MCSA 70-290 Exam Questions

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Lexx_vnl
L
Lexx_vnl
Community Contributor
Quizzes Created: 1 | Total Attempts: 481
Questions: 173 | Attempts: 481

SettingsSettingsSettings
MCSA Quizzes & Trivia

Are you aspiring to be an information technology expert and are now working towards being a Microsoft certified solutions associate? The quick test below is set to help you better prepare for the final exam towards getting the certification. Give it a try and all the best in the exams.


Questions and Answers
  • 1. 

    You are planning the deployment of Windows server 2003 computers for a department of 250 employees. The server will host the shared directories and shared folders for the department, and it will serve several printers to which departmental documents are sent. Which edition of Windows Server 2003 will provide the most cost-effective solution for the department?

    • A.

      Standard Edition

    • B.

      Enterprise Edition

    • C.

      Web Edition

    • D.

      Datacenter Edition

    Correct Answer
    A. Standard Edition
    Explanation
    Windows Server 2003, Standard Edition is a robust platform for file and print services in a small- to medium-sized enterprise or department

    Rate this question:

  • 2. 

    You are planning the deployment of Windows Server 2003 computers for a newActive Directory domain in a large corporation that includes multiple separateActive Directories maintained by each of the corporation’s subsidiaries. The companyhas decided to roll out Exchange Server 2003 as a unified messaging platformfor all the subsidiaries, and plans to use Microsoft Metadirectory Services(MMS) to synchronize appropriate properties of objects throughout the organization.Which edition of Windows Server 2003 will provide the most cost-effectivesolution for this deployment?

    • A.

      Standard Edition

    • B.

      Enterprise Edition

    • C.

      Web Edition

    • D.

      Datacenter Edition

    Correct Answer
    B. Enterprise Edition
    Explanation
    Windows Server 2003, Enterprise Edition, is the most cost-effective solution that supports
    MMS. Standard and Web editions do not support MMS.

    Rate this question:

  • 3. 

    You are rolling out servers to provide Internet access to your company’s e-commerceapplication. You anticipate four servers dedicated to the front-end Webapplication and one server for a robust, active SQL database. Which editions willprovide the most cost-effective solution?

    • A.

      Standard Edition

    • B.

      Enterprise Edition

    • C.

      Web Edition

    • D.

      Datacenter Edition

    Correct Answer
    A. Standard Edition
    Explanation
    Windows Server 2003, Web Edition, provides a cost-effective platform for the four Web application
    servers. However, Web Edition will not support enterprise applications like SQL Server; the
    edition of MSDE included with Web Edition allows only 25 concurrent connections. Therefore,
    Windows Server 2003, Standard Edition, provides the most cost-effective platform for a SQL
    Server.

    Rate this question:

  • 4. 

    Which of the following is true about setup in Windows Server 2003? (Select all thatapply.)

    • A.

      Setup can be launched by booting to the CD-ROM.

    • B.

      Setup can be launched by booting to setup floppies.

    • C.

      Setup requires a non-blank password to meet complexity requirements.

    • D.

      Setup will allow you to enter all 1’s for the Product ID.

    Correct Answer(s)
    A. Setup can be launched by booting to the CD-ROM.
    C. Setup requires a non-blank password to meet complexity requirements.
    Explanation
    In Windows Server 2003, setup can be launched by booting to the CD-ROM, allowing for installation from a disc. Additionally, setup requires a non-blank password to meet complexity requirements, ensuring that the password meets certain criteria for security purposes.

    Rate this question:

  • 5. 

    What credentials are required for administration of a remote computer using theMMC?

    • A.

      Administrative

    • B.

      Guest

    • C.

      Print operator

    Correct Answer
    A. Administrative
    Explanation
    To administer a remote computer using the MMC (Microsoft Management Console), administrative credentials are required. Administrative credentials provide the necessary privileges and permissions to perform administrative tasks on the remote computer. These credentials give the user the authority to make changes, configure settings, and manage various aspects of the remote computer's operations. Without administrative credentials, the user would not have the necessary access and permissions to perform these administrative tasks.

    Rate this question:

  • 6. 

    Can an existing MMC snap-in be changed from local to remote context, or must asnap-in of the same type be loaded into the MMC for remote connection?

    • A.

      Yes

    • B.

      No

    Correct Answer
    A. Yes
    Explanation
    A snap-in’s context might be changed by accessing the properties of the snap-in. A snap-in does
    not have to be reloaded to change its configuration

    Rate this question:

  • 7. 

    Are all functions within a snap-in used on a local computer usable when connectedremotely?

