Windows Server 2003 70-290 Chpt. 7-9
Windows Server 2003 70-290 Chpt. 7-9
Questions and Answers
- 1.
In a domain running in Windows Server 2003 domain functional level, what security principals can be a member of a global group? (Choose all correct answers.)
- A.
Users
- B.
Computers
- C.
Universal groups
- D.
Global groups
Correct Answer(s)
A. Users
B. Computers
D. Global groupsExplanation
In a Windows Server 2003 domain functional level, security principals that can be a member of a global group include users, computers, and other global groups. Universal groups, on the other hand, cannot be a member of a global group in this domain.Rate this question:
-
- 2.
In the properties of a group, which tab do you access to add users to the group?
- A.
General
- B.
Members
- C.
Members Of
- D.
Add Member
Correct Answer
B. MembersExplanation
To add users to a group, you would access the "Members" tab in the properties of the group. This tab allows you to view and manage the current members of the group and also provides options to add new users to the group.Rate this question:
-
- 3.
You want to nest the IT Administrators group responsible for the Sales group inside the Sales group so that its members will have access to the same resources (set by permissions in an ACL) as the Sales group. From the Properties page of the IT Administrators group, what tab do you access to make this setting?
- A.
General
- B.
Members
- C.
Members Of
- D.
Add Member
Correct Answer
C. Members OfExplanation
To nest the IT Administrators group responsible for the Sales group inside the Sales group, you would access the "Members Of" tab from the Properties page of the IT Administrators group. This tab allows you to add the IT Administrators group as a member of the Sales group, thereby giving its members access to the same resources set by permissions in an ACL as the Sales group.Rate this question:
-
- 4.
If your environment consists of two domains, one Windows Server 2003 and one Windows NT 4, what group scopes can you use for assigning permissions on any resource on any domain member computer?
- A.
Domain Local Group
- B.
Global Group
- C.
Universal Group
- D.
Security Group
Correct Answer
A. Domain Local GroupExplanation
In this scenario, the group scopes that can be used for assigning permissions on any resource on any domain member computer are Domain Local Group. Domain Local Groups are used to assign permissions within a single domain and can contain user accounts, global groups, and universal groups from any domain. Global Groups are used to organize users within a domain, Universal Groups are used to assign permissions across multiple domains, and security groups are a general term that encompasses all types of groups used for assigning permissions.Rate this question:
-
- 5.
Which of the following group scope modifications are not permitted? (Choose all correct answers.)
- A.
Global to universal
- B.
Domain local to universal
- C.
Universal to global
- D.
Domain local to local
- E.
Global to domain local
Correct Answer(s)
D. Domain local to local
E. Global to domain localExplanation
The group scope modifications that are not permitted are Domain local to local and Global to domain local. Domain local groups are specific to a domain and cannot be converted to local groups within the same domain. Similarly, global groups are specific to a domain and cannot be converted to domain local groups within the same domain. Therefore, modifying the scope from domain local to local or from global to domain local is not allowed.Rate this question:
-
- 6.
You are attempting to delete a global security group in the Active Directory Users And Computers console, and the console will not let you complete the task. Which of the following could be causes of the failure? (Choose all correct answers.)
- A.
There are still members in the group.
- B.
One of the group’s members has the group set as its primary group.
- C.
You do not have the proper permissions for the container in which the group is located.
- D.
You cannot delete global groups from the Active Directory Users And Computers console.
Correct Answer(s)
B. One of the group’s members has the group set as its primary group.
C. You do not have the proper permissions for the container in which the group is located.Explanation
One possible cause of the failure to delete a global security group in the Active Directory Users And Computers console could be that one of the group's members has the group set as its primary group. This would prevent the group from being deleted as it is still being used as the primary group for that member. Another possible cause could be that the user attempting to delete the group does not have the proper permissions for the container in which the group is located. Without the necessary permissions, the user would not have the authority to delete the group.Rate this question:
-
- 7.
You are the administrator of a Windows Server 2003 domain that is currently running at the Windows 2000 mixed domain functional level. Your Windows 2003 domain, contoso.com, has an external trust established with a Windows NT 4 domain, contoso_north, which makes contoso_north a trusted domain. You are planning the use of groups in your domain and need to determine what group scopes can be used in any domain in your forest. What group scope can be used in this context as a security principal?
- A.
Domain local
- B.
Global
- C.
Universal
- D.
