Microsoft 70-291 Practice Exam

43 Questions | Total Attempts: 135

SettingsSettingsSettings
Microsoft 70-291 Practice Exam

Managing and Maintaining a Windows Server 2003 Network Infrastructure


Related Topics
Questions and Answers
  • 1. 
    You are the administrator of your company's DNS servers. The primary DNS server, which is named Jupiter, runs Windows Server 2003. A Windows 2000 Server DNS server named Mars hosts a secondary DNS zone for the Active Directory domain. Jupiter has been configured to allow zone transfers to Mars. Mars is configured with the default zone transfer settings.  Some of your users complain that they cannot access some hosts by name. You decide to use System Monitor on Mars to determine whether it receives zone transfers from Jupiter.
    • A. 

      On XYZ -PR01, run the net session comand.

    • B. 

      On XYZ -PR01, run the netstat command.

    • C. 

      On XYZ -PR01, run the netsh command.

    • D. 

      On XYZ -PR01, run the netstcap command

  • 2. 
    You are the network administrator for a single Active Directory domain named internaldom.com. A Windows Server 2003 computer named DNSA is the only DNS server in the domain. It hosts only the internaldom.com domain.  Users report that resolving DNS names has slowed considerably over the past several weeks. You decide to research the problem. Your first plan of action involves finding out whether the problem lies with DNSA.  What should you do?
    • A. 

      Use the DNS Event Log to monitor for DNS Event ID 2 and 3.

    • B. 

      Use System Monitor to monitor the Network Interface: Bytes Total/sec counter.

    • C. 

      Enable debug logging on DNSA. Configure the log to capture Request and Response packets.

    • D. 

      Enable debug logging on DNSA. Configure the log to capture Outgoing and Incoming packets.

    • E. 

      Use System Monitor to monitor the DNS: Dynamic Update Received/sec, DNS: Total Query Received/sec, and DNS: Total Response Sent/sec counters.

  • 3. 
    You are an administrator for your company network. The network is configured as a single Active Directory domain. Your company is starting a new project, and a group of employees from several departments, including the IT department, has been assigned to the project.   The IT employees who are assigned to the project will be responsible for common administrative tasks, such as managing user accounts, groups, and Group Policy links. The authority of the IT employees should be restricted to the administration of the users and resources that are assigned to the project. You must assign the required level of administrative authority to the IT employees who are assigned to the new project. You want to perform this task with the least amount of administrative effort.  What should you do?
    • A. 

      Create a new domain, move the appropriate users and computers to the new domain, and assign the appropriate IT department employees to the Domain Admins group in the new domain.

    • B. 

      Create a new user group, add the appropriate users and computers to the new group, and assign the appropriate IT employees to the Account Operators built-in group

    • C. 

      Create a new Active Directory site, move the appropriate users and computers to the new site, and delegate control of the site to the appropriate IT employees.

    • D. 

      Create a new OU, move the appropriate users and computers into the OU, and delegate control of the OU to the appropriate IT department employees.

  • 4. 
    You are the network administrator for I-Technic Industries. The network contains Windows XP Professional and Windows Server 2003 computers. You have two Windows 2003 domain controllers named DC1 and DC2 that are responsible for a single domain named itechind.com. Your primary DNS server is installed on a domain controller named DC1.itechind.com. You have one secondary DNS server installed on a member server named Srv2.itechind.com.  You want to ensure that updates can be made to any server. You also want to optimize and simplify the management of DNS replications and zone transfers.  What should you do?
    • A. 

      Promote Srv2.itechind.com to a domain controller.

    • B. 

      On DC1.itechind.com, add Srv2.itechind.com to the notify list.

    • C. 

      On DC1.itechind.com, set the Time to Live (TTL) value in the SOA record to a higher value.

    • D. 

      Remove the DNS Server service from Srv2.itechind.com. Install the DNS Server service on DC2.itechind.com. Convert the zone hosted by DC1.itechind.com to an Active Directory-integrated zone.

  • 5. 
    You are the network administrator for I-Technic Industries. The network contains Windows XP Professional and Windows Server 2003 computers. You have two Windows 2003 domain controllers named DC1 and DC2 that are responsible for a single domain named itechind.com. Your primary DNS server is installed on a domain controller named DC1.itechind.com. You have one secondary DNS server installed on a member server named Srv2.itechind.com.  You want to ensure that updates can be made to any server. You also want to optimize and simplify the management of DNS replications and zone transfers.  What should you do? 
    • A. 

      Promote Srv2.itechind.com to a domain controller.

    • B. 