    • A.

      Yes

    • B.

      No

    Correct Answer
    B. No
    Explanation
    No, not all functionality is available. The Device Manager component in the Computer Management
    snap-in, for example, can only be used to view remote computer configurations: no
    changes can be made to the remote computer's device configuration.

    Rate this question:

  • 8. 

    How many simultaneous connections are possible to a Terminal Server running inRemote Administration mode?

    • A.

      0

    • B.

      1

    • C.

      2

    • D.

      3

    • E.

      4

    Correct Answer
    D. 3
    Explanation
    Three; two remote connections and one at the console (but that’s not fair, is it?). Technically,then, two is the limit because the application-sharing components are not installed with Terminal Server configured in Remote Desktop mode for remote administration.

    Rate this question:

  • 9. 

    What would be the best way to give administrators the ability to administer aserver remotely through Terminal Services?

    • A.

      Don’t do anything; they already have access because they are administrators.

    • B.

      Remove the Administrators from the permission list on the Terminal Server connection, and put their administrator account in the Remote Desktop for Administration Group

    • C.

      Create a separate, lower-authorization user account for Administrators to use daily, and place that account in the Remote Desktop for Administration Group.

    Correct Answer
    C. Create a separate, lower-authorization user account for Administrators to use daily, and place that account in the Remote Desktop for Administration Group.
    Explanation
    It is a best practice to log on using an account with minimal credentials, then to launch administrative tools with higher-level credentials using Run As.

    Rate this question:

  • 10. 

    What tool is used to enable Remote Desktop on a server?

    • A.

      Terminal Services Manager

    • B.

      Terminal Services Configuration

    • C.

      System properties in Control Panel

    • D.

      Terminal Services Licensing

    Correct Answer
    C. System properties in Control Panel
    Explanation
    The correct answer is System properties in Control Panel. In order to enable Remote Desktop on a server, the System properties in Control Panel can be used. This tool allows users to configure various settings related to the system, including enabling Remote Desktop. By accessing the System properties, users can navigate to the Remote tab and enable Remote Desktop, allowing remote access to the server.

    Rate this question:

  • 11. 

    Which of the following are firewall-related constraints relating to Remote Assistance?

    • A.

      Port 3389 must be open.

    • B.

      NAT cannot be used.

    • C.

      Internet Connection Sharing is not possible.

    • D.

      You cannot use Remote Assistance across a Virtual Private Network (VPN).

    Correct Answer
    A. Port 3389 must be open.
    Explanation
    Port 3389 must be open in order to establish a Remote Assistance connection. This port is used by the Remote Desktop Protocol (RDP) to allow communication between the two devices. By opening this port, the firewall allows incoming RDP traffic, which is necessary for Remote Assistance to function properly.

    Rate this question:

  • 12. 

    Which of the following properties and administrative tasks can be configured orperformed simultaneously on more than one user object?

    • A.

      Last Name

    • B.

      User Logon Name

    • C.

      Disable Account

    • D.

      Enable Account

    • E.

      Reset Password

    Correct Answer(s)
    C. Disable Account
    D. Enable Account
    Explanation
    The properties and administrative tasks that can be configured or performed simultaneously on more than one user object are disabling and enabling user accounts. This means that multiple user accounts can be disabled or enabled at the same time, making it more efficient for administrators to manage user access and permissions.

    Rate this question:

  • 13. 

    What option will be most useful to generate 100 new user objects, each of whichhave identical profile path, home folder path, Title, Web Page, Company, Department,and Manager settings?

    • A.

      DSADD

    • B.

      DSGET

    • C.

      DSMOD

    • D.

      DSRM

    • E.

      DSQUERY

    Correct Answer
    A. DSADD
    Explanation
    DSADD will be the most useful option. You can enter one command line that includes all the parameters. By leaving the UserDN parameter empty, you can enter the users’ distinguished
    names one at a time in the command console. A user object template does not allow you to configure
    options including Title, Telephone Number and Web Page. Generating a comma-delimited text file would be time-consuming, by comparison, and would be overkill, particularly when so many parameters are identical.

    Rate this question:

  • 14. 

    Which tool will allow you to identify accounts that have not been used for twomonths?

    • A.

      DSADD

    • B.

      DSGET

    • C.

      DSMOD

    • D.

      DSRM

    • E.

      DSQUERY

    Correct Answer
    E. DSQUERY
    Explanation
    DSQUERY is the correct answer because it is a command-line tool in Windows Server that allows you to query the Active Directory for various information, including identifying accounts that have not been used for a specified period of time. By using the appropriate parameters and filters with DSQUERY, you can easily retrieve a list of accounts that have not been used for two months.

