virtual Private Network (VPN).

Last Name

User Logon Name

Disable Account

Enable Account

Reset Password

DSADD

DSGET

DSMOD

DSRM

DSQUERY

DSADD

DSGET

DSMOD

DSRM

DSQUERY

%Username%

$Username$

CN=Username

DSADD

DSGET

DSMOD

DSRM

DSQUERY

Configure the permissions on the folder’s Security property sheet to deny write permission.

Configure the permissions on the folders Sharing property sheet to allow only read permission.

Modify the attributes of the profile folder to specify the Read Only attribute

Rename Ntuser.dat to Ntuser.man.

The password must not be based on the user’s account name

Must contain at least six characters, with at least one character from three of the four categories: uppercase, lowercase, Arabic numerals, and nonalphanumeric characters

Requirements will take effect immediately for all new accounts

Existing accounts will be affected when they next change their password

All of the above

Account Logon Successes

Account Logon Failures

Application Successes

Application Failures

Delete the user object and recreate it.

Rename the user object.

Enable the user object.

Unlock the user object.

Reset the password for the user object.

The global group has to be of the type distribution

The domain functional level must be Windows 2000 native or Windows Server 2003

The universal group must be of the type distribution

The global group has to be type security

The universal group must be of the type security

Users

Computers

Universal groups

Global groups

All of the the above

General

Members

Member of

Managed by

Security

General

Members

Member of

Managed by

Security

Domain Local Group

Global Group

Universal Group

Security Group

Distribution Group

-i

-t

-f

-s

You must create an *.ldf file manually for importing

You can use a .csv file

Administrators on the server

Domain Admins

Enterprise Admins

Account Operators on a domain controller

None of the above

The properties of My Computer

Control Panel’s System application

Active Directory Users and Computers

The Network Connections folder

The Users application in Control Panel

NETDOM

DSADD

DSGET

NETSH

NSLOOKUP

Windows NT 4

Windows 2000

Windows XP

Windows 95

Windows Server 2003

The account is disabled

The user entered wrong credentials

A computer has not joined the domain using that account

Create a computer object in the Desktops OU

Create a user account in the Desktops OU

Select the executive’s user account for the property The Following User Or Group Can Join This Computer To A Domain

Create a computer account in the Desktops Group

None of the above

If an account is not created in advance, one will be generated automatically when the computer joins the domain, and that account will be located in the default Computers container

Computer policies, which are typically linked to specific OUs, will not apply to the newly joined computer

Because most organizations do have specific OUs for computers, you are left with an extra step to remember: moving the computer object to the correct OU after joining the domain

By creating a computer object in advance, you can specify which groups (or users) are allowed to join a system to the domain with that account

All of the above

Enable the accounts

Disable the accounts

Reset the accounts

Delete the accounts

None of the above

The Shared Folders snap-in

Windows Explorer running on the local machine, connected to the remote server’s share or hidden drive share

Windows Explorer running on the remote machine in a Terminal Services or Remote Desktop session.

The File Server Management console.

Full Control

Read

Rear and Write

Read and Execute

None of the above

The default share permission in Windows Server 2003 is Everyone: List Folder Contents.

The default share permission in Windows Server 2003 is Everyone: Deny Access.

The default share permission in Windows Server 2003 is Everyone: Allow Read.

All of the above

None of the above

Full Control

Modify

Write

Read & Execute

List Folder Contents

Modify the permissions on the parent folder by adding the permission Bill:Allow Full Control.

Modify the permissions on the parent folder by adding the permission Bill:Allow Read

Modify the permissions on the plan by adding the permission: Bill:Allow Read.

Modify the permissions on the plan by deselecting Allow Inheritable Permis sions, choosing Copy, and removing the Deny permission.

Remove Bill from the group that is assigned the Deny permission.

It is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying accessIt is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying accessIt is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying accessIt is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying access

If you are not logged on as a Domain Admin, you may not be able to read all group memberships, which might skew the resulting permissions report.

Effective Permissions tool is only an approximation of a user’s access

All of the above

None of the above

The date of the event

The user that generated the event

The type of object access that generated the event

Success or failure audit

All of the above

Application log; Success Event

Application log; Failure Event

Security log; Success Event

Security log; Failure Event

System log; Success Event

Http://server01.web.adatum

Http://web.adatum.com/server01

Http://server01.adatum/home

Http://server01.adatum.com

None of the above

Anonymous Access

Basic Authentication

Digest Authentication

Integrated Windows Authentication

None of teh above

Normal

Differential

Incremental

Copy

Normal

Differential

Incremental

Daily

Do Not Replace The File On My Computer

Replace The File On Disk Only If The File On Disk Is Older

Always Replace The File On My Computer

Do Not Replace The File On My Computer

Replace The File On Disk Only If The File On Disk Is Older

Always Replace The File On My Computer.

Original location

Alternate location

Single folder

Backup Operators group

Print Operators

Administrators

Account Operators

Network Configuration Operators

The folder is not enabled for Shadow Copy

The volume on the server is not enabled for Shadow Copy.

The user doesn’t have permission to view the Shadow Copy cache.

The Shadow Copy client is not installed on the user’s machine

The folder is on a FAT volume.

TCP/IP printer port

Model of the print device

URL to printer on print server

UNC path to print share

Printer driver

Open the printer’s Properties dialog box, select the Sharing tab, and then select the Do Not Share This Printer option

Open the printer’s Properties dialog box and select a port that is not associated with a print device

Open the printer’s queue window, select the first document, and then select Pause from the Document window. Repeat the process for each document.