      On DC1.itechind.com, add Srv2.itechind.com to the notify list.

    • C. 

      On DC1.itechind.com, set the Time to Live (TTL) value in the SOA record to a higher value.

    • D. 

      Remove the DNS Server service from Srv2.itechind.com. Install the DNS Server service on DC2.itechind.com. Convert the zone hosted by DC1.itechind.com to an Active Directory-integrated zone.

  • 6. 
    You are the network administrator for a large shoe manufacturer. The network consists of a single Active Directory domain containing Windows Server 2003 computers and Windows XP Professional client computers. You have configured several Group Policy Objects (GPOs) to enforce IPSec for certain types of communications on your network.  FileSrv1 provides file services for confidential corporate data. A GPO is supposed to encrypt all communication involving FileSrv1. However, it has recently been discovered that some files have been compromised.  Management has asked you to view all IPSec settings applied through GPOs to FileSrv1. You must also be able to determine the GPO to which an active IPSec policy is assigned.  Which two tools should you use? (Choose two. Each correct answer presents part of the solution.)
    • A. 

      Netdiag.exe

    • B. 

      IP Security Monitor console

    • C. 

      IP Security Policy Management console

    • D. 

      Resultant Set of Policy (RSoP) console

    • E. 

      Microsoft Baseline Security Analyzer (MBSA)

  • 7. 
    You are a network administrator for your company. The network consists of two Active Directory domains in a single forest. The network spans two locations that are connected through a dial-up link. All servers on the network run Windows Server 2003. All computers in the central office belong to the verigon.com domain and are configured to use Server1 as the preferred DNS server. Server1 hosts a primary zone for the verigon.com domain. All computers in the branch office belong to the branch.verigon.com domain and are configured to use Server2 as the preferred DNS server. Server2 hosts a primary zone for the branch.verigon.com domain.  All computers in both offices must always be able to resolve names of any computer on the network, even when the dial-up link between the two offices is disconnected.  What should you do?
    • A. 

      On Server1, create a secondary zone for the branch.verigon.com domain. On Server2, create a secondary zone for the verigon.com domain.

    • B. 

      Configure Server1 and Server2 to perform conditional forwarding to each other.

    • C. 

      On Server1, create a delegation for the branch.verigon.com domain. On Server2, create a delegation for the verigon.com domain.

    • D. 

      On Server1, create a stub zone for the branch.verigon.com zone. On Server2, create a stub zone for the verigon.com zone.

  • 8. 
    You are a remote employee for your company. Your home network is connected to the Internet through a cable modem. The company 's written security policy requires that all remote employees configure Internet Explorer on their home computers to reject cookies from all Web sites except your company's Web site. You must comply with the company policy.   On your Windows XP Professional computer at home, you start Internet Explorer and select Internet Options from the Tools menu. In the Internet Options sheet, you must configure the appropriate settings that define the handling of cookies.  Which of the following tabs should you select?
    • A. 

      General

    • B. 

      Security

    • C. 

      Privacy

    • D. 

      Content

    • E. 

      Connections

  • 9. 
    You administer your company's network, which consists of a single Active Directory domain and several sites. All servers run Windows Server 2003, and all client computers run Windows XP Professional. Name resolution is provided by DNS servers. DHCP servers provide TCP/IP configurations to client computers. Servers are assigned static TCP/IP configurations. A written company policy mandates that all access to the Internet be directed through only by an Internet Security and Acceleration (ISA) server at each site. Currently, computers are manually configured to use the ISA server at their location.  Several portable computers that run Windows XP Professional have been purchased for 40 users who will travel between sites. You want to configure the DHCP servers so that the portable computers will be automatically configured to use the appropriate ISA server computer for the site at which they are located. For each site, you create an autoconfiguration file and store it on a local intranet Web server.  Which DHCP option should you configure? 
    • A. 

      003 Router

    • B. 

      006 DNS Servers

    • C. 

      015 DNS Domain Name

    • D. 

      252 WPAD

  • 10. 
    You are your company's network administrator. The network contains Windows Server 2003, Windows 2000 Server, and Windows XP Professional computers, and is connected to the Internet. You use Internet Protocol Security (IPSec) on your network to protect all data.  You suspect that certain IPSec policies are not being assigned to the Windows 2000 Server computers. You must view the name of the active IPSec policies that are being used by each computer.  Which tool should you use?
    • A. 

      Netsh

    • B. 

      Netdiag

    • C. 

      Ipseccmd

    • D. 

      IP Security Monitor console

    • E. 