    Rate this question:

  • 15. 

    What variable can be used with the DSMOD and DSADD commands to createuser-specific home folders and profile folders?

    • A.

      %Username%

    • B.

      $Username$

    • C.

      CN=Username

    • D.

    Correct Answer
    B. $Username$
    Explanation
    The correct answer is $Username$. This variable can be used with the DSMOD and DSADD commands to create user-specific home folders and profile folders. The dollar sign before the variable indicates that it is a special variable that will be replaced with the actual username when the command is executed. This allows for the creation of unique folders for each user based on their username.

    Rate this question:

  • 16. 

    Which tools allow you to output the telephone numbers for all users in an OU?

    • A.

      DSADD

    • B.

      DSGET

    • C.

      DSMOD

    • D.

      DSRM

    • E.

      DSQUERY

    Correct Answer
    E. DSQUERY
    Explanation
    DSQUERY will produce a list of user objects within an OU and can pipe that list to DSGET, which in turn can output particular properties, such as phone numbers.

    Rate this question:

  • 17. 

    How do you make a profile mandatory?

    • A.

      Configure the permissions on the folder’s Security property sheet to deny write permission.

    • B.

      Configure the permissions on the folders Sharing property sheet to allow only read permission.

    • C.

      Modify the attributes of the profile folder to specify the Read Only attribute

    • D.

      Rename Ntuser.dat to Ntuser.man.

    Correct Answer
    D. Rename Ntuser.dat to Ntuser.man.
    Explanation
    By renaming Ntuser.dat to Ntuser.man, the user profile is converted into a mandatory profile. This means that any changes made to the profile will not be saved when the user logs off. This can be useful in situations where a standardized profile needs to be enforced for all users, such as in a shared computer environment or for guest accounts.

    Rate this question:

  • 18. 

    You enable the password complexity policy for your domain. Describe therequirements for passwords, and when those requirements will take effect.

    • A.

      The password must not be based on the user’s account name

    • B.

      Must contain at least six characters, with at least one character from three of the four categories: uppercase, lowercase, Arabic numerals, and nonalphanumeric characters

    • C.

      Requirements will take effect immediately for all new accounts

    • D.

      Existing accounts will be affected when they next change their password

    • E.

      All of the above

    Correct Answer
    E. All of the above
    Explanation
    The correct answer is "All of the above" because enabling the password complexity policy for the domain means that the requirements for passwords will include not being based on the user's account name, having at least six characters, and containing at least one character from three of the four specified categories. These requirements will take effect immediately for all new accounts, and existing accounts will be affected when they next change their password.

    Rate this question:

  • 19. 

    To monitor potential dictionary attacks against user passwords in your enterprise,what is the single best auditing policy to configure, and what log or logs will youevaluate?

    • A.

      Account Logon Successes

    • B.

      Account Logon Failures

    • C.

      Application Successes

    • D.

      Application Failures

    Correct Answer
    B. Account Logon Failures
    Explanation
    The Audit Policy to audit Account Logon failures is the most effective policy to specify under
    these circumstances. Failed logons will generate events in the Security logs of all domain controllers.

    Rate this question:

  • 20. 

    A user has forgotten his or her password and attempts to log on several times withan incorrect password. Eventually, the user receives a logon message indicatingthat the account is either disabled or locked out. The message suggests that theuser contact an administrator. What must you do?

    • A.

      Delete the user object and recreate it.

    • B.

      Rename the user object.

    • C.

      Enable the user object.

    • D.

      Unlock the user object.

    • E.

      Reset the password for the user object.

    Correct Answer(s)
    D. Unlock the user object.
    E. Reset the password for the user object.
    Explanation
    Although the logon message text on Windows 2000 and other
    previous operating system versions indicates that the account is disabled, the account is actually
    locked. Windows Server 2003 displays an accurate message that the account is, in fact,
    locked out. However, you can recognize the problem by examining what caused the message: a user forgot his or her password. You must unlock the account and reset the password.

    Rate this question:

  • 21. 

    If you are using universal groups in your domain or forest, and you need to givepermission-based access to the members of the universal group, what configurationmust be true of the universal group?

    • A.

      The global group has to be of the type distribution

    • B.

      The domain functional level must be Windows 2000 native or Windows Server 2003

    • C.

      The universal group must be of the type distribution

    • D.

      The global group has to be type security

    • E.

