MCSA 70-290 Exam Questions

By renaming Ntuser.dat to Ntuser.man, the user profile is converted into a mandatory profile. This means that any changes made to the profile will not be saved when the user logs off. This can be useful in situations where a standardized profile needs to be enforced for all users, such as in a shared computer environment or for guest accounts.

To view Error events in the System log that have occurred over the last week, Rooslan should edit the properties of the System log in the Event Viewer. He should go to the Filters tab and ensure that only the Error check box is selected. Additionally, he should set the first event date to seven days ago and the last event date to today. This will filter the log to display only Error events within the specified time frame.

The printer schedule allows a printer to receive jobs and hold them
until the printer is available. The default setting, Always Available, sends a job to the printer
when it is free. When you configure Available From / To, you specify the hours during which print
jobs can be sent to the printer.

To provide for complete defragmentation, a volume requires a certain amount of free disk space. The correct answer is 15 percent. This means that at least 15 percent of the total disk space on the volume needs to be available for defragmentation to occur effectively. Having this amount of free space allows the defragmentation process to rearrange and optimize the files on the volume more efficiently, resulting in improved performance and reduced fragmentation.

By modifying the file name of Ntuser.dat to Ntuser.man, you can enforce a mandatory user profile. A mandatory user profile is a read-only profile that cannot be modified by the user. This allows for centrally managing the user's desktop while prohibiting changes to desktop settings by the users.

The user is unable to log on to their computer using a local account, indicating that the password for the local account may have been forgotten or changed. Since the laptop is not configured for dial-in access to the corporate network, resetting the user's password in Active Directory or resetting the user's computer account in Active Directory would not resolve the issue. Disconnecting the computer from the network and restarting it may not have any effect on the local account login issue. Therefore, the best solution would be to use the password reset disk for that user to reset the password on the local computer.

Creating license groups will allow you to effectively manage license tracking and compliance. By creating separate groups for the existing clients and the new hires, you can easily track and manage the licenses allocated to each group. This will ensure that you have a clear understanding of how many licenses are being used and by whom, making it easier to maintain compliance with licensing agreements. Revoking licenses or deleting existing licenses may result in a loss of licenses for the existing clients, while converting to Per Server licensing may not be necessary or provide the same level of license management.

The Movetree command-line tool is used to move objects between domains in a Windows Server 2003 environment. In this scenario, the task is to move computer accounts from the contoso.com domain to the west.contoso.com domain. Therefore, using the Movetree command-line tool is the appropriate solution. The other options mentioned (Active Directory Domains And Trusts, Active Directory Users And Computers, and Dsmove utility) are not specifically designed for moving computer accounts between domains.

The correct answer is to log on to the Desk249 computer with the local administrator account, change the computer's domain membership to a workgroup named TEST, restart the computer, log on again with the local administrator account, rejoin the computer to the Active Directory domain using an account with domain administrator privileges, and then restart the computer again. This process ensures that the computer account is recreated and allows the user to log on to their computer as soon as possible with the least amount of administrative effort.

The most likely cause of the problem is that the Terminal Server connection permissions need to be refreshed. This is indicated by the fact that the server is reachable through Windows Explorer, but user connection through Terminal Services is not possible. As the administrator, you are able to connect, suggesting that the issue is specific to user permissions. Refreshing the connection permissions should help resolve the problem.

To determine if there have been failed attempts to log on using Lee's user account, the correct approach is to create a filter on the Security log. By looking only for failure audits and setting the Event Source to Security, the filter will display any instances where Lee's account has experienced a logon failure. By setting the First Event to a date one month ago and the Last Event to today, the filter will display the relevant logon failure events within the specified time frame.

Rooslan can use Terminal Services Remote Administration mode to initiate a remote disk defragmentation. This mode allows him to remotely access and control Windows Server 2003 systems on the corporate LAN. By using this mode, Rooslan can connect to the servers and initiate the disk defragmentation process. This is possible even though his home Windows XP Professional workstation is not a member of the company's Windows Server 2003 domain.

The issue is that the users are unable to print large 160-page print jobs to a departmental shared printer on a specific server, but they can print without trouble when using a printer shared on another server or when breaking up the job into smaller lots. This suggests that the problem is related to the server's capacity or resources. By cleaning up the server's hard disk drive and removing unneeded files from the file share, the disk space will be increased, potentially resolving the issue and allowing the large print jobs to be processed successfully.

