Microsoft MCSE: 70-293 Practice Test- 2
-
To configure your resource server as a Web server, which of the following services is mandatory on your resource server?
-
Internet Information Service (IIS)
-
RAS/VPN Service
-
Router Service
-
File Server Service
-
This is a Practice test on Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. Take this practice test at the end of your studies to verify that you are prepared for the real exam. The certification exam is timed. Make sure you are able to pass the Microsoft MCSE: 70-293 practice test by a substantial margin before you take the real exam. So, let's try out the quiz. All the best!
Quiz Preview
- 2.
OSPF is a routing protocol that has limitations of hop counts and cannot be used on scalable routing networks. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
OSPF (Open Shortest Path First) is a routing protocol that is scalable and does not use hop counts as one of its metrics.Rate this question:
-
- 3.
When assigning an IP address to the router interface, you can assign either a static or a dynamic IP address, so long as the subnet mask matches with the network to which the interface is physically connected. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
When assigning an IP address to the router interface, you must ensure that the IP address is a unique and static IP address and that the subnet mask matches with the subnet mask of the subnet to which the interface is connected. If anyone of these requirements is unfulfilled, the hosts in that subnet will not be able to communicate with the router interface or treat it as their default gateway.Rate this question:
-
- 4.
Which of the utility is used to prepare for a forest upgrade?
-
Adprep / forestprep
-
Adprep / domainprep
-
Adprep
-
Forestprep
Correct Answer
A. Adprep / forestprepExplanation
Adprep / forestprep is used to upgrade a forest, and Adprep / domainprep is used to prepare the domain for upgradeRate this question:
-
- 5.
During a CA migration. The CSP is insignificant. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
During a CA migration it is important to maintain the same CSP as the old one.Rate this question:
-
- 6.
You have configured a Windows Server 2003 network across 3 different physical sites, Site 1, Site 2 and Site 3. Each of these sites has 2 domain controllers. One of these sites, Site 3 does not need replication. In between the other two sites Site 1 and Site 2, the domain controllers are named S1DC1, S1DC2, S2DC1 and S2DC2 respectively. You are required to configure replication between S1DC1 and S2DC1 only. What should you do? Choose the most practical solution.
-
Ensure there is a dedicated physical WAN link between S1DC1 and S2DC1 only for the purpose of replication.
-
Configure S1DC1 and S2DC1 as Preferred Bridgehead Servers
-
Configure S1DC2 and S2DC1 as Preferred Bridgehead Servers Standalone Servers
-
Configure S1DC2 and S2DC2 as Preferred Bridgehead Servers.
Correct Answer
A. Configure S1DC1 and S2DC1 as Preferred Bridgehead ServersExplanation
A dedicated WAN link between the DCs for the purpose of replication is not a practical solution at all. Configuring either S1DC2 or S2DC2 as a preferred Bridgehead server will not achieve the desired replication as stated in the question statement.
Since you are required to configure replication between S1DC1 and S2DC1 only, You must configure S1DC1 and S2DC1 as Preferred Bridgehead Servers.Rate this question:
-
- 7.
You are the administrator for MetroTech World. Your company�s network is rapidly expanding. You have implemented DFS in your network. The root domain is Windows 2000 based whereas the entire new additional child domains are implementing Windows Server 20003 from the start. Your DFS server resides in the root domain. As a part of the expansion, the resources are getting shifted and relocated to new domains every now and then. These resources have links created for access in the DFS root. The flexibility in relocating these resources is creating utter confusion in the network. What should you do?
-
Remove the DFS feature from your network until it has completely stabilized and share resources ordinarily as it was done in the pre-Windows 2000 era.
-
Upgrade your root domain to Windows Server 2003 and the DFS also to Windows Server 2003 based DFS
-
Ensure the resources that have DFS links created do not get relocated.
-
Make a schedule for mailing users each time a resource gets relocated.
Correct Answer
A. Upgrade your root domain to Windows Server 2003 and the DFS also to Windows Server 2003 based DFSExplanation
Upgrading the root domain to Windows Server 2003 domain and the DFS also to the Windows Server 2003 based DFS is a good solution as the DFS in Windows Server 2003 can dynamically select sites when resources keep getting relocated. This helps the DFS environment to be efficient and reliable and keep users to be transparent to these relocations.Rate this question:
-
- 8.