      The universal group must be of the type security

    Correct Answer(s)
    B. The domain functional level must be Windows 2000 native or Windows Server 2003
    E. The universal group must be of the type security
    Explanation
    The correct answer is that the domain functional level must be Windows 2000 native or Windows Server 2003, and the universal group must be of the type security. This is because in order to give permission-based access to the members of a universal group, the domain functional level needs to be at least Windows 2000 native or Windows Server 2003. Additionally, the universal group needs to be of the type security, as security groups are used to assign permissions and access rights.

    Rate this question:

  • 22. 

    In a domain running in Windows Server 2003 domain functional level, what securityprincipals can be a member of a global group?

    • A.

      Users

    • B.

      Computers

    • C.

      Universal groups

    • D.

      Global groups

    • E.

      All of the the above

    Correct Answer
    E. All of the the above
    Explanation
    In a domain running in Windows Server 2003 domain functional level, all security principals, including users, computers, universal groups, and global groups, can be a member of a global group. This means that any security principal within the domain can be added to a global group for the purpose of granting permissions and access rights.

    Rate this question:

  • 23. 

    In the properties of a group, which tab will you access to add users to the group?

    • A.

      General

    • B.

      Members

    • C.

      Member of

    • D.

      Managed by

    • E.

      Security

    Correct Answer
    B. Members
    Explanation
    To add users to a group, you would access the "Members" tab in the properties of the group. This tab allows you to view and manage the users who are part of the group. By adding users to the group through this tab, you can grant them access to the group's resources and privileges.

    Rate this question:

  • 24. 

    You want to nest the IT Administrators group responsible for the Sales groupinside the Sales group so that its members will have access to the same resources(set by permissions in an ACL) as the Sales group. From the Properties page of theIT Administrators group, what tab will you access to make this setting?

    • A.

      General

    • B.

      Members

    • C.

      Member of

    • D.

      Managed by

    • E.

      Security

    Correct Answer
    C. Member of
    Explanation
    To nest the IT Administrators group responsible for the Sales group inside the Sales group, you would access the "Member of" tab from the Properties page of the IT Administrators group. This tab allows you to specify the groups that the IT Administrators group is a member of, thereby giving its members access to the same resources as the Sales group.

    Rate this question:

  • 25. 

    If your environment consists of two domains, one Windows Server 2003 and oneWindows NT 4, what group scopes can you use for assigning permissions on anyresource on any domain-member computer?

    • A.

      Domain Local Group

    • B.

      Global Group

    • C.

      Universal Group

    • D.

      Security Group

    • E.

      Distribution Group

    Correct Answer
    B. Global Group
    Explanation
    In a Windows Server 2003 interim domain functional level domain, which is what you must be running to support a Windows NT 4 domain, you will only be able to use global groups as secu
    rity principals. Domain local groups will only be useful on the domain controllers in the Windows
    Server 2003 domain, and universal groups cannot be used as security groups in a Windows Server 2003 interim domain functional level domain.

    Rate this question:

  • 26. 

    Which of the following LDIFDE commands changes the function of LDIFDE fromexport to import?

    • A.

      -i

    • B.

      -t

    • C.

      -f

    • D.

      -s

    Correct Answer
    A. -i
    Explanation
    The LDIFDE command is used to import and export data from Active Directory. The "-i" option is used to change the function of LDIFDE from export to import. This means that when the command is executed with the "-i" option, it will import data into Active Directory instead of exporting it.

    Rate this question:

  • 27. 

    You have a database of users that is capable of exporting CSV files, select statements that are true.

    • A.

      You must create an *.ldf file manually for importing

    • B.

      You can use a .csv file

    Correct Answer
    B. You can use a .csv file
    Explanation
    You can use a CSV file for importing user data into Active Directory. Windows Server 2003 will
    fill in missing values with default values where possible, but if a mandatory item is missing from the file, then errors will occur during importing and the object will not be created.

    Rate this question:

  • 28. 

    What are the minimum credentials necessary to create a Windows Server 2003computer account in an OU in a domain? Consider all steps of the process.Assume Active Directory does not yet have an account for the computer.

    • A.

      Administrators on the server

    • B.

      Domain Admins

    • C.

      Enterprise Admins

    • D.

      Account Operators on a domain controller

    • E.

      None of the above

    Correct Answer(s)
    A. Administrators on the server
    D. Account Operators on a domain controller
    Explanation
    The correct answers are d and h. Account Operators on a domain controller are assigned the minimum permissions necessary to create a computer object in the domain. You must be a member of the local Administrators group on the server to change its domain membership

    Rate this question:

  • 29. 

    Which locations allow you to change the domain membership of a WindowsServer 2003 computer?

