Microsoft 70-291 Practice Exam

43 Questions | By Nuzcruzr | Last updated: Dec 14, 2012

Settings

or Create Online Exam

Share This on Twitter

Email

Pin it

Share on reddit

- +

Microsoft Certification Exam Quizzes & Trivia

Managing and Maintaining a Windows Server 2003 Network Infrastructure

Questions and Answers

1.

You are the administrator of your company's DNS servers. The primary DNS server, which is named Jupiter, runs Windows Server 2003. A Windows 2000 Server DNS server named Mars hosts a secondary DNS zone for the Active Directory domain. Jupiter has been configured to allow zone transfers to Mars. Mars is configured with the default zone transfer settings. Some of your users complain that they cannot access some hosts by name. You decide to use System Monitor on Mars to determine whether it receives zone transfers from Jupiter.
- A.
  
  On XYZ -PR01, run the net session comand.
- B.
  
  On XYZ -PR01, run the netstat command.
- C.
  
  On XYZ -PR01, run the netsh command.
- D.
  
  On XYZ -PR01, run the netstcap command
2.

You are the network administrator for a single Active Directory domain named internaldom.com. A Windows Server 2003 computer named DNSA is the only DNS server in the domain. It hosts only the internaldom.com domain. Users report that resolving DNS names has slowed considerably over the past several weeks. You decide to research the problem. Your first plan of action involves finding out whether the problem lies with DNSA. What should you do?

Discuss
- A.
  
  Use the DNS Event Log to monitor for DNS Event ID 2 and 3.
- B.
  
  Use System Monitor to monitor the Network Interface: Bytes Total/sec counter.
- C.
  
  Enable debug logging on DNSA. Configure the log to capture Request and Response packets.
- D.
  
  Enable debug logging on DNSA. Configure the log to capture Outgoing and Incoming packets.
- E.
  
  Use System Monitor to monitor the DNS: Dynamic Update Received/sec, DNS: Total Query Received/sec, and DNS: Total Response Sent/sec counters.
3.

You are an administrator for your company network. The network is configured as a single Active Directory domain. Your company is starting a new project, and a group of employees from several departments, including the IT department, has been assigned to the project. The IT employees who are assigned to the project will be responsible for common administrative tasks, such as managing user accounts, groups, and Group Policy links. The authority of the IT employees should be restricted to the administration of the users and resources that are assigned to the project. You must assign the required level of administrative authority to the IT employees who are assigned to the new project. You want to perform this task with the least amount of administrative effort. What should you do?

Discuss
- A.
  
  Create a new domain, move the appropriate users and computers to the new domain, and assign the appropriate IT department employees to the Domain Admins group in the new domain.
- B.
  
  Create a new user group, add the appropriate users and computers to the new group, and assign the appropriate IT employees to the Account Operators built-in group
- C.
  
  Create a new Active Directory site, move the appropriate users and computers to the new site, and delegate control of the site to the appropriate IT employees.
- D.
  
  Create a new OU, move the appropriate users and computers into the OU, and delegate control of the OU to the appropriate IT department employees.
4.

You are the network administrator for I-Technic Industries. The network contains Windows XP Professional and Windows Server 2003 computers. You have two Windows 2003 domain controllers named DC1 and DC2 that are responsible for a single domain named itechind.com. Your primary DNS server is installed on a domain controller named DC1.itechind.com. You have one secondary DNS server installed on a member server named Srv2.itechind.com. You want to ensure that updates can be made to any server. You also want to optimize and simplify the management of DNS replications and zone transfers. What should you do?

Discuss
- A.
  
  Promote Srv2.itechind.com to a domain controller.
- B.
  
  On DC1.itechind.com, add Srv2.itechind.com to the notify list.
- C.
  
  On DC1.itechind.com, set the Time to Live (TTL) value in the SOA record to a higher value.
- D.
  
  Remove the DNS Server service from Srv2.itechind.com. Install the DNS Server service on DC2.itechind.com. Convert the zone hosted by DC1.itechind.com to an Active Directory-integrated zone.
5.

You are the network administrator for I-Technic Industries. The network contains Windows XP Professional and Windows Server 2003 computers. You have two Windows 2003 domain controllers named DC1 and DC2 that are responsible for a single domain named itechind.com. Your primary DNS server is installed on a domain controller named DC1.itechind.com. You have one secondary DNS server installed on a member server named Srv2.itechind.com. You want to ensure that updates can be made to any server. You also want to optimize and simplify the management of DNS replications and zone transfers. What should you do?

Discuss
- A.
  
  Promote Srv2.itechind.com to a domain controller.
- B.
  
  On DC1.itechind.com, add Srv2.itechind.com to the notify list.
- C.
  
  On DC1.itechind.com, set the Time to Live (TTL) value in the SOA record to a higher value.
- D.
  
  Remove the DNS Server service from Srv2.itechind.com. Install the DNS Server service on DC2.itechind.com. Convert the zone hosted by DC1.itechind.com to an Active Directory-integrated zone.
6.

