name = Compilation 1-77
exam = 70-217
Please under name: Compilation 1-77
-------------------------------------
1. You are the admin of a win2k Network. Your network's organizational unit (OU) structure is shown in the exhibit
You grand Create Users Objects permission to Anita for the Executive OU, but she is unable to create users objects in the Users OU. Anita is able to create users objects in the Workstation OU.
What should you do to enable Anita to create users objects in the Users OU?
A. Clear the Allow inheritable permissions from parent to propagate to this object check box in the Executive OU properties.
B. Select the Allow inheritable permissions from parent to propagate to this object check box in the Users OU properties.
C. Add Anita to the Server Operators group. D. Move the Users OU to the same level as the Executive OU
2. You add a new domain controller named GC01 to your network to take the place of the existing global catalog server. You also enable GC01 as a global catalog. You want to use GC00, the original server, as a domain controller, but not as a GC server for the domain.
You want to increase disk space on GC00.
What should you do? (Choose all that apply)
A. Use the Active Directory Sites and Services. Select the NTDS settings object for the GC00 Server to clear the Global Catalog check box.
B. On the GC00 server, run the Ntdsutil utility to defragment Active Directory.
C. On the GC00 server, reinstall Win2k
D. On the GC01 server, run the Ntdsutil utility to enable the global catalog server option.
3. You add three new SCSI hard disk drives to your company’s domain controller. The SCSI disks are configured in a hardware RAID-5 array. You have two other physical disks in this domain controller. You want to optimize the speed of the Active Directory database.
What can you do? (Choose Two)
A. Move the Ntds.dit file to the RAID-5 array.
B. Move the log files to a separate physical disk from the OS
C. Move the log files and the Ntds.dit file to the RAID-5 array.
D. Move the netlogon share to the RAID-5 array.
E. Create a mirror volume and place the log files on the mirror.
4. You are the administrator of the Arbor Shoes company network. There is one domain named arborshoes.com. The domain contains three sites named Geneva, Milwaukee, and Portland. Each site has two domain controllers from the arborshoes.com domain. Geneva and Portland each have 1,000 users. Milwaukee has 500 users.
There are two IP site links: Geneva_Portland and Milwaukee_Portland. You want to add another domain controller in each site to handle all replication from eachsite.
What should you do?
A. Configure each new domain controller to be the IP preferred bridgehead server for its site.
B. Create a connection object from each domain controller in each site to the new domain controller in each site.
C. Create a new site link that has a lower cost that the existing site links.
D. Delete the existing connection objects in each site and manually start the KCC
5. You are the LAN admin for Arbor Shoes. You hire Sophie to be a LAN administrator for the Dublin office. Arbor Shoes has one domain named arborshoes.com. Each office has its own OU. Sophie needs to be able to create child OUs under only ou-Dublin,dc=arborshoes, dc=com and verify the existence of the created OUs.
Which permissions should you assign to Sophie on the Dublin OU? (Choose THREE)
A. FC
B. List Contents
C. Create OU objects
D. Create All Child Objects
E. Write
F. Read
6. You are the administrator for Trey Research and A. Datum Corporation. You manage a multidomain wind2k network of 5,000 users for the two companies. The network is configured as shown in the exhibit:
The two companies have a total of six departments. Each department is an OU in AD. Each Domain and OU has specific Group Policy settings that must applied to all of its members. Your company is reorganizing all six departments. Some, but not all, of the users in each OU have moved. Many users have changed departments, and some have changed domains.
You want to accomplish the following goals in the least possible amount of time.
Place the users account in the appropriate domains.
Apply the existing policies for each domain or OU to the moved accounts.
Do not disrupt user access to shared resources.
What should you do?
A. For all users, create new user accounts in the appropriate OUs. Assign permissions to the accounts to apply the group policy settings, and the delete the old accounts.
B. Fro the users moving between domains create new user accounts in the appropriate OUs. Assign permissions to the accounts to apply the Group Policy settings, and then delete the old accounts. For the users moving between OUs in the same domain, select the accounts. Then choose MOVE from the Action menu, targeting the new OU.
C. For the users moving between domains, use the Movetree utility, specifying the source and target domains and OUs. For the users moving between OUs in the same domain select the accounts. Then choose MOVE from the ACTION menu, targeting the new OU.
D. For the users moving between domains, create new user accounts in the appropriate OUs. Assign permissions to the account to apply the Group Policy settings, and then delete the old accounts. For the users moving between Ous in the same domain, select the accounts. Then choose Copy from the Action menu, entering the appropriate account information for the new users accounts. Then delete the old accounts.
7. You are the administrator of a win2k network. Your win2k domain controller has been in operation for one year. During that year, you have deleted numerous objects. However, the Ntds.dit file is the same size it was before you deleted any objects. You want to reduce the size of the Ntds.dit file.
