70-291: Microsoft MCSE 70 291 Practice Exam 1 Of 2

1. Your company has a Cache DNS server that receives updates from your ISP. Recently, the ISP had suffered some snags in the operation due to bandwidth congestion and as a result your DNS resolution went haywire. Now the ISP has resolved all issues and his setup is up and running again. But your network clients are still complaining that the usual web sites that they access still remain inacessible. What should you do?

Restart the DNS server

Clear the DNS server cache

Restart the connection with the ISP

Request the ISP to restart his DNS server

Since the type of DNS server being used in the network is a Cache DNS server, it would have cached all the resolution status of the ISPs DNS server when the ISP was suffering network issues. Hence, now that the ISP issues are sorted out the DNS server in your network will have to cache the latest resolution status. For which, it is best to clear the current contents of the cache

Explanation

Since the type of DNS server being used in the network is a Cache DNS server, it would have cached all the resolution status of the ISPs DNS server when the ISP was suffering network issues. Hence, now that the ISP issues are sorted out the DNS server in your network will have to cache the latest resolution status. For which, it is best to clear the current contents of the cache

2. You are in the process of relocating resources in your network to ensure efficiency and performance. In the process, the Mail Server now resides on aUNIX server. The rest of the network including the Domain controller, DHCP and the DNS servers are Windows Server 2003 based servers. How would you ensure that the Mail server is accessible to all clients on the network?

Move the mail service also to a Windows 2003 Server computer

Add a mail exchange (MX) DNS record

Create a static host file that contains resolution for the mail server and replicate it to all clients

MX record or Mail Exchanger record is a DNS scope information that is used to point the Mail server to all clients seeking resolution for that mail server.

Explanation

MX record or Mail Exchanger record is a DNS scope information that is used to point the Mail server to all clients seeking resolution for that mail server.

3. Your company has a tie up with a software development firm for testing its Beta applications. The software has a pre-requisite of 1GB free space on the hard disk. You are required to locate such computers automatically and push the beta version of this software on to those machines. Which of the following must you do? Choose the most easily achievable option.

Create a WMI filter that queries the Win32_LogicalDisk object for more than 1 GB of free space.

Create a PERL script that can locate computers having 1 GB free space.

Manually check each Hard disk

Send message to all users asking everybody with more than 1 GB free space to respond back.

Creating PERL script will require that the administrator be skilled in PERL scripts. Sending messages to the entire network is not the correct thing to do. Manually checking each hard disk is not physically possible for one person. The best option is to create a WMI filter to query the required information.

Explanation

Creating PERL script will require that the administrator be skilled in PERL scripts. Sending messages to the entire network is not the correct thing to do. Manually checking each hard disk is not physically possible for one person. The best option is to create a WMI filter to query the required information.

4. On an Enterprise network that has 1000 computers and 100 servers, if you were to assign a small remote containing about 40 or more computers to connect to the main network, which of the following would be an ideal method to manage dynamic IP addresses on the small network?

Configure a DHCP relay agent for that network

Install a BootP agent on the switch of that network

Assign static IP addresses to the clients of that network

Because these subnets do not contain DHCP servers and the switch cannot function as a DHCP/BOOTP relay agent, each subnet must have either its own DHCP server or another computer that can function as a relay agent on that subnet

Explanation

Because these subnets do not contain DHCP servers and the switch cannot function as a DHCP/BOOTP relay agent, each subnet must have either its own DHCP server or another computer that can function as a relay agent on that subnet

5. The previous network administrator of your network has configured IPSec policies such that it displays the IP addresses of the required Security Associations. For the purpose of user friendly appearances, you would prefer the host names of the same to be displayed. Which of the following will help you achieve the same?

Ensure the member server on which the IPSec policies are enabled is a DNS client.

Uncheck the Enable DNS name resolution property for the server settings

Check the Enable DNS name resolution property for the server settings

Ensure the network has a DDNS running instead of the usual DNS

On the Server settings you must check the option Enable DNS Name resolution to be able to view the SAs in the form of host names instead of IP addresses.

Explanation

On the Server settings you must check the option Enable DNS Name resolution to be able to view the SAs in the form of host names instead of IP addresses.

6. You are on the SOA (Start Of Authority) tab of the DNS server DNS1 on which you wish to configure the zone transfer with another DNS server DNS2 every once in 8 hours. Which of the following options will help you configure the DNS zone transfer between the two servers?