Which of the following will secure an end-to-end communication for a Windows- based VPN client? Choose the best
-
Point-To-Point Tunneling Protocol (PPTP)
-
Layer 2 Tunneling Protocol (L2TP)
-
L2TP with IPSec (L2TP/IPSEC)
-
IPSec
Correct Answer
A. L2TP with IPSec (L2TP/IPSEC)Explanation
Choice C is the correct answer.
Windows-based VPN clients should use �Layer 2 Tunneling Protocol (L2TP)� with �IPSec (L2TP/IPSec)� to make IPSec-secured, end-to-end connections through VPN tunnels.
Choices A and B are incorrect because they are not as best suited as choice C.
Choice D is incorrect because IPSec is not a tunneling protocol.Rate this question:
-
- 9.
If you were asked to implement a security template on a group of workstations that need some common configuration, which of the following would you choose?
-
Hisecws.inf
-
Hisecserver.inf
-
Client (Respond only)
-
Server (Request Security)
Correct Answer
A. Hisecws.infExplanation
Choice A is the correct answer.
Choices C and D are incorrect because, �Client (Respond only)� and Server (Request Security) are IPSec policies used by client computers to respond to the security demanded by servers. They are not security templates.
Choice A is correct because �Hisecws.inf� is the template that will be used for deploying on a group of client/workstation computers to maintain security configuration, common to that group.Rate this question:
-
- 10.
Page file related inconsistencies are caused by which of the following components on the Server?
-
Hard Disk Drive (HDD)
-
Hard Disk Controller (HDC)
-
Random Access Memory (RAM)
-
CPU
Correct Answer
A. Random Access Memory (RAM)Explanation
Page file related consistencies occur whenever the RAM on the server is insufficient to handle the load of application being used on that server. This can be overcome by upgrading the Ram to the required amount of memory in terms of MB or GB.Rate this question:
-
- 11.
Which of the following can be used for the RADIUS server in case of a Windows Server 2003 network?
-
IAS Server
-
IIS Server
-
RRAS Server
-
RAS/VPN Server
Correct Answer
A. IAS ServerExplanation
IAS (Internet Authentication Service) Server can be used as a RADIUS server in a Windows Server 2003 network as the IAS uses RADIUS technology and is capable of being a RADIUS Server.Rate this question:
-
- 12.
You are the administrator for MetroTech World. Your Windows Server 2003 network is designed as follows: � Site 1, Site 2, Site 3 and Site 4 are very large in size. � Site 1 and Site 3 also have one stub network each communicating with them respectively. � There 12 DCs in the mentioned large sites. � The stub networks do not have DCs and depend upon their parent site for authentication and other ADS related activities. � The size of the stub network is very small and is negligible in terms of traffic. � The IP assignment for these stub networks also is taken care of by the DHCP server in the main site. � The stub networks each are connected to one DHCP relay agent respectively. You are now adding one more site to the network that is equally large as the other 4 large sites. This site has 15 DCs, 2 DHCP servers and DHCP relay agents that connect the clients to the Site 3 for IP assignment to provide load balancing and fault tolerance to the DHCP servers in the new site. You notice that over time quite a few clients are receiving IP duplication error message in the new site as well as the Site 3. What could the problem be?
-
The site 3 and new site have duplicated IP address range for assigning to clients
-
The DHCP relay agent is not correctly configured
-
The DHCP server in the new site is no longer functioning
-
The DHCP server in Site 3 is no longer functioning
Correct Answer
A. The site 3 and new site have duplicated IP address range for assigning to clientsExplanation
The Site 3 and the new site have either duplicate IP address range or a portion of the contiguous range is overlapping between the two networks which could be causing the �duplicate IP address� error message to be generated on the two sites.Rate this question:
-
- 13.
Your network is suffering a bottle neck due to extensive replication by the DNS servers. You have enabled debug logging for the said DNS servers as you would like to capture information that will help you analyze the problem in detail. Which of the files will contain the captured data?
-
Application log of the Event viewer.
-
Debug.log file.
-
Dns.log file.
-
None of the above
Correct Answer
A. Dns.log file.Explanation
The data required for the said analysis must be captured and stored under the name dns.log as per recommendation.Rate this question:
-
- 14.
You have just enabled packet filtering and port filtering on your perimeter network. You leave port no. 80 open for secure Web server communications. You notice that the Web server is still inaccessible to the outside users. What could the problem be?
-
You must not enable port filtering for a network when the Web server is apart of that network.
-
You must unblock port 443 as well.