    • A.

      The properties of My Computer

    • B.

      Control Panel’s System application

    • C.

      Active Directory Users and Computers

    • D.

      The Network Connections folder

    • E.

      The Users application in Control Panel

    Correct Answer(s)
    A. The properties of My Computer
    B. Control Panel’s System application
    D. The Network Connections folder
    Explanation
    You can change the domain membership of a Windows Server 2003 computer by accessing the properties of My Computer, the Control Panel's System application, and the Network Connections folder. These locations provide the necessary settings and options to modify the domain membership of the computer. The Active Directory Users and Computers tool is used for managing user accounts and not for changing domain membership. The Users application in Control Panel is also not related to changing domain membership.

    Rate this question:

  • 30. 

    What command-line tools will create a domain computer account in Active Directory?

    • A.

      NETDOM

    • B.

      DSADD

    • C.

      DSGET

    • D.

      NETSH

    • E.

      NSLOOKUP

    Correct Answer(s)
    A. NETDOM
    B. DSADD
    Explanation
    NETDOM and DSADD are command-line tools that can be used to create a domain computer account in Active Directory. NETDOM is a command-line tool used to manage Windows domains and trust relationships, and it includes the ability to create domain computer accounts. DSADD is another command-line tool used to add objects, including computer accounts, to Active Directory. Therefore, both NETDOM and DSADD can be used to create a domain computer account in Active Directory.

    Rate this question:

  • 31. 

    What platforms are capable of joining a domain?

    • A.

      Windows NT 4

    • B.

      Windows 2000

    • C.

      Windows XP

    • D.

      Windows 95

    • E.

      Windows Server 2003

    Correct Answer(s)
    A. Windows NT 4
    B. Windows 2000
    C. Windows XP
    E. Windows Server 2003
    Explanation
    The platforms that are capable of joining a domain are Windows NT 4, Windows 2000, Windows XP, and Windows Server 2003. These operating systems have the necessary features and functionalities to join a domain network, allowing users to authenticate and access resources within the domain. Windows 95, on the other hand, does not have the capability to join a domain.

    Rate this question:

  • 32. 

    You open a computer object and, on the Operating System tab, discover that noproperties are displayed. What causes these properties to be absent?

    • A.

      The account is disabled

    • B.

      The user entered wrong credentials

    • C.

      A computer has not joined the domain using that account

    Correct Answer
    C. A computer has not joined the domain using that account
    Explanation
    When a system joins the domain, by default it populates the properties shown on the Operating System tab.

    Rate this question:

  • 33. 

    An executive has a laptop running Windows XP, with a machine name of “TopDog.”You want to allow the executive’s laptop to join the domain, and you want to besure that the computer is configured by the group policies linked to the DesktopsOU immediately. How can you achieve this goal?

    • A.

      Create a computer object in the Desktops OU

    • B.

      Create a user account in the Desktops OU

    • C.

      Select the executive’s user account for the property The Following User Or Group Can Join This Computer To A Domain

    • D.

      Create a computer account in the Desktops Group

    • E.

      None of the above

    Correct Answer(s)
    A. Create a computer object in the Desktops OU
    C. Select the executive’s user account for the property The Following User Or Group Can Join This Computer To A Domain
    Explanation
    To achieve the goal of allowing the executive's laptop to join the domain and be configured by the group policies linked to the Desktops OU immediately, you need to create a computer object in the Desktops OU. Additionally, you should select the executive's user account for the property "The Following User Or Group Can Join This Computer To A Domain." This ensures that the laptop is added to the domain and receives the necessary group policies from the Desktops OU.

    Rate this question:

  • 34. 

    Why is it a best practice to create a computer account in the domain prior to joininga machine to the domain?

    • A.

      If an account is not created in advance, one will be generated automatically when the computer joins the domain, and that account will be located in the default Computers container

    • B.

      Computer policies, which are typically linked to specific OUs, will not apply to the newly joined computer

    • C.

      Because most organizations do have specific OUs for computers, you are left with an extra step to remember: moving the computer object to the correct OU after joining the domain

    • D.

      By creating a computer object in advance, you can specify which groups (or users) are allowed to join a system to the domain with that account

    • E.

      All of the above

    Correct Answer
    E. All of the above
    Explanation
    It is a best practice to create a computer account in the domain prior to joining a machine to the domain because if an account is not created in advance, one will be generated automatically when the computer joins the domain, and that account will be located in the default Computers container. This means that computer policies, which are typically linked to specific OUs, will not apply to the newly joined computer. Additionally, most organizations have specific OUs for computers, so by not creating the computer object in advance, an extra step is required to move the computer object to the correct OU after joining the domain. By creating a computer object in advance, you can also specify which groups or users are allowed to join a system to the domain with that account.