Domain local with a nested global group
Correct Answer
B. GlobalExplanation
In this scenario, the group scope that can be used as a security principal in any domain in the forest is Global. The reason for this is that a Windows NT 4 domain can only have global groups, and since contoso_north is a trusted domain, it can only support global groups as well. Therefore, in order to maintain compatibility and ensure that the groups can be used across the trust, the group scope should be set to Global.Rate this question:
-
- 8.
You are a network administrator who is building an Active Directory on a new network for a company called Fabrikam, Inc., and you have to create user objects for the 75 users in the Inside Sales department. You have already created the fabrikam.com domain and an OU called Inside Sales for this purpose. The human resources department has provided you with a list of the users’ names and has instructed you to create the account names by using the first initial and the last name. Each user object must also have the value Inside Sales in the Department property and Fabrikam, Inc. in the Company property. Using the first name in the list, Mark Lee, as an example, which of the following command-line formats would enable you to create the 75 user objects, with the required property values?
- A.
Dsadd "Mark Lee" –company "Fabrikam, Inc." –dept "Inside Sales"
- B.
Dsadd user CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com –company Fabrikam, Inc. –dept Inside Sales
- C.
Dsadd –company "Fabrikam, Inc." –dept "Inside Sales" "CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com"
- D.
Dsadd user "CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com" –company "Fabrikam, Inc." –dept "Inside Sales"
Correct Answer
D. Dsadd user "CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com" –company "Fabrikam, Inc." –dept "Inside Sales"Explanation
The correct answer is dsadd user "CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com" –company "Fabrikam, Inc." –dept "Inside Sales". This command-line format uses the dsadd user command to create a user object named "Mark Lee" in the "Inside Sales" OU of the "fabrikam.com" domain. The -company and -dept options are used to set the Company and Department properties of the user object to "Fabrikam, Inc." and "Inside Sales" respectively. The CN=Mark Lee,CN=Inside Sales,DC=fabrikam,DC=com part specifies the distinguished name (DN) of the user object, which includes the OU and domain information.Rate this question:
-
- 9.
What are the minimum group memberships necessary to create a Windows Server 2003 computer account in an OU in a domain? Consider all steps of the process, and assume that the computer object for the system does not yet exist in Active Directory.(Choose all correct answers.)
- A.
Domain Admins
- B.
Enterprise Admins
- C.
Account Operators on a domain controller
- D.
Account Operators on the computer
- E.
Administrators on the computer
Correct Answer(s)
C. Account Operators on a domain controller
E. Administrators on the computerExplanation
To create a Windows Server 2003 computer account in an OU in a domain, the minimum group memberships required are Account Operators on a domain controller and Administrators on the computer. The Account Operators on a domain controller group is needed to create the computer account in the Active Directory. The Administrators on the computer group is necessary to have the required privileges to create the computer account on the specific computer.Rate this question:
-
- 10.
Which of the following command-line tools can create a computer object in Active Directory?
- A.
Dsmod.exe
- B.
Dsrm.exe
- C.
Netdom.exe
- D.
Dsadd.exe
- E.
Net.exe
Correct Answer(s)
C. Netdom.exe
D. Dsadd.exeExplanation
Netdom.exe and Dsadd.exe are the correct command-line tools for creating a computer object in Active Directory. Netdom.exe is a command-line tool used to manage domain trusts, join computers to a domain, and create computer accounts. Dsadd.exe is a command-line tool used to create various objects in Active Directory, including computer objects. Dsmod.exe is used to modify existing objects, Dsrm.exe is used to delete objects, and Net.exe is used for various network-related tasks but not specifically for creating computer objects in Active Directory.Rate this question:
-
- 11.
Which of the following Windows platforms are capable of joining to a computer object in an Active Directory domain?
- A.
Windows 2000
- B.
Windows NT 4
- C.
Windows 98
- D.
Windows XP
- E.
Windows Server 2003
Correct Answer(s)
A. Windows 2000
B. Windows NT 4
D. Windows XP
E. Windows Server 2003Explanation
Windows 2000, Windows NT 4, Windows XP, and Windows Server 2003 are capable of joining to a computer object in an Active Directory domain. These operating systems have the necessary functionality and compatibility to connect to and interact with an Active Directory domain. Windows 98, on the other hand, does not have this capability and cannot join a computer object in an Active Directory domain.Rate this question:
-
- 12.
After a period of expansion, your company created a second domain. Last weekend, a number of machines that had been in your domain were moved to the new domain. When you open Active Directory Users And Computers, the objects for those machines are still in your domain and are displayed with a red X icon. What is the most appropriate course of action?
- A.
Enable the objects
- B.
Disable the objects
- C.
Reset the objects
- D.