Refresh Interval

Retry Attempts

Retry Interval

Expiration

Refresh Interval option on the SOA tab page will help to configure the zone transfer between the two servers every once in 8 hours

Explanation

Refresh Interval option on the SOA tab page will help to configure the zone transfer between the two servers every once in 8 hours

7. You wish to keep your DNS server database up-to-date and free of unnecessary records. Which of the following options will help you to maintain the DNS database as desired?

Tombstone

Aging and scavenging

DDNS

Secure updates

Aging and scavenging option is used to remove outdated resource records. Aging and scavenging is not enabled by default and will have to be manually enabled by the DNS admin

Explanation

Aging and scavenging option is used to remove outdated resource records. Aging and scavenging is not enabled by default and will have to be manually enabled by the DNS admin

8. You are required to apply certain security update changes based on the already existing ones in your network. Which of the following would you use to analyze what exists and what needs to be applied?

Microsoft Baseline Security Analyzer.

IP Security Monitor Console

Network Monitor

Baseline setting of the relevant GPO

The Microsoft Baseline Security Analyzer (MBSA) will scan for security updates and checks for default settings that are not secure. The required EXE file to execute this utility will be mbsacli.exe.

Explanation

The Microsoft Baseline Security Analyzer (MBSA) will scan for security updates and checks for default settings that are not secure. The required EXE file to execute this utility will be mbsacli.exe.

9. You have just created some DNS zones in your network. So far you just had one Primary DNS and one Secondary DNS. The replication was very smooth and trouble free. You now wish that zone transfer and updates on the network happen equally smooth after the zones have been created. What should you do?

Ensure that the zones are all Active Directory integrated

Ensure all the DNS servers are running on the Domain controllers

Ensure all DNS servers are running on member servers

Avoid using zones

Active Directory--integrated zone ensures that updates can be made to any server. In addition, using this zone type, zone transfers occur automatically as part of Active Directory replication

Explanation

Active Directory--integrated zone ensures that updates can be made to any server. In addition, using this zone type, zone transfers occur automatically as part of Active Directory replication

10. You and two other administrators have been managing the entire enterprise network of your organization so far. Since the company has been fast acquiring office abroad, as an expansion plan your company is now hiring 10 administrators who will only be Remote administrators. You are required to give them access to the network from a specific time of the day till late hours IST (Indian Standard Time). These administrators will be logging in to the network from different location. Which is the easiest way to achieve the said goals? Each choice represents a complete solution. Choose the best option.

Just make all these new administrators members of the Domain Admin group and leave it at that.

Create an OU for these new remote administrators and assign them GPO.

Create a remote access policy for each of the new remote admins

The simplest way to achieve this is to create a group for the remote administrators and assign all the required policies to this group.

Explanation

The simplest way to achieve this is to create a group for the remote administrators and assign all the required policies to this group.

11. You wish to set up a VPN for home users using Routing and Remote Access (RRAS) without the need for a dedicated name resolution service on the network. All servers in the network are running on Windows Server 2003 What should you do?

Configure the VPN server to enable the NetBIOS over TCP/IP (NetBT) proxy.

Implement a static host file.

Use a hub and spoke technology to connect each client to the RRAS server.

Recommend T1 lines for the home users

The NetBIOS over TCP/IP (NetBT) proxy in the Windows Server 2003s Routing and Remote Access allows remote dial-in client computers to resolve names on the network without requiring a dedicated name resolution service on the network.

Explanation

The NetBIOS over TCP/IP (NetBT) proxy in the Windows Server 2003s Routing and Remote Access allows remote dial-in client computers to resolve names on the network without requiring a dedicated name resolution service on the network.

12. You require just one resource on the entire network whose Ip related information must be statically configured. This resource needs to be accessed by one and all in the network that is otherwise dynamically configured. Which of the following records would you configure for this purpose?

Alias

DNS suffix

SRV

Router

Host (A)

Host (A) resource records are used in a zone to associate DNS domain names of hosts (computers or network interface print device) to their IP addresses. For a static TCP/IP host, you should manually create an A resource record using the DNS console.

Explanation

Host (A) resource records are used in a zone to associate DNS domain names of hosts (computers or network interface print device) to their IP addresses. For a static TCP/IP host, you should manually create an A resource record using the DNS console.

13. You need to verify if the SUS configuration is functioning properly on the network. Which of the following files would you check to achieve this goal?

WindowsUpdate.log

Error.log

Update.log

Registry.ini

To verify any errors logged during the functioning of SUS, you must check the WindowsUpdate.log file.

Explanation

To verify any errors logged during the functioning of SUS, you must check the WindowsUpdate.log file.

