70-291: Microsoft MCSE 70 291 Practice Exam 1 Of 2

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Vaibhav Agarwal
V
Vaibhav Agarwal
Community Contributor
Quizzes Created: 58 | Total Attempts: 602,645
Questions: 42 | Attempts: 3,287

SettingsSettingsSettings
70-291: Microsoft MCSE  70 291 Practice Exam 1 Of 2 - Quiz

Microsoft MCSE 70-291:Implementing, Managing, and Maintaining a Server 2003 Network Infrastructure. Microsoft MCSE 70-291 Practice Exam. This is a full length practice exam that you can take to know if you are prepared for the real test. Time yourself to 120 minutes for this practice exam. Ensure that you take all MCSE 70-291 practice exams available and pass each with a good margin. In order to pass the real exam, you must achieve a 700 out of 1000


Questions and Answers
  • 1. 

    You have introduced some new resource servers on to your Windows 2003 network. These servers need to be assigned IP addresses. You already have a dynamic IP environment on your network. There will be a few more client computers added in the near future, which will need a separate set of IP addresses. You are required to plan for the situation based on the following requirements: Requirements: A. The resource servers need permanent IP addresses B. Static IP addresses must be done away with C. Network congestion must not occur due to the new additions Based on the above requirements you have designed a plan for the network and have gone ahead and implemented the solution as follows: Solution: 1. Assign static IP addresses to the new servers 2. Assign a separate range of IP addresses to the new clients 3. Ensure the lease period assigned to the network is default lease period. Regarding the implemented solutions, which of the following statements are true?

    • A.

      One of the requirements has been met

    • B.

      Two of the requirements have been met

    • C.

      Two requirements have not been met

    • D.

      None of the requirements have been met

    Correct Answer
    C. Two requirements have not been met
    Explanation
    The requirement says that the IP addresses for the resource servers have to be permanent, although it was possible to achieve this by assigning a permanent lease period to a dynamic IP address, even static address can achieve the same result. But in this scenario, since the requirement also says that static Ip address must be done away with, this is not an appropriate solution.

    Assigning default lease period to clients will not decrease congestion. This will only lead to all clients raising renewal requests every once in 4-8 days.
    Hence two requirements have not been met.

    Rate this question:

  • 2. 

    You are the administrator for an organization that trains network administrators. The training lab is also a part of the main network and is within your administration authority. The participants have been trained to setup DHCP server for a network and administer the same. This requires an extensive hands-on in the lab. As a result most of the users are complaining about IP address duplication and are unable to connect to the network normally. Which of the following steps would ensure this problem does not occur again? (Each correct answer presents part of the solution. Choose two options.)

    • A.

      Shift the training lab to a different building

    • B.

      Assign a dedicated range of IP addresses for the training lab

    • C.

      Ensure the DHCP server that assigns IP addresses must be authorized to do so

    • D.

      Implement access lists on the router

    • E.

      Implement static IP addressing in the training lab

    Correct Answer(s)
    B. Assign a dedicated range of IP addresses for the training lab
    C. Ensure the DHCP server that assigns IP addresses must be authorized to do so
    Explanation
    Assigning a dedicated range of IP addresses for training purpose ensures that the IP addresses that get allocated will not be from a similar range and will hence avoid IP address duplication. This can still lead to assigning IP addresses that are out of range of the main network. Authorizing DHCP servers on the network will complete the solution for the problem, as no DHCP server other than authorized will be recognized for IP address assignment on the network

    Rate this question:

  • 3. 

    You are the administrator for Metro Tech World. The diagram for the network of Metro Tech World is shown below. The requirements for the network have been assigned to you. You are required to propose a plan for the same. Requirements: A. The clients of Network A must be allowed to access clients on Network B B. The resources on the SrvB must not be accessible for clients on Network A C. The clients of Network B must not be allowed to access any resource outside to Network A. Proposed Solutions: A. Assign the router IP address as Default gateway to all clients on Network A and Network B B. Implement access list on router C. Secure all resources on SrvB with relevant access permissions D. Implement firewall Which of the following statements correctly describe the proposed solutions? Choose three.

    • A.

      Implementing firewall is not inline with the requirements

    • B.

      Assigning default gateway to clients on Network B works against the stated requirements

    • C.

      It is not required to assign permissions on SrvB

    • D.

      Two requirements have been met

    • E.

      Three requirements have been met

    Correct Answer(s)
    A. Implementing firewall is not inline with the requirements
    B. Assigning default gateway to clients on Network B works against the stated requirements
    D. Two requirements have been met
    Explanation
    Only clients from Network A must be allowed to access clients on Network B, hence only Network A must be assigned with a default gateway and not clients on Network B.