-
You must block port 80 and unblock port 443.
-
You must block 443 when unblocking port 80.
Correct Answer
A. You must unblock port 443 as well.Explanation
Since the Web server is a secure one, you must unblock port 443 as well since that accepts communication on the SSL.Rate this question:
-
- 15.
Which of the following is the most simple and a preliminary method of recovering a DC that has crashed?
-
Restart the DC
-
Use the recovery console
-
Use safe mode restart
-
Last Known Good Configuration
Correct Answer
A. Last Known Good ConfigurationExplanation
The most preliminary way of recovering a server is to use the LKGC. Next would be the Safe mode restart, and then the Recovery console mode which is more complex than the other two methods.Rate this question:
-
- 16.
You are the administrator for MetroTech World. Your Windows Server 2003 network presently spans over 4 sites. Your company has taken over a competitor firm that has a single site. You are now required to accommodate this new site within your network. As per company policies, this site will not be an integral part of the IP network range for another two months. But the users from your network will need to access resources on the new site right away; the reverse direction of resource access must be prohibited. You are required to instruct the administrator of the new site on how he will be assisting you in the said plan and implementation process. You request the administrator of that site to bring up a DHCP server that will be linked to your network but will have a separate IP address range from your network and also connect the network to the router which will communicate with your network. The resources will be assigned relevant access permissions on your end of the network by you and also the relevant access lists will be put into place in the router. The administrator of the new site carries out all the tasks assigned to him by you and brings up the DHCP server on the live network. The clients of that network are not able to receive an IP address from that DHCP server. What needs to be done?
-
The administrator has to just restart the DHCP server one more time.
-
The administrator has to authorize the new DHCP server
-
You must authorize the new DHCP server
-
You must assign a new range of IP address
Correct Answer
A. You must authorize the new DHCP serverExplanation
Authorizing a DHCP server is usually done at the root level. Since you are the administrator for the existing network, you will have to authorize the DHCP server. The administrator of the new site will not have the required authority over the network to authorize the DHCP server.Rate this question:
-
- 17.
You have recently configured fault tolerance between the DHCP servers on the 2 child domains of your network. Over the time you notice that too many renewals and relinquished addresses have created an inconsistency on the DHCP database at both ends. What should you do?
-
Just restart the DHCP server, it will take care of the needful
-
Right click on the database file and choose the refresh option
-
Backup the database, compact the database and then restore it
-
Compact the live database
Correct Answer
A. Backup the database, compact the database and then restore itExplanation
Since transactions will be carried out every second of the uptime of the DHCP server, it is not advisable to compact a live database. It is always preferable to back up the database, compact the backed up version of the database and restore it. Restarting the server or refreshing the database in the mentioned fashion will not achieve any desired results.Rate this question:
-
- 18.
Which of the following can disrupt the authentication process on a domain based Windows Server 2003 network?
-
GC
-
DC
-
Member Server
-
Stand alone server
Correct Answer
A. GCExplanation
It is the Global Catalog (GC) server that contains the information of Universal Group Membership. Users who need forest wide access to resources are a part of the Universal Group. If for some reason this membership information is unavailable then such a user will be denied accessRate this question:
-
- 19.
Which of the following are the most effective methods of implementing Server availability on the network?
-
Network load balancing
-
Server clustering
-
DFS implementation
-
EFS implementation
Correct Answer(s)
A. Network load balancing
A. Server clusteringExplanation
NLB and Clustering are the most effective methods of implementing server availability. DFS cannot be considered as Server availability rather a Data availability Service. EFS is a security for data and not a availability service.Rate this question:
-
- 20.
You have just created a perimeter network to strengthen the security to your network. The perimeter network will contain all the Web servers and the internal network will contain all the database servers. It is mandatory that there should be no communication between the internal network and the perimeter network. You have applied IPSec policies on both the networks to block traffic from the other. It is now required that an application hosted on the Web server needs to query the database server for its computing transactions and the Database Server need to communicate with the Web server to convey its response for queries. Which should you do? Choose all that apply.
-
You will have to create an exception for the created IPSec policy in the internal network and allow the database server to accept queries from the Web server
-
You will have to create an exception for the IPSec policy created and allow the Web server to receive a response from the database server
-
Do away with the existing IPSec policies and recreate the relevant one keeping in mind the new requirements.
-
Move the database servers to the same network as the Web servers
-
Move the Web servers to the same network as the database servers.