You are the network administrator for a large shoe manufacturer. The network consists of a single Active Directory domain containing Windows Server 2003 computers and Windows XP Professional client computers. You have configured several Group Policy Objects (GPOs) to enforce IPSec for certain types of communications on your network. FileSrv1 provides file services for confidential corporate data. A GPO is supposed to encrypt all communication involving FileSrv1. However, it has recently been discovered that some files have been compromised. Management has asked you to view all IPSec settings applied through GPOs to FileSrv1. You must also be able to determine the GPO to which an active IPSec policy is assigned. Which two tools should you use? (Choose two. Each correct answer presents part of the solution.)

Discuss
- A.
  
  Netdiag.exe
- B.
  
  IP Security Monitor console
- C.
  
  IP Security Policy Management console
- D.
  
  Resultant Set of Policy (RSoP) console
- E.
  
  Microsoft Baseline Security Analyzer (MBSA)
7.

You are a network administrator for your company. The network consists of two Active Directory domains in a single forest. The network spans two locations that are connected through a dial-up link. All servers on the network run Windows Server 2003. All computers in the central office belong to the verigon.com domain and are configured to use Server1 as the preferred DNS server. Server1 hosts a primary zone for the verigon.com domain. All computers in the branch office belong to the branch.verigon.com domain and are configured to use Server2 as the preferred DNS server. Server2 hosts a primary zone for the branch.verigon.com domain. All computers in both offices must always be able to resolve names of any computer on the network, even when the dial-up link between the two offices is disconnected. What should you do?

Discuss
- A.
  
  On Server1, create a secondary zone for the branch.verigon.com domain. On Server2, create a secondary zone for the verigon.com domain.
- B.
  
  Configure Server1 and Server2 to perform conditional forwarding to each other.
- C.
  
  On Server1, create a delegation for the branch.verigon.com domain. On Server2, create a delegation for the verigon.com domain.
- D.
  
  On Server1, create a stub zone for the branch.verigon.com zone. On Server2, create a stub zone for the verigon.com zone.
8.

You are a remote employee for your company. Your home network is connected to the Internet through a cable modem. The company 's written security policy requires that all remote employees configure Internet Explorer on their home computers to reject cookies from all Web sites except your company's Web site. You must comply with the company policy. On your Windows XP Professional computer at home, you start Internet Explorer and select Internet Options from the Tools menu. In the Internet Options sheet, you must configure the appropriate settings that define the handling of cookies. Which of the following tabs should you select?

Discuss
- A.
  
  General
- B.
  
  Security
- C.
  
  Privacy
- D.
  
  Content
- E.
  
  Connections
9.

You administer your company's network, which consists of a single Active Directory domain and several sites. All servers run Windows Server 2003, and all client computers run Windows XP Professional. Name resolution is provided by DNS servers. DHCP servers provide TCP/IP configurations to client computers. Servers are assigned static TCP/IP configurations. A written company policy mandates that all access to the Internet be directed through only by an Internet Security and Acceleration (ISA) server at each site. Currently, computers are manually configured to use the ISA server at their location. Several portable computers that run Windows XP Professional have been purchased for 40 users who will travel between sites. You want to configure the DHCP servers so that the portable computers will be automatically configured to use the appropriate ISA server computer for the site at which they are located. For each site, you create an autoconfiguration file and store it on a local intranet Web server. Which DHCP option should you configure?

Discuss
- A.
  
  003 Router
- B.
  
  006 DNS Servers
- C.
  
  015 DNS Domain Name
- D.
  
  252 WPAD
10.

You are your company's network administrator. The network contains Windows Server 2003, Windows 2000 Server, and Windows XP Professional computers, and is connected to the Internet. You use Internet Protocol Security (IPSec) on your network to protect all data. You suspect that certain IPSec policies are not being assigned to the Windows 2000 Server computers. You must view the name of the active IPSec policies that are being used by each computer. Which tool should you use?

Discuss
- A.
  
  Netsh
- B.
  
  Netdiag
- C.
  
  Ipseccmd
- D.
  
  IP Security Monitor console
- E.
  
  Group Policy Verification tool
11.

You administer your company's network. Your company maintains a public Web site on a Windows Server 2003 IIS 6.0 Web server that is named WebSrv. You can administer WebSrv only remotely because it is hosted by a third party. Normally, you perform administrative tasks from your workstation on the company network. You also want to be able to manage WebSrv from your home. You do not have a high-speed Internet connection at home. To access WebSrv from your home, you will first dial in to the corporate network. This connection is very slow, and you have difficulty using IIS Manager. You want to be able to make configuration changes to IIS on WebSrv quickly to minimize the impact on Internet users.
- A.
  
  Enable BITS server extensions on WebSrv
- B.
  
  Enable FrontPage server extensions on WebSrv.
- C.
  
  Configure WebSrv to support WebDAV.
- D.
  
  Use Notepad to directly edit the IIS metabase.
12.