Open the printer’s queue window, and select the Pause Printing option from the Printer menu.

The Everyone group must be granted the Manage Documents permission.

The Administrators group must be granted the Manage Printers permission

The Marketing group must be granted the Print permission.

The Marketing group must be granted the Manage Printers permission

Configure the LPT1 port to support three printers

Select or create the ports mapped to the three printers.

On the Device Settings tab, configure the installable options to support two additional print devices

On the Device Settings tab, configure the installable options to support two additional print devices

Http://mktg1/printers

Http://printers/mktg1

Http://windows/web/printers

Http://windows/mktg1

Priority

Available From / To

Start Printing After Last Page Is Spooled

Print Directly To The Printer

Keep Printed Documents

In the failed printer’s Properties dialog box, select Enable Printer Pooling

At the command prompt, type Net Stop Spooler.

At the command prompt, type Net Start Spooler.

In the failed printer’s Properties dialog box, select the port 192.168.1.217.

In the failed printer’s Properties dialog box, click Add Port.

There’s insufficient hard disk space for spooling

You’re using an incorrect printer driver.

The selected port is not correct.

The device settings for the printer are using an incorrect font substitutio

Configure auditing for a logical printer and audit for successful use of the Print permission by the Everyone system group.

Export the System log to a comma-delimited text file and use Excel to analyze spooler events.

Configure a performance log and monitor the Total Pages Printed counter for each logical printer.

Configure a performance log and monitor the Jobs counter for each logical counter.

Notify For Download And Notify For Install

Auto Download And Notify For Install

Auto Download And Schedule The Install

Setup.exe -u

Update.exe -x

Update.msi

.exe -x

Published in the Computer Configuration Software Settings

Assigned in the Computer Configuration Software Settings

Published in the User Configuration Software Settings

Assigned in the User Configuration Software Settings

Per User

Per Server

Per Seat

Per Device or Per User

6

4

8

18

24

Active Directory Domains And Trusts

The Licensing tool in Control Panel

Active Directory Sites And Services

DNS

Revoke the licenses from the existing clients

Delete the existing licenses, then add 500 licenses

Create license groups

Convert to Per Server licensing

From the Properties page of the device, choose Do Not Use this Device (Disable).

From the Properties page of the device, choose Uninstall.

Using the Safely Remove Hardware utility, choose to remove the device.

Last Known Good Configuration

Driver Rollback

Safe mode

Recovery Console

Primary partition

Extended partition

Mirrored volume

Spanned volume

RAID-5 volume

Primary partitions

Simple volumes

Spanned volumes

Extended partitions

Unallocated space

Import Foreign Disk

Format volume

Rescan

Change Drive Letter or Path

Convert to Dynamic Disk

Check Disk

Disk Defragmenter

DISKPART

Disk quotas

On any server for all disks

On any physical disk for all volumes

On any volume for all folders

On any folder

5 percent

10 percent

15 percent

25 percent

50 percent

RAID-0

RAID-1

RAID-5

You cannot use software RAID to protect a boot partition

RAID-0

RAID-1

RAID-5

Hardware RAID

20

25

33

50

RAID-0

RAID-1

RAID-5

RAID-5 is already implemented in hardware.

One or two of the disks are configured with the basic storage type

All three disks are configured with the dynamic storage type

All three disks are configured with the basic storage type.

RAID-5 is already implemented in software.

%Windir %

%Systemroot%

System State

None of the above. You cannot back up the registry

Automated System Recovery

Recovery Console

Safe mode

Directory Services Restore mode

Use the Recovery Console to copy data to the disk.

Use the Backup utility to launch the Restore Wizard

Use the ASR backup to restore the data.

Use the Last Known Good Configuration option in Safe mode to set up the new disk.

Data files two months ago

Data files at the last full backup

Disk configuration

Operating system

System State two months ago

Rooslan should add Alex’s account to the Backup Operators group on each server

Rooslan should add Alex’s account to the Backup Operators group in the domain

Rooslan should add Alex’s account to the Power Users group in the domain.

Rooslan should modify the local GPO on each Windows Server 2003 to give Alex’s account the Perform Volume Maintenance Tasks user right.

Rooslan should modify the local GPO on each Windows Server 2003 to give Alex’s account the Take Ownership Of Files And Other Objects user right.

Rooslan did not achieve any primary goals. All of Rooslan’s secondary goals were achieved.

Rooslan has achieved the primary goal and one secondary goal.

Rooslan has achieved the primary goal and two secondary goals

Rooslan has achieved all primary and secondary goals.

Rooslan has achieved none of the primary and secondary goals.

The contents of the Compress directory will be compressed.

The contents of the Compress directory will be uncompressed

The contents of the Encrypt directory will be encrypted.

The contents of the Encrypt directory will be unencrypted

The contents of the Indiperf directory will not retain their individually tailored NTFS permissions.

Lee should configure Volume Shadow Copy services on the second hard disk drive by using disk properties

Lee should configure Volume Shadow Copy services on the first hard disk drive by using disk properties

Lee should configure the disks in a RAID-5 configuration using the hardware RAID controller’s configuration utility.

Lee should configure the disks in a RAID-0 configuration using the hardware RAID controller’s configuration utility.

Lee should configure the disks in a RAID-1 configuration using the hardware RAID controller’s configuration utility.

Initialize new disks.

Convert dynamic disks to basic disks.

Convert basic disks to dynamic disks.

Create mirrored disk pairs.

Create striped sets.