Correct Answer(s)
A. You will have to create an exception for the created IPSec policy in the internal network and allow the database server to accept queries from the Web server
A. You will have to create an exception for the IPSec policy created and allow the Web server to receive a response from the database serverExplanation
On both the networks you will need to create an exception one way between the Database server and the Web Server respectively. This will ensure a possible two-way communication between the Web server and the database server. Recreating policies all over again is uncalled for. Moving either server to the other network can result in security issues.Rate this question:
-
- 21.
Which of the following user groups is meant for certificate authorization?
-
The CA group
-
Domain Admin group
-
Certificate Publisher
-
Certificate Manager
Correct Answer
A. Certificate ManagerExplanation
The user who is responsible for authorizing certificates must be a part of the Certificate Manager group.Rate this question:
-
- 22.
You are the administrator for MetroTech World. Yours is a Windows Server 2003 network that is spread over 5 geographical location. The Head office in Canada has a DFS root whose replica is situated in New Jersey. You have WAN links that will be used for replication by DCs, DNS servers and the said DFS connection. The priority of WAN link usage has been assigned to DCs provided the other replications are not already in progress. Lately, the replication between the DFS root and its replica is so extensive that it is hampering the important replication process between the DCs and the DNS servers. You check the caching duration for the DFS and observe that it has been set for much lesser than default values. What should you do?
-
Disable Caching
-
Set Caching to default values
-
Set Caching to values higher than the default values
-
Set up a DDR connection between the DFS root and the replica
Correct Answer
A. Set Caching to values higher than the default valuesExplanation
The default time for caching links is 30 minutes. Since the replication between the DFS root and link is so extensive, even setting the values to default may not help. The priority replication here is DCs and then the DNS servers. Hence the replication between the DFS root and its replica must be much higher than default values and must be configured after careful analysis of the situation with exact data on hand.Rate this question:
-
- 23.
You have been asked to design a security system wherein the access to the intranet web servers will be granted only to users who log in from a specific domain. The users who will be logging in are not IT-savvy and hence will not be able to go through any specific complex process to be granted permission to access the Web servers. What should you do? Choose all that apply. You create a certificate template called �User login� and then you create a GPO that applies to all authenticating users. The GPO states that the users must be enrolled. There exists an Enterprise CA on one of the Windows Server 2003 servers in the network. The user's login and fails to access the websites after login. What should you do? Each solution forms a part of the total solution. Choose all that apply.
-
Create a Nat such that all authenticated users automatically get mapped to the Web servers.
-
Deploy a certificate for all domain members to allow access to the Web server.
-
Ensure the �auto-enroll� permission is assigned to the certificate.
-
Configure a domain that will have automated policies to map users to web servers.
Correct Answer(s)
A. Deploy a certificate for all domain members to allow access to the Web server.
A. Ensure the �auto-enroll� permission is assigned to the certificate.Explanation
It is neither possible to create a NAT mapping nor a domain configuration as stated in choices A and D. All you need to do here is to deploy a certificate to the domain members that allows access to the Web servers and ensure that certificate will be assigned the �auto-enroll� permission for the user.Rate this question:
-
- 24.
Which of the following statements are true?
-
TCP is the most secure protocol when concerned about network based attacks.
-
UDP is the most secure protocol when concerned about network based attacks.
-
When securing a network against network based attacks you need to employ specialized applications that are built for that purpose.
-
Neither TCP nor UDP can help against network based attacks.
Correct Answer(s)
A. When securing a network against network based attacks you need to employ specialized applications that are built for that purpose.
A. Neither TCP nor UDP can help against network based attacks.Explanation
Neither TCP nor UDP can help against network based attacks. When considering security for networks against network based attacks, you need to employ applications that are specifically built for that purpose. For ex: If you need protection for email, then that security will have to be built into the application through the SSL (Secure Socket Layer).Rate this question:
-
- 25.
Which of the following permissions are required by users who wish to auto-enrol as well as renew their certificates? Choose all that apply.
-
Read
-
Enroll
-
Auto-enroll
-
Modify
Correct Answer(s)
A. Read
A. Enroll
A. Auto-enrollExplanation
To be able to auto-enrol as well as renew the certificates nearing expiry, the user will need read, enrol and auto-enrol permissions.Rate this question:
-
- 26.