    Srv B must be assigned permissions as per requirements.
    Access list and firewall have not been mentioned in the requirement.

    Hence two requirements have been met and one has not been met

    Rate this question:

  • 4. 

    On an Enterprise network that has 1000 computers and 100 servers, if you were to assign a small remote containing about 40 or more computers to connect to the main network, which of the following would be an ideal method to manage dynamic IP addresses on the small network?

    • A.

      Install a lesser configuration DHCP server on that small network and allow the synchronization to take place between the DHCP servers

    • B.

      Configure a DHCP relay agent for that network

    • C.

      Install a BootP agent on the switch of that network

    • D.

      Assign static IP addresses to the clients of that network

    Correct Answer
    B. Configure a DHCP relay agent for that network
    Explanation
    Because these subnets do not contain DHCP servers and the switch cannot function as a DHCP/BOOTP relay agent, each subnet must have either its own DHCP server or another computer that can function as a relay agent on that subnet

    Rate this question:

  • 5. 

    You are a managing a very small Windows 2003 server based network with about 45 clients. You are required to ensure that the systems that are unable to connect to the DHCP server on startup will still be assigned an IP address till such time that the DHCP server will be available. These clients are running Windows XP. What must you do?

    • A.

      Assign a secondary IP address to the clients

    • B.

      Assign a static IP address to the client

    • C.

      Do nothing

    • D.

      Re-install the OS

    • E.

      Upgrade the OS to Windows Server 2003

    Correct Answer
    C. Do nothing
    Explanation
    Do nothing. Whenever dynamic IP address is configured and the DHCP server is available, the XP will allocate an IP address to the computer from the range of private IP addresses allocated for Microsoft for this purpose. This method is called as Automatic Private IP Addressing (APIPA)

    Rate this question:

  • 6. 

    You have 2 subnets on your network, Sub1 and Sub2. Each of these requires a DHCP server for itself. You are also required to setup a fault tolerance for the DHCP servers on these two subnets. You must ensure that at no given time, the DHCP client requests go unattended. Which steps should you take to support this configuration? (Choose all that apply.)

    • A.

      Divide the entire scope of contiguous addresses between the two servers

    • B.

      Implement a DHCP relay agent on each subnet so that the relay agent forward request to the DHCP server on the remote subnet

    • C.

      Ensure all reserved addresses are configured correctly on both the DHCP servers

    • D.

      Create reservations for the required clients on any one server only

    • E.

      The IP addresses between the two subnets must not be contiguous for safety reasons

    Correct Answer(s)
    A. Divide the entire scope of contiguous addresses between the two servers
    B. Implement a DHCP relay agent on each subnet so that the relay agent forward request to the DHCP server on the remote subnet
    C. Ensure all reserved addresses are configured correctly on both the DHCP servers
    Explanation
    By dividing the entire contiguous scope of the combined subnets between the two servers along with using a DHCP relay agent, you can ensure that if the local DHCP server is down the DHCP relay agent will forward the DHCP client request to the remote DHCP server and the client can still get an IP address within the same range of addresses that it had received earlier. By ensuring that the reservation information is configured on both servers, you can avoid IP address duplication

    Rate this question:

  • 7. 

    Which of the following utilities would you use to allow delegation of DHCP authorization?

    • A.

      Netsh

    • B.

      Active Directory Users and Computers

    • C.

      DHCP Console

    • D.

      Active Directory Sites and Services

    Correct Answer
    D. Active Directory Sites and Services
    Explanation
    You would be using the DHCP console to access the �NetServices Node� and delegate control from the relevant context menu

    Rate this question:

  • 8. 

    Your company has acquired a small consultancy services company. You have been assigned the job of automatically assigning DNS and Mail server information to their entire work group. You are required to make the necessary changes on the DHCP server by assigning them a new scope and configuring a few relevant scope options. Which of the following is required to be configured by you? Choose two.

    • A.

      DNS domain name option

    • B.

      MX record option

    • C.

      Router option

    • D.

      DNS suffix option

    Correct Answer(s)
    A. DNS domain name option
    B. MX record option
    Explanation
    The DNS domain name option must be configured to point to the domain name in which the mail server resides and also for the receiving the DNS resolution. The MX record or the Mail Exchanger record must be configured to point o the mail server as well.

    Rate this question:

  • 9. 

    You require all users who are working from home or traveling to access the company information from wherever they are. You have a DHCP server that will be assisting the RAS server for dynamically allocating IP addresses to these remote clients. You have implemented the default Windows Integrated authentication for security purpose. All resource should be available for the remote users once they log in. When testing you observe that the remote clients are not receiving any information from the DNS server and are hence unable to access the network resource. What should you do?

    • A.

      Implement a secondary DHCP server just for the remote clients

    • B.