You are responsible for administering your company's network. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company's written security policy stipulates that the system, security, and application event logs on all domain controllers must be periodically archived and manually cleared. Each log should not exceed 100 MB in size. Events must never be overwritten in any of the event logs. You must comply with the company's policy and ensure that your assistants, who have the authority to perform administrative tasks on domain controllers, cannot change the size and retention settings for event logs. What should you do?

Discuss
- A.
  
  Configure NTFS permissions for event log files so that only you can access them.
- B.
  
  Configure the appropriate log size and retention settings in the Default Domain Controllers Policy GPO.
- C.
  
  Add your assistants' user accounts to the Backup Operators group in the domain.
- D.
  
  Create a script that will configure the appropriate log size and retention settings by editing the Registry. Run the script on each domain controller.
13.

You administer your corporate network, which consists of a single Active Directory domain named cdpres.com. The relevant portion of the network is depicted in the following image: The network contains three Windows Server 2003 domain controllers, twenty-five Windows Server 2003 member servers, and one hundred Windows 2000 Professional client computers. Server01 hosts the corporate intranet Web site. Server03 provides client computers with TCP/IP settings, and Server02 hosts the standard primary DNS zone for the cdpres.com domain. Computers in the domain are configured to query Server02 for name resolution. To access the intranet Web site, users type server01.cdpres.com in the Address bar in Internet Explorer. To make access to the intranet Web site more intuitive, you want to enable users to use the name www.cdpres.com. Additionally, users should be able to access the intranet site by its IP address. Which resource record should you add?
- A.
  
  Server01 A 192.168.10.10
- B.
  
  Www CNAME server01.cdpres.com
- C.
  
  @ MX 1 server01.cdpres.com
- D.
  
  _ldap._tcp SRV 10 0 389 server01.cdpres.com
14.

You are the network administrator for a single Active Directory domain. The domain contains 1,000 Windows XP Professional client computers and 20 Windows Server 2003 computers. Internet Protocol Security (IPSec) is implemented on your network. You suspect that a user has been changing the IPSec policies on your network. You must determine which user is making IPSec policy changes. In addition, you want to identify any users who are attempting to make changes. What should you do?

Discuss
- A.
  
  Enable success auditing for the Audit logon events audit policy for your domain.
- B.
  
  Enable success auditing for the Audit policy change audit policy for your domain.
- C.
  
  Enable success auditing for the Audit privilege use audit policy for your domain.
- D.
  
  Enable success and failure auditing for the Audit logon events audit policy for your domain.
- E.
  
  Enable success and failure auditing for the Audit privilege use audit policy for your domain.
15.

You are your company's network administrator. A portion of your network is shown in the image: IIS1 is your company's intranet server. A limited number of individuals should be editing files on this computer. You must be able to monitor all communication with IIS1. Your monitoring solution must minimally affect the performance of IIS1. In addition, you need to ensure that only Administrators on Subnet 1 are able to monitor network activity using Network Monitor. You want to accomplish this with the least amount of administrative effort. What should you do? (Choose two. Each correct answer presents part of the solution.)
- A.
  
  Install Network Monitor on IIS1.
- B.
  
  Install the Network Monitor Driver on IIS1.
- C.
  
  Install the Systems Management Server version of Network Monitor on MON1.
- D.
  
  Select Identify Network Monitor Users on the Tools menu in Network Monitor
- E.
  
  Select Show Address Names on the Options menu in Network Monitor..
16.

You administer your company's e-mail servers. Your company has decided to purchase a new Windows Server 2003 computer that will run Microsoft Exchange Server 2003 and provide e-mail services on the internal network. You want to ensure that users on the internal network can access the new e-mail server by using its fully qualified domain name (FQDN). The server will not be used to receive Internet e-mail. At a minimum, which DNS resource record is required for the new e-mail server?
- A.
  
  A
- B.
  
  CNAME
- C.
  
  HINFO
- D.
  
  MX
- E.
  
  NS
17.

You are the network administrator for a large electronics company, which is a division of Verigon Incorporated. The network contains only Windows Server 2003 and Windows XP Professional computers in a single Active Directory domain named verigonelec.com. Several companies purchase your products for resale. These companies connect to your network over a VPN using Windows XP Professional computers that are not members of your domain and need access to a Windows Server 2003 file server named FS1. To protect confidential data, you have implemented the Secure Server IPSec policy on all servers and the Client IPSec policy on all client computers. The computers owned by the purchasers have had the Client IPSec policy applied. However, you have noticed that the purchaser connections are not encrypted. You must ensure that the purchaser connections are encrypted without compromising your domain security. What should you do?

Discuss
- A.
  
  Change the IPSec policy on FS1 to Server.
- B.
  
  Add the purchaser computers to the verigonelec.com domain.
- C.
  
  Configure FS1 and the purchaser computers to use Kerberos authentication.
- D.
  
  Create a trust between the verigonelec.com domain and the purchaser domains.
- E.
  