Only Plug and Play devices can be viewed in the Device Manager.

You must upgrade the driver for this device to one that supports Plug and Play.

Disk drive and RAID controllers are not visible in the Device Manager.

You must go to the View menu in Device Manager and select Show Hidden Devices.

Rooslan needs to open the USB devices utility located in Control Panel. This utility lists the bandwidth and power consumptions of all USB devices attached to the system.

Rooslan needs to open the Power utility located in Control Panel. From here he can navigate to the USB tab to discover the power consumption profiles of various devices attached to the system.

Rooslan needs to open the Device Manager and navigate to the USB Root Hub, right-click and select Properties. He then needs to click the Power tab, which lists the power consumption by attached device

Rooslan needs to open the Device Manager and navigate to the USB Universal Host Controller, right-click and select Properties. He then needs to click the Advanced tab, which lists the bandwidth-consuming devices and the bandwidth they use.

Rooslan needs to open the Bandwidth utility located in Control Panel. From here he can navigate to the USB tab to discover the bandwidth consumption profiles of various devices attached to the system.

Orin has achieved the primary goal and all secondary goals.

Orin has achieved the primary goal and one secondary goal.

Orin has achieved the primary goal and no secondary goals.

Orin has not achieved the primary goal and has achieved all secondary goals.

Orin has not achieved the primary goal and has achieved one secondary goal.

Run the Device Manager on each Windows Server 2003 system. Select Network Adapters, and then from the Action menu, select Print. Choose Selected Class or Device and then click Print.

Select Network Connections in Control Panel on each Windows Server 2003 system. From the Advanced Tab select Network Hardware, and then click Generate Report.

Run WINMSD from the command prompt. From the Components node, select the Network node and then the Adapters node. From the File menu, select Print.

Run Winipcfg from the Run menu. From the Adapters tab, select Generate Hardware Report, and then click Print.

Run the Ipconfig/Adapter command from the command prompt. Copy the resulting information into a text file in Notepad and then print it.

When connected to the remote domain controller, Rooslan should open the Device Manager and, on the View menu, select Show Hidden Devices.

When connected to the remote domain controller Rooslan should examine the system log for any entries created by failing device drivers.

When connected to the remote domain controller, Rooslan should examine the security log for any entries created by failing device drivers

When connected to the remote domain controller, Rooslan should examine the device log for any entries created by failing device drivers.

When connected to the remote domain controller, Rooslan should examine the application log for any entries created by failing device drivers.

Rooslan achieved the first team’s goal, as well as all goals of the second team and all goals of the third team

Rooslan achieved the first team’s goal, two of the second team’s goals, and all the third team’s goals.

Rooslan achieved the first team’s goal, all the second team’s goals, and one of the third team’s goals

Rooslan did not achieve the first team’s goal, achieved all the second team’s goals, and achieved one of the third team’s goals

Rooslan achieved the first team’s goal, achieved two of the second team’s goals, and achieved one of the third team’s goals.

Oksana has mistakenly analyzed the first volume, which contains the boot and system files.

The page file has been located on the second volume.

Oksana has stored encrypted files on the second volume

Oksana has stored compressed files on the second volume

The NTFS change journal, stored on all NTFS volumes, is an unmovable file.

The volume is failing to defragment because it is close to capacity. A volume must have at least 15 percent of space free for the defragmentation process to begin.

The volume has been marked as dirty. Oksana needs to run Chkdsk from the command line before she can defragment the volume successfully.

Oksana must take the volume offline manually to perform the defragmentation. Once this is done, the disk will defragment normally

Oksana needs to dismount the disk hosting the volume to perform a defragmentation. Once this is done, the disk will defragment normally.

Drive C

Drive D

Drive E

Drive F

Drive C

Oksana should reconfigure the domain GPO and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation.

Oksana should reconfigure the local GPO and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation

Oksana should check the Administrator Option / Make This Action The System Default check box in the Driver Signing Options dialog box, accessible from the System Properties. This will enable her to switch the option from Block to Warn.

Oksana should reconfigure the GPO assigned to the site that the servers are set up in and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation

Oksana should reconfigure the GPO applied to the OU that the servers are members of and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation

Edit the local GPO on each server and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation

Edit the GPO applied to the site in which the servers in your lab reside and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation.

Create a new organizational unit called Mylab. Move the computer accounts for the Windows Server 2003 systems in to the Mylab OU. Create a GPO that sets the Unsigned Driver Installation Behavior policy to Warn But Allow Installation and apply it to the Mylab OU

Edit the Domain GPO and set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation

Create a group and put your user account in this group. Create a GPO that sets the Unsigned Driver Installation Behavior policy to Warn But Allow Installation and apply this GPO to the newly created group.

Select the RAID controller in the Device Manager. From the Action menu, select Properties. Select the Resources Tab, and then clear the Use Automatic Settings check box. Select the IRQ and click Change Settings. Scroll through the IRQs until you find one that does not conflict with any others. Click OK and then restart the server.

Select the fax board in the Device Manager. From the Action menu, select Properties. Select the Resources tab, and then clear the Use Automatic Settings check box. Select the IRQ and click Change Settings Scroll through the IRQs until you find one that does not conflict with any others. Click OK and then restart the server

Select the RAID controller in the Device Manager. From the Action menu, select Properties. Select the Resources tab, and then clear the Use Automatic Settings check box. Select the I/O Range and click Change Settings button. Scroll through the I/O Range until you find one that does not conflict with any others. Click OK and then restart the server.