You are the administrator for WorldCom receivers. Their network has the existing Public Key Infrastructure (PKI) and Group Policy infrastructure in place. The computers are grouped in different Organization Units (OU), as per their roles in the network: desktops, domain controllers, etc. Policies are deployed on to the OUs by creating Group Policy Objects (GPOs) and linking them to the relevant OU. You have currently made some security policy changes; some of these changes apply to desktops, some to servers and some to domain controllers. In order to test these policies before deployment, you install a few XP machines, Windows Server 2003 Enterprise edition machines, and some Windows Server 2003 standard edition machines. Using the GPMC, you have duplicated the OUs for testing. While testing you want to achieve the following goals. -- Ensure that you do not disturb the production computers. -- Reduce administrative efforts. -- Minimize multiple links to GPOs. -- Decide where to place the test computers. What should you do? Choose all that apply.
-
Create an OU named Policy test under the root.
-
Create a child OU, one each under Policy test named desktop and servers, respectively.
-
Create a child OU, one each under Policy test named domain controllers and servers, respectively.
-
Create a child OU, one each under Policy test named desktop, domain controllers and servers, respectively.
Correct Answer(s)
A. Create an OU named Policy test under the root.
A. Create a child OU, one each under Policy test named desktop, domain controllers and servers, respectively.Explanation
Choices A and D are the correct answers.
Choices A and D are correct because creating an OU named �Policy test� and creating a child container, one each for the desktop, server, and domain controller, will reduce administrative efforts, a number of multiple links, and solve the issue of placing servers for testing too.
Choices B and C are incorrect because as opposed to choices A and B, they do not help to minimize links, which is a criterion in the objectives.Rate this question:
-
- 27.
You are the administrator for Metro Tech World. Your company has recruited a team of research executives who need to research on a new project. For this reason, they will be extensively using the Internet and saving all relevant data on to the File Server that is already running a backend database for this project. You are required to ensure these executives will be assigned only 200 MB of disk space. As per written company policies, you are not allowed to use up the disk space on the server by logging the warnings relating to disk space as the team is quite large. What should you do next? Choose your course of action from the choices given below. Choose all that apply.
-
Configure disk quota, by checking the options �setup disk quotas for new users�. Also, check to �deny disk usage exceeding disk limit�.
-
Limit disk space to at least 200 MB
-
Limit Disk space to 200 MB
-
Email users who are nearing the disk limit to warn them.
-
Set up a warning limit and the user will be informed through messages when they reach that limit.
Correct Answer(s)
A. Configure disk quota, by checking the options �setup disk quotas for new users�. Also, check to �deny disk usage exceeding disk limit�.
A. Limit Disk space to 200 MB
A. Set up a warning limit and the user will be informed through messages when they reach that limit.Explanation
The OS itself will pop-up messages to users when they near the disk limit if you enable the warning limit option.
By checking the option �deny disk usage exceeding the limit�, you have ensured that no user will be using more than 200 MB of disk space.Rate this question:
-
- 28.
You have introduced a new subnet to the network. This subnet is a part of the perimeter network. The router to be connected to this network will be a multi-homed Windows Server 2003 based router that has one internal and one external interface to the subnet. You are required to configure this router to have logical path connection with 12 other subnets within the network. This network has a no hierarchy of subnets and is a linear network. Which of the following would be an ideal solution for this requirement?
-
RIPv1
-
RIPv2
-
OSPF
-
EIGRP
Correct Answer
A. RIPv1Explanation
Considering that the scenario describes a network that needs the routing network of maximum 12 hop counts and is a linear network, it is sufficient to use RIPv1 as the routing protocol. RIPv2 and OSPF are a little too sophisticated and inappropriate for the given scenario. EIGRP is not supported by Windows Server 2003 networkRate this question:
-
- 29.
Which of the following statements that relate to DFS are true?
-
It is a platform for distributed resource management
-
It provides uniform convention for file systems
-
It is a mapping of resources or collection of resources
-
It is a cheap implementation of server clusters
Correct Answer(s)
A. It is a platform for distributed resource management
A. It is a mapping of resources or collection of resourcesExplanation
A DFS can be termed as a platform for resource management. It provides uniform naming convention for accessing of resources and is nothing but a listing or mapping of resources or collection of resources. It does not relate to server clusters in any way.Rate this question:
-
- 30.
You are the administrator for Global Airways. You are trying to protect your network against internal as well as external attacks. You implement the Server (Require Security) level of security to guard against external attacks. How would you deal with the internal attack? Choose the best option from among the following.