      Upgrade the DNS server

    • C.

      Check DHCP scope options

    • D.

      Do away with the Windows Integrated authentication

    Correct Answer(s)
    C. Check DHCP scope options
    D. Do away with the Windows Integrated authentication
    Explanation
    The main problem would be that the DHCP scope options for the remote clients may not be correctly configured. Once this has been verified, you may suspect the Windows Integrated authentication as well. In case of Windows Integrated Authentication, authentication happens after encrypted information is exchanged between client and server. This kind of cryptography uses hash algorithm. This may create problems receiving certain scope options on a remote connection.

    Rate this question:

  • 10. 

    You are planning a design a for the DNS environment for your company. The requirements are assigned to you as follows: 1. All critical departments should have their respective domain name under the company name as the root. 2. All computers within the domain must be registered. 3. All DNS related records must be constantly updated dynamically. Which of the following solutions presented in the choices section will help you achieve these goals? Choose all that apply.

    • A.

      Implement Dynamic DNS (DDNS)

    • B.

      Create Active Directory Integrated zones for all the domain names created for the critical departments

    • C.

      Configure the Active directory to authorize every client on the network to be a part of the main company domain

    • D.

      Ensure the DHCP server on the domain is an authorized one

    • E.

      Implement Primary DNS servers that need manual updating of records

    Correct Answer(s)
    A. Implement Dynamic DNS (DDNS)
    B. Create Active Directory Integrated zones for all the domain names created for the critical departments
    Explanation
    Dynamic DNS will closely interact with the DHCP server for any dynamic updating required from the IP clients end. Active-Directory integrated zone will ensure every object under the relevant zone or domain name will be recorded and accounted for

    Rate this question:

  • 11. 

    You require just one resource on the entire network whose Ip related information must be statically configured. This resource needs to be accessed by one and all in the network that is otherwise dynamically configured. Which of the following records would you configure for this purpose?

    • A.

      Alias

    • B.

      DNS suffix

    • C.

      SRV

    • D.

      Router

    • E.

      Host (A)

    Correct Answer
    E. Host (A)
    Explanation
    Host (A) resource records are used in a zone to associate DNS domain names of hosts (computers or network interface print device) to their IP addresses. For a static TCP/IP host, you should manually create an A resource record using the DNS console.

    Rate this question:

  • 12. 

    You are the administrator of a heterogeneous network. You have a Primary DNS service running on a Active Directory based DNS server. You are required to accommodate a UNIX server as the secondary DNS server and allow all Active directory based users to be able access this secondary DNS server and also ensure that zone transfer will be possible in this scenario. What must you do? Choose all that apply.

    • A.

      Configure a Host (A) record for the DNS server running on the UNIX server

    • B.

      Configure a Name Server (NS) resource record for the UNIX server to the DNS zone

    • C.

      Configure a SRV record for the Active directory based DNS server

    • D.

      Configure a Alias record for the UNIX based DNS server.

    Correct Answer(s)
    A. Configure a Host (A) record for the DNS server running on the UNIX server
    B. Configure a Name Server (NS) resource record for the UNIX server to the DNS zone
    Explanation
    Configuring a Host (A) record for the UNIX server will ensure that the UNIX server is available as a secondary DNS for non-UNIX clients as well. The NS resource record is used to specify the DNS servers are designated as authoritative for the zone. By listing a server in the NS resource record, it becomes known to others as an authoritative server for the zone

    Rate this question:

  • 13. 

    Your company has a Cache DNS server that receives updates from your ISP. Recently, the ISP had suffered some snags in the operation due to bandwidth congestion and as a result your DNS resolution went haywire. Now the ISP has resolved all issues and his setup is up and running again. But your network clients are still complaining that the usual web sites that they access still remain inacessible. What should you do?

    • A.

      Restart the DNS server

    • B.

      Clear the DNS server cache

    • C.

      Restart the connection with the ISP

    • D.

      Request the ISP to restart his DNS server

    Correct Answer
    B. Clear the DNS server cache
    Explanation
    Since the type of DNS server being used in the network is a Cache DNS server, it would have cached all the resolution status of the ISP�s DNS server when the ISP was suffering network issues. Hence, now that the ISP issues are sorted out the DNS server in your network will have to cache the latest resolution status. For which, it is best to clear the current contents of the cache

    Rate this question:

  • 14. 

    Your company Metro Tech World Inc has so far employed a single domain active directory network named metro.com. They are now acquiring an office in New Jersey. The office in New Jersey will contain a child domain and be named new.metro.com. You are to ensure that the metro.com clients will be able to access resources in new.metro.com as well. Which of the following options will allow you to accommodate this requirement in the DNS environment? Choose two.

    • A.

      Delegation

    • B.