Select the fax board in the Device Manager. From the Action menu, select Properties. Select the Resources tab, and then clear the Use Automatic Settings check box. Select the I/O Range and click Change Settings. Scroll through the I/O Range until you find one that does not conflict with any others. Click OK and then restart the server.

Select the RAID controller in the Device Manager. From the Action menu, select Properties. In the Device Usage drop-down list on the General tab, select Do Not Use This Device (Disable).

Run the Device Manager and look for another device with a yellow and black exclamation mark beside it.

View the application log and look for an entry that describes the device with which the network card conflicts.

Run the Device Manager and select the network card that has the yellow and black exclamation mark beside it. From the Action menu, select Properties. On the Resources tab, clear the Use Automatic Settings check box. A conflicting device list will be displayed with the resources that conflict

Run the Hardware Troubleshooting Wizard and select Resolve All Device Conflicts

Run the Hardware Troubleshooting Wizard and select Report On All Device Conflicts.

Use the Device Manager and from the View menu, select Resources By Connection

Use the Device Manager and from the View menu, select Resources By Type

Use the Device Manager and from the View menu, select Devices By Connection

Use the Device Manager and, from the View menu, select Devices By Type

This cannot be done.

Use the Device Manager to find the modems and select their properties

Use the Phone And Modem Options in Control Panel to adjust the modem speeds.

Use the Routing And Remote Access console to adjust the modem speed

Right-click on My Network Places and select Properties. Edit the properties of the multilink connection to the remote site and reduce the connection speed

Configure a mandatory profile and assign it to each user in the domain

Configure a mandatory profile and assign it to each shared computer.

Configure a roaming profile and assign it to each user in the domain.

Configure a roaming profile and assign it to each shared computer

Configure the permissions on the profile folder’s Security property sheet to deny write permission

Configure the permissions on the profile folder’s Sharing property sheet to allow only read permission.

Modify the attributes of the profile folder to specify the Read Only attribute.

Modify the file name of Ntuser.dat in the profile folder to Ntuser.man.

Assign Read and Write permission on the folder where the profiles are stored to only those users who store roaming profiles.

Configure Server Message Block (SMB) signing on the server where the profiles are stored

Configure Server Message Block (SMB) signing on each computer that uses roaming profiles

Convert the volume where the profiles are stored to NTFS

Configure Encrypting Files System (EFS) to encrypt the folder where the profiles are stored

Configure a local profile after logging on as Guest on one of the computers in the lobby. Copy it to the Default User folder. Repeat this process on each computer in the lobby.

Configure a local profile on one of the computers in the lobby. Copy it to the Default User folder in the directory on the server that contains the roaming profiles.

Create a Group Policy Object (GPO) linked to the Sales OU. Enable the Only Allow Local User Profiles Computer Configuration policy.

Create a GPO linked to the Lobby OU. Enable the Only Allow Local User Profiles Computer Configuration policy.

Change the file name of Ntuser.dat to Ntuser.man in the Default User folder on each computer in the lobby.

Dsmod CN=pserver01,CN=PSERVERS,DC=contoso,DC=com -reset

Dsmod computer pserver01.contoso.com -reset

Dsmod contoso\pserver01 -reset

Dsmod computer CN=pserver01,CN=PSERVERS,DC=contoso,DC=com -reset

In Active Directory Users And Computers, right-click the computer object and choose Reset Account

On the domain controller, use the Dsmod command-line tool to reset the computer password

On the domain controller, use the Netdom command-line tool to reset the computer password

Restart the server in the recovery console and use the console to reset the computer account

Use Active Directory Domains And Trusts to move the computer accounts.

Use Active Directory Users And Computers to move the computer accounts

Use the Movetree command-line tool to move the computer accounts.

Use the Dsmove utility to move the computer accounts.

Dsget computer

Dsmod computer

Dsquery computer

Dsadd computer

Dsrm computer

Domain Local in Domain Local

Global in Domain Local

Universal in Domain Local

Domain Local in Global

Global in Global

Domain local with user members; convert to global

Global with user members; convert to universal

Global with global group members; convert to universal

Universal group with universal group members; convert to domain local

Universal group with universal group members; convert to global

Domain Local Group: Security Type

Domain Local Group: Distribution Type

Global group: Security Type

Global group: Distribution Type

Universal group: Security Type

Active Directory Users And Computers

Active Directory Domains And Trusts

Ntdsutil

Ldifde

Csvde

Dsquery user domainroot -inactive 4 -disabled yes

Dsquery user domainroot -inactive 4|dsmod user -disabled yes

Dsquery user domainroot -inactive 4|dsrm -q

Dsquery user domainroot -inactive 4|dsmove –newparent OU=disabled,DC=contoso, DC=com -q

Use Active Directory Users And Computers to move the East group to the East Sales OU

Use Dsquery to get the members of the group, and then pipe (stdin) the output to the Dsmod command with the East Sales OU as the target.

Use Dsquery to get the members of the group, and then pipe (stdin) the output to the Dsmove command with the East Sales OU as the target.

Use Dsquery to get the members of the group, and then pipe (stdin) the output to the Dsadd command with the East Sales OU as the target.

D:\Home\%Username%

\\Server01\d$\Home\%Username%

\\Server01\%Homedir%\%Username%

\\Server01\Homedir\%Username%

Log on to the Desk249 computer with the local administrator account. In the System control panel, in the Computer Name tab click on the “To rename this computer or join a domain, Click change” change button. Join Desk249 to a workgroup named TEST and restart. Log on again with the local administrator account. Navigate back to the workgroup/domain membership page. Using an account with domain administrator privileges, rejoin the Desk249 computer to the Active Directory domain, and then restart Desk249.