  Implement a certificate authority (CA) and configure FS1 and the purchaser computers to use certificates.
18.

You are the network administrator for a single Active Directory domain named verigon.com. Your domain contains two thousand Windows 2000 Professional desktop computers, five hundred Windows 2000 Professional notebook computers, and two hundred and fifty Windows XP Professional notebook computers. All computers are configured with dynamically-assigned IP addresses. The notebook computers are frequently moved across subnets. Your network has three Windows Server 2003 DNS servers. DNS1 is the primary DNS server. DNS2 and DNS3 are secondary DNS servers. Users are complaining that they are having trouble resolving the DNS names of some of the notebook computers when they attempt to access files on these computers. You must ensure that the verigon.com domain contains the appropriate DNS information for all of the notebook computers. What should you do?

Discuss
- A.
  
  Log in as a member of the Domain Admins global group. In the properties of DNS1, enable aging and scavenging.
- B.
  
  Log in as a member of the Domain Admins global group. Configure the verigon.com zone as an Active Directory-integrated zone.
- C.
  
  Log in as a member of the Domain Admins global group. In the properties of the verigon.com domain, enable aging and scavenging.
- D.
  
  Log in as a member of the Domain Admins global group. In the properties of DNS1, enable aging and scavenging. In the properties of the verigon.com domain, enable aging and scavenging.
19.

You are the administrator for your company's Windows 2003 domain. You have three Domain Name System (DNS) servers on your network. While doing routine maintenance on the DNS server named MAIN, you notice a DNS warning message in the Event Viewer, as shown in the image: You ping DNS1 and receive a reply. What should you do next?
- A.
  
  Clear the DNS server cache on MAIN.
- B.
  
  Clear the DNS server cache on DNS1.
- C.
  
  Stop and restart the DNS service on DNS1.
- D.
  
  Stop and restart the DNS service on MAIN.
- E.
  
  Run the ipconfig /flushdns command at DNS1.
20.

You are your company's network administrator. The network contains Windows Server 2003, Windows 2000 Server, Windows XP Professional, and Windows 2000 Professional computers in a single Active Directory domain named goliath.com as shown in the following image: All domain controllers run Windows Server 2003. The company's written security policy states that file and folder access on all server computers in the domain must be monitored for failures. You create a customer security template named FFAccess. You need to configure the FFAccess security template to enforce the written security policy of your company for all server computers in the domain. You must accomplish this with the least amount of administrative effort. What should you do? (Choose all that apply. Each correct answer presents part of the solution.)
- A.
  
  Apply the FFAccess security template to the Servers OU.
- B.
  
  Apply the FFAccess security template to the Clients OU.
- C.
  
  Apply the FFAccess security template to the Domain Controllers OU.
- D.
  
  Apply the FFAccess security template to the goliath.com domain.
- E.
  
  On the FFAccess security template, enable the Audit object access policy for failures.
21.

You are a network administrator of your company's Active Directory domain, which consists of four Windows Server 2003 domain controllers and 75 Windows XP Professional computers. The company's written security policy mandates that network administrators must log on with their regular domain user accounts. When a higher level of privileges is required to perform an administrative task, administrators should use the runas command to launch the required application with a specially created account that has the rights to perform the specific task. Name resolution failures begin occurring on your network. You log on to one of your domain controllers by using your non-administrative domain user account. Next, you attempt to run Replication Monitor by using an administrative user account named RM1 by issuing the runas /user:rm1 replmon command. After you enter the password for RM1, the following error is displayed: RUNAS ERROR: Unable to run - replmon 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. You inspect the services on the domain controller to determine the reason that you cannot start Replication Monitor. Failure of which service is most likely to prevent you from starting Replication Monitor?

Discuss
- A.
  
  Secondary Logon
- B.
  
  Net Logon
- C.
  
  DNS Client
- D.
  
  DNS Server
22.

You are your company's network administrator. The network contains a single Active Directory domain. All Windows Server 2003 computers are contained in the Servers organizational unit (OU). All Windows XP Professional client computers are contained in the Clients OU. A user named Mark must be able to configure TCP/IP protocol settings on a Windows Server 2003 computer named SrvN. You do not want to grant Mark more permissions than is necessary. What should you do?

Discuss
- A.
  
  Add Mark's user account to the Power Users local group on SrvN.
- B.
  
  Add Mark's user account to the Administrators local group on SrvN.
- C.
  
  Add Mark's user account to the Server Operators domain local group in the domain.
- D.
  
  Add Mark's user account to the Network Configuration Operators local group on SrvN.
- E.
  
  Add Mark's user account to the Network Configuration Operators domain local group in the domain.
23.