14. You are in the process of expanding the Remote access network as your company is fast acquiring smaller companies across the world. The company�s written policy states that all Remote Access Servers must have the same security policy settings. Whenever any amendments will be made to these policies written or otherwise will have to be reflected on all the servers at one go to ensure that the administrative time for the said task is kept to the minimum. What should you do?

Use RADIUS.

Use RRAS.

Use IIS.

Use Certificate Servers

RADIUS (Remote Authentication Dial In User Service) helps to centralize policies, logging, and authentication services from a single location.

Explanation

RADIUS (Remote Authentication Dial In User Service) helps to centralize policies, logging, and authentication services from a single location.

15. You have modified the IP Security Policy on Active Directory settings in the Default Client Computer Policy. After verification you notice that once users� computer has failed to apply the policy. You wish to verify the policy that is currently active on that user�s computer. Which of the following will help you do so?

Microsoft Management Console � IPSec policy

IP Security Monitor � IPSec policy.

Domain Users snap-in

Microsoft Management Console � Network Monitor.

You should view the IPSec policy using the IPSec Security Monitor snap-in of the Microsoft Management Console (MMC).

The rest of the options mentioned in the choices section will not display the required information.

Explanation

You should view the IPSec policy using the IPSec Security Monitor snap-in of the Microsoft Management Console (MMC).

The rest of the options mentioned in the choices section will not display the required information.

16. Which of the following registry settings indicate that the client on the network has been assigned a designated server to receive software updates from?

UseWUServer = 0

UseWUServer=1

AutoUpdate =1

SUSUpdate=1

The registry setting UseWUServer when set to 1 indicates that the client has been assigned a designated server from which it will be receiving Software Updates. The rest of the settings displayed in the choices section is irrelevant.

Explanation

The registry setting UseWUServer when set to 1 indicates that the client has been assigned a designated server from which it will be receiving Software Updates. The rest of the settings displayed in the choices section is irrelevant.

17. You have been receiving complaints from the finance department that there is a bandwidth clog on the switch. This switch connects the Finance department to all the important member servers on which critical and confidential data resides. You monitor that part of the network and capture enough data to realize that there have been tremendous client requests made to the resources on the member servers that have been discarded by the servers. You are sure that the access permissions were in place even before you took charge of this network. You need to be sure that not only is the unauthorized user being prohibited from accessing the confidential resource, but he also needs to be tracked. Which of the following options would you do choose to achieve the said goals? Each statement represents a part of the solution. Choose two statements that will complete the solution.

Choose the Audit object Access settings for that GPO

Choose the Delegate Authority settings for that GPO

Audit for failure of events

Audit for success of events

Auditing helps you to check for the resource access as to who and when is accessing the resources. Enabling failure of event will help you track who is unauthorized to access the confidential resources. Success of event is required only when you need to be sure that everyone who has been assigned access permission is able to access the resource, which is irrelevant here.
Delegate authority is irrelevant here.

Explanation

Auditing helps you to check for the resource access as to who and when is accessing the resources. Enabling failure of event will help you track who is unauthorized to access the confidential resources. Success of event is required only when you need to be sure that everyone who has been assigned access permission is able to access the resource, which is irrelevant here.
Delegate authority is irrelevant here.

Submit

18. You are the administrator for an organization that trains network administrators. The training lab is also a part of the main network and is within your administration authority. The participants have been trained to setup DHCP server for a network and administer the same. This requires an extensive hands-on in the lab. As a result most of the users are complaining about IP address duplication and are unable to connect to the network normally. Which of the following steps would ensure this problem does not occur again? (Each correct answer presents part of the solution. Choose two options.)

Shift the training lab to a different building

Assign a dedicated range of IP addresses for the training lab

Ensure the DHCP server that assigns IP addresses must be authorized to do so

Implement access lists on the router

Implement static IP addressing in the training lab

Assigning a dedicated range of IP addresses for training purpose ensures that the IP addresses that get allocated will not be from a similar range and will hence avoid IP address duplication. This can still lead to assigning IP addresses that are out of range of the main network. Authorizing DHCP servers on the network will complete the solution for the problem, as no DHCP server other than authorized will be recognized for IP address assignment on the network

Explanation

Assigning a dedicated range of IP addresses for training purpose ensures that the IP addresses that get allocated will not be from a similar range and will hence avoid IP address duplication. This can still lead to assigning IP addresses that are out of range of the main network. Authorizing DHCP servers on the network will complete the solution for the problem, as no DHCP server other than authorized will be recognized for IP address assignment on the network

Submit

19. When pushing software updates to all the clients on the network from a designated server, which of the following settings on the GPO needs to configured?