What should you do? (Choose Two)
A. Delete all the log files from the NTDS folder and restart the server.
B. Use the Ntdsutil utility to perform an authoritive restore.
C. Run the Esentutl utility by using the /d switch.
D. Restart the server in directory services restore mode.
E. Use the Ntdsutil utility to compress the database to another drive.
8. You are the administrator of the company network for Arbor Shoes. Arbor Shoes has three domains: arborshoes.com, na.arborshoes.com, and sa.arborshoes.com. All the domains are in native mode. You are going to remove the na.arborshoes.com domain in an effort to consolidate domains.
There are 300 users in na.arborshoes.com. You want to move all 300 users at the same time to arborshoes.com.
What should you do?
A. At the command prompt, type the following command: Cscropt sidhist.vbs /srcdc:dc1 /srcdom:na.arborshoes.com /dstdc:dc1/dstdom:arborshoes.com
B. At the command prompt, type the following command: Movetree /start /s dc1.na.arborshoes.com/d dc1.arborshoes.com/sdn cn=users,dc=na,dc=arborshoes,dc=com /ddn cn=users, dc=arborshoes, dc=com
C. In MMC, use the copy command in Active Directory Users and Computers
D. In MMC, use the move command in Active Directory Users and Computers
9. You are the enterprise administrator of a windows 2000 domain tree that has five domains. All domains are in native mode. Each domain has one or more users who are help desk staff. Each domain has a global group named Help Desk members that contains the help desk staff from each domain.
There is an OU named Interns in the root domain. You want all help desk staff to be able to reset passwords of the users in the Inters OU.
What should you do?
A. Create a new global security group named Help Desk Staff in the root domain. Place the five help desk members groups in the Help Desk staff group. Place the Help desk staff group in the Reset Interns group. On the reset Interns group, assign the Reset password permission to the Help Desk
Staff group.
B. Create a new global security group named Help Desk Staff in the root domain. Place the five help desk staff in the Help Desk Staff group. Create a new local security group named Reset Interns in the root domain. Place all users from the Interns OU in the Reset Inters group. On thee Interns OU, assign the reset Password permission to the Reset Interns group.
C. Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk members groups in the Help Desk Staff group. Create a new local security group named reset Inter sin the root domain. Place the Help Desk Staff group in the Reset Interns group. On the Interns OU, assign the reset password permission to the Reset Interns group
D. Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk Members groups in the Help Desk Staff group. Create a new local security group named reset Interns in the root domain. Place all users from the Interns OU in the Reset Interns group. On the reset Interns group, assign the Reset Password permission to the Help Desk staff group.
10. Your company's Win2k network consists of a single domain. You are the enterprise admin of the domain. Two administrators named Ann and Bill make changes to Active directory at approximately the same time at two different domain controllers named ServerA and ServerB. Ann deletes an empty OU named Branch1 from ServerA.
Before this deletion is replicated to ServerB, Bill move five existing users from the Brach2 OU to the Branch1 OU at ServerB. Ten minutes later, Bill discovers that the Branch1 OU is deleted from Active Directory. You want to reinstate the configuration that Bill attempted to accomplish.
What should you do?
A. Perform an authoritive restore of the Brach1 OU at ServerA
B. Perform a nonauthoritive restore of the Branch1 OU at ServerA.
C. Perform an authoritive restore of the five users at ServerB
D. At ServerB, move the Branch1 OU from the LostAndFound container to its original location.
E. At ServerA, create a new Branch OU. Move the five users from the Branch2 OU to the new Branch1 OU.
F. At ServerB, create a new Branch1 OU. Move the five users from the LostAndFound container to the new Branch1 OU.
11. You are the admin of your company's network. Your company has two domains in six sites as shown in the exhibit.
Each site has one or more domain controllers. For fault-tolerance and load-balancing purposes, on domain controller in each site is configured as a GC. Users report that, several times a day, network performance and data transfer for an application located in SiteA are extremely poor. You want to improve network performance.
What should you do?
A. Configure at least two domain controllers in each site as GC servers.
B. Configure the domain controllers in only one site as GC servers.
C. Create site links between all sites and use the default replication schedulers
D. Create site links between all sites and set the less frequent replication schedules.
E. Create connection object between each domain controller. Use RPC as the transport protocol.
F. Create connection objects between each domain controller. Use SMTP as the transport protocol.
12. You are the enterprise administrator of a win2k domain named fabrikam.com. The domain contains three domain controllers named DCA, DCB, and DCC. DCA does not hold any operations master roles.
You backed up the System state data of DCA two weeks ago. Without warning the DCA hard disk fails. You decide to replace DCA with a new computer. You install a new Win22k server computer.
What should you do next?
A. Add the server to the domain. Do an authoritive restore of the original backup of the original DCA System State data that you made two weeks ago.
B. Add the server to the domain. Use Windows Backup to create a backup of the DCB System state data, and restore this backup on the new DCA.