You administer a Windows 2003 network. A portion of the network structure is shown in the exhibit. TCP/IP is the only network protocol. The network ID is 196.123.88.0/27. This is the only set of IP addresses your company owns. All TCP/IP information is assigned to client computers on subnet A and subnet B by DHCP1. A separate scope with all available addresses is created on DHCP1 for each subnet. You recently added new Windows XP Professional clients to each subnet on the network. Now users from both subnets report that they cannot always access the network. After varying periods of time, they reboot their computers and are able to successfully connect to the network. Other computers on both subnets are continuing to operate normally and have full access to network resources. In addition, laptops are periodically being used for one day on the network when people visit from out of town. To investigate the situation, you check the IP configuration on one of the new computers, named Client30, that is experiencing trouble. You discover that the IP address of this computer is 169.254.0.5. You must resolve this problem. What should you do?
- A.
  
  Shorten the lease duration for both scopes.
- B.
  
  Add new addresses to the existing DHCP scopes.
- C.
  
  Shorten the lease duration for the subnet B scope only.
- D.
  
  Assign static IP addresses to the new Windows XP Professional clients.
- E.
  
  Configure both scope options to include the Perform Router Discovery option.
24.

You are your company's network administrator. Your network consists of a single Active Directory domain. The DHCP service is installed on a Windows Server 2003 computer named DHCP1. DHCP1 has been authorized in Active Directory. A single scope has been defined on DHCP1 with 200 IP addresses: 204.29.82.10 through 204.29.82.209. While performing routine maintenance, you notice a DHCP Jet database error in the Event Log on DHCP1. Later in the day, users report that IP addresses are not being delivered to client computers. You must ensure that DHCP can operate normally. What should you do?

Discuss
- A.
  
  Shorten the lease duration for both scopes.
- B.
  
  Add new addresses to the existing DHCP scopes.
- C.
  
  Shorten the lease duration for the subnet B scope only.
- D.
  
  Assign static IP addresses to the new Windows XP Professional clients.
- E.
  
  Configure both scope options to include the Perform Router Discovery option.
25.

You are the network administrator for a large company. The network contains Windows XP Professional and Windows Server 2003 computers as shown in the exhibit. (Click the Exhibit(s) button.) DHCPA provides DHCP services to the entire network and has three scopes configured, one for each subnet. DNSA provides DNS services to the entire network. You want to configure DHCPA so that it assigns the appropriate options to DHCP clients for the DNS server and router. What should you do?
- A.
  
  At DHCPA, configure the server option 003 with the IP address of the router. For each scope, configure the scope option 006 with the IP address of the DNS server.
- B.
  
  At DHCPA, configure the server option 006 with the IP address of the router. For each scope, configure the scope option 003 with the IP address of the DNS server.
- C.
  
  At DHCPA, configure the server option 006 with the IP address of the DNS server. For each scope, configure the scope option 003 with the IP address of the local router.
- D.
  
  At DHCPA, configure the server option 003 with the IP address of the DNS server. For each scope, configure the scope option 006 with the IP address of the local router.
26.

You are the network administrator for AccuTrak Distributors. The network contains Windows XP Professional and Windows Server 2003 computers in a single Active Directory, named accudist.com. A Windows Server 2003 computer named RAS1 is configured as a router and connected to several branch offices. You have implemented IPSec routing through RAS1. You must ensure that all packets routed through RAS1 are using IPSec. The company security policy states that the data portion of all packets passing through RAS1 must be encrypted. You must ensure that mutual authentication IPSec is not used. What should you do?

Discuss
- A.
  
  Use Network Monitor on RAS1. Capture all packets, and filter the packets based on the Internet Protocol (IP).
- B.
  
  Use Network Monitor on RAS1. Capture all packets, and filter the packets based on the Layer Two Tunneling protocol (L2TP).
- C.
  
  Use Network Monitor on RAS1. Capture all packets, and filter the packets based on the Authentication Header (AH) protocol.
- D.
  
  Use Network Monitor on RAS1. Capture all packets, and filter the packets based on the Encapsulating Security Payload (ESP) protocol.
27.

You administer a Windows Server 2003 domain. All servers run Windows Server 2003, and all client computers run Windows 2000 Professional with Service Pack 4. You need to modify the Default Domain Policy GPO settings to configure Automatic Updates to automatically download updates from a Windows Server Update Services (WSUS) Server named WSUS01 and install the updates on all domain computers. You want downloaded updates to be installed every Sunday at 1:00 P.M. You browse to the Windows Update node of the Default Domain Policy GPO and display the Settings tab of the Configure Automatic Updates Properties dialog box. You enable Automatic Updates. Which settings should you select on the Settings tab to properly configure Automatic Updates for domain computers? (Choose all that apply. Each correct choice presents part of the solution.)

Discuss
- A.
  
  Select option 3 - Auto download and notify for install in the Configure automatic updating drop-down list box.
- B.
  
  Select option 4 - Auto download and schedule the install in the Configure automatic updating drop-down list box.
- C.
  
  Select option 0 - Every day in the Scheduled install day drop-down list box.
- D.
  
  Select option 1 - Sunday in the Scheduled install day drop-down list box.
- E.
  
  Select the 13:00 option in the Scheduled install time drop-down list box.
28.