      Stub Zone

    • C.

      Replication

    • D.

      Secondary server

    Correct Answer(s)
    A. Delegation
    B. Stub Zone
    Explanation
    You can either add a delegation for new.metro.com or add a stub zone for new.metro.com.
    A stub zone is a copy of a zone that contains only those resource records that are necessary to identify the authoritative Domain Name System (DNS) servers for that zone.

    Rate this question:

  • 15. 

    You are in the process of relocating resources in your network to ensure efficiency and performance. In the process, the Mail Server now resides on aUNIX server. The rest of the network including the Domain controller, DHCP and the DNS servers are Windows Server 2003 based servers. How would you ensure that the Mail server is accessible to all clients on the network?

    • A.

      Move the mail service also to a Windows 2003 Server computer

    • B.

      Add a mail exchange (MX) DNS record

    • C.

      Create a static host file that contains resolution for the mail server and replicate it to all clients

    • D.

      Create a static host file that contains resolution for the mail server and replicate it to all clients

    Correct Answer
    B. Add a mail exchange (MX) DNS record
    Explanation
    MX record or Mail Exchanger record is a DNS scope information that is used to point the Mail server to all clients seeking resolution for that mail server.

    Rate this question:

  • 16. 

    You are on the SOA (Start Of Authority) tab of the DNS server DNS1 on which you wish to configure the zone transfer with another DNS server DNS2 every once in 8 hours. Which of the following options will help you configure the DNS zone transfer between the two servers?

    • A.

      Refresh Interval

    • B.

      Retry Attempts

    • C.

      Retry Interval

    • D.

      Expiration

    Correct Answer
    A. Refresh Interval
    Explanation
    Refresh Interval option on the SOA tab page will help to configure the zone transfer between the two servers every once in 8 hours

    Rate this question:

  • 17. 

    You have just created some DNS zones in your network. So far you just had one Primary DNS and one Secondary DNS. The replication was very smooth and trouble free. You now wish that zone transfer and updates on the network happen equally smooth after the zones have been created. What should you do?

    • A.

      Ensure that the zones are all Active Directory integrated

    • B.

      Ensure all the DNS servers are running on the Domain controllers

    • C.

      Ensure all DNS servers are running on member servers

    • D.

      Avoid using zones

    Correct Answer
    A. Ensure that the zones are all Active Directory integrated
    Explanation
    Active Directory--integrated zone ensures that updates can be made to any server. In addition, using this zone type, zone transfers occur automatically as part of Active Directory replication

    Rate this question:

  • 18. 

    You wish to keep your DNS server database up-to-date and free of unnecessary records. Which of the following options will help you to maintain the DNS database as desired?

    • A.

      Tombstone

    • B.

      Aging and scavenging

    • C.

      DDNS

    • D.

      Secure updates

    Correct Answer
    B. Aging and scavenging
    Explanation
    Aging and scavenging option is used to remove outdated resource records. Aging and scavenging is not enabled by default and will have to be manually enabled by the DNS admin

    Rate this question:

  • 19. 

    You need to configure updates for your network. Your network consists of 100 Windows Server 2003 DCs and 48 Windows 2003 member servers. There are about 2500 clients. Which of the following would be an ideal and efficient method for implementing an automated process of software updates? Each choice statement presents a part of the solution. Choose two statements to arrive at a complete solution.

    • A.

      Configure Software Update Service (SUS) along with Group Policy Objects (GPO).

    • B.

      Configure Automatic Updates on all Domain Controllers and clients.

    • C.

      Configure Automatic Update on the Root DC and ensure the rest do not connect to the Internet at all.

    • D.

      Ensure only the critical DCs connect to the Microsoft site for Updates and a designated server pushes the update to the rest of the computers on the network.

    Correct Answer(s)
    A. Configure Software Update Service (SUS) along with Group Policy Objects (GPO).
    D. Ensure only the critical DCs connect to the Microsoft site for Updates and a designated server pushes the update to the rest of the computers on the network.
    Explanation
    Implement SUS on the network. You will also have to configure relevant GPOs to enable SUS to function correctly. Ensuring that critical DCs directly update themselves from Microsoft site is required as these servers should not suffer any vulnerability due to delay in updates. Ensuring that a designated server will push updates to other clients at a scheduled time will ensure that all clients are updating themselves regularly without clogging the network bandwidth.

    Rate this question:

  • 20. 

    You have been receiving complaints from the finance department that there is a bandwidth clog on the switch. This switch connects the Finance department to all the important member servers on which critical and confidential data resides. You monitor that part of the network and capture enough data to realize that there have been tremendous client requests made to the resources on the member servers that have been discarded by the servers. You are sure that the access permissions were in place even before you took charge of this network. You need to be sure that not only is the unauthorized user being prohibited from accessing the confidential resource, but he also needs to be tracked. Which of the following options would you do choose to achieve the said goals? Each statement represents a part of the solution. Choose two statements that will complete the solution.

