MCSE 70-291 Exam Quiz Test 2

33 Questions

Settings
MCSE 70-291 Exam Quiz Test 2

Hello FriendThis practice test helps you prepare for Microsoft certification exam 70-291, which counts toward MCSE certification. This practice test contains 33 questions, provided by Saurabh Singh.


Related Topics
Questions and Answers
  • 1. 
    You want to migrate a subnet to a new scope. You create a new scope and then deactivate the old scope. Which of the following is an appropriate next step?
    • A. 

      Run the Ipconfig /release command and then the Ipconfig /renew command on every client computer.

    • B. 

      Restart the DHCP Server service.

    • C. 

      Delete the old scope.

    • D. 

      Authorize the DHCP server.

  • 2. 
    Which action needs to be taken if you want to configure a DHCP server to update both A resource records and PTR resource records on behalf of a Windows NT 4 client?
    • A. 

      No action is required.

    • B. 

      On the DNS tab of the DHCP server properties dialog box, select Dynamically Update DNS a and PTR Records For DHCP Clients That Do Not Request Updates.

    • C. 

      On the DNS tab of the DHCP server properties dialog box, select Always Dynamically Update DNS a and PTR Records.

    • D. 

      Register the client as a dynamic host with the DHCP server.

  • 3. 
    You have not modified the default settings for DNS on the DHCP client or server. Which of the following client record or records will be updated in DNS by the DHCP server? (Assume that the clients are running Windows XP.)
    • A. 

      The PTR resource record

    • B. 

      The A resource record

    • C. 

      Both the PTR and A resource records

    • D. 

      Neither the PTR nor the A resource record

  • 4. 
    The address space used by your organization is 207.46.1.21–207.46.1.254. This space is not large enough to accommodate all 300 workers at once; as a result, your network frequently runs out of DHCP leases. Nevertheless, no more than 30 part-time employees work in the office on any given day. How can you make more efficient use of your current address space and provide enough leases for all workers?
    • A. 

      Assign all laptops an alternate configuration address within a compatible address space.

    • B. 

      Create a user class for part-time employees and adjust the lease duration in this user class to 1 day.

    • C. 

      Increase conflict detection attempts on the DHCP server so as to prevent address conflicts.

    • D. 

      Assign part-time employees addresses within one of the private address ranges.

  • 5. 
    Your DHCP server crashes and cannot be brought back online. Your last backup is four days old. How can you best preserve the current address space without restarting all company computers?
    • A. 

      Deploy a new DHCP server with the same address scope, and raise conflict detection attempts to 3.

    • B. 

      Deploy a new DHCP server with the same address scope, and increase the new lease duration to 15 days.

    • C. 

      Restore the previous DHCP database from a backup.

    • D. 

      Run the Ipconfig /renew command on all computers.

  • 6. 
    The DNS domain proseware.local is an Active Directory–integrated domain that requires secure dynamic updates. Your DHCP server is configured to register DNS records for downlevel clients, and is not a member of the DnsUpdateProxy group. Fifty client computers have recently been upgraded to Windows XP Professional from Windows NT 4. After the upgrade, users start reporting that they can no longer access some network resources. Which of the following solutions enables you to fix the problem with the least amount of administrative effort?  
    • A. 

      Shut down and restart the upgraded client computers.

    • B. 

      Run Ipconfig /renew, and then Ipconfig /registerdns on all client computers.

    • C. 

      Enable aging and scavenging in the proseware.local zone, and then decrease the no-refresh and refresh intervals in aging/scavenging properties.

    • D. 

      Add the DHCP server to the DnsUpdateProxy Windows security group.

  • 7. 
    You have configured a subnet with two DHCP servers, DHCP1 and DHCP2. DHCP1 provides addresses within the first 80 percent of the subnet’s scope range, and DHCP2 provides addresses for the remaining 20 percent of the scope range. Computer ClientA obtains a fresh address from DHCP1, after which you immediately take DHCP1 off the network. How long will it take before ClientA attempts to obtain a new address from DHCP2?
    • A. 

      Four days

    • B. 

      Five days

    • C. 

      Seven days

    • D. 

      Eight days

  • 8. 
    Which of the following messages is not exchanged as part of a DHCP lease initialization?
    • A. 

      Renew

    • B. 

      Request

    • C. 