Audit Object Access settings

Specify intranet Microsoft update service location

Specify internet Microsoft update service location

Automatic Update settings

You need to enable the Specify intranet Microsoft update service location in the GPO. When enabled all clients on the network that are in need of updates will by pass the regular Windows update and update themselves from the designated server. This eases the load on the router and the firewall as well.

Explanation

You need to enable the Specify intranet Microsoft update service location in the GPO. When enabled all clients on the network that are in need of updates will by pass the regular Windows update and update themselves from the designated server. This eases the load on the router and the firewall as well.

20. You are required to change some setting that have been set by the previous administrator for the IPSec policies. Which of the following would you use to manage this?

Microsoft Management Console

IP Security Monitor Console

Network Monitor utility

IPSec utility

To be able to change settings in the IPSec policies, you need to access the IP Security Monitor Console

Explanation

To be able to change settings in the IPSec policies, you need to access the IP Security Monitor Console

21. You have been instructed by your supervisor that starting today he would like you to generate reports of security information of all the perimeter servers that have Intranet sites resources residing on them. He is not interested in the status of the rest of the perimeter servers. You are required to arrive at a plan of action for the same before you actually go ahead with the implementation and submit the same to him. What should you do? Each solution is complete in itself. Choose the best option

Create a security template for just these servers and deploy the same through the Security Configuration and Analysis snap-in

Create a security template for all perimeter servers and deploy the same through the Security Configuration and Analysis snap-in.

Group all the said servers into a separate OU and monitor the same.

Group all perimeter servers into a separate OU just for the purpose of monitoring their security settings.

Grouping of servers in a separate OU for the purpose of monitoring security settings is irrelevant.

Applying the security template on all the perimeter servers does not achieve the said objective.

You are required to apply the new template with required settings only to the said servers on which Intranet resources are residing.

Explanation

Grouping of servers in a separate OU for the purpose of monitoring security settings is irrelevant.

Applying the security template on all the perimeter servers does not achieve the said objective.

You are required to apply the new template with required settings only to the said servers on which Intranet resources are residing.

22. You are a managing a very small Windows 2003 server based network with about 45 clients. You are required to ensure that the systems that are unable to connect to the DHCP server on startup will still be assigned an IP address till such time that the DHCP server will be available. These clients are running Windows XP. What must you do?

Assign a secondary IP address to the clients

Assign a static IP address to the client

Do nothing

Re-install the OS

Upgrade the OS to Windows Server 2003

Do nothing. Whenever dynamic IP address is configured and the DHCP server is available, the XP will allocate an IP address to the computer from the range of private IP addresses allocated for Microsoft for this purpose. This method is called as Automatic Private IP Addressing (APIPA)

Explanation

Do nothing. Whenever dynamic IP address is configured and the DHCP server is available, the XP will allocate an IP address to the computer from the range of private IP addresses allocated for Microsoft for this purpose. This method is called as Automatic Private IP Addressing (APIPA)

23. You need to configure updates for your network. Your network consists of 100 Windows Server 2003 DCs and 48 Windows 2003 member servers. There are about 2500 clients. Which of the following would be an ideal and efficient method for implementing an automated process of software updates? Each choice statement presents a part of the solution. Choose two statements to arrive at a complete solution.

Configure Software Update Service (SUS) along with Group Policy Objects (GPO).

Configure Automatic Updates on all Domain Controllers and clients.

Configure Automatic Update on the Root DC and ensure the rest do not connect to the Internet at all.

Implement SUS on the network. You will also have to configure relevant GPOs to enable SUS to function correctly. Ensuring that critical DCs directly update themselves from Microsoft site is required as these servers should not suffer any vulnerability due to delay in updates. Ensuring that a designated server will push updates to other clients at a scheduled time will ensure that all clients are updating themselves regularly without clogging the network bandwidth.

Explanation

Implement SUS on the network. You will also have to configure relevant GPOs to enable SUS to function correctly. Ensuring that critical DCs directly update themselves from Microsoft site is required as these servers should not suffer any vulnerability due to delay in updates. Ensuring that a designated server will push updates to other clients at a scheduled time will ensure that all clients are updating themselves regularly without clogging the network bandwidth.

Submit

24. Users on the network have been complaining that one particular server in the network that has multiple resources hosted on it, is either too slow responding or does not respond at all. You run the network monitor and realize that the information being displayed is too much. You are unable to read all the information. You wish to not only read all the information as it is being captured, but you also wish to ensure no information being captured will overwrite the older data. Which of the following settings of network monitor must you use here? Choose two.