-
By using Kerberos authentication
-
By setting up workgroups based on projects. Localize the resource servers to the workgroups and deny access to users outside of the project.
-
By using host-based permit and block IP packets.
-
By using host-based block IP packets.
Correct Answer
A. By using host-based permit and block IP packets.Explanation
Choice C is the correct answer.
Choice C is correct because IPSec can be used for internal security by combining host-based permit and block packet filters with the ability to enforce trusted access for network connections.
Through host-based IPSec packet filtering, you can permit or block specific types of unicast IP traffic based on source and destination address combinations, specific protocols, and specific ports.
Through the enforcement of trusted access, you can ensure that only trusted computers that have specific IP addresses or those that are within specific IP address ranges can access an internal corporate network server.
In addition, you can use IPSec to audit which computers are connecting to the server and when.
Choice A is incorrect because Kerberos is not a considered option in this scenario.
Choice B is incorrect because the question statement does not specify a project-based security as a requirement at all.Rate this question:
-
- 31.
Which of the following is an ideal location for the RAS server to reside? Choose two relevant options.
-
Edge of the internal network
-
Perimeter network
-
Internal network
-
Demilitarized zone
Correct Answer(s)
A. Edge of the internal network
A. Perimeter networkExplanation
Depending on the level of security desired by the network, you may place the RAS server on the edge of the internal network or use perimeter filtering for the internal network and place the RAS server on the perimeter network. Perimeter networks are used as a barrier in between the internal network and the public network. A strict filtering process is usually employed on all packets passing through the perimeter network.Rate this question:
-
- 32.
Your company has acquired a manufacturing unit a few miles from their administrative office. You are required to configure a DC in this location. This DC will be a part of the company network�s ADS and will replicate with the DCs in the main office using dedicated T1 lines. You will be administering this network remotely as it contains some resource servers that need to be accessed by users in the main network as well. Which of the following need to be enabled on these servers to enable you to administer them remotely? Choose the services that are most apt in the said situation.
-
RAS/VPN service
-
Remote Registry Service
-
Server Service
-
RPC service
Correct Answer(s)
A. Remote Registry Service
A. Server ServiceExplanation
For any server to be administered remotely, you require the registry to be accessible. For this reason you need to enable the remote registry service as well as the Server service which is a pre-requisite for this scenario.Rate this question:
-
- 33.
Which of the following protections is not possible by IPSec?
-
Data Integrity
-
Data Confidentiality
-
Data origin authentication
-
Anti-replay of data between trusted sources
-
Anti-replay of data between non-trusted sources.
Correct Answer
A. Data ConfidentialityExplanation
Data can be secured only if the two ends are trusted by IPSec and not otherwise. Hence IPSec is capable of Data integrity, confidentiality, data authentication and anti-replay of data between trusted sources.Rate this question:
-
- 34.
Which of the following permissions are required to request for a certificate renewal? Choose all that apply.
-
Read
-
Enroll
-
Auto-Enroll
-
Renew
Correct Answer(s)
A. Read
A. EnrollExplanation
Choices A and B are the correct answers.
Choices A and B are correct because the permissions required for certificate renewal request are �read� and �enroll�.
�Auto enroll� will be required along with read and enroll for automatic enrollment of certificates.
Choice D is incorrect because there is no such permission as �renew�.Rate this question:
-
- 35.
You are the administrator for �Contoso Ltd�. Contoso Ltd has a root domain name contoso.com and two child domains, ad1.contoso.com and ad2.contoso.com. The forest contains Windows Server 2003 servers and Windows XP, clients. You are now implementing an enterprise CA on one of the resource servers of ad1.cSontoso.com. You configure the user certificate template and enable the Publish certificate in Active Directory setting, in the certificate template. You instruct users from both the child domains to enrol for certificates. The certificates for user accounts in ad1.contoso.com are being successfully published in Active Directory, whereas the certificates for users in the ad2.contoso.com are not. What could have gone wrong? Choose all that apply.
-
The resource server in ad1.Contoso.com is not configured properly as Enterprise CA.
-
There could be a WAN link problem prohibiting the changes from ad1.contoso.com to flow down to ad2.contoso.com.
-
The resource server configured as Enterprise CA in ad1.cotoso.com does not have the required permissions in ad2.contoso.com.
-
Add the resource server of ad1.contoso.com that is configured as Enterprise CA to Cert Publishers group in the ad2.contoso.com.