      Group Policy Verification tool

  • 11. 
    You administer your company's network. Your company maintains a public Web site on a Windows Server 2003 IIS 6.0 Web server that is named WebSrv. You can administer WebSrv only remotely because it is hosted by a third party. Normally, you perform administrative tasks from your workstation on the company network. You also want to be able to manage WebSrv from your home. You do not have a high-speed Internet connection at home. To access WebSrv from your home, you will first dial in to the corporate network. This connection is very slow, and you have difficulty using IIS Manager. You want to be able to make configuration changes to IIS on WebSrv quickly to minimize the impact on Internet users.
    • A. 

      Enable BITS server extensions on WebSrv

    • B. 

      Enable FrontPage server extensions on WebSrv.

    • C. 

      Configure WebSrv to support WebDAV.

    • D. 

      Use Notepad to directly edit the IIS metabase.

  • 12. 
    You are responsible for administering your company's network. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company's written security policy stipulates that the system, security, and application event logs on all domain controllers must be periodically archived and manually cleared. Each log should not exceed 100 MB in size. Events must never be overwritten in any of the event logs.   You must comply with the company's policy and ensure that your assistants, who have the authority to perform administrative tasks on domain controllers, cannot change the size and retention settings for event logs.  What should you do?
    • A. 

      Configure NTFS permissions for event log files so that only you can access them.

    • B. 

      Configure the appropriate log size and retention settings in the Default Domain Controllers Policy GPO.

    • C. 

      Add your assistants' user accounts to the Backup Operators group in the domain.

    • D. 

      Create a script that will configure the appropriate log size and retention settings by editing the Registry. Run the script on each domain controller.

  • 13. 
    You administer your corporate network, which consists of a single Active Directory domain named cdpres.com. The relevant portion of the network is depicted in the following image:  The network contains three Windows Server 2003 domain controllers, twenty-five Windows Server 2003 member servers, and one hundred Windows 2000 Professional client computers. Server01 hosts the corporate intranet Web site. Server03 provides client computers with TCP/IP settings, and Server02 hosts the standard primary DNS zone for the cdpres.com domain. Computers in the domain are configured to query Server02 for name resolution.  To access the intranet Web site, users type server01.cdpres.com in the Address bar in Internet Explorer. To make access to the intranet Web site more intuitive, you want to enable users to use the name www.cdpres.com. Additionally, users should be able to access the intranet site by its IP address.  Which resource record should you add? 
    • A. 

      Server01 A 192.168.10.10

    • B. 

      Www CNAME server01.cdpres.com

    • C. 

      @ MX 1 server01.cdpres.com

    • D. 

      _ldap._tcp SRV 10 0 389 server01.cdpres.com

  • 14. 
    You are the network administrator for a single Active Directory domain. The domain contains 1,000 Windows XP Professional client computers and 20 Windows Server 2003 computers. Internet Protocol Security (IPSec) is implemented on your network.  You suspect that a user has been changing the IPSec policies on your network. You must determine which user is making IPSec policy changes. In addition, you want to identify any users who are attempting to make changes.  What should you do?
    • A. 

      Enable success auditing for the Audit logon events audit policy for your domain.

    • B. 

      Enable success auditing for the Audit policy change audit policy for your domain.

    • C. 

      Enable success auditing for the Audit privilege use audit policy for your domain.

    • D. 

      Enable success and failure auditing for the Audit logon events audit policy for your domain.

    • E. 

      Enable success and failure auditing for the Audit privilege use audit policy for your domain.

  • 15. 
    You are your company's network administrator. A portion of your network is shown in the image:   IIS1 is your company's intranet server. A limited number of individuals should be editing files on this computer.  You must be able to monitor all communication with IIS1. Your monitoring solution must minimally affect the performance of IIS1. In addition, you need to ensure that only Administrators on Subnet 1 are able to monitor network activity using Network Monitor. You want to accomplish this with the least amount of administrative effort.  What should you do? (Choose two. Each correct answer presents part of the solution.)
    • A. 

      Install Network Monitor on IIS1.

    • B. 

      Install the Network Monitor Driver on IIS1.

    • C. 

      Install the Systems Management Server version of Network Monitor on MON1.

    • D. 

      Select Identify Network Monitor Users on the Tools menu in Network Monitor

    • E. 

      Select Show Address Names on the Options menu in Network Monitor..

  • 16. 
    You administer your company's e-mail servers. Your company has decided to purchase a new Windows Server 2003 computer that will run Microsoft Exchange Server 2003 and provide e-mail services on the internal network. You want to ensure that users on the internal network can access the new e-mail server by using its fully qualified domain name (FQDN). The server will not be used to receive Internet e-mail.  At a minimum, which DNS resource record is required for the new e-mail server?
    • A. 