      ACK

    • D. 

      Discover

  • 9. 
    What most likely accounts for the errors shown in the following DHCP audit log? 00,5/24/03,08:21:57,Started,,,, 54,5/24/03,08:21:58,Authorization failed,,domain1.local,,
    • A. 

      The server has been started for the first time.

    • B. 

      The server cannot communicate on the network.

    • C. 

      The server has been unauthorized by a senior network manager.

    • D. 

      The server is not running Windows Server 2003.

  • 10. 
    By default, how long do logged events last in DHCP server logs?
    • A. 

      One day

    • B. 

      One week

    • C. 

      One month

    • D. 

      Until the log grows beyond 1 MB

  • 11. 
    With the least amount of administrative effort, how can you best provide enough addresses for the 290 clients that require dynamic addressing and still allow for connectivity among all networked computers? (Choose only one answer.)
    • A. 

      Create a new superscope and then add the 10.0.0.0/24 and 10.0.1.0/24 scopes to the new superscope.

    • B. 

      Reconfigure the scope as 10.0.0.0/23 and set conflict detection attempts to 3. Restart all computers by using the Shutdown /i command.

    • C. 

      Add a second DHCP server on the network segment to distribute address leases through the 10.0.1.0/24 scope.

    • D. 

      Add a second DHCP server on the network segment to distribute address leases through the 10.0.0.0/24 scope. Restart all computers by using the Shutdown /i command.

  • 12. 
    Your boss wants to reserve 20 computers in a special subnet within the 192.168.0.0/24 range and place these computers on the same network segment as the other computers. To achieve this task, you deploy a new DHCP server to issue leases in the 192.168.0.0/24 address range and create 20 lease reservations for the new set of computers. However, after the new DHCP server is deployed, the scope does not issue any new leases even though it is activated. Which of the following would most likely cause this scenario?
    • A. 

      You have not reconciled the scopes on the new DHCP server.

    • B. 

      You have not verified the database consistency.

    • C. 

      You have not excluded the range of addresses issued by the original DHCP computer.

    • D. 

      You have not assigned the new DHCP server an address within the 192.168.0.0/24 range.

  • 13. 
    After you enable the new scopes to issue addresses, some users begin to complain that they can no longer access network resources. Checking the DHCP server audit logs, you find several NACK messages. What steps should you take to resolve this problem? (Choose all that apply.)
    • A. 

      Create a superscope on each DHCP server consisting of the active scopes deployed on the network segment.

    • B. 

      Create client reservations for all appropriate clients on the original DHCP server.

    • C. 

      On the original DHCP server, exclude the full range of addresses within the special 192.168.0.0/24 subnet.

    • D. 

      On the new DHCP server, exclude the full range of addresses issued by the original DHCP server.

  • 14. 
    Company executives want to improve router security on the network and have made clear that they would not be satisfied with a solution that merely authenticates routers with a plaintext password. What other measures can you take to ensure that rogue routers are not deployed on the network and that network routes are not intercepted? (Choose all that apply.)
    • A. 

      Deploy Active Directory directory service.

    • B. 

      Configure RIP to use autostatic routes.

    • C. 

      Configure RIP neighbors.

    • D. 

      Configure peer filtering.

    • E. 

      Configure route filtering.

  • 15. 
    How can you ensure that only members of the R&D Subnet 2 can access the route to the new secure subnet?
    • A. 

      Deploy OSPF on the network and configure the router connected to the secure subnet as an area border router.

    • B. 

      Configure peer filtering on the router connected to the secure subnet.

    • C. 

      Encrypt the routes using MPPE.

    • D. 

      Do not deploy a routing protocol on the router connected to the secure subnet. Configure workstations in R&D Subnet 2 with static routes to the secure subnet.

  • 16. 
    A team of 20 of Fabrikam’s scientists are conducting research for 10 months in Ottawa, Ontario. They have set up a computer network that they want to connect periodically to the main office in Ithaca. How can you ensure that the incoming calls you receive to the network router at the main office are in fact originating from the router at the temporary Ottawa office?
    • A. 

      Configure the answering router at the Ithaca office to authenticate all incoming calls.

    • B. 

      Configure callback on the answering router at the Ithaca office.

    • C. 

      Configure callback on the calling router at the Ottawa office.

    • D. 