-
There is no trust between the ad1.contoso.com and the ad2.contoso.com.
Correct Answer(s)
A. The resource server configured as Enterprise CA in ad1.cotoso.com does not have the required permissions in ad2.contoso.com.
A. Add the resource server of ad1.contoso.com that is configured as Enterprise CA to Cert Publishers group in the ad2.contoso.com.Explanation
Choices C and D are the correct answers.
Adding the enterprise CA to the Cert Publishers group in ad2.contoso.com is essential for the certificates of users in ad2.contoso.com to be published in the Active Directory.
Choice A is incorrect because if there is a problem with configuration, none of the user certificates would get published, whereas the certificates of users in ad1.contoso.com are being published in the Active Directory.
Choice B is incorrect because there is no mention of problems relating to WAN links in the question statement.
Choice E is incorrect because trust between the two domains cannot be an issue, as a 2-way implicit trust will exist between the child domains and their parents, which is transitive in nature.Rate this question:
-
- 36.
You have just configured your resource server as a File Server. Before allowing users to access this resource server, you are required to ensure no user will be allowed to use more than 100 MB of disk space on this server and also will access the resource as per the roles they play in the organization. What should you do? Choose all that apply.
-
Create groups based on roles and assign local permissions to resources accordingly to each group
-
Divide hard disk into as many partitions as users and ensure each partition is not exceeding 100 MB disk space.
-
Assign 100 MB Disk quota
-
Create groups based on roles and assign share permissions to resources accordingly to each group.
-
None of the above.
Correct Answer(s)
A. Create groups based on roles and assign local permissions to resources accordingly to each group
A. Assign 100 MB Disk quota
A. Create groups based on roles and assign share permissions to resources accordingly to each group.Explanation
To ensure the users are accessing resources as per their roles only, you must assign local permission as well as share permission to the users on those resources. The most strict permissions will be effective to users who are logged on to the network and are accessing those resource over the network.
To ensure each user, does not use up more than 100 MB of disk space on the resource server, you must assign disk quotaRate this question:
-
- 37.
Which of the following are the basic infrastructure requirements for Autoenrollment to work? Choose all that apply.
-
Windows Server 2003 Schema
-
Windows 2000 or Windows Server 2003 Schema
-
Group policies or scripts
-
Group policy updates
Correct Answer(s)
A. Windows Server 2003 Schema
A. Group policy updatesExplanation
Choices A and D are the correct answers.
The basic infrastructure requirements for Autoenrollment to work are
-- Windows Server 2003 Schema
-- Group policy updates
Choices B and C are incorrect because group policies and scripts are only used for the implementation of security and do not conform to the requirement of the same. The Schema for Autoenrollment will have to be that of the Windows Server 2003.Rate this question:
-
- 38.
Which of the following is minimum requirement to configure clustering as per Microsoft recommendations?
-
At least 2 servers
-
At least 1 PCI network interface card per server
-
At least 2 PCI network interface card per server
-
Local storage
-
Network storage
Correct Answer(s)
A. At least 2 servers
A. At least 2 PCI network interface card per server
A. Local storageExplanation
As per Microsoft�s recommendation, the following will be the minimum requirement for setting up server clustering:
1. At least two servers
2. At least 2 PCI NICs per server - one should be dedicated for cluster communication
3. Local Storage.Rate this question:
-
- 39.
Your company is expanding its Windows Server 2003 network by bringing up sites that host about 12 domains across the globe. It is required that you configure secure communication between the sites since the communication across the network will be crossing the public domain across several geographical locations. The internal network resources must be totally secured against attacks that may be caused due to remote logins. You are also to consider security for travelling users who will be logging to the network from remote locations using their laptop. The platform from where these remote users will be logging in is unknown. Ensure that you do not compromise on the efficiency of the network to a great extent due to the proposed security plan. What should you do? Choose all that apply.
-
Configure ISDN connection between sites and implement RAS/VPN for remote users.
-
Implement site-to-site VPN using L2TP/IPSec
-
Implement RADIUS using IAS server
-
Implement VPN for dial-in users as well
-
Secure the network by using end-to-end security of IPSec between all hosts.
Correct Answer(s)
A. Implement site-to-site VPN using L2TP/IPSec
A. Implement RADIUS using IAS server
A. Implement VPN for dial-in users as wellExplanation
IPSec can be used in this scenario, for the following:
� Site-o-Site VPN using L2TP/IPSec
� VPN for dial-in users with relevant IPSec policies in place.