You are your company's network administrator. The network contains Windows Server 2003 and Windows XP Professional computers in a single Active Directory domain. You have implemented Internet Protocol Security (IPSec) on the entire network to protect corporate data. You recently created an Internet Key Exchange (IKE) filter. You then deployed this filter on the router connecting the network to the Internet. You now want to view statistical information about this filter only. You open the IP Security Monitor console. Where should these statistics be viewed?

Discuss
- A.
  
  In the Statistics folder of the Main Mode folder
- B.
  
  In the Statistics folder of the Quick Mode folder
- C.
  
  In the Generic Filters folder of the Main Mode folder
- D.
  
  In the Specific Filters folder of the Main Mode folder
- E.
  
  In the Generic Filters folder of the Quick Mode folder
29.

You are the security administrator for your company. The company has recently upgraded all network servers and domain controllers to Windows Server 2003. The company's network consists of a single Active Directory domain with three sites configured. You work in the main office. The company's written security policy prevents users in all sites from logging on locally to local servers. All network file servers are configured to collect auditing information. You want to view the auditing information on the file servers in all sites from your office. You need the ability to save the auditing information on the local hard disk of the file servers. What should you do?

Discuss
- A.
  
  Connect to each file server using a Remote Desktop connection and use the Security and Analysis snap-in to save the .inf file on the local hard disk.
- B.
  
  Connect to each file server using a Remote Desktop connection, use Computer Management to access Event Viewer, and save the .evt file on the local hard disk.
- C.
  
  Solicit a Remote Assistance invitation from the administrator of each file server and use the Security and Analysis snap-in to save the .inf file on the local hard disk.
- D.
  
  Solicit a Remote Assistance invitation from the administrator of each file server, use Computer Management to access Event Viewer, and save the .evt file on the local hard disk.
30.

You administer a Windows Server 2003 Active Directory domain for your company. The domain is divided into two subnets. SubnetA uses the network address 192.168.12.0/24, and SubnetB uses the network address 192.168.14.0/24. All domain controllers and member servers are Windows Server 2003 computers, and all clients are Windows 2000 Professional computers. Clients in SubnetA obtain TCP/IP settings from a DHCP server named DHCPA, which resides in SubnetA. Clients in SubnetB cannot obtain DHCP settings at all, even though you configured a scope for SubnetB on DHCPA. Your need to enable clients on SubnetB to automatically obtain TCP/IP settings from DHCPA. What should you install on SubnetB?

Discuss
- A.
  
  A primary DNS server
- B.
  
  An SUS server
- C.
  
  A DHCP relay agent
- D.
  
  A master DNS server
- E.
  
  An SMTP server
31.

You administer a network that consists of 75 computers running Windows Server 2003, Windows XP Professional, and Windows 2000 Professional. All client computers are located on the same network segment. All servers are assigned static IP addresses from the range of 192.168.0.0/24. Routing occurs only between the internal network and the Internet. All client computers are configured to receive IP addresses from a single DHCP server. No backup DHCP server exists on your network. The client computers are not configured with an alternate static IP address configuration. The DHCP server fails. What will happen to the computers on your network after the IP address leases expire?

Discuss
- A.
  
  All of the client computers will no longer be configured with an IP address and will no longer be able to communicate with one another.
- B.
  
  All of the client computers will keep the IP addresses that were originally leased to them until the DHCP server comes back online.
- C.
  
  All of the client computers will assign themselves new IP addresses and will be able to communicate with one another, but they will not be able to communicate with the servers.
- D.
  
  All of the client computers will assign themselves new IP addresses and will be able to communicate with one another and with the servers.
32.

You administer your company network. All servers on the network run Windows Server 2003, and all client computers run Windows XP Professional or Windows 2000 Professional. You add a DNS server to the network and then configure the network's DHCP server to automatically provide the IP address of the new DNS server to all of the DHCP client computers. You ask all of the network users to verify that the DHCP server has updated their computers' TCP/IP configurations to reflect the new DNS server's IP address. Which command should users type at a command prompt?

Discuss
- A.
  
  Ipconfig /all
- B.
  
  Dnslint
- C.
  
  Dnscmd
- D.
  
  Netstat -a
33.

You are a network administrator for your company. The corporate network consists of a single Active Directory domain. All servers run Windows Server 2003. On a server named ServerB, you configure several backup jobs to back up business data on file servers. The backup jobs are configured to run under the security context of a user account named BackupUser. The backup jobs run properly for several weeks, but then you notice that none of the jobs run anymore. What is the most likely reason that the backup jobs no longer run?

Discuss
- A.
  
  The password for the BackupUser account does not meet the password complexity requirements.
- B.
  
  The BackupUser account has been disabled as a result of an attempted password-guessing attack.
- C.
  
  The password for the BackupUser account has expired.
- D.
  
  The BackupUser account is not a member of the Backup Operators group on ServerB.
34.