    Rate this question:

  • 35. 

    After a period of expansion, your company created a second domain. Last weekend,a number of machines that had been in your domain were moved to the newdomain. When you open Active Directory Users And Computers, the objects forthose machines are still in your domain, and are displayed with a red “X” icon.What is the most appropriate course of action?

    • A.

      Enable the accounts

    • B.

      Disable the accounts

    • C.

      Reset the accounts

    • D.

      Delete the accounts

    • E.

      None of the above

    Correct Answer
    D. Delete the accounts
    Explanation
    When the machines were removed from the domain, their accounts
    were not deleted, probably due to permissions settings. The machines now belong to another
    domain. These accounts are no longer necessary.

    Rate this question:

  • 36. 

    Which of the following tools allows you to administer a share on a remote server?Select all that apply.

    • A.

      The Shared Folders snap-in

    • B.

      Windows Explorer running on the local machine, connected to the remote server’s share or hidden drive share

    • C.

      Windows Explorer running on the remote machine in a Terminal Services or Remote Desktop session.

    • D.

      The File Server Management console.

    Correct Answer(s)
    A. The Shared Folders snap-in
    C. Windows Explorer running on the remote machine in a Terminal Services or Remote Desktop session.
    D. The File Server Management console.
    Explanation
    Windows Explorer can be used only to administer a local
    share, so you would have to run a remote desktop session to the remote server, and run Windows Explorer in that session to manage that server’s shares. A more common, and a better, practice is to use the Shared Folders snap-in, which is included in the File Server Management console.

    Rate this question:

  • 37. 

    A folder is shared on a FAT32 volume. The Project Managers group is given AllowFull Control permission. The Project Engineers group is given Allow Read permission. Julie belongs to the Project Engineers group. She is promoted and is addedto the Project Managers group. What are her effective permissions to the folder?

    • A.

      Full Control

    • B.

      Read

    • C.

      Rear and Write

    • D.

      Read and Execute

    • E.

      None of the above

    Correct Answer
    A. Full Control
    Explanation
    When Julie is promoted and added to the Project Managers group, her effective permissions to the folder would be Full Control. This is because the Project Managers group has been given Allow Full Control permission to the folder. As Julie now belongs to this group, she inherits the same permissions as the group, which means she also has Full Control over the folder.

    Rate this question:

  • 38. 

    A folder is shared on a NTFS volume, with the default share permissions. TheProject Managers group is given Allow Full Control NTFS permission. Julie, whobelongs to the Project Managers group, calls to report problems creating files inthe folder. Why can’t Julie create files?

    • A.

      The default share permission in Windows Server 2003 is Everyone: List Folder Contents.

    • B.

      The default share permission in Windows Server 2003 is Everyone: Deny Access.

    • C.

      The default share permission in Windows Server 2003 is Everyone: Allow Read.

    • D.

      All of the above

    • E.

      None of the above

    Correct Answer
    C. The default share permission in Windows Server 2003 is Everyone: Allow Read.
    Explanation
    The default share permission in Windows Server 2003 is Everyone: Allow Read. Share permissions define the maximum effective permissions for files and folders in the share. The share permissions restrict the NTFS full control permission. To correct the problem, you would need to modify the share permissions to allow, at a minimum, the Project Managers group Change permission.

    Rate this question:

  • 39. 

    What are the minimum NTFS permissions required to allow users to open documents and run programs stored in a shared folder?

    • A.

      Full Control

    • B.

      Modify

    • C.

      Write

    • D.

      Read & Execute

    • E.

      List Folder Contents

    Correct Answer
    D. Read & Execute
    Explanation
    The minimum NTFS permissions required to allow users to open documents and run programs stored in a shared folder is "Read & Execute". This permission allows users to view and open files, as well as execute programs and scripts within the folder. It does not grant the ability to modify or delete files, ensuring that the integrity of the shared folder is maintained.

    Rate this question:

  • 40. 

    Bill complains that he is unable to access the department plan. You open the Security tab for the plan and you find that all permissions on the document are inherited from the plan’s parent folder. There is a Deny Read permission assigned to agroup to which Bill belongs. Which of the following methods would enable Bill toaccess the plan?

    • A.

      Modify the permissions on the parent folder by adding the permission Bill:Allow Full Control.

    • B.

      Modify the permissions on the parent folder by adding the permission Bill:Allow Read

    • C.