The correct answer is http://server01.adatum.com. This URL follows the format of "http://.", which is the standard way to access a website on the internet. In this case, the server name is server01 and the domain name is adatum.com. Therefore, users should use this URL to access files in the home directory of the site.

Performing a manual normal backup is the best choice for the simplest recovery of lost data. A normal backup backs up all selected files and marks them as backed up. This means that when restoring data, only the latest normal backup needs to be restored, making the recovery process straightforward and efficient. Differential backups would require restoring both the latest normal backup and the latest differential backup, while incremental backups would require restoring the latest normal backup and all subsequent incremental backups. Daily backups would only backup files modified on that specific day, making the recovery process more complex.

Correct: Lee should configure the disks in a RAID-1, also known as disk
mirroring, configuration using the hardware RAID controller’s configuration utility.
The prior existence of data on the drives would also influence the options
available. Although it is possible to mirror a drive with existing data, converting it to RAID-5 or RAID-0 without deleting the data is not an option

D. Correct: By default, non–Plug and Play hardware is not displayed in Device Manager.
To view such hardware in Device Manager, the Show Hidden Devices option
must be set. This will then show all “hidden” devices, which include non–Plug and
Play legacy devices such as the SCSI RAID controller described here.

The correct answer is to reset the laptop computer account in Active Directory. When a computer account is marked with a red "X" icon, it indicates that the account is disabled or has some sort of issue. By resetting the laptop computer account in Active Directory, it will refresh the account and potentially resolve any connectivity issues the user is experiencing when trying to connect to network resources.

Windows Server 2003, Web Edition, provides a cost-effective platform for the four Web application
servers. However, Web Edition will not support enterprise applications like SQL Server; the
edition of MSDE included with Web Edition allows only 25 concurrent connections. Therefore,
Windows Server 2003, Standard Edition, provides the most cost-effective platform for a SQL
Server.

No, not all functionality is available. The Device Manager component in the Computer Management
snap-in, for example, can only be used to view remote computer configurations: no
changes can be made to the remote computer's device configuration.

You want the Web servers to update themselves, so you must schedule
the installation of updates. However, an administrator always has the option to cancel the
installation.

To comply with the company's policy of auditing all actions related to accounts, such as creation, deletion, renaming, group creation, deletion, and renaming, account disabling, and password changes, the audit event that should be enabled is "Audit Successful Account Management." This will ensure that successful actions related to account management are recorded in the Security log for auditing purposes.

The correct answer is "System State". System State is a backup option in Windows Server 2003 that allows you to back up critical system components such as the registry, startup files, and system files. It includes important data like the Active Directory database, SYSVOL folder, and the registry hives. By selecting the System State option, you can ensure that all necessary components are backed up to restore the system in case of a failure or disaster.

To allow a user at one of the shared computers to change their desktop settings and have them apply to any other shared computer, configuring a roaming profile and assigning it to each user in the domain is the correct solution. A roaming profile allows a user's settings and preferences to be stored on a network server, so when they log in to any shared computer, their personalized desktop settings will be applied. This ensures consistency and convenience for the user across different computers. Assigning the roaming profile to each user in the domain ensures that their settings are applied regardless of which shared computer they use.

not-available-via-ai

The most likely cause of the problem is that the user's password is longer than 14 characters. This is because Windows 98 does not support passwords longer than 14 characters, so the user would not be able to log on to the network from a laptop running Windows 98. The fact that the user can log on from a desktop computer running Windows XP suggests that the issue is specific to the Windows 98 computer.

To view Information and Warning events in the Application log specifically related to disk quotas, you need to edit the properties of the Application log in the Event Viewer. In the Filter tab, select the Information and Warning Events check boxes and uncheck the Error, Success Audit, and Failure Audit check boxes. Finally, set the Event Source to Disk Quota. This will ensure that only the desired events from disk quotas are displayed in the Application log.

The best way to display the data relevant to Rooslan's task is to create a filter on the Security log. By looking only for success audits and setting the Event Source to Security, Rooslan will be able to filter out irrelevant logon activities. Setting the User setting to Agim's account name will ensure that only Agim's logon activities are included in the report. Additionally, setting the Event ID to 538 will specifically filter for logon events. Finally, setting the First Event to a date two months ago and the Last Event to today will limit the report to the desired time period.