You are your company's network administrator. The network contains Windows XP Professional and Windows Server 2003 computers. A primary DNS server named DNS1 hosts an Active Directory-integrated zone named corp.com. All client computers, except those in the research department, use dynamic IP addresses assigned by a DHCP server. The research department for your company has asked you to create its own DNS server, which you name DNS-Res. You create a DNS zone named res.corp.com. You configure the client computers in the research department to use DNS-Res as their primary DNS server. You then delegate the res.corp.com child domain to DNS-Res. You must ensure that all queries for resources outside the research department and Internet-based resources are processed by DNS1. What should you do?

Discuss
- A.
  
  Configure DNS-Res to use DNS1 as a forwarder.
- B.
  
  Configure DNS1 to use DNS-Res as a forwarder.
- C.
  
  Add the IP address of DNS1 to the root hints of DNS-Res.
- D.
  
  Add DNS1 to the list of DNS servers used by the clients in the research department.
35.

You administer your company network, which consists of a single Active Directory domain. All servers run Windows Server 2003. The network is connected to the Internet. A user named Stephen reports that he is unable to log on to the domain. You review security logs on domain controllers and notice several unsuccessful logon attempts that use Stephen's user account, StephenG1. You suspect that a malicious user on the Internet might be attempting to guess Stephen's password. To reduce the likelihood of this happening in the future, you rename Stephen's account to GSte1. However, Stephen still cannot log on to the domain. You must enable Stephen to log on to the domain and access appropriate network resources immediately. You want to perform this task with the least amount of administrative effort. Which action should you perform?

Discuss
- A.
  
  In the Account Lockout Policy for the domain, set the account lockout threshold value to zero.
- B.
  
  Enable Stephen's user account.
- C.
  
  Delete and re-create Stephen's user account.
- D.
  
  Unlock Stephen's user account.
36.

You are the system administrator for your company. Your company has decided to deploy Windows Server Update Services (WSUS) to help administrators deploy security patches and service packs. You have been given a Windows Server 2003 computer and a Windows 2000 Server computer. Neither of these systems has any service packs installed. You need to ensure that you can install WSUS on these computers with a minimum of administrative effort. What should you do? (Choose all that apply. Each correct answer is part of the solution.)

Discuss
- A.
  
  Ensure that Internet Information Services (IIS) 6.0, Background Intelligence Transfer Service (BITS) 2.0, and Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003 are installed on the Windows Server 2003 computer.
- B.
  
  Ensure that Internet Information Services (IIS) 5.0, Background Intelligence Transfer Service (BITS) 2.0, and Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003 are installed on the Windows Server 2003 computer.
- C.
  
  Ensure that Internet Information Services (IIS) 6.0, Background Intelligence Transfer Service (BITS) 1.0, and Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003 are installed on the Windows Server 2003 computer.
- D.
  
  Ensure that Windows 2000 Server Service Pack 4, Information Services (IIS) 5.0, Background Intelligence Transfer Service (BITS) 2.0, and Microsoft .NET Framework 1.1 Service Pack 1 for Windows 2000 Server are installed on the Windows 2000 Server computer.
- E.
  
  Ensure that Windows 2000 Server Service Pack 4, Internet Information Services (IIS) 6.0, Background Intelligence Transfer Service (BITS) 2.0, and Microsoft .NET Framework 1.1 Service Pack 1 for Windows 2000 Server are installed on the Windows 2000 Server computer.
37.

You administer your company network. The network consists of a single Active Directory domain named verigon.com. All five domain controllers run Windows Server 2003 and DNS Server, and they all host an Active Directory-integrated DNS zone for the verigon.com domain. You install DNS Server on a new Windows Server 2003 member server named ServerA. You configure ServerA to host a secondary zone for the verigon.com domain. On one of the domain controllers, you open the Properties dialog box for the verigon.com DNS zone. You must designate ServerA as an authoritative server for the verigon.com zone. Which tab should you select?

Discuss
- A.
  
  Start of Authority (SOA)
- B.
  
  Name Servers
- C.
  
  WINS
- D.
  
  Zone Transfers
38.

You manage your company's Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) servers. All of the computers are running Windows Server 2003. You install the DNS Server service on one of the servers in a test lab. You want the other computers in the test lab to use this DNS server, which is named DNS-Test. All of the computers in the lab are configured as DHCP clients. A scope for this subnet is defined on a DHCP server named DHCP-10, which is on a different subnet from the lab's subnet. There is no DHCP server in the test lab, but the DHCP relay agent is enabled on one of the computers in the lab. On DHCP-10, you configure a DHCP reservation for DNS-Test, and you replace the DNS server address in the options for the lab's scope with the Internet Protocol (IP) address you reserved for DNS-Test. You restart DNS-Test and Workstation5, which is running Windows XP Professional, you log on to Workstation5, and you use the command "ipconfig /all" to verify the computer's TCP/IP configuration. You notice that the client is still configured to use the DNS server that was previously defined for the lab computers. What is the most likely reason that the client computer is still using the address of the original DNS server?

Discuss
- A.
  
  The IP address of the original DNS server is defined in the TCP/IP properties of the client's network interface card.
- B.
  