      Modify the permissions on the plan by adding the permission: Bill:Allow Read.

    • D.

      Modify the permissions on the plan by deselecting Allow Inheritable Permis sions, choosing Copy, and removing the Deny permission.

    • E.

      Remove Bill from the group that is assigned the Deny permission.

    Correct Answer(s)
    C. Modify the permissions on the plan by adding the permission: Bill:Allow Read.
    D. Modify the permissions on the plan by deselecting Allow Inheritable Permis sions, choosing Copy, and removing the Deny permission.
    E. Remove Bill from the group that is assigned the Deny permission.
    Explanation
    To enable Bill to access the plan, the permissions on the plan need to be modified. This can be done by adding the permission "Bill:Allow Read" to the plan. Additionally, the "Allow Inheritable Permissions" option should be deselected, and the Deny permission should be removed by choosing the "Copy" option. Another possible solution is to remove Bill from the group that has been assigned the Deny permission. These actions will override the inherited permissions from the parent folder and grant Bill access to the department plan.

    Rate this question:

  • 41. 

    Bill calls again to indicate that he still cannot access the departmental plan. Youuse the Effective Permissions tool, select Bill’s account, and the tool indicates thatBill is, in fact, allowed sufficient permissions. What might explain the discrepancybetween the results of the Effective Permissions tool and the issue Bill is reporting?

    • A.

      It is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying accessIt is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying accessIt is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying accessIt is possible that a permission entry is assigned to a logon-related account, such as Interactive or Network, that could be denying access

    • B.

      If you are not logged on as a Domain Admin, you may not be able to read all group memberships, which might skew the resulting permissions report.

    • C.

      Effective Permissions tool is only an approximation of a user’s access

    • D.

      All of the above

    • E.

      None of the above

    Correct Answer
    D. All of the above
    Explanation
    The discrepancy between the results of the Effective Permissions tool and the issue Bill is reporting could be explained by multiple factors. Firstly, there could be a permission entry assigned to a logon-related account, such as Interactive or Network, that is denying access. Additionally, if the user is not logged on as a Domain Admin, they may not be able to read all group memberships, which could affect the resulting permissions report. Lastly, it is important to note that the Effective Permissions tool is only an approximation of a user's access, so there may be other factors at play that are not accurately reflected in the tool's results.

    Rate this question:

  • 42. 

    Which of the following are valid criteria for a security log filter to identify specificfile and folder access events? Select all that apply.

    • A.

      The date of the event

    • B.

      The user that generated the event

    • C.

      The type of object access that generated the event

    • D.

      Success or failure audit

    • E.

      All of the above

    Correct Answer(s)
    A. The date of the event
    B. The user that generated the event
    D. Success or failure audit
    Explanation
    The correct answer is the date of the event, the user that generated the event, and success or failure audit. These criteria are valid for a security log filter to identify specific file and folder access events. The date of the event allows for filtering events based on a specific time frame. The user that generated the event helps in identifying the individuals responsible for the access. Success or failure audit indicates whether the access attempt was successful or not. These criteria together provide a comprehensive filter for identifying specific file and folder access events.

    Rate this question:

  • 43. 

    Users at Contoso Ltd. use Microsoft Office applications to access resources onServer01. Your job is to monitor Server01 to ensure that permissions are not toorestrictive, so that users are not prevented from achieving their assignments.Which log, and which type of event, will provide the information you require?

    • A.

      Application log; Success Event

    • B.

      Application log; Failure Event

    • C.

      Security log; Success Event

    • D.

      Security log; Failure Event

    • E.

      System log; Success Event

    Correct Answer
    D. Security log; Failure Event
    Explanation
    The correct answer is "Security log; Failure Event". Monitoring the Security log for Failure Events will provide information about any instances where permissions are too restrictive and users are being prevented from accessing resources on Server01. Failure events in the Security log typically indicate authentication or authorization issues, which can help identify any permission-related problems that may be impacting users' ability to complete their assignments.

    Rate this question:

  • 44. 

    You’re setting up a Web site in IIS on Server01. The site’s Internet domain name isadatum.com, and the site’s home directory is C:\Web\Adatum. Which URL shouldInternet users use to access files in the home directory of the site?

    • A.

      Http://server01.web.adatum

    • B.

      Http://web.adatum.com/server01

    • C.

      Http://server01.adatum/home

    • D.

      Http://server01.adatum.com

    • E.

      None of the above

    Correct Answer
    D. Http://server01.adatum.com
    Explanation
    The correct answer is http://server01.adatum.com. This URL follows the format of "http://.", which is the standard way to access a website on the internet. In this case, the server name is server01 and the domain name is adatum.com. Therefore, users should use this URL to access files in the home directory of the site.