      A

    • B. 

      CNAME

    • C. 

      HINFO

    • D. 

      MX

    • E. 

      NS

  • 17. 
    You are the network administrator for a large electronics company, which is a division of Verigon Incorporated. The network contains only Windows Server 2003 and Windows XP Professional computers in a single Active Directory domain named verigonelec.com. Several companies purchase your products for resale. These companies connect to your network over a VPN using Windows XP Professional computers that are not members of your domain and need access to a Windows Server 2003 file server named FS1.  To protect confidential data, you have implemented the Secure Server IPSec policy on all servers and the Client IPSec policy on all client computers. The computers owned by the purchasers have had the Client IPSec policy applied. However, you have noticed that the purchaser connections are not encrypted. You must ensure that the purchaser connections are encrypted without compromising your domain security.  What should you do?
    • A. 

      Change the IPSec policy on FS1 to Server.

    • B. 

      Add the purchaser computers to the verigonelec.com domain.

    • C. 

      Configure FS1 and the purchaser computers to use Kerberos authentication.

    • D. 

      Create a trust between the verigonelec.com domain and the purchaser domains.

    • E. 

      Implement a certificate authority (CA) and configure FS1 and the purchaser computers to use certificates.

  • 18. 
    You are the network administrator for a single Active Directory domain named verigon.com. Your domain contains two thousand Windows 2000 Professional desktop computers, five hundred Windows 2000 Professional notebook computers, and two hundred and fifty Windows XP Professional notebook computers. All computers are configured with dynamically-assigned IP addresses. The notebook computers are frequently moved across subnets.  Your network has three Windows Server 2003 DNS servers. DNS1 is the primary DNS server. DNS2 and DNS3 are secondary DNS servers. Users are complaining that they are having trouble resolving the DNS names of some of the notebook computers when they attempt to access files on these computers.  You must ensure that the verigon.com domain contains the appropriate DNS information for all of the notebook computers.  What should you do?
    • A. 

      Log in as a member of the Domain Admins global group. In the properties of DNS1, enable aging and scavenging.

    • B. 

      Log in as a member of the Domain Admins global group. Configure the verigon.com zone as an Active Directory-integrated zone.

    • C. 

      Log in as a member of the Domain Admins global group. In the properties of the verigon.com domain, enable aging and scavenging.

    • D. 

      Log in as a member of the Domain Admins global group. In the properties of DNS1, enable aging and scavenging. In the properties of the verigon.com domain, enable aging and scavenging.

  • 19. 
    You are the administrator for your company's Windows 2003 domain. You have three Domain Name System (DNS) servers on your network.  While doing routine maintenance on the DNS server named MAIN, you notice a DNS warning message in the Event Viewer, as shown in the image:   You ping DNS1 and receive a reply.  What should you do next?
    • A. 

      Clear the DNS server cache on MAIN.

    • B. 

      Clear the DNS server cache on DNS1.

    • C. 

      Stop and restart the DNS service on DNS1.

    • D. 

      Stop and restart the DNS service on MAIN.

    • E. 

      Run the ipconfig /flushdns command at DNS1.

  • 20. 
    You are your company's network administrator. The network contains Windows Server 2003, Windows 2000 Server, Windows XP Professional, and Windows 2000 Professional computers in a single Active Directory domain named goliath.com as shown in the following image:   All domain controllers run Windows Server 2003.  The company's written security policy states that file and folder access on all server computers in the domain must be monitored for failures. You create a customer security template named FFAccess.  You need to configure the FFAccess security template to enforce the written security policy of your company for all server computers in the domain. You must accomplish this with the least amount of administrative effort.  What should you do? (Choose all that apply. Each correct answer presents part of the solution.)
    • A. 

      Apply the FFAccess security template to the Servers OU.   

    • B. 

      Apply the FFAccess security template to the Clients OU.

    • C. 

      Apply the FFAccess security template to the Domain Controllers OU.   

    • D. 

      Apply the FFAccess security template to the goliath.com domain.

    • E. 

      On the FFAccess security template, enable the Audit object access policy for failures.