In a domain running in Windows Server 2003 domain functional level, all security principals, including users, computers, universal groups, and global groups, can be a member of a global group. This means that any security principal within the domain can be added to a global group for the purpose of granting permissions and access rights.

To add users to a group, you would access the "Members" tab in the properties of the group. This tab allows you to view and manage the users who are part of the group. By adding users to the group through this tab, you can grant them access to the group's resources and privileges.

A mirrored volume can contain any partition, including the boot or system
partition.

Instructing Joe to log off and then log on to his computer is the additional step needed for him to be able to perform the delegated administrative duties. When Joe used the Run As command to load the Active Directory Users And Computers snap-in, he was still logged on as himself and not as the administrative user. By logging off and logging back on, Joe will establish a new session with the administrative credentials, allowing him to have the necessary access and perform the delegated administrative tasks.

Rob is unable to print because he is close to his allocated quota of disk space on the server. This means that he has almost reached the maximum limit of 8 GB of files that he is allowed to store on the server. As a result, he is unable to print the poster file because it would exceed his remaining disk space. The fact that he is able to print other documents to the black-and-white printer suggests that the issue is specific to the color laser printer, possibly due to the large file size of the poster.

When the machines were removed from the domain, their accounts
were not deleted, probably due to permissions settings. The machines now belong to another
domain. These accounts are no longer necessary.

F. Correct: Rooslan achieved all the goals of the first team. For the second team, he
achieved the first and second goals. In choosing to mirror, rather than stripe, the
third volume, he did not create a volume of 240 GB with the fastest read/write
speed. The volume would have been 120 GB and would not have performed significantly
better than a simple volume. Rooslan achieved one goal of the third
team. He achieved the first goal, but by using RAID-5 instead of striping, he failed
to achieve the second. The second volume would have been 360 GB rather than
480 GB as specified, the equivalent of one drive lost in storing parity information.

You will set the home directories by using the path \\Server01\Homedir\%Username%. This path specifies that the home directories should be stored on the network server named Server01 in a shared folder named Homedir. The %Username% variable ensures that each user's home directory is unique and corresponds to their username.

Enabling the Client/Server data redirection setting in Group Policy for each Terminal Server client computer will allow the users to redirect their locally configured print devices to their Terminal Server session. This will enable them to print to their local printers from within the Terminal Server session.

The correct answer states that SUS can be configured to authenticate against a proxy to download a list of updates for approval and download. Windows XP systems should be configured to check the SUS server to determine which updates are approved and then retrieve them from the SUS server. This option allows for centralized management of updates through SUS while also accommodating the proxy authentication requirement.

Rooslan should have configured the "Audit Successful Object Access" type of audit event in Group Policy to locate who has printed to the particular printer on Sunday afternoon. This type of audit event will track successful attempts to access objects, such as the color laser printer, and will log information about the user who accessed the object. By enabling this audit event, Rooslan will be able to identify the user who printed the inappropriate pictures and violated company policy.

The properties and administrative tasks that can be configured or performed simultaneously on more than one user object are disabling and enabling user accounts. This means that multiple user accounts can be disabled or enabled at the same time, making it more efficient for administrators to manage user access and permissions.

The discrepancy between the results of the Effective Permissions tool and the issue Bill is reporting could be explained by multiple factors. Firstly, there could be a permission entry assigned to a logon-related account, such as Interactive or Network, that is denying access. Additionally, if the user is not logged on as a Domain Admin, they may not be able to read all group memberships, which could affect the resulting permissions report. Lastly, it is important to note that the Effective Permissions tool is only an approximation of a user's access, so there may be other factors at play that are not accurately reflected in the tool's results.

Use the Backup utility to launch the Restore Wizard because the Backup utility is specifically designed for backing up and restoring data on Windows Server 2003. By using the Restore Wizard, you can easily select the backup job from the old disk and restore the data to the new disk. This ensures that the data is restored correctly and efficiently.

The correct answer is $Username$. This variable can be used with the DSMOD and DSADD commands to create user-specific home folders and profile folders. The dollar sign before the variable indicates that it is a special variable that will be replaced with the actual username when the command is executed. This allows for the creation of unique folders for each user based on their username.

If you were to license based on devices, there are six times four
devices, or 24 devices. It will be more cost-effective to license based on the number of users, which is 18.