Configure the Network Monitor display filters.

Increase the Network Monitor buffer size

Increase the Network Monitor display lines

Increase the Network Monitor frame size

You should increase the Network Monitor buffer size setting and configure a display filter. Display filters are used alter the Network Monitor's Frame Viewer window.

Explanation

You should increase the Network Monitor buffer size setting and configure a display filter. Display filters are used alter the Network Monitor's Frame Viewer window.

Submit

25. Which of the following components must be enabled for Windows based remote clients seeking resource access on the network?

Enable simple TCP/IP services

Enable File and Printer Sharing for Microsoft Networks

Enable the Client for Microsoft Networks

Enable Microsoft Dial-up adapter

When remote clients connect to the company network if they should be able to access network resources on the Windows Server 2003 based network then the Client for Microsoft Network, client component must be enabled.

Explanation

When remote clients connect to the company network if they should be able to access network resources on the Windows Server 2003 based network then the Client for Microsoft Network, client component must be enabled.

26. You have asked by your supervisor to arrive at a solution for authenticating users as well computers not only over the domain based LAN of the Windows Server 2003 network but also for the entire enterprise-wide network. Which of the following solutions best suits this scenario?

Use Certificate based authentication.

Use Kerberos.

Use token-based authentication.

Use smart cards

Certificate-based authentication not only allows for authenticating the various objects listed in the requirement, it can also encrypt the authentication information and keep the source of the information a secret. This method can be used in domain based LANs as well as Enterprise-wide networks.

Explanation

Certificate-based authentication not only allows for authenticating the various objects listed in the requirement, it can also encrypt the authentication information and keep the source of the information a secret. This method can be used in domain based LANs as well as Enterprise-wide networks.

27. Your company has acquired a small consultancy services company. You have been assigned the job of automatically assigning DNS and Mail server information to their entire work group. You are required to make the necessary changes on the DHCP server by assigning them a new scope and configuring a few relevant scope options. Which of the following is required to be configured by you? Choose two.

DNS domain name option

MX record option

Router option

DNS suffix option

The DNS domain name option must be configured to point to the domain name in which the mail server resides and also for the receiving the DNS resolution. The MX record or the Mail Exchanger record must be configured to point o the mail server as well.

Explanation

The DNS domain name option must be configured to point to the domain name in which the mail server resides and also for the receiving the DNS resolution. The MX record or the Mail Exchanger record must be configured to point o the mail server as well.

Submit

28. You are the administrator of a heterogeneous network. You have a Primary DNS service running on a Active Directory based DNS server. You are required to accommodate a UNIX server as the secondary DNS server and allow all Active directory based users to be able access this secondary DNS server and also ensure that zone transfer will be possible in this scenario. What must you do? Choose all that apply.

Configure a Host (A) record for the DNS server running on the UNIX server

Configure a Name Server (NS) resource record for the UNIX server to the DNS zone

Configure a SRV record for the Active directory based DNS server

Configure a Alias record for the UNIX based DNS server.

Configuring a Host (A) record for the UNIX server will ensure that the UNIX server is available as a secondary DNS for non-UNIX clients as well. The NS resource record is used to specify the DNS servers are designated as authoritative for the zone. By listing a server in the NS resource record, it becomes known to others as an authoritative server for the zone

Explanation

Configuring a Host (A) record for the UNIX server will ensure that the UNIX server is available as a secondary DNS for non-UNIX clients as well. The NS resource record is used to specify the DNS servers are designated as authoritative for the zone. By listing a server in the NS resource record, it becomes known to others as an authoritative server for the zone

Submit

29. You have just configured a network printer. Before you make it available for the network users, you wish to test the printing environment thoroughly. You need to be sure that all print jobs sent to the printer are being received and processed. What should you do?

You can configure the printer to send a message to the user once the print job is complete.

Keep the print queue open on the desktop to monitor the printing status.

Use the services console to monitor the print job.

The easiest way to achieve this is to configure the printer to generate message to the user who sent the print request once the print job is complete.

Explanation

The easiest way to achieve this is to configure the printer to generate message to the user who sent the print request once the print job is complete.

30. Your remote location complains that all DNS resolutions lately have been pointing to outdated resources. You analyze the situation and realize that the secondary server in the remote location is not upto date in its database when compared with the primary server. How would you identify the problem?

Use Network Monitor to observe the frequency of update notification between the Primary and Secondary DNS

Observe the log files on the Primary and secondary DNS.