To secure the internal network, it is better to add an additional tier to the network by using IAS service for authenticating remote clients.
Security for the said network by securing end-to-end communication for all hosts will not only compromise the efficiency of the network to a great extent, but it is also not required by the scenario.Rate this question:
-
- 40.
You are migrating from a Standalone CA to an Enterprise CA. You have a backup folder �C:\CA Backup� where you used to backup all the critical CA related information. As a first step towards migration, you begin with backing up the data. Which of the following needs to be backed up?
-
Private keys
-
Database log
-
The version of existing service
-
The database itself
Correct Answer(s)
A. Private keys
A. Database log
A. The database itselfExplanation
The private keys will ensure communication with old clients will be smooth even after upgrade. The database log may help in tracking previous transactions. The database itself will contain all the pending and successful queriesRate this question:
-
- 41.
You want to keep track of all errors of your Certificate Service in the Windows Server 2003 network. You are not happy about the kind of errors being logged in the Event viewer currently, as it does not furnish the details required by you. What must you do? Choose all that apply.
-
Check the Event viewer now for detailed error logs.
-
Run the Network Monitor to capture packets.
-
Run the certutil �setreg command.
-
Use the certutil command with �certlog-warning� level.
-
Use the certutil command with �certlog-verbose� level.
Correct Answer(s)
A. Check the Event viewer now for detailed error logs.
A. Run the certutil �setreg command.
A. Use the certutil command with �certlog-verbose� level.Explanation
Choices A, C, and E are the correct answers.
Choices A, C, and E are correct because what is required is to run the �certutil �setreg� command with the �certlog-verbose� level. This will log errors into the �Event viewer� in much more detail.
Choice B is incorrect because the �network monitor� cannot help in this situation.
Choice D is incorrect because the �certlog �warning� mode is the default level that was decided as insufficient, as described in the question statement.Rate this question:
-
- 42.
You have implemented server clustering to share a database that is being accessed across a WAN link over the Administration office as well as a Warehouse of the client�s company. The servers had fault-tolerant network adapters that claimed to be of great use on the cluster service and hence you let them be when you configured the cluster service between servers in the two locations. During one of the communication glitches, the server cluster service failed and refused to recover automatically, which it was supposed to as per configurations. What could the problem be? Choose all that apply.
-
The NICs should have been PCI cards rather than the existing fault tolerant ones.
-
Fault tolerant NICs can hamper the process of recovery during failures
-
A secondary WAN link must exist for backup of cluster information interchange.
-
This scenario did not require a clustering in the first place, just DFS with replica would have sufficed.
Correct Answer(s)
A. The NICs should have been PCI cards rather than the existing fault tolerant ones.
A. Fault tolerant NICs can hamper the process of recovery during failures
A. A secondary WAN link must exist for backup of cluster information interchange.Explanation
When establishing cluster service on servers that physically separated over a long distance using WAN links, it is always advisable to use a secondary connection to allow a backup path for the cluster information interchange between the two servers. The NIC cards used in the cluster servers as per recommendation should be PCI cards minus the fault tolerance capability, as the FT can hamper the recovery process.Rate this question:
-
Quiz Review Timeline (Updated): Mar 22, 2022 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 22, 2022Quiz Edited by
ProProfs Editorial Team -
Jan 13, 2007Quiz Created by
Vaibhav Agarwal
MCSA/MCSE Practice Exam 70-290 Questions 61-80/184
This MCSA\/MCSE Practice Exam 70-290 focuses on troubleshooting and managing Windows Server 2003 environments. It assesses skills crucial for system administrators, such as user...
Questions:
20 |
Attempts:
722 |
Last updated:
Mar 20, 2023
|
|
MCSA/MCSE Practice Exam 70-290 Questions 1-20/184
Exam 70-290 Managing & Maintaining a Microsoft Windows Server 2003 Environment Passing Score: 800 Time Limit: 180 min
Questions:
20 |
Attempts:
917 |
Last updated:
Mar 21, 2023
|
|
MCSE 70-291 Exam Quiz Test 2
Hello FriendThis practice test helps you prepare for Microsoft
certification exam 70-291, which counts toward MCSE certification.
This practice test contains 33 questions,...
Questions:
33 |
Attempts:
689 |
Last updated:
Mar 22, 2023
|
Back to top