Microsoft MCSE: 70-293 Practice Exam - 1

Automatic Private IP Address is a process of assigning IP address to a host within a private network in situations where the host is a DHCP client but is unable to reach the DHCP server either for the first time assignment of IP address or when the lease period of the existing IP address has lapsed before it could renew it with its DHCP server.

To arrive at the subnet Id you must perform AND operation between the subnet mask and the IP address. Considering the same, the subnet id is 172.16.10.0

The Windows NT 4.0 based CA needs to be first upgraded to Windows 2000 based CA and then to a Windows Server 2003 Enterprise Root CA.

The certutil command when used with the certlog-verbose level will log detailed errors into the Event viewer.

Network load balancing clusters do not support Stateful applications and hence do not require the quorum.

It is snot required that the IIS server must be running on the Root DC for the purpose of Web enrollment. The IIS server may be running on any of the resource servers also.

Cert publishers group is correct. Enterprise admin group and the cert managers group are irrelevant here.

In situations of an ongoing upgrade to the network, the Enterprise CA is already in place and the will have to be added to the cert publishers group manually each time a child domain is added to the network. Otherwise, the error message as stated may be generated whenever a certificate is being issued to the child domain

Whenever a certificate server is being upgraded, if the same database has to carried over to the new version of the service then the database will have to be preserved. This configuration applies to the pending requests as well.

The CHKDSK command creates the cluster.log this information is also reported in the Application log of the Event viewer.

Along with applications on the network being audited for the requirement, you should have used monitoring tools to capture the type of network traffic that existed on the network before IPSec planning and deployment. This would have given you a fair idea of the protocols that would be required along with the applications. All connectivity related diagnostics will rely on ICMP and hence ICMP must be exempted from restrictions within the network.

The CA version indicates the number of renewals the CA certificate has undergone and the number of keys that have been generated with the renewals.

The Schema Master is responsible for managing and maintaining the master list of all classes and attributes that will be used to create Active Directory objects.
No object can be created in a domain that has lost its link with the Schema master.

When a router splits one physical network into 2, each resulting network is referred to as an isolated LAN

Of all the authentication types used by IPSec, certificates are the most secure.

IPSec transport mode and tunnel mode does to agree too well with corporate networks that use Wireless LAN as they may have mobile devices that would be using dynamic IP configuration to connect to the network.
WEP encryption and IEEE 802.1X authentication are better for protecting corporate Wireless LAN

NAT as well as Proxy services are required on the perimeter network even if security was not an issue because at the border of the perimeter network the private network address gets translated to public network address and vice versa for the purpose of Internet access.
Even though NAT and Proxy service provide security by hiding internal network address from the outside world, the router can be more effective if you implement the accurate access list to ensure only authorized packets can enter the network and access the relevant service within the network.

When migrating from Windows NT 4.0 Certificate Service to Windows Server 20003 based Certificate Server, You will have to migrate first to Windows 2000 and then to Windows Server 2003 Certificate service if the setting will have to be preserved. There are chances that a forced upgrade will result in the Certificate Service to uninstall itself at the end of the installation.

It is mandatory to backup existing key pairs, CA Database, CA Certificate, and private keys explicitly when upgrading a CA from older version to a newer one. If the key pairs do not get preserved, the old clients will not be recognized by the new CA.

Ensure the said DC is offline. Restart the DC in DS Restore mode and use the compact db option in the ntdsutil command.

The quorum service provides physical storage to store or maintain the configuration information which is combination of cluster service and state information.

The Root CA and the Enterprise CA both perform the same role in different network scenarios. Subordinate CA is in the bottom level of the hierarchy and the Standalone CA does not function in the top-level of the hierarchy.

Since the dial-in profile being configured is just to check the connectivity of the RADIUS client with its server, it would be appropriate to check the �Unauthenticated access� option.

Establishing a two-way trust ensures that the path or direction for resource access is set. Auditing resource access ensures that unauthorized access can be prohibited. Although Kerberos V5 would have sufficed for authentication, since the requirement for authentication is that it should be very strict, it is required that you implement certificates here.

The right path to be chosen while creating a link to the root of DFS in this case is \\MetroTech.MSFT\DFSR

IPSec policies cannot negotiate security for multicast and broadcast communication types.

To analyze if the DHCP server is processing client request efficiently you must be able to judge the time gap between DHCP request and DHCP acknowledgements and the no. acknowledgements against he no. of negative acknowledgements.

Since the Finance and the Sales department are most congested, it is a good plan to separate these two networks from the rest using routers. Usually, these two departments have more outgoing traffic rather than the incoming traffic due to the nature of their work, hence implementing access list and securing resources with relevant permissions will be easily manageable.
Implementing a server farm along with splitting the above-said networks from the main network will ease the congestion on the main network considerably. The server farm needs a layer 3 switch that can re-route services or access to service within the network rather than the router.

Since you are unaware of the security implementation on the other end and also the consideration here is more for connection than security, you must implement IPSec Server (request Security) on your end of the network. This will ensure that if the security on the other end matches the connection will be secured otherwise the connection will still be successful minus the security.

Net start certsvc is the CLI to start the Certificate service where as the GUI for the same will be the Service tool in the Control Panel.

The IAS supports Proxy service, firewall service, Web caching service and Unified Internetworking management

80% utilization for a network server is acceptable and hence does not require action. Where as the new server has a database, that is constantly used across the network and is adding to the network congestion. To ease this congestion you may consider implementing replicas of these servers in each department where it is continuously accessed.
Moving all servers to switch ports is not practical unless the network diagram for this network can be viewed.

You must restart the Domain Controller in the Directory Service Restore mode, by choosing Windows Advanced Option at the restart. Use the ntdsutil command and choose the option moveDB to option to shift the database and the log file to the new DC.

Server cluster should be implemented and the quorum resource should be implemented on a shared network volume that will be accessible fully by all cluster nodes. It is ideal to implement the quorum resource either on an SCSI based RAID system or on a SAN, as this will provide it with adequate failover.