RAID-5 volumes have a cost advantage over mirrored volumes because
disk usage is optimized. The more disks you have in the RAID-5 volume, the less the cost of the
redundant data stripe. If you’re using five disks in a RAID-5 configuration, you can anticipate 20
percent rate of redundancy.

By creating a new organizational unit (OU) called Mylab and moving the computer accounts for the Windows Server 2003 systems into the Mylab OU, the systems administrator can create a separate group policy object (GPO) specifically for the lab servers. This new GPO can then be configured to set the Unsigned Driver Installation Behavior policy to Warn But Allow Installation, overriding the default domain GPO. By applying this new GPO to the Mylab OU, the setting will only affect the lab servers and not change the overall setting for other computers in the domain.

The Phone And Modem Options in Control Panel allows the user to configure and adjust modem settings, including the port speed. This tool is specifically designed to manage and modify modem settings, making it the appropriate choice for adjusting the modem speeds in this scenario. The Device Manager is used for managing hardware devices, but it does not provide specific options for adjusting modem speeds. The Routing And Remote Access console is used for managing network routing and does not have options for adjusting modem speeds. Editing the properties of the multilink connection in My Network Places does not provide options for adjusting modem speeds.

It is a best practice to log on using an account with minimal credentials, then to launch administrative tools with higher-level credentials using Run As.

In a Windows Server 2003 interim domain functional level domain, which is what you must be running to support a Windows NT 4 domain, you will only be able to use global groups as secu
rity principals. Domain local groups will only be useful on the domain controllers in the Windows
Server 2003 domain, and universal groups cannot be used as security groups in a Windows Server 2003 interim domain functional level domain.

To achieve the goal of allowing the executive's laptop to join the domain and be configured by the group policies linked to the Desktops OU immediately, you need to create a computer object in the Desktops OU. Additionally, you should select the executive's user account for the property "The Following User Or Group Can Join This Computer To A Domain." This ensures that the laptop is added to the domain and receives the necessary group policies from the Desktops OU.

To resolve the IRQ conflict between the legacy fax board and the legacy RAID controller, the correct method is to select the fax board in the Device Manager. From the Action menu, select Properties. Then, go to the Resources tab and clear the Use Automatic Settings check box. Select the IRQ and click Change Settings. Scroll through the available IRQs until you find one that does not conflict with any others. Finally, click OK and restart the server. This will ensure that the fax board and RAID controller can function without any IRQ conflicts.

The correct answer is ".exe -x". This is because the "-x" flag is commonly used to specify the extraction or unpacking process, and the ".exe" extension suggests that the file is an executable. Therefore, using ".exe -x" would indicate that the file should be executed with the extraction option, allowing the servicepack to be unpacked.

To resolve the issue of the disk not appearing correctly in Disk Management after being added to the computer, the task that must be applied is to "Rescan". Rescanning the disks will prompt the computer to recheck and detect any newly added or changed disks, allowing the disk to be properly recognized and displayed in Disk Management.

Although hardware RAID is more expensive than software fault tolerance,
it provides faster disk I/O than software fault tolerance. In addition, hardware fault tolerance
solutions might implement hot swapping of hard disks to allow for replacement of a failed
hard disk without shutting down the computer and hot sparing so that a failed disk is automatically
replaced by an online spare.

B. Correct: Disk defragmentation will fail only when a disk has errors. If a disk has
errors, it is classified as “dirty” by the operating system. The only way to change this state is to perform a Chkdsk operation on the disk and complete all required repairs.

The correct answer is "dsquery user domainroot -inactive 4|dsmod user -disabled yes". This command-line tool combination allows the administrator to search for user accounts in the domain that have been inactive for the last 4 weeks and then disable those accounts. This meets the goal of automating the process of determining and disabling unused accounts, while still allowing for re-enabling if needed in the future.

To correct the problem, you should add the users to the Remote Desktop Users group. This will allow them to connect to the Terminal Server. By adding them to this group, they will have the necessary permissions to log on interactively and access the server remotely using Remote Desktop Connection.

B. Correct: Because the system started without fault when the junior administrator called Rooslan, no fault will be evident in the Device Manager. Rooslan will be able to investigate further by looking at the system log, which has recorded the last few restarts, perhaps even more, and the problematic event will be recorded there.