Run NS Lookup command on both the Primary and the Secondary DNS.

Run the dcdiag command to check DNS registration

You must use the Network Monitor to observe the frequency of the update request between Primary and the Secondary DNS to ensure that the database replication is happening as per schedule.

Explanation

You must use the Network Monitor to observe the frequency of the update request between Primary and the Secondary DNS to ensure that the database replication is happening as per schedule.

31. You are the administrator for Metro Tech World. The diagram for the network of Metro Tech World is shown below. The requirements for the network have been assigned to you. You are required to propose a plan for the same. Requirements: A. The clients of Network A must be allowed to access clients on Network B B. The resources on the SrvB must not be accessible for clients on Network A C. The clients of Network B must not be allowed to access any resource outside to Network A. Proposed Solutions: A. Assign the router IP address as Default gateway to all clients on Network A and Network B B. Implement access list on router C. Secure all resources on SrvB with relevant access permissions D. Implement firewall Which of the following statements correctly describe the proposed solutions? Choose three.

Implementing firewall is not inline with the requirements

Assigning default gateway to clients on Network B works against the stated requirements

It is not required to assign permissions on SrvB

Two requirements have been met

Three requirements have been met

Only clients from Network A must be allowed to access clients on Network B, hence only Network A must be assigned with a default gateway and not clients on Network B.

Srv B must be assigned permissions as per requirements.
Access list and firewall have not been mentioned in the requirement.

Hence two requirements have been met and one has not been met

Explanation

Only clients from Network A must be allowed to access clients on Network B, hence only Network A must be assigned with a default gateway and not clients on Network B.

Srv B must be assigned permissions as per requirements.
Access list and firewall have not been mentioned in the requirement.

Hence two requirements have been met and one has not been met

Submit

32. Which of the following utilities would you use to allow delegation of DHCP authorization?

Netsh

Active Directory Users and Computers

DHCP Console

Active Directory Sites and Services

You would be using the DHCP console to access the NetServices Node and delegate control from the relevant context menu

Explanation

You would be using the DHCP console to access the NetServices Node and delegate control from the relevant context menu

33. Your company Metro Tech World Inc has so far employed a single domain active directory network named metro.com. They are now acquiring an office in New Jersey. The office in New Jersey will contain a child domain and be named new.metro.com. You are to ensure that the metro.com clients will be able to access resources in new.metro.com as well. Which of the following options will allow you to accommodate this requirement in the DNS environment? Choose two.

Delegation

Stub Zone

Replication

Secondary server

You can either add a delegation for new.metro.com or add a stub zone for new.metro.com.
A stub zone is a copy of a zone that contains only those resource records that are necessary to identify the authoritative Domain Name System (DNS) servers for that zone.

Explanation

You can either add a delegation for new.metro.com or add a stub zone for new.metro.com.
A stub zone is a copy of a zone that contains only those resource records that are necessary to identify the authoritative Domain Name System (DNS) servers for that zone.

Submit

34. You have just configured a terminal server for the remote users group and have assigned a session time out of 2 hours in the GPO. You notice that the sessions have still not terminated after the elapsed session time limit. Which of the following configurations do you need to re-check? Choose two.

Idle session limit.

Override user settings

Modify the correct GPO

End connection.

Use the Terminal Service Configuration tool -> the Sessions tab, above -> select the Override user settings check box -> enter time limit for Idle session limit.

Explanation

Use the Terminal Service Configuration tool -> the Sessions tab, above -> select the Override user settings check box -> enter time limit for Idle session limit.

Submit

35. Your company intends to bring in the usage of smart card for authentication. They also plan to implement VPN in between offices with IPSec on Windows Server 2003 environment using the Microsoft�s default tunneling protocol. You are required to plan the entire setup such that the existing remote clients are also accommodated in this scenario. What should you do? Each choice represents a part of the solution. Choose all that apply to complete the solution.

Implement RADIUS on the network

Implement Certificate Servers for authenticating smart card users.

Configure Extensible Authentication Protocol -Transport Level Security (EAP-TLS) on the VPN server.

Nothing. The existing scenario is all ready for the new changes required

EAP-TLS is an EAP type that is used when using smart cards for remote access authentication. RADIUS provides a centralized method to monitor and control dial-up servers.

Explanation

EAP-TLS is an EAP type that is used when using smart cards for remote access authentication. RADIUS provides a centralized method to monitor and control dial-up servers.