  The IP address of the original DNS server is defined as a DHCP server option on DHCP-10.
- C.
  
  The lab computer is obtaining a lease from a different DHCP server than DHCP-10.
- D.
  
  The DHCP lease has not expired on the client.
39.

You are one of the network administrators for your company. The network hosts several computers running Microsoft Windows Server 2003. Client computers are running Microsoft Windows XP Professional. One of the servers is configured as a Domain Name System (DNS) server. This server maintains the primary forward zone and reverse lookup zone for the company domain. You attempt to use the Nslookup command from your administrative workstation, Computer-01. You are unable to resolve the host name of Computer-12 to an IP address using the command. You can successfully use the command to resolve the host names of other computers on the network to IP addresses. You need to be able to resolve the host name of Computer-12 to an IP address. What should you do?

Discuss
- A.
  
  Create a host (A) record for Computer-01.
- B.
  
  Create a pointer (PTR) record for Computer-12.
- C.
  
  Create a pointer (PTR) record for Computer-01.
- D.
  
  Create a host (A) record for Computer-12.
40.

You are the administrator for a medium-sized network consisting of 30 servers running Microsoft Windows Server 2003, Standard Edition, and 1,000 computers running a mix of Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. A recent security audit recommends encrypting all network traffic. This morning you implement the Secure Server IPSec policy for the Domain Controllers security policy, and the Client IPSec policy through Group Policy objects for each departmental OU. A few minutes after you complete these changes, you begin receiving an increasing number of calls from users complaining that they cannot log on or access their network files. What should you do?

Discuss
- A.
  
  Change the Group Policy objects for the departmental OUs to Secure Server.
- B.
  
  Upgrade all Windows 2000 Professional computers to Windows XP.
- C.
  
  Install Directory Service Client Software on all computers running Windows 2000 Professional.
- D.
  
  Do nothing. The problem will correct itself.
41.

You are the network administrator for your company. At the company's headquarters office you are setting up a wireless local area network (WLAN) for sales representatives to use to connect to the corporate network when they visit the office. The sales representatives use laptop computers running Windows XP Professional with the most recent service packs installed. For the WLAN, you decide to create a separate Internet Protocol (IP) subnet on which you will install only an Access Point (AP) and a computer running Windows Server 2003 on which Routing and Remote Access has been enabled. You will configure the server as a virtual private network (VPN) server through which the sales representatives will access the rest of the corporate network. You will use a Remote Access Dial In User Authentication Service (RADIUS) server as the authentication server for the wireless access clients. Which protocol should you use for authentication?

Discuss
- A.
  
  Challenge Handshake Authentication Protocol (CHAP)
- B.
  
  Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)
- C.
  
  Microsoft Challenge Handshake Authentication Protocol - version 2 (MS-CHAP v2)
- D.
  
  Extensible Authentication Protocol - Message Digest 5 (EAP-MD5)
42.

You are the network administrator for your organization. All servers have been upgraded to Microsoft Windows Server 2003. Client computers are running Microsoft Windows XP Professional. Users on the network report that AppSrv-01 is sometimes slow to respond. The server is running a business-critical application. You discover that there is an excessive amount of network traffic coming to and from the server. You want to monitor network traffic on AppSrv-01 using Network Monitor. However, you do not want any captured data overwritten, and you only want to capture header information. What should you do? (Choose two. Each answer represents part of the solution.)

Discuss
- A.
  
  Configure a new capture filter.
- B.
  
  Increase the size of the buffer.
- C.
  
  Create a display filter.
- D.
  
  Select the Prompt to Save Data option from the Options menu.
- E.
  
  Decrease the frame size setting.
43.

You are the network administrator for your organization. Servers are running a mixture of Microsoft Windows Server 2003 and Microsoft Windows 2000 Server. Client computers are running Microsoft Windows XP Professional. You have recently added a Dynamic Host Configuration Protocol (DHCP) server to the network. A number of client computers on your network are unable to connect to any network resource. From a command prompt on one of the client computers, you run IPCONFIG /ALL and discover that the client computer is not obtaining an IP address from the DHCP server. At the same client computer, you run IPCONFIG /RENEW. The IPCONFIG /RENEW command reports that the DHCP server cannot be reached. From a Windows 2000 Server on the same network segment as the client computer, you are able to ping the DHCP server successfully. You examine the DHCP server and discover that the DHCP Server service is stopped. The DHCP server is a member server in an Active Directory domain. You attempt to start the DHCP Server service but are unable to do so. What is the most likely reason you are unable to start the DHCP Server service?
- A.
  
  The DHCP server is not able to perform dynamic updates to an Active Directory-integrated zone.
- B.
  
  The DHCP server is still configured as a DHCP client.
- C.
  
  The DHCP server has not been configured with a valid scope.
- D.
  
  The DHCP server has not been authorized.

Back to top

More Microsoft Certification Exam Quizzes

Featured Quizzes

Related Topics

Back to top