    • A.

      Choose the Audit object Access settings for that GPO

    • B.

      Choose the Delegate Authority settings for that GPO

    • C.

      Audit for failure of events

    • D.

      Audit for success of events

    Correct Answer(s)
    A. Choose the Audit object Access settings for that GPO
    C. Audit for failure of events
    Explanation
    Auditing helps you to check for the resource access as to who and when is accessing the resources. Enabling failure of event will help you track who is unauthorized to access the confidential resources. Success of event is required only when you need to be sure that everyone who has been assigned access permission is able to access the resource, which is irrelevant here.
    Delegate authority is irrelevant here.

    Rate this question:

  • 21. 

    When pushing software updates to all the clients on the network from a designated server, which of the following settings on the GPO needs to configured?

    • A.

      Audit Object Access settings

    • B.

      Specify intranet Microsoft update service location

    • C.

      Specify internet Microsoft update service location

    • D.

      Automatic Update settings

    Correct Answer
    B. Specify intranet Microsoft update service location
    Explanation
    You need to enable the Specify intranet Microsoft update service location in the GPO. When enabled all clients on the network that are in need of updates will by pass the regular Windows update and update themselves from the designated server. This eases the load on the router and the firewall as well.

    Rate this question:

  • 22. 

    You are required to change some setting that have been set by the previous administrator for the IPSec policies. Which of the following would you use to manage this?

    • A.

      Microsoft Management Console

    • B.

      IP Security Monitor Console

    • C.

      Network Monitor utility

    • D.

      IPSec utility

    Correct Answer
    B. IP Security Monitor Console
    Explanation
    To be able to change settings in the IPSec policies, you need to access the IP Security Monitor Console

    Rate this question:

  • 23. 

    You have been instructed by your supervisor that starting today he would like you to generate reports of security information of all the perimeter servers that have Intranet sites resources residing on them. He is not interested in the status of the rest of the perimeter servers. You are required to arrive at a plan of action for the same before you actually go ahead with the implementation and submit the same to him. What should you do? Each solution is complete in itself. Choose the best option

    • A.

      Create a security template for just these servers and deploy the same through the Security Configuration and Analysis snap-in

    • B.

      Create a security template for all perimeter servers and deploy the same through the Security Configuration and Analysis snap-in.

    • C.

      Group all the said servers into a separate OU and monitor the same.

    • D.

      Group all perimeter servers into a separate OU just for the purpose of monitoring their security settings.

    Correct Answer
    A. Create a security template for just these servers and deploy the same through the Security Configuration and Analysis snap-in
    Explanation
    Grouping of servers in a separate OU for the purpose of monitoring security settings is irrelevant.

    Applying the security template on all the perimeter servers does not achieve the said objective.

    You are required to apply the new template with required settings only to the said servers on which Intranet resources are residing.

    Rate this question:

  • 24. 

    You are required to apply certain security update changes based on the already existing ones in your network. Which of the following would you use to analyze what exists and what needs to be applied?

    • A.

      Microsoft Baseline Security Analyzer.

    • B.

      IP Security Monitor Console

    • C.

      Network Monitor

    • D.

      Baseline setting of the relevant GPO

    Correct Answer
    A. Microsoft Baseline Security Analyzer.
    Explanation
    The Microsoft Baseline Security Analyzer (MBSA) will scan for security updates and checks for default settings that are not secure. The required EXE file to execute this utility will be mbsacli.exe.

    Rate this question:

  • 25. 

    You need to verify if the SUS configuration is functioning properly on the network. Which of the following files would you check to achieve this goal?

    • A.

      WindowsUpdate.log

    • B.

      Error.log

    • C.

      Update.log

    • D.

      Registry.ini

    Correct Answer
    A. WindowsUpdate.log
    Explanation
    To verify any errors logged during the functioning of SUS, you must check the WindowsUpdate.log file.

    Rate this question:

  • 26. 

    Which of the following registry settings indicate that the client on the network has been assigned a designated server to receive software updates from?

    • A.

      UseWUServer = 0

    • B.

      UseWUServer=1

    • C.

      AutoUpdate =1

    • D.

      SUSUpdate=1

    Correct Answer
    B. UseWUServer=1
    Explanation
    The registry setting UseWUServer when set to 1 indicates that the client has been assigned a designated server from which it will be receiving Software Updates. The rest of the settings displayed in the choices section is irrelevant.

    Rate this question:

  • 27. 