    Rate this question:

  • 45. 

    You want to ensure the highest level of security for your corporate intranet withoutthe infrastructure of certificate services. The goal is to provide authenticationthat is transparent to users, and to allow you to secure intranet resources with thegroup accounts existing in Active Directory. All users are within the corporate firewall.What authentication method should you choose?

    • A.

      Anonymous Access

    • B.

      Basic Authentication

    • C.

      Digest Authentication

    • D.

      Integrated Windows Authentication

    • E.

      None of teh above

    Correct Answer
    D. Integrated Windows Authentication
    Explanation
    Integrated Windows Authentication should be chosen as the authentication method in this scenario. This method allows users to authenticate using their Windows credentials, providing a seamless and transparent authentication experience. It leverages the existing group accounts in Active Directory, allowing for easy management and securing of intranet resources. Since all users are within the corporate firewall, this method can provide a high level of security without the need for additional infrastructure such as certificate services.

    Rate this question:

  • 46. 

    You are to back up a Windows Server 2003 file server every evening. You performa manual, normal backup. You will then schedule a backup job to run everyevening for the next two weeks. Which backup type will complete the fastest?

    • A.

      Normal

    • B.

      Differential

    • C.

      Incremental

    • D.

      Copy

    Correct Answer
    C. Incremental
    Explanation
    The incremental backup type will complete the fastest. This is because an incremental backup only backs up the files that have changed since the last backup, whereas a normal backup backs up all selected files regardless of whether they have changed or not. Therefore, the incremental backup will have less data to process and transfer, resulting in a faster completion time.

    Rate this question:

  • 47. 

    You are to back up a Windows Server 2003 file server every evening. You performa manual, normal backup. You will then schedule a backup job to run everyevening for the next two weeks. Which backup type will provide the simplestrecovery of lost data?

    • A.

      Normal

    • B.

      Differential

    • C.

      Incremental

    • D.

      Daily

    Correct Answer
    A. Normal
    Explanation
    Performing a manual normal backup is the best choice for the simplest recovery of lost data. A normal backup backs up all selected files and marks them as backed up. This means that when restoring data, only the latest normal backup needs to be restored, making the recovery process straightforward and efficient. Differential backups would require restoring both the latest normal backup and the latest differential backup, while incremental backups would require restoring the latest normal backup and all subsequent incremental backups. Daily backups would only backup files modified on that specific day, making the recovery process more complex.

    Rate this question:

  • 48. 

    A user has accidentally deleted the data in a Microsoft Word document and savedthe document, thereby permanently altering the original file. A normal backupoperation was performed on the server the previous evening. Which restoreoption should you select?

    • A.

      Do Not Replace The File On My Computer

    • B.

      Replace The File On Disk Only If The File On Disk Is Older

    • C.

      Always Replace The File On My Computer

    Correct Answer
    C. Always Replace The File On My Computer
    Explanation
    The file does exist on the server, but the file has been corrupted. You should replace the file with the copy in the backup set.

    Rate this question:

  • 49. 

    An executive has returned from a business trip. Before the trip, she copied filesfrom a network folder to her hard drive. The folder is shared with other executives, who modified their files in the folder while she was away. When shereturned, she moved her copy of the files to the network share, thereby updatingher files with the changes she made while away, but also overwriting all the filesthat had been changed by other executives. The other executives are unhappythat their files have been replaced with the versions that were active when she leftfor her trip. Luckily, you performed a normal backup operation on the folder theprevious evening. What restore option should you choose?

    • A.

      Do Not Replace The File On My Computer

    • B.

      Replace The File On Disk Only If The File On Disk Is Older

    • C.

      Always Replace The File On My Computer.

    Correct Answer
    B. Replace The File On Disk Only If The File On Disk Is Older
    Explanation
    This option will not overwrite files that were changed by the executive
    while she was away. Those files will have a date more recent than the backup. It will, however, restore the other executives’ files over the older versions she uploaded to the network.

    Rate this question:

  • 50. 

    You would like to test the restore procedures on your server, but would also liketo avoid affecting the production copies of the backed-up data. What is the bestrestore location to use?

    • A.

      Original location

    • B.

      Alternate location

    • C.

      Single folder

    Correct Answer
    B. Alternate location
    Explanation
    Restoring to an alternate location will restore the folder structure and
    files that were backed up. You can then compare the contents of the target location with the original backed-up files to verify the success of the restore procedure.

    Rate this question:

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.