Delete the objects
Correct Answer
D. Delete the objectsExplanation
The most appropriate course of action is to delete the objects. Since the machines have been moved to the new domain, it is no longer necessary to keep their objects in the old domain. Deleting the objects will remove them from the old domain and help maintain a clean and organized Active Directory.Rate this question:
-
- 13.
A user reports that during a logon attempt, he received a message stating that the computer cannot contact the domain because the domain controller is down or the computer account might be missing. You open Active Directory Users And Computers and discover that the account for that computer is missing. What steps should you take?
- A.
Create a computer account, disjoin the user's account from the domain, and then rejoin it to the domain.
- B.
Reset the computer account, disjoin the user's account from the domain, and then rejoin it to the domain.
Correct Answer
A. Create a computer account, disjoin the user's account from the domain, and then rejoin it to the domain.Explanation
The correct answer is to create a computer account, disjoin the user's account from the domain, and then rejoin it to the domain. This is because the user received a message stating that the computer cannot contact the domain because the domain controller is down or the computer account might be missing. By creating a new computer account and then disjoining and rejoining the user's account to the domain, it allows for a fresh connection to be established between the computer and the domain, resolving the issue.Rate this question:
-
- 14.
A user reports that during a logon attempt, he received a message stating that the computer cannot contact the domain because the domain controller is down or the computer account might be missing. You open Active Directory Users And Computers and see that the computer’s account appears normal. What steps should you take?
- A.
Create a computer account, disjoin the user's account from the domain, and then rejoin it to the domain.
- B.
Reset the computer account, disjoin the user's account from the domain, and then rejoin it to the domain.
Correct Answer
B. Reset the computer account, disjoin the user's account from the domain, and then rejoin it to the domain.Explanation
If the user's account appears normal in Active Directory Users And Computers, it suggests that the computer account might be the issue. By resetting the computer account, disjoining the user's account from the domain, and then rejoining it to the domain, it can help resolve the problem. This process will refresh the computer's connection with the domain and ensure that the computer account is properly recognized by the domain controller.Rate this question:
-
- 15.
In your Windows Server 2003 domain contoso.com, you have a computer object for a member server called Pserver01 in an OU called Pservers. This object represents a print server that has been offline for a lengthy period and is not communicating with other computers in the domain to accept print jobs. You have determined that the password on this computer’s account within the domain needs to be reset. Which command can you issue to correctly reset the computer account?
- A.
Dsmod CN=pserver01,CN=PSERVERS,DC=contoso,DC=com –reset
- B.
Dsmod computer pserver01.contoso.com –reset
- C.
Dsmod contoso\pserver01 –reset
- D.
Dsmod computer CN=pserver01,CN=PSERVERS,DC=contoso,DC=com –reset
Correct Answer
D. Dsmod computer CN=pserver01,CN=PSERVERS,DC=contoso,DC=com –resetExplanation
The correct command to reset the computer account for Pserver01 in the Pservers OU in the contoso.com domain is "dsmod computer CN=pserver01,CN=PSERVERS,DC=contoso,DC=com –reset". This command uses the "dsmod" utility to modify the computer object, specifies the correct distinguished name (DN) for the object, and includes the "-reset" parameter to reset the computer account's password.Rate this question:
-
- 16.
Which of the following tools enables you to create a share on a remote server?(Choose all correct answers.)
- A.
A custom MMC console containing the Shared Folders snap-in
- B.
Windows Explorer running on the local machine, connected to the remote computer’s ADMIN$ share
- C.
Net.exe
- D.
The Computer Management console
Correct Answer(s)
A. A custom MMC console containing the Shared Folders snap-in
D. The Computer Management consoleExplanation
A custom MMC console containing the Shared Folders snap-in enables you to create a share on a remote server by providing a user-friendly interface to manage shared folders on the remote server. The Shared Folders snap-in allows you to create, modify, and delete shared folders on the remote server.
The Computer Management console also enables you to create a share on a remote server. It provides a centralized management tool that includes various snap-ins, including the Shared Folders snap-in, allowing you to manage shared folders on remote servers.
Windows Explorer running on the local machine, connected to the remote computer's ADMIN$ share, does not directly enable you to create a share on a remote server. It only provides access to the administrative share on the remote computer.
Net.exe is a command-line tool that allows you to manage various network resources, but it does not specifically enable you to create a share on a remote server.Rate this question:
-
- 17.
What are the minimum NTFS permissions required to allow users to open documents and run programs stored in a shared folder?
- A.
Full Control
- B.
Modify
- C.
Write
- D.
Read & Execute
- E.