    You have modified the IP Security Policy on Active Directory settings in the Default Client Computer Policy. After verification you notice that once users� computer has failed to apply the policy. You wish to verify the policy that is currently active on that user�s computer. Which of the following will help you do so?

    • A.

      Microsoft Management Console � IPSec policy

    • B.

      IP Security Monitor � IPSec policy.

    • C.

      Domain Users snap-in

    • D.

      Microsoft Management Console � Network Monitor.

    Correct Answer
    B. IP Security Monitor � IPSec policy.
    Explanation
    You should view the IPSec policy using the IPSec Security Monitor snap-in of the Microsoft Management Console (MMC).

    The rest of the options mentioned in the choices section will not display the required information.

    Rate this question:

  • 28. 

    The previous network administrator of your network has configured IPSec policies such that it displays the IP addresses of the required Security Associations. For the purpose of user friendly appearances, you would prefer the host names of the same to be displayed. Which of the following will help you achieve the same?

    • A.

      Ensure the member server on which the IPSec policies are enabled is a DNS client.

    • B.

      Uncheck the Enable DNS name resolution property for the server settings

    • C.

      Check the Enable DNS name resolution property for the server settings

    • D.

      Ensure the network has a DDNS running instead of the usual DNS

    Correct Answer
    C. Check the Enable DNS name resolution property for the server settings
    Explanation
    On the Server settings you must check the option Enable DNS Name resolution to be able to view the SAs in the form of host names instead of IP addresses.

    Rate this question:

  • 29. 

    Your company has acquired a electronic circuit manufacturing unit that is located quite far from the main office. You plan to make a stub network of the manufacturing unit and another stub network of its administration office that is equal distance from your main office as the manufacturing unit. You propose to implement a hub and spoke technology as far as connecting the three units are concerned. How would you manage the logical connectivity of this setup? Each choices represents a part of the solution, choose two statements that will combine into a complete solution.

    • A.

      Configure one of the member servers on the main network as a router.

    • B.

      Configure the Root DC as the RRAS server.

    • C.

      Configure any member server on each of the stub networks as a router as well

    • D.

      Configure a static route each to the manufacturing unit and the administration office respectively.

    • E.

      Configure RIP as the dynamic routing protocol.

    Correct Answer(s)
    A. Configure one of the member servers on the main network as a router.
    C. Configure any member server on each of the stub networks as a router as well
    D. Configure a static route each to the manufacturing unit and the administration office respectively.
    Explanation
    Configuring a hub and spoke technology with static routes is an ideal solution for the described scenario. The root DC must never be configured as either a RAS server or as a router. Dynamic routing protocols would only add to overheads in a small setup such as this.

    Rate this question:

  • 30. 

    You have just configured an Intranet Web Server. You require your remote clients to log in to this Web server irrespective of the location they are in and the OS platform they may be using. Since the remote clients are using company data on this connection, you are required to encrypt this communication. What should you do? Each choice represents a part of the solution. Choose all that apply to make a complete solution.

    • A.

      Configure VPN and IPSec policy.

    • B.

      Configure just VPN or just IPSec policy.

    • C.

      Configure the RAS server with Server (Require security).

    • D.

      Configure clients with Client (Request Security).

    • E.

      Configure RAS server with (Request security).

    Correct Answer(s)
    A. Configure VPN and IPSec policy.
    C. Configure the RAS server with Server (Require security).
    D. Configure clients with Client (Request Security).
    Explanation
    Configuring VPN as well as IPSec policies is necessary for the security requirements stated. Configuring IPSec in tunnel mode also would suffice but may not always work in all scenarios. It is ideal for the RAS server that will accept remote client requests to be configured in the IPSec Server (Require Security) mode and the remote clients to be configured in the IPSec Client (Request Security) mode.

    Rate this question:

  • 31. 

    . You are planning a network where in a Windows Server 2003 will act as router. You will be hosting a Web server that should not be placed in the internal network as you do not want public HTTP traffic to be entering your internal network. You also have an Intranet Web server that will not only be a part of the internal network but will also be integrated with the rest of the domain controllers for Windows Integrated authentication, as only employees will be allowed to access this Intranet Web server. All these employees will be using pre-assigned IP addresses. You are required to place these two servers and configure restrictions such that the rest of the networks� security is not compromised. All traffic entering the network will have to first pass through the firewall. Each of the choice represents a part of the solution. Choose all that apply to form a complete solution

    • A.

      Configure Port Address Translation (PAT) for the Intranet Web server.

    • B.

      Configure Network Address Translation (NAT) for the HTTP server.

    • C.

      Place the HTTP server in the DMZ.

    • D.

      Place the Intranet Web Server in the DMZ.

    • E.

      Configure external interface of the router or firewall to discard all inbound packets except from known IP address list.