Submit

36. You have just configured an Intranet Web Server. You require your remote clients to log in to this Web server irrespective of the location they are in and the OS platform they may be using. Since the remote clients are using company data on this connection, you are required to encrypt this communication. What should you do? Each choice represents a part of the solution. Choose all that apply to make a complete solution.

Configure VPN and IPSec policy.

Configure just VPN or just IPSec policy.

Configure the RAS server with Server (Require security).

Configure clients with Client (Request Security).

Configure RAS server with (Request security).

Configuring VPN as well as IPSec policies is necessary for the security requirements stated. Configuring IPSec in tunnel mode also would suffice but may not always work in all scenarios. It is ideal for the RAS server that will accept remote client requests to be configured in the IPSec Server (Require Security) mode and the remote clients to be configured in the IPSec Client (Request Security) mode.

Explanation

Configuring VPN as well as IPSec policies is necessary for the security requirements stated. Configuring IPSec in tunnel mode also would suffice but may not always work in all scenarios. It is ideal for the RAS server that will accept remote client requests to be configured in the IPSec Server (Require Security) mode and the remote clients to be configured in the IPSec Client (Request Security) mode.

Submit

37. You have 2 subnets on your network, Sub1 and Sub2. Each of these requires a DHCP server for itself. You are also required to setup a fault tolerance for the DHCP servers on these two subnets. You must ensure that at no given time, the DHCP client requests go unattended. Which steps should you take to support this configuration? (Choose all that apply.)

Divide the entire scope of contiguous addresses between the two servers

Ensure all reserved addresses are configured correctly on both the DHCP servers

Create reservations for the required clients on any one server only

The IP addresses between the two subnets must not be contiguous for safety reasons

By dividing the entire contiguous scope of the combined subnets between the two servers along with using a DHCP relay agent, you can ensure that if the local DHCP server is down the DHCP relay agent will forward the DHCP client request to the remote DHCP server and the client can still get an IP address within the same range of addresses that it had received earlier. By ensuring that the reservation information is configured on both servers, you can avoid IP address duplication

Explanation

By dividing the entire contiguous scope of the combined subnets between the two servers along with using a DHCP relay agent, you can ensure that if the local DHCP server is down the DHCP relay agent will forward the DHCP client request to the remote DHCP server and the client can still get an IP address within the same range of addresses that it had received earlier. By ensuring that the reservation information is configured on both servers, you can avoid IP address duplication

Submit

38. You have introduced some new resource servers on to your Windows 2003 network. These servers need to be assigned IP addresses. You already have a dynamic IP environment on your network. There will be a few more client computers added in the near future, which will need a separate set of IP addresses. You are required to plan for the situation based on the following requirements: Requirements: A. The resource servers need permanent IP addresses B. Static IP addresses must be done away with C. Network congestion must not occur due to the new additions Based on the above requirements you have designed a plan for the network and have gone ahead and implemented the solution as follows: Solution: 1. Assign static IP addresses to the new servers 2. Assign a separate range of IP addresses to the new clients 3. Ensure the lease period assigned to the network is default lease period. Regarding the implemented solutions, which of the following statements are true?

One of the requirements has been met

Two of the requirements have been met

Two requirements have not been met

None of the requirements have been met

The requirement says that the IP addresses for the resource servers have to be permanent, although it was possible to achieve this by assigning a permanent lease period to a dynamic IP address, even static address can achieve the same result. But in this scenario, since the requirement also says that static Ip address must be done away with, this is not an appropriate solution.

Assigning default lease period to clients will not decrease congestion. This will only lead to all clients raising renewal requests every once in 4-8 days.
Hence two requirements have not been met.

Explanation

The requirement says that the IP addresses for the resource servers have to be permanent, although it was possible to achieve this by assigning a permanent lease period to a dynamic IP address, even static address can achieve the same result. But in this scenario, since the requirement also says that static Ip address must be done away with, this is not an appropriate solution.

Assigning default lease period to clients will not decrease congestion. This will only lead to all clients raising renewal requests every once in 4-8 days.
Hence two requirements have not been met.

39. You require all users who are working from home or traveling to access the company information from wherever they are. You have a DHCP server that will be assisting the RAS server for dynamically allocating IP addresses to these remote clients. You have implemented the default Windows Integrated authentication for security purpose. All resource should be available for the remote users once they log in. When testing you observe that the remote clients are not receiving any information from the DNS server and are hence unable to access the network resource. What should you do?