      Disable autostatic routes on both routers.

  • 17. 
    Which of the following settings can be applied using Security Configuration and analysis and a security template? (Choose all that apply.)
    • A. 

      The password must be 15 characters long.

    • B. 

      The Accountants group is not allowed to access this computer over the network.

    • C. 

      IPSec must be used for all communications between Computer1 and Computer2.

    • D. 

      The root file permissions should be Everyone Full Control.

  • 18. 
    Which steps might be necessary to recover from the application of a security template to a file server that prevented all users from accessing the server over the network? Choose the most efficient way.
    • A. 

      Log on locally to the file server as Administrator and apply the root security template.

    • B. 

      Log on locally to the file server as Administrator and apply the rollback template produced from the bad security template.

    • C. 

      Log on remotely to the file server as Enterprise Admin and use the Local Security Policy console to change the user rights policies that might be incorrect.

    • D. 

      Log on remotely to the file server as Administrator and apply the rollback template produced from the security template.

  • 19. 
    IPSec can be used to secure communications between two computers. What else can it do? (Choose all that apply.)
    • A. 

      Examine Kerberos tickets

    • B. 

      Block transfer of specific protocol packets

    • C. 

      Allow transfer of packets with a destination TCP port of 23 from any computer to the host computer

    • D. 

      Permit one user to use telnet to access the computer while denying another user

  • 20. 
    What is a good reason for assigning a policy by means of Netsh when Group Policy can be used to simply assign an IPSec policy across multiple computers?
    • A. 

      Using Netsh is the only way to apply a policy that can be used to permit a user’s computer to be used for a telnet session with another computer while blocking all other telnet communications.

    • B. 

      Using Netsh is more easily implemented when multiple machines need to be configured.

    • C. 

      You can apply Netsh even if the computers are not joined in a domain, and Group Policy can work only in a domain.

    • D. 

      You can use Netsh to create a persistent policy that will be used if Group Policy cannot be used.

  • 21. 
    Netsh is used to create and assign an IPSec policy for a stand-alone server running Windows Server 2003. One of the commands used is the following, executed from the Netsh IPSec Static context: Add rule name=”SMTPBlock” policy=”smtp” filterlist=“smtp computerlist” filteraction=”negotiate smtp” description=”this rule negotiates smtp” Why is the policy not working?
    • A. 

      The policy is set with the wrong IP addresses.

    • B. 

      Each policy specifies a different encryption algorithm.

    • C. 

      No encryption is taking place. The evidence is revealed in the soft SAs.

    • D. 

      The policy is using Kerberos for authentication and the computer is not a member of a domain.

  • 22. 
    An IPSec policy has been assigned and communication is failing between two computers. The event shown in Figure 11-47 is found in the IP Security Monitor. Its timestamp indicates the event happened during the failure. What is the most likely reason for the failure?
    • A. 

      The failure is due to an authentication error.

    • B. 

      Main Mode negotiation is failing.

    • C. 

      Quick Mode negotiation is failing.

    • D. 

      The specific type of packets that the policy is supposed to be blocking are being blocked.

  • 23. 
    During a communication session between two computers, the IP Security Monitor snap-in shows the status in Figure 11-48. What does this status mean?
    • A. 

      The communication is not encrypted as expected.

    • B. 

      The communication is encrypted as expected.

    • C. 

      The communication is not occurring.

    • D. 

      The communication is not being received at this computer.

  • 24. 
    You log on to the domain, map a drive to the share \\192.168.5.55\share, and then copy some files. You then use Kerbtray.exe to examine the Kerberos tickets. You find a ticket for your account and the service krgbt. You do not find a ticket for CIFS for this server. What is the most likely reason for this problem?
    • A. 

      The ticket with the service krgbt is the ticket for this type of connection.

    • B. 

      Using the IP address instead of server name means NTLM will be used.

    • C. 

      The Kerbtray.exe utility shows only TGT tickets, and the share ticket is a user or session ticket.

    • D. 

      The Kerbtray.exe utility shows only session tickets, and the share ticket is a TGT ticket.

  • 25. 
    You receive a report that Computer1 is responding slowly to user requests. You want a quick way to see which network traffic the server is using. You use Network Monitor. You want to see whether any general broadcast traffic is being sent to Computer1. Which counter should you enable?
    • A. 