  • 21. 
    You are a network administrator of your company's Active Directory domain, which consists of four Windows Server 2003 domain controllers and 75 Windows XP Professional computers. The company's written security policy mandates that network administrators must log on with their regular domain user accounts. When a higher level of privileges is required to perform an administrative task, administrators should use the runas command to launch the required application with a specially created account that has the rights to perform the specific task.   Name resolution failures begin occurring on your network. You log on to one of your domain controllers by using your non-administrative domain user account. Next, you attempt to run Replication Monitor by using an administrative user account named RM1 by issuing the runas /user:rm1 replmon command. After you enter the password for RM1, the following error is displayed:   RUNAS ERROR: Unable to run - replmon 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.  You inspect the services on the domain controller to determine the reason that you cannot start Replication Monitor.  Failure of which service is most likely to prevent you from starting Replication Monitor?
    • A. 

      Secondary Logon

    • B. 

      Net Logon

    • C. 

      DNS Client

    • D. 

      DNS Server

  • 22. 
    You are your company's network administrator. The network contains a single Active Directory domain. All Windows Server 2003 computers are contained in the Servers organizational unit (OU). All Windows XP Professional client computers are contained in the Clients OU.  A user named Mark must be able to configure TCP/IP protocol settings on a Windows Server 2003 computer named SrvN. You do not want to grant Mark more permissions than is necessary.  What should you do?
    • A. 

      Add Mark's user account to the Power Users local group on SrvN.

    • B. 

      Add Mark's user account to the Administrators local group on SrvN.

    • C. 

      Add Mark's user account to the Server Operators domain local group in the domain.

    • D. 

      Add Mark's user account to the Network Configuration Operators local group on SrvN.

    • E. 

      Add Mark's user account to the Network Configuration Operators domain local group in the domain.

  • 23. 
    You administer a Windows 2003 network. A portion of the network structure is shown in the exhibit.  TCP/IP is the only network protocol. The network ID is 196.123.88.0/27. This is the only set of IP addresses your company owns. All TCP/IP information is assigned to client computers on subnet A and subnet B by DHCP1. A separate scope with all available addresses is created on DHCP1 for each subnet.  You recently added new Windows XP Professional clients to each subnet on the network. Now users from both subnets report that they cannot always access the network. After varying periods of time, they reboot their computers and are able to successfully connect to the network. Other computers on both subnets are continuing to operate normally and have full access to network resources. In addition, laptops are periodically being used for one day on the network when people visit from out of town.  To investigate the situation, you check the IP configuration on one of the new computers, named Client30, that is experiencing trouble. You discover that the IP address of this computer is 169.254.0.5. You must resolve this problem.  What should you do?
    • A. 

      Shorten the lease duration for both scopes.

    • B. 

      Add new addresses to the existing DHCP scopes.

    • C. 

      Shorten the lease duration for the subnet B scope only.

    • D. 

      Assign static IP addresses to the new Windows XP Professional clients.

    • E. 

      Configure both scope options to include the Perform Router Discovery option.

  • 24. 
    You are your company's network administrator. Your network consists of a single Active Directory domain. The DHCP service is installed on a Windows Server 2003 computer named DHCP1. DHCP1 has been authorized in Active Directory. A single scope has been defined on DHCP1 with 200 IP addresses: 204.29.82.10 through 204.29.82.209.  While performing routine maintenance, you notice a DHCP Jet database error in the Event Log on DHCP1. Later in the day, users report that IP addresses are not being delivered to client computers. You must ensure that DHCP can operate normally.  What should you do?
    • A. 

      Shorten the lease duration for both scopes.

    • B. 

      Add new addresses to the existing DHCP scopes.

    • C. 

      Shorten the lease duration for the subnet B scope only.

    • D. 

      Assign static IP addresses to the new Windows XP Professional clients.

    • E. 

      Configure both scope options to include the Perform Router Discovery option.

  • 25. 
    You are the network administrator for a large company. The network contains Windows XP Professional and Windows Server 2003 computers as shown in the exhibit. (Click the Exhibit(s) button.) DHCPA provides DHCP services to the entire network and has three scopes configured, one for each subnet. DNSA provides DNS services to the entire network.  You want to configure DHCPA so that it assigns the appropriate options to DHCP clients for the DNS server and router.  What should you do?
    • A. 

      At DHCPA, configure the server option 003 with the IP address of the router. For each scope, configure the scope option 006 with the IP address of the DNS server.

    • B. 

      At DHCPA, configure the server option 006 with the IP address of the router. For each scope, configure the scope option 003 with the IP address of the DNS server.

    • C. 

      At DHCPA, configure the server option 006 with the IP address of the DNS server. For each scope, configure the scope option 003 with the IP address of the local router.

    • D. 

      At DHCPA, configure the server option 003 with the IP address of the DNS server. For each scope, configure the scope option 006 with the IP address of the local router.