Use Active Directory Users And Computers to create a new computer account with the computer name Desk249 in the Computers container. Restart Desk249.

Use Dsadd to create a new computer account with the computer name Desk249 in the Computers container. Restart Desk249.

Use Ntdsutil to restore the computer account from a backup of Active Directory that contains the Desk249 account

Create an account for Server03 in the domain.

Use Active Directory Users And Computers to reset the password for Server03.

Join Server03 to a workgroup.

Join Server03 to the domain.

Delete the Server03 account from the domain.

The RID Master role is unavailable.

The PDC Emulator role is unavailable

The domain infrastructure role is unavailable

The schema master role is unavailable

A computer account in the domain needs to be reset.

The user’s password is longer than 14 characters

The user’s account needs to be configured to allow logon to all workstations.

The user’s home directory is corrupted

Reset John’s password.

Set the home directory for John to D:\Profiles\%Username%.

Set the profile path for John to \\Server01\Profiles\%Username%.

Copy the profile that John wants to use to D:\Profiles\John on the profile server.

The user does not have Terminal Server access enabled in his or her user account properties.

The user does not have dial-in permission enabled in his or her user account properties.

The user does not have a computer account in the domain for his or her remote computer

The user is not supplying the correct credentials when dialing in.

Reset the user’s password in Active Directory

Reset the user’s computer account in Active Directory

Use the password reset disk for that user to reset the password on the local computer.

Disconnect the computer from the network, and then restart the computer.

Reset the user’s password in Active Directory.

Reset the laptop computer account in Active Directory

Delete the laptop computer account from the domain, join the laptop to a workgroup, then rejoin the laptop to the domain.

Delete and recreate the laptop computer account.

Create a child domain of the current domain and move the developers’ accounts to this domain. Edit the Default Domain GPO of the child domain and implement the separate password policy requested by the developers.

Create a separate OU and move the 40 developers’ user accounts into this OU. Create and edit a new GPO, implementing the separate password policy requested by the developers via this GPO. Apply the GPO to the newly created OU hosting the developers’ accounts.

Resubnet the network and create a new site within Active Directory. Place all the 40 developers’ workstations onto this new subnet. Create and edit a new GPO, implementing the separate password policy requested by the developers via this GPO. Apply the GPO to the newly created site hosting the developers’ computer accounts

Edit the Local GPO on each of the developer’s workstations, implementing the separate password policy requested by the developers via this GPO.

Authenticated Users–Full Control

Authenticated Users–Change

Authenticated Users–Read

Creator/Owner–Full Control

Reator/Owner–Change

NTFS–Interactive–Change

NTFS–Interactive–Read

NTFS–Authenticated Users–Change

NTFS–Managers–Change

Share Permission–Network–Read

Only Administrators can access the shared folder from the network.

All Users can access the shared folder from the network.

Authenticated Users can delete files in the folder

Managers can delete files in the folder.

Authenticated Users can write files in the folder

Enable the Client/Server data redirection setting in Group Policy for each Terminal Server client computer

Enable the Client/Server data redirection setting in Group Policy for the Terminal Server computer

Instruct the user to install the local printer from within their Terminal Server session

Use a logon script for the users’ Terminal Server session to add the printer.

Add the users to the Remote Desktop Users group.

Configure the User Right to Log on locally on the Terminal Server for each user

Enable the Group Policy setting for Client/Server data redirection.

Enable the Terminal Services Remote Control setting for each user.

Your user account is not a member of the local Administrators group on the user’s computer

You do not have the Terminal Services client installed on your computer.

Port 3389 is not open on the firewall between your network segment and the network segment that the user’s computer is on.

The user’s account in Active Directory is configured so as not to allow Remote Control.

The Terminal Server entry in DNS needs to be refreshed

The Terminal Server connection permissions need to be refreshed.

The Terminal Server connection permissions need to be refreshed.

The Terminal Server needs to be restarted

Connect to Server02 with the Remote Desktop for Administration client.

Connect to Server01 from the Terminal Services session on Server02 with the Terminal Services Manager. Disconnect one of the Remote sessions.

Connect to Server01 from the Terminal Services session on Server02 with the Remote Desktop for Administration client. Disconnect one of the Remote sessions

Open the Server01 Properties dialog box from Active Directory Users And Computers. Configure Server01 to deny Terminal Services connections, and then reconfigure Server01 to allow Terminal Services connections.

Connect to Server01 from the Terminal Services session on Server02 with the Remote Desktop for Administration client. Open the System properties page for Server01 and configure Server01 to deny Remote Desktop Connections, and then reconfigure Server01 to allow Remote Desktop Connections.

Share: Accounting–Read; AccountingExec–Read; Users–Read NTFS: Accounting–Read; AccountingExec–Modify; Users–Read

Share: Accounting–Full Control; AccountingExec–Full Control; Users–Read NTFS: Accounting–Read; AccountingExec–Modify; Users–List, Read access on Summary.rpt

Share: Accounting–Read; AccountingExec–Modify; Users–Read NTFS: Accounting–Read; AccountingExec–Full Control; Users–Read

Share: Accounting–Full Control; AccountingExec–Full Control; Users–Deny Read NTFS: Accounting–Read; AccountingExec–Read; Users–List, Read access on Summary.rpt

List Folder/Read Data

Traverse Folder/Execute Files

Read Extended Attributes

Read Attributes

Place the user’s account in the appropriate groups.