    Correct Answer(s)
    A. Configure Port Address Translation (PAT) for the Intranet Web server.
    B. Configure Network Address Translation (NAT) for the HTTP server.
    E. Configure external interface of the router or firewall to discard all inbound packets except from known IP address list.
    Explanation
    Since public traffic should not enter the internal network, the HTTP server is best placed in the De-militarized zone. Since the Intranet Web server is partially allowing traffic from the outside world although from the employees of the organization itself, employing Pat will ensure that the access intend for the Intranet Web server will hit the said server only and not any other resource on the network. This also succeeds in maintaining security of the internal IP address of the network. Assigning a known list of IP addresses to the external interface of the firewall will help it to discard all unauthorized IP packets.

    Rate this question:

  • 32. 

    You are in the process of expanding the Remote access network as your company is fast acquiring smaller companies across the world. The company�s written policy states that all Remote Access Servers must have the same security policy settings. Whenever any amendments will be made to these policies written or otherwise will have to be reflected on all the servers at one go to ensure that the administrative time for the said task is kept to the minimum. What should you do?

    • A.

      Use RADIUS.

    • B.

      Use RRAS.

    • C.

      Use IIS.

    • D.

      Use Certificate Servers

    Correct Answer
    A. Use RADIUS.
    Explanation
    RADIUS (Remote Authentication Dial In User Service) helps to centralize policies, logging, and authentication services from a single location.

    Rate this question:

  • 33. 

    You and two other administrators have been managing the entire enterprise network of your organization so far. Since the company has been fast acquiring office abroad, as an expansion plan your company is now hiring 10 administrators who will only be Remote administrators. You are required to give them access to the network from a specific time of the day till late hours IST (Indian Standard Time). These administrators will be logging in to the network from different location. Which is the easiest way to achieve the said goals? Each choice represents a complete solution. Choose the best option.

    • A.

      Create a group for these new remote administrators and create remote access policies that meet with the said requirements and assign it to that group.

    • B.

      Just make all these new administrators members of the Domain Admin group and leave it at that.

    • C.

      Create an OU for these new remote administrators and assign them GPO.

    • D.

      Create a remote access policy for each of the new remote admins

    Correct Answer
    A. Create a group for these new remote administrators and create remote access policies that meet with the said requirements and assign it to that group.
    Explanation
    The simplest way to achieve this is to create a group for the remote administrators and assign all the required policies to this group.

    Rate this question:

  • 34. 

    You wish to set up a VPN for home users using Routing and Remote Access (RRAS) without the need for a dedicated name resolution service on the network. All servers in the network are running on Windows Server 2003 What should you do?

    • A.

      Configure the VPN server to enable the NetBIOS over TCP/IP (NetBT) proxy.

    • B.

      Implement a static host file.

    • C.

      Use a hub and spoke technology to connect each client to the RRAS server.

    • D.

      Recommend T1 lines for the home users

    Correct Answer
    A. Configure the VPN server to enable the NetBIOS over TCP/IP (NetBT) proxy.
    Explanation
    The NetBIOS over TCP/IP (NetBT) proxy in the Windows Server 2003�s Routing and Remote Access allows remote dial-in client computers to resolve names on the network without requiring a dedicated name resolution service on the network.

    Rate this question:

  • 35. 

    Your company intends to bring in the usage of smart card for authentication. They also plan to implement VPN in between offices with IPSec on Windows Server 2003 environment using the Microsoft�s default tunneling protocol. You are required to plan the entire setup such that the existing remote clients are also accommodated in this scenario. What should you do? Each choice represents a part of the solution. Choose all that apply to complete the solution.

    • A.

      Implement RADIUS on the network

    • B.

      Implement Certificate Servers for authenticating smart card users.

    • C.

      Configure Extensible Authentication Protocol -Transport Level Security (EAP-TLS) on the VPN server.

    • D.

      Nothing. The existing scenario is all ready for the new changes required

    Correct Answer(s)
    A. Implement RADIUS on the network
    C. Configure Extensible Authentication Protocol -Transport Level Security (EAP-TLS) on the VPN server.
    Explanation
    EAP-TLS is an EAP type that is used when using smart cards for remote access authentication. RADIUS provides a centralized method to monitor and control dial-up servers.

    Rate this question:

  • 36. 

    Which of the following components must be enabled for Windows based remote clients seeking resource access on the network?

    • A.

      Enable simple TCP/IP services

    • B.

      Enable File and Printer Sharing for Microsoft Networks

    • C.

      Enable the Client for Microsoft Networks

    • D.

      Enable Microsoft Dial-up adapter

    Correct Answer
    C. Enable the Client for Microsoft Networks
    Explanation
    When remote clients connect to the company network if they should be able to access network resources on the Windows Server 2003 based network then the Client for Microsoft Network, client component must be enabled.