Implement a secondary DHCP server just for the remote clients

Upgrade the DNS server

Check DHCP scope options

Do away with the Windows Integrated authentication

The main problem would be that the DHCP scope options for the remote clients may not be correctly configured. Once this has been verified, you may suspect the Windows Integrated authentication as well. In case of Windows Integrated Authentication, authentication happens after encrypted information is exchanged between client and server. This kind of cryptography uses hash algorithm. This may create problems receiving certain scope options on a remote connection.

Explanation

The main problem would be that the DHCP scope options for the remote clients may not be correctly configured. Once this has been verified, you may suspect the Windows Integrated authentication as well. In case of Windows Integrated Authentication, authentication happens after encrypted information is exchanged between client and server. This kind of cryptography uses hash algorithm. This may create problems receiving certain scope options on a remote connection.

Submit

40. You are planning a design a for the DNS environment for your company. The requirements are assigned to you as follows: 1. All critical departments should have their respective domain name under the company name as the root. 2. All computers within the domain must be registered. 3. All DNS related records must be constantly updated dynamically. Which of the following solutions presented in the choices section will help you achieve these goals? Choose all that apply.

Implement Dynamic DNS (DDNS)

Create Active Directory Integrated zones for all the domain names created for the critical departments

Configure the Active directory to authorize every client on the network to be a part of the main company domain

Ensure the DHCP server on the domain is an authorized one

Implement Primary DNS servers that need manual updating of records

Dynamic DNS will closely interact with the DHCP server for any dynamic updating required from the IP clients end. Active-Directory integrated zone will ensure every object under the relevant zone or domain name will be recorded and accounted for

Explanation

Dynamic DNS will closely interact with the DHCP server for any dynamic updating required from the IP clients end. Active-Directory integrated zone will ensure every object under the relevant zone or domain name will be recorded and accounted for

Submit

41. . You are planning a network where in a Windows Server 2003 will act as router. You will be hosting a Web server that should not be placed in the internal network as you do not want public HTTP traffic to be entering your internal network. You also have an Intranet Web server that will not only be a part of the internal network but will also be integrated with the rest of the domain controllers for Windows Integrated authentication, as only employees will be allowed to access this Intranet Web server. All these employees will be using pre-assigned IP addresses. You are required to place these two servers and configure restrictions such that the rest of the networks� security is not compromised. All traffic entering the network will have to first pass through the firewall. Each of the choice represents a part of the solution. Choose all that apply to form a complete solution

Configure Port Address Translation (PAT) for the Intranet Web server.

Configure Network Address Translation (NAT) for the HTTP server.

Place the HTTP server in the DMZ.

Place the Intranet Web Server in the DMZ.

Configure external interface of the router or firewall to discard all inbound packets except from known IP address list.

Since public traffic should not enter the internal network, the HTTP server is best placed in the De-militarized zone. Since the Intranet Web server is partially allowing traffic from the outside world although from the employees of the organization itself, employing Pat will ensure that the access intend for the Intranet Web server will hit the said server only and not any other resource on the network. This also succeeds in maintaining security of the internal IP address of the network. Assigning a known list of IP addresses to the external interface of the firewall will help it to discard all unauthorized IP packets.

Explanation

Since public traffic should not enter the internal network, the HTTP server is best placed in the De-militarized zone. Since the Intranet Web server is partially allowing traffic from the outside world although from the employees of the organization itself, employing Pat will ensure that the access intend for the Intranet Web server will hit the said server only and not any other resource on the network. This also succeeds in maintaining security of the internal IP address of the network. Assigning a known list of IP addresses to the external interface of the firewall will help it to discard all unauthorized IP packets.

Submit

42. Your company has acquired a electronic circuit manufacturing unit that is located quite far from the main office. You plan to make a stub network of the manufacturing unit and another stub network of its administration office that is equal distance from your main office as the manufacturing unit. You propose to implement a hub and spoke technology as far as connecting the three units are concerned. How would you manage the logical connectivity of this setup? Each choices represents a part of the solution, choose two statements that will combine into a complete solution.

Configure one of the member servers on the main network as a router.

Configure the Root DC as the RRAS server.

Configure any member server on each of the stub networks as a router as well

Configure a static route each to the manufacturing unit and the administration office respectively.

Configure RIP as the dynamic routing protocol.

Configuring a hub and spoke technology with static routes is an ideal solution for the described scenario. The root DC must never be configured as either a RAS server or as a router. Dynamic routing protocols would only add to overheads in a small setup such as this.

Explanation

Configuring a hub and spoke technology with static routes is an ideal solution for the described scenario. The root DC must never be configured as either a RAS server or as a router. Dynamic routing protocols would only add to overheads in a small setup such as this.

Submit