Reset the computer account.

Reassign and apply any appropriate Group Policies to the user account.

Re-permission resources to which permission was given or denied based on the user account.

Re-permission resources to which permission was given or denied based on group membership.

Add Joe’s user account to the Built-in Account Operators group for the domain.

Add Joe’s user account to the Itadmin3 OU

Reset Joe’s computer account.

Instruct Joe to log off, and then log on to his computer.

From the Event Viewer, edit the properties of the System log. In the Filter tab make sure that the Information and Warning events check boxes are selected and that the Error, Success Audit and Failure Audit check boxes are clear.

From the Event Viewer, edit the properties of the Application log. In the Filter tab, make sure that the Information and Warning event check boxes are selected and that the Error, Success Audit and Failure Audit check boxes are clear.

From the Event Viewer, edit the properties of the Application log. In the Filter tab, make sure that the Information and Warning Events check boxes are clear and that the Error, Success Audit and Failure Audit check boxes are selected. Set the Event Source to Disk Quota.

From the Event Viewer, edit the properties of the Application log. In the Filter tab, make sure that the Information and Warning Events check boxes are selected and that the Error, Success Audit and Failure Audit check boxes are clear. Set the Event Source to Chkdsk

From the Event Viewer, edit the properties of the Application log. In the Filter tab, make sure that the Information and Warning Events check boxes are selected and that the Error, Success Audit and Failure Audit check boxes are unchecked. Set the Event Source to Disk Quota.

Run the Event Viewer Wizard and select the Display Errors check box. Set the display date to the last seven days.

In the Event Viewer, Rooslan should edit the properties of the System log. In the Filters tab, he should make sure that only the Error check box is selected.

In the Event Viewer, Rooslan should edit the properties if the Application log. In the Filters tab, he should make sure that only the Error check box is selected andthat the first event date is set to the date seven days previously and the last event is set to today’s date.

In the Event Viewer, Rooslan should edit the properties of the System log. In the Filters tab, Rooslan should make sure that only the Error check box is selected and that the first event date is set to the date seven days previously and the last event is set to today’s date.

In the Event Viewer, Rooslan should edit the properties of the System log. In the Filters tab, Rooslan should make sure that only the Information check box is selected and that the first event date is set to the date seven days previously and the last event is set to today’s date.

Create a filter on the Security log. Look only for success audits and set the Event Source to Security. Set the User setting to Agim’s account name. Set the Event ID to 538. Set the First Event to a date two months ago and the Last Event to today.

Create a filter on the System log. Look only for success audits and set the Event Source to Security. Set the User setting to Agim’s account name. Set the First Event to a date two months ago and the Last Event to today.

Create a filter on the System log. Look only for success audits and set the Event Source to Security Account Manager. Set the User setting to Agim’s account name. Set the Event ID to 538. Set the First Event to a date two months ago and the Last Event to today.

Create a filter on the Security log. Look only for success audits and set the Event Source to Security. Set the First Event to a date two months ago and the Last Event to today. Set the Event ID to 538.

Create a filter on the Security log. Look only for success audits and set the Event Source to Security Account Manager. Set the User setting to Agim’s account name. Set the Event ID to 538. Set the First Event to a date two months ago and the Last Event to today.

Create a filter on the System log. Look only for failure audits and set the Event Source to Security. Set the User setting to Lee’s account name. Set the First Event to a date one month ago and the Last Event to today.

Create a filter on the System log. Look only for success audits and set the Event Source to Security. Set the User setting to Lee’s account name. Set the First Event to a date one month ago and the Last Event to today.

Create a filter on the System log. Look only for success audits and set the Event Source to Security Account Manager. Set the User setting to Lee’s account name. Set the First Event to a date one month ago and the Last Event to today

Create a filter on the Security log. Look only for success audits and set the Event Source to Security Account Manager. Set the User setting to Lee’s account name. Set the First Event to a date one month ago and the last event to today.

Create a filter on the Security log. Look only for failure audits and set the Event Source to Security. Set the User setting to Lee’s account name. Set the First Event to a date one month ago and the Last Event to today.

Because SUS cannot be configured to authenticate against a proxy, all updates must be manually downloaded by an administrator and placed on the SUS server. The Windows XP Professional machines should be configured using Group Policy to contact the SUS server for their software updates

Because SUS cannot be configured to authenticate against a proxy and Windows XP clients can, Windows XP clients should continue to contact Microsoft to download their updates

SUS can be configured to authenticate against a proxy to download a list of updates for your approval. Windows XP systems should be configured to check the SUS server to find which updates you have approved and then to automatically download those updates from the Microsoft Web site.

SUS can be configured to authenticate against a proxy to download a list of updates for your approval as well as downloading the updates. Windows XP systems should be configured to check the SUS server to determine which updates are approved and then to retrieve them from the SUS server.

Use the Automatic Updates tab in the System console from Control Panel on every Windows XP Professional workstation computer to set the update server to the address of the SUS server. Set the Windows XP workstations to automatically download and install updates at 7:00 A.M. each day.

Use the Automatic Updates tab in the System console from Control Panel on each Windows Server 2003 system except the SUS server to set the update server to the address of the SUS server. Set these servers to automatically download and install updates at 7:00 A.M. each day.

Place the Windows XP Professional workstations and the Windows Server 2003 domain controller in a separate OU named Uptest. Edit a GPO’s Windows Update properties for the Uptest OU, specifying the address of the update server as the SUS server in the Specify Intranet Microsoft Update Service Location policy. Set Configure Automatic Updates Policy to automatic download and install and set the scheduled install day to Every Day and the time to 7:00 A.M. Apply this GPO to the Uptest OU.