In Windows Server 2003, setup can be launched by booting to the CD-ROM, allowing for installation from a disc. Additionally, setup requires a non-blank password to meet complexity requirements, ensuring that the password meets certain criteria for security purposes.

Although the logon message text on Windows 2000 and other
previous operating system versions indicates that the account is disabled, the account is actually
locked. Windows Server 2003 displays an accurate message that the account is, in fact,
locked out. However, you can recognize the problem by examining what caused the message: a user forgot his or her password. You must unlock the account and reset the password.

NETDOM and DSADD are command-line tools that can be used to create a domain computer account in Active Directory. NETDOM is a command-line tool used to manage Windows domains and trust relationships, and it includes the ability to create domain computer accounts. DSADD is another command-line tool used to add objects, including computer accounts, to Active Directory. Therefore, both NETDOM and DSADD can be used to create a domain computer account in Active Directory.

The file does exist on the server, but the file has been corrupted. You should replace the file with the copy in the backup set.

The valid licensing modes in Windows Server 2003 are Per Server and Per Device or Per User. Per Server licensing mode allows a certain number of concurrent connections to the server, regardless of the number of users or devices. Per Device or Per User licensing mode allows a specific device or user to access the server, regardless of the number of concurrent connections. Per Seat licensing mode is not a valid licensing mode in Windows Server 2003.

Correct: Rooslan has achieved the primary goal by installing new 100 GB hard
disks and, by copying the user data across, he has added space to each of the
shares. Rooslan has achieved the first secondary goal by mounting the disks as the
user data folder. Under the current shared folder hierarchy, there is no need to
introduce extra shared folders. The files copied will not retain their NTFS permissions,
so the third secondary goal will not be achieved. Nowhere has it been mentioned
that any type of fault tolerance has been used; therefore, the second
secondary goal has not been achieved.

B. Correct: Setting the report type to All Devices And System Summary will print an
extensive report for each device installed on the system, including resource information,
as well as generate a summary of the system. This achieves the primary
goal and the first of the secondary goals.

By running the Device Manager and selecting the network card that has a yellow and black exclamation mark beside it, the user can access the properties of that network card. By going to the Resources tab and clearing the Use Automatic Settings check box, a list of conflicting devices will be displayed. This allows the user to determine which other device on the system is conflicting with the third network card.

All Users can access the shared folder from the network because the shared folder permissions are set to "Everyone-Full Control." Managers can delete files in the folder because their NTFS permissions are set to "Modify." Authenticated Users can write files in the folder because their NTFS permissions are set to "Read, Write."

To complete the restoration of the user's access to resources, you will need to place the user's account in the appropriate groups. This will ensure that the user has the necessary permissions to access the resources they need. Additionally, you will need to re-permission resources to which permission was given or denied based on the user account. This is necessary to ensure that the user has the correct level of access to these resources.

DSQUERY will produce a list of user objects within an OU and can pipe that list to DSGET, which in turn can output particular properties, such as phone numbers.

You can implement quotas per-volume only. You cannot configure a
quota on the Users folder on volume D. The quota applies to the whole volume. You will also be
unable to set a quota of 20 MB per user of combined storage on volumes D and E. You could,
however, configure a limit of 15 MB on volume D and 5 MB on volume E, or some other combination
that totals 20 MB.

A. Correct: The Initialize And Convert Disk Wizard runs each time a new disk is
added to the system and the disk management console is run. Limited in scope it
is only able to initialize a disk and convert it from basic to dynamic.
C. Correct: The Initialize And Convert Disk Wizard runs each time a new disk is
added to the system and the disk management console is run. Limited in scope,
the wizard is only able to initialize a disk and convert it from basic to dynamic.

The correct answer is to use the Netdom command-line tool to reset the computer password on the domain controller. This is the appropriate tool for resetting the computer password in Active Directory. Restarting the server in the recovery console and using the console to reset the computer account is not the recommended solution for this issue. Resetting the account in Active Directory Users And Computers or using the Dsmod command-line tool are also not the correct methods for resetting the computer password.

The correct answer is Successful Object Access and Failed Object Access. These two types of auditing will allow the systems administrator to generate an audit log of all users who attempt to access the particular folder. Successful Object Access will track the users who successfully access the folder, while Failed Object Access will track the users who attempt to access the folder but are stopped due to insufficient NTFS permissions. This will provide a comprehensive record of all access attempts to the confidential company financial information.