List Folder Contents
Correct Answer
D. Read & ExecuteExplanation
The minimum NTFS permissions required to allow users to open documents and run programs stored in a shared folder is "Read & Execute". This permission allows users to view and access the files within the shared folder, as well as execute any programs or scripts contained within it. It does not grant the ability to modify or delete files, ensuring the integrity of the shared folder and its contents.Rate this question:
-
- 18.
Bill complains that he is unable to access the spreadsheet document containing the departmental budget. You open the Security tab for the document, and you find that all permissions for the document are inherited from its parent folder. The Deny Read permission is assigned to a group called Acctg3, of which Bill is a member. Which of the following methods would enable Bill to access the plan? (Choose all correct answers.)
- A.
Modify the permissions on the parent folder by adding the permission Bill:Allow Full Control.
- B.
Modify the permissions on the spreadsheet document by adding the permission Bill:Allow Read.
- C.
Modify the permissions on the parent folder by adding the permission Bill:Allow Read.
- D.
Modify the permissions on the spreadsheet document by deselecting Allow Inheritable Permissions, selecting Copy, and removing the Deny permission.
- E.
Remove Bill from the group that is assigned the Deny permission.
Correct Answer(s)
B. Modify the permissions on the spreadsheet document by adding the permission Bill:Allow Read.
D. Modify the permissions on the spreadsheet document by deselecting Allow Inheritable Permissions, selecting Copy, and removing the Deny permission.
E. Remove Bill from the group that is assigned the Deny permission.Explanation
To enable Bill to access the spreadsheet document, you can modify the permissions on the spreadsheet document itself by adding the permission "Bill:Allow Read." This will grant Bill the necessary access to view the document. Additionally, you can modify the permissions on the spreadsheet document by deselecting "Allow Inheritable Permissions," selecting "Copy," and removing the "Deny" permission. This will override the inherited permissions and allow Bill to access the document. Lastly, you can remove Bill from the group that is assigned the "Deny" permission, which will also grant him access to the document.Rate this question:
-
- 19.
You want to ensure the highest level of security for your corporate IIS intranet server without the added infrastructure of certificate services. The goal is to provide authentication that is transparent to users and to allow you to secure intranet resources with the group accounts existing in Active Directory. All users are within the corporate firewall. Which of the following authentication methods should you choose?
- A.
Anonymous Access
- B.
Basic Authentication
- C.
.NET Passport Authentication
- D.
Integrated Windows Authentication
Correct Answer
D. Integrated Windows AuthenticationExplanation
Integrated Windows Authentication should be chosen in this scenario. This authentication method allows users to authenticate automatically using their Windows credentials without the need for additional login prompts. It leverages the security features of Active Directory and provides a seamless and transparent authentication process for users. Since all users are within the corporate firewall, this method ensures a high level of security for the corporate IIS intranet server without the need for additional infrastructure like certificate services.Rate this question:
-
- 20.
You are configuring share permissions for a shared folder on a file server. You want all Authenticated Users to be able to save files to the folder, read all files in the folder, and modify or delete files that they own. What are the minimum permissions that you need to set on the shared folder to achieve your objective? (Choose all correct answers.)
- A.
Authenticated Users: Full Control
- B.
Authenticated Users: Read
- C.
Creator Owner: Change
- D.
Creator Owner: Read
Correct Answer(s)
B. Authenticated Users: Read
C. Creator Owner: Change -
- 21.
The content files for your corporate Web server are currently stored on drive D of a Windows Server 2003 computer with IIS installed. The server is called Web1 and its URL is http://intranet.contoso.com. You have been instructed to create an IIS solution that will enable the human resources department to publish documents containing company benefit and policy information from its own server. You have also been told that the URL to access the HR information should be http://intranet.contoso.com/hr. What must you do to fulfill the instructions?
- A.
Install IIS on the HR server.
- B.
Create a new Web site on Web1 called hr.
- C.
Install the FTP service on Web1.
- D.
Create a virtual directory on Web1 with the alias hr.
Correct Answer
D. Create a virtual directory on Web1 with the alias hr.Explanation
To fulfill the instructions, you need to create a virtual directory on the Web1 server with the alias "hr". This will allow the human resources department to publish their documents containing company benefit and policy information from their own server while using the URL http://intranet.contoso.com/hr. This solution does not require installing IIS on the HR server or the FTP service on Web1, nor does it involve creating a new website on Web1.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 20, 2023Quiz Edited by
ProProfs Editorial Team -
May 30, 2009Quiz Created by
Ajeff
Back to top