On the stand-alone Windows Server 2003 system, edit the local GPO’s Windows Update properties specifying the address of the update server as the SUS server in the Specify Intranet Microsoft Update Service Location policy. Set Configure Automatic Updates Policy to automatic download and install and set the scheduled install day to Every Day and the time to 7:00 A.M. Apply this GPO to the Uptest OU.

On the SUS server, edit the local GPO’s Windows Update properties specifying the address of the update server as the SUS server in the Specify Intranet Microsoft Update Service Location policy. Set Configure Automatic Updates Policy to automatic download and install and set the scheduled install day to Every Day and the time to 7:00 A.M. Apply this GPO to the Uptest OU.

Configure a SUS server in the headquarters location to maintain a list of approved updates and to download and store those updates from the Microsoft Windows Update Servers. Configure a Group Policy that instructs clients to use the SUS server as their update server. Apply this GPO to the headquarters and branchoffice sites.

Although this will allow updates to be rolled out to all clients within the organization it will also saturate the ISDN BRI lines with update traffic because each client workstation downloads its updates from the central SUS server. Configure a SUS server in the headquarters location to maintain a list of approved updates but maintain those updates on the Microsoft Windows Update Servers. Configure a Group Policy that instructs clients to use the SUS server as their update server. Apply this GPO to the headquarters and branch-office sites.

Configure a SUS server in the headquarters location to maintain a list of approved updates but maintain those updates on the Microsoft Windows Update Servers. Configure a SUS server in each branch office location to maintain a list of approved updates but maintain those updates on the Microsoft Windows Update Servers. Create a GPO and apply it to each site. The GPO should have a policy that clients are to use their local SUS server as their update server.

Configure a SUS server in the headquarters location to maintain a list of approved updates and to download and store those approved updates. Configure SUS servers in each branch office to synchronize with the SUS server in the headquarters location. Configure a Group Policy that instructs clients to use the headquarters SUS server as their update server. Apply this GPO to the headquarters and branchoffice sites.

Configure a SUS server in the headquarters location to maintain a list of approved updates and to download and store those approved updates. Configure SUS servers in each branch office to synchronize with the SUS server in the headquarters location. Create a GPO and apply it at each site. The GPO should have a policy that clients are to use their local SUS server as their update server.

A Windows Device CAL allows a device, such as a workstation, to connect to a server regardless of how many users use that device.

A Windows Device CAL allows a single user to connect to multiple servers so long as they use only a single workstation

A Windows User CAL allows a single user to access a server from multiple devices, such as workstations.

A Windows User CAL allows a single user to access a server from a single workstation.

500

540

1,565

1,800

17 Per Device licenses and 11 Per User licenses.

22 Per Device licenses and 17 Per User licenses

38 Per User licenses and 22 Per Device licenses.

17 Per User licenses and 11 Per Device licenses.

License Groups

License Revocation

License Clustering

License Aggregation

Remote Assistance

Terminal Services Remote Administration Mode

HTML Remote Administration Tools

Computer Management Console

REGEDT32

He can use the Disk Defragmenter node in his Computer Management console in Windows XP Professional to connect to the remote systems to initiate disk defragmentation.

Remote Assistance

Terminal Services Remote Administration mode

Using Defrag,exe from the command line of his Windows XP Professional Workstation.

Local Computer Management Console

HTML Remote Administration Tools

Terminal Services Remote Administration mode

Active Directory Users And Computers Console

The Computer Management Console on your Windows XP Professional System

Active Directory Users and Computers

HTML Remote Administration Tools

Terminal Services Remote Administration mode

Remote Assistance

Alex can send a remote invitation to the administrator by using Windows Messenger and the Remote Assistance Wizard

Alex can e-mail a remote assistance invitation to the administrator using the Remote Assistance Wizard.

Alex can create the invitation as a file and place it on an FTP server where the administrator can download it and access it.

Alex can run the Remote Desktop Connection client and set it to connect to the administrator’s system.

Alex can create the invitation as a file and place it on a file share where the administrator can access it.

Foley should order a second high-speed laser printer of the same make and model and institute a printer pool.

Foley should set different printer priorities for each legal secretary based on a list generated by the head of the group. The most important secretary should be set a priority of 1 and the least important a priority of 99.

Foley should set different printer priorities for each legal secretary based on a list generated by the head of the group. The most important secretary should be set a priority of 99 and the least important a priority of 1.

Foley should purchase three more high-speed laser printers and install them with their own individual printer shares on the print server. Secretaries can select the printer share that has the fewest jobs in the queue.

Alter the shared printer properties and increase the size of the maximum print job to 200 pages.

Remove the quota set on the printer to allow larger jobs to be printed.

Create a new printer share on the same server and point it at the same print device

Clean up the server’s hard disk drive and remove unneeded files from the file share to increase the disk space.

Successful Object Access

Failed Object Access

Successful Privilege Use

Failed Privilege Use

Successful Directory Service Access

Audit Successful Privilege Use

Audit Failed Privilege Use

Audit Successful System Events

Audit Failed System Events

Audit Successful Object Access

Audit Successful Logon Events

Audit Failed Logon Events

Audit Successful Account Logon Events

Audit Failed Account Logon Events

Audit Successful Object Access

Audit Successful Privilege Use

Audit Failed Privilege Use

Audit Successful Account Management

Audit Failed Account Management

Audit Successful Account Logon Events

In the shared printer properties, check the spooler processor usage statistic.