    Rate this question:

  • 37. 

    You have asked by your supervisor to arrive at a solution for authenticating users as well computers not only over the domain based LAN of the Windows Server 2003 network but also for the entire enterprise-wide network. Which of the following solutions best suits this scenario?

    • A.

      Use Certificate based authentication.

    • B.

      Use Kerberos.

    • C.

      Use token-based authentication.

    • D.

      Use smart cards

    Correct Answer
    A. Use Certificate based authentication.
    Explanation
    Certificate-based authentication not only allows for authenticating the various objects listed in the requirement, it can also encrypt the authentication information and keep the source of the information a secret. This method can be used in domain based LANs as well as Enterprise-wide networks.

    Rate this question:

  • 38. 

    Users on the network have been complaining that one particular server in the network that has multiple resources hosted on it, is either too slow responding or does not respond at all. You run the network monitor and realize that the information being displayed is too much. You are unable to read all the information. You wish to not only read all the information as it is being captured, but you also wish to ensure no information being captured will overwrite the older data. Which of the following settings of network monitor must you use here? Choose two.

    • A.

      Configure the Network Monitor display filters.

    • B.

      Increase the Network Monitor buffer size

    • C.

      Increase the Network Monitor display lines

    • D.

      Increase the Network Monitor frame size

    Correct Answer(s)
    A. Configure the Network Monitor display filters.
    B. Increase the Network Monitor buffer size
    Explanation
    You should increase the Network Monitor buffer size setting and configure a display filter. Display filters are used alter the Network Monitor's Frame Viewer window.

    Rate this question:

  • 39. 

    You have just configured a terminal server for the remote users group and have assigned a session time out of 2 hours in the GPO. You notice that the sessions have still not terminated after the elapsed session time limit. Which of the following configurations do you need to re-check? Choose two.

    • A.

      Idle session limit.

    • B.

      Override user settings

    • C.

      Modify the correct GPO

    • D.

      End connection.

    Correct Answer(s)
    A. Idle session limit.
    B. Override user settings
    Explanation
    Use the Terminal Service Configuration tool -> the Sessions tab, above -> select the Override user settings check box -> enter time limit for Idle session limit.

    Rate this question:

  • 40. 

    Your company has a tie up with a software development firm for testing its Beta applications. The software has a pre-requisite of 1GB free space on the hard disk. You are required to locate such computers automatically and push the beta version of this software on to those machines. Which of the following must you do? Choose the most easily achievable option.

    • A.

      Create a WMI filter that queries the Win32_LogicalDisk object for more than 1 GB of free space.

    • B.

      Create a PERL script that can locate computers having 1 GB free space.

    • C.

      Manually check each Hard disk

    • D.

      Send message to all users asking everybody with more than 1 GB free space to respond back.

    Correct Answer
    A. Create a WMI filter that queries the Win32_LogicalDisk object for more than 1 GB of free space.
    Explanation
    Creating PERL script will require that the administrator be skilled in PERL scripts. Sending messages to the entire network is not the correct thing to do. Manually checking each hard disk is not physically possible for one person. The best option is to create a WMI filter to query the required information.

    Rate this question:

  • 41. 

    You have just configured a network printer. Before you make it available for the network users, you wish to test the printing environment thoroughly. You need to be sure that all print jobs sent to the printer are being received and processed. What should you do?

    • A.

      You can configure the printer to send a message to the user once the print job is complete.

    • B.

      You can create a batch file that keeps track of all print jobs and generates text message to the relevant users once the job is done.

    • C.

      Keep the print queue open on the desktop to monitor the printing status.

    • D.

      Use the services console to monitor the print job.

    Correct Answer
    A. You can configure the printer to send a message to the user once the print job is complete.
    Explanation
    The easiest way to achieve this is to configure the printer to generate message to the user who sent the print request once the print job is complete.

    Rate this question:

  • 42. 

    Your remote location complains that all DNS resolutions lately have been pointing to outdated resources. You analyze the situation and realize that the secondary server in the remote location is not upto date in its database when compared with the primary server. How would you identify the problem?

    • A.

      Use Network Monitor to observe the frequency of update notification between the Primary and Secondary DNS

    • B.

      Observe the log files on the Primary and secondary DNS.

    • C.

      Run NS Lookup command on both the Primary and the Secondary DNS.

    • D.

      Run the dcdiag command to check DNS registration

    Correct Answer
    A. Use Network Monitor to observe the frequency of update notification between the Primary and Secondary DNS
    Explanation
    You must use the Network Monitor to observe the frequency of the update request between Primary and the Secondary DNS to ensure that the database replication is happening as per schedule.

    Rate this question:

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.