      Nonunicasts/Interval

    • B. 

      Unicasts/Interval

    • C. 

      Bytes Sent/Interval

    • D. 

      Bytes Received/Interval

  • 26. 
    You set up Performance Logs And Alerts to send a message to Computer2 to notify an operator when the network use on Computer1 gets too high. However, Computer2 never receives the message sent from Computer1. What must you do to enable messages to be sent by Computer1 and received by Computer2? (Choose all that apply.)
    • A. 

      On Computer1, start the Messenger service.

    • B. 

      On Computer1, start the Alerter service.

    • C. 

      On Computer2, start the Messenger service.

    • D. 

      On Computer2, start the Alerter service.

  • 27. 
    You suspect that a virus has infected your computer running Windows Server 2003. You believe this virus is transmitting data from your server over the network using a specific port. You want to determine which process is using a specific port. Which command should you run?
    • A. 

      Nbtstat –RR

    • B. 

      Nbtstat –r

    • C. 

      Netstat –a

    • D. 

      Netstat –o

  • 28. 
    A user in the branch office reports that he cannot use Internet Explorer to open a commonly used Web site on the Internet. At your client computer in the main office, you are able to ping the target address. At the user’s client computer, you cannot ping the target address. What should you do to troubleshoot? (Choose all that apply.)
    • A. 

      From the user’s client computer, run ping destination address.

    • B. 

      From the user’s client computer, select To Repair The Network Connection.

    • C. 

      From the DNS server, perform a simple query test.

    • D. 

      From the DNS server, perform a recursive query test.

  • 29. 
    You are setting up 50 new client machines in the branch office. Another administrator has already configured DHCP in the branch office. When you bring the first client computer online, you notice that DHCP is not providing Primary or Alternate DNS servers along with the IP address. You need to troubleshoot DHCP and configure it so the client computers can gain access to internal resources as well as browse the Internet. How should you configure the DHCP server? (Choose all that apply.)
    • A. 

      Set the DHCP server to provide clients the address to DNS1.

    • B. 

      Set the DHCP server to provide clients the address to ISPDNS1.

    • C. 

      Set the DHCP server to provide clients the address to DNS2.

    • D. 

      Set the DHCP server to provide clients the address to ISPDNS2.

  • 30. 
    A user in the branch office reports that he cannot use Internet Explorer to view a commonly used Web site on the Internet. At your client computer in the main office, you run Nslookup to verify the target address and receive the correct address. At the user’s client computer, you also run Nslookup, but the address returned is incorrect. What should you do to troubleshoot? (Choose all that apply.)
    • A. 

      Verify that the client is using the correct DNS servers.

    • B. 

      Run Ipconfig /flushdns.

    • C. 

      Select the Network Connections icon in Accessories.

    • D. 

      Run Ipconfig /renew.

  • 31. 
    You install a new application, which reports that it is installing a service on the computer. However, when you run the application for the first time, it is unable to start. You inspect the event log to determine the nature of the problem. You receive an error stating “The service did not start due to a logon failure.” What should you do?
    • A. 

      Grant the account the Logon As A Service right.

    • B. 

      Change the password to the same name as the account.

    • C. 

      Verify the user name of the account being used to run the service.

    • D. 

      Grant the account administrative rights.

  • 32. 
    You install a new application, which reports that it is installing a service on the computer. However, when you run the application for the first time, it is unable to start. You inspect the service dependencies for the new service and notice that a service that is required is not started. However, your security policy states that services must remain stopped unless another application requires them to be on. How should you configure the dependent service to start?
    • A. 

      Automatic

    • B. 

      Automatic, but pause the service

    • C. 

      Manual

    • D. 

      Disabled

  • 33. 
    You install a new application on a member server. The application reports that it is installing a service on the computer. The installation for the service requests a user name and password for which to run the service. You provide the name DOMAIN1\Service1. However, when you run the application for the first time, it is unable to start. You suspect that the account has not been given enough rights to start. What do you do?
    • A. 

      On the member server, grant the Service1 account the Log on as a Service right.

    • B. 

      In the domain, grant the Service1 account the Log on as a Service right.

    • C. 

      On the member server, grant the Service1 account the Log on as a Batch Job right.

    • D. 

      In the domain, grant the Service1 account the Log on as a Batch Job right.