Configure the Performance console to track the processor usage of the print spool (Process\%Processor Time\spoolsv) on the Print Server over the period of a normal working day and configure the display to show the maximum value

Configure the Performance console to track the processor usage of the print spool (Process\%Processor Time\spoolsv) on the print server over the period of a normal working day and configure the display to show the average value.

Configure the Performance console to the processor usage of the print spool (Process\% Processor Time\spoolsv) on his workstation over the period of a normal working day and configure the display to show the average value.

He should use the Performance console to track the values of % Processor Time, Current Disk Queue Length, and Available MBytes. He should configure the view to display maximum values and run the console over the course of a normal operating day.

He should use the Performance console to track the values of % Processor Time, Current Disk Queue Length, and Available MBytes. He should configure the view to display current values and run the console over the course of a normal operating day.

He should use the Performance console to track the values of % Processor Time, Current Disk Queue Length, and Available MBytes. He should configure the view to display minimum values and run the console over the course of a normal operating day.

He should use the Performance console to track the values of % Processor Time, Current Disk Queue Length, and Available MBytes. He should configure the view to display average values and run the console over the course of a normal operating day.

0

1

2

3

4

Quotas are applied by Group Policy. Rob needs to add the four other servers to the same organizational unit.

Rob needs to use the Active Directory Users And Computers console to add the four other systems to the quota security group that he created for the original server.

This is not possible without using a third-party quota management product.

Quota settings are stored in the registry. Rob needs to export the quota registry key on the initial server to disk and then import it into the registry of the other four servers.

From the quota entries page Rob needs to select all 250 entries and export them to a file. He can then copy this file to the other server and import it to the quota entries page of each partition to which he wishes to apply this quota scheme.

The permissions on the shared printer have been altered.

The quotas applied to the printer have been set too low for Rob.

There is a fault with the printer driver installed on Rob’s Windows XP workstation.

Rob is close to his allocated quota of disk space on the serve

The file that Rob is trying to print is corrupted.

From the Printer Properties on each shared printer on each print server, check the Total Pages Printed Since Last Restart and Total Jobs Printed Since Last Restart statistics.

Run the Performance console on his Windows XP workstation. Add the Total Pages Printed counter object for each of the four print servers.

Run the Performance console on his Windows XP workstation. Add the Total Jobs Printed counter object for each of the four print servers

Run the Performance console on his Windows XP workstation. Add the Total Jobs Printed counter object and the Total Pages Printed counter object for each of the four print servers that he wants to monitor

Network ID: 10.10.10.0, Subnet mask: 255.255.255.128

Network ID: 10.10.10.0, Subnet mask: 255.255.255.0

Network ID: 10.10.10.128, Subnet mask: 255.255.255.192

Network ID: 10.10.20.224, Subnet mask: 255.255.255.240

Network ID: 10.10.30.192, Subnet mask: 255.255.255.192

Oksana should edit the network properties of the Windows Server 2003 system hosting the Web site and change the maximum outgoing speed to 2,048 kilobytes (KB) per second

Oksana should edit the properties of the Web site. On the Performance tab, she should select the Bandwidth Throttling check box and set the Limit The Network Bandwidth Available To This Web Site: Maximum Bandwidth (in KB per second) to 2

Oksana should edit the properties of the Web site. In the Performance Tab, she should select the Limit The Network Bandwidth Available To This Web Site check box and set the Maximum Bandwidth (in KB per second) to 2,000,000.

Oksana should edit the properties of the Web site. In the Performance Tab, she should select the Limit The Network Bandwidth Available To This Web Site check box and set the Limit The Network Bandwidth Available To This Web Site: Maximum Bandwidth (in KB per second) to 2,048.

Oksana should edit the properties of the Web site. On the Performance tab, she should select and set the Connections Limited To value at 200.

Integrated Windows Authentication

Digest Authentication

Basic Authentication

.NET Passport Authentication

Configure the DNS server hosting the records for www.adatum.com, www.alpineskihouse.com, www.proseware.com, and www.tailspintoys.com to point these hosts’ records at IP address 207.46.248.234

Configure the DNS server hosting the records for www.adatum.com, www.alpineskihouse.com, www.proseware.com, and www.tailspintoys.com to point these hosts records at IP address 207.46.234.248.

Create four separate Web sites, www.adatum.com, www.alpineskihouse.com, www.proseware.com, and www.tailspintoys.com. In the Web Site Creation Wizard, set the IP address of each Web site by entering 207.46.248.234. For the host header of each Web site, enter the respective Web site name. In the path to the home directory for each Web site, type c:\inetpub\wwwroot. Disable the Default Web Site.

Create four separate Web sites, www.adatum.com, www.alpineskihouse.com, www.proseware.com, and www.tailspintoys.com. In the Web Site Creation Wizard, set the IP address of each Web site by entering 207.46.234.248. For the host header of each Web site, enter the respective Web site name. In the path to the home directory for each Web site, enter the particular directory that hosts the corresponding Web site’s unique content. Disable the Default Web Site.

Create four separate Web sites, www.adatum.com, www.alpineskihouse.com, www.proseware.com, and www.tailspintoys.com. In the Web Site Creation Wizard, set the IP address of each Web site by entering 207.46.248.234 For the host header of each Web site, enter the respective Web site name. In the path to the home directory for each Web site, enter the particular directory that hosts the corresponding Web site’s unique content. Disable the Default Web Site.