C. Use the Active Directory installation wizard to make the new computer a replica in the domain.
D. Use the Ntdsutil utility to copy the active Directory database from DCB to the new DCA.
13. You are the administrator of a win2k domain. The domain has two domain controllers named Server1 and Server2. The volume that contains the Active Directory database file on Server1 is running out of disk space.
You decide to move the database file to an empty volume on a different disk on Server1.
What should you do?
A. Restart Server1 in directory services restore mode. Use the Ntdsutil utility to move the database file to the empty volume.
B. Use windows Backup to create a backup of the System State data of Server1. Restart Server2 in directory services restore mode. Restore the system State data to the empty volume.
C. Use the Logical disk Manager console to mount the empty volume in the folder that contains the Active Directory database file.
D. Stop the NetLogon service on Server1. use Windows Explorer to move Ntds.dit to the empty volume. Start the NetLogon service again. Force replication from server2
14. You are the enterprise administrator of a Windows 2000 domain. The domain has three domain controllers named DC1, DC2, and DC3. Because of changed hardware requirements, you want to replace the domain controller named DC1 with a newer computer named DC4. You want DC4 to be a domain controller in the domain. You no longer want DC1 to function as a domain controller.
What should you do?
A. Install DC4 as a stand-alone server in a workgroup named WG. Restore a System State data backup of DC1 on DC4. On DC1, Use the Active Directory Installation wizard to remove Active Directory from DC1.
B. Install DC4 as a stand-alone server in a workgroup named WG. Disconnect DC1 from the network. Rename DC4 to DC1. On DC2, force replication of AD to all its replication partners.
C. Install DC4 as a member server in the domain. On DC4, use the Active Directory Installation wizard to install Active Directory on DC4. On DC1 use the Active Directory Installation wizard to remove Active Directory from DC1.
D. Install DC4 as a member server in the domain. On DC1 use the Ntdsutil to copy the Active Directory files to DC4. Use the Active Directory Installation wizard to remove Active Directory from DC1.
15. You are the network administrator for your company. Your company’s main office is in Seattle. Branch offices are in New York, Rome, and Tokyo. The local administrators at each branch office need to be able to control local resources.
You want to prevent the local administrators from controlling resources in the other branch offices. You want only the administrators from the main office to be allowed to create and manage user accounts. You want to create an active directory structure to accomplish these goals.
What should you do?
A. Create a domain tree that has a top-level domain for the main office and a child domain for each branch office. Grant the local administrators membership in the Domain Admins group in their child domains.
B. Create a domain tree that has a top-level domain for the main office and a child domain for each branch office. Grant the local administrators membership in the Enterprise Admins group in the domain tree.
C. Create a single domain. Create a group named Branch Admins. Grant the local administrators membership in this group. Assign permissions to the local resources to this group.
D. Create a single domain. Create and OU for each branch office and an additional OU named CorpUsers. Delegate authority for resource administration to the local administrators for their own OUs. Delegate authority to the CorpUsers OU only to the Domain Admins group.
16. You are the administrator of your company's network. Your company has its main office in Seattle and branch offices in London, Paris, and Rio de Janeiro. The local admin at each branch office must be able to control users and local resources.
You want to prevent the local administrators from controlling resources in branch offices other than their own.
You want to create an Active Directory structure to accomplish these goals.
What should you do?
A. Create a top-level OU. Delegate control of this OU to administrators at the main office.
B. Create child OUs for each office. Delegate control of these OUs to administrators at the main office.
C. Create child OUs for each office. Delegate control of each OU to the local administrators at each office.
D. Add the local administrators to the Domain Admins group.
E. Create users groups for each office. Grant the local administrators the appropriate permissions to administer these user groups.
17. You install a windows 2000 Server computer on your network. You promote the computer to be a domain controller. This computer also functions as the DNS server for the domain. All client computer are running win2k Prof. When users attempt to log on they receive an error message sating that a domain controller cannot be located.
You verify that Active Directory is installed and functional on the server.
You want to ensure that the domain controller is available for user logons.
What should you do next?
A. Check DNS for the addition of an appropriate SRV record in the zone.
B. Check DNS for the addition of an appropriate A record in the zone.
C. Check for the presence of an NTDS folder on the domain controller.
D. Check for the presence of a Sysvol folder on the domain controller.
E. On the client computers, create a hosts file that contains the SRV records for the domain controller.
F. On the client computers, create a Hosts file that contains the A record for the DC.
18. You are the admin of a win2k network for Miller Textiles. The network configuration is shown in the exhibit.
The millertextiles.com domain is hosted on Server1 as an AD intergraded zone, and on Server3 as a secondary zone.
All the client computers on Segment B are win2k Prof PCs. All the client PCs on Segment A are down level client computers all the client computers use DHCP. You share some network resources on several of the client computers on Segment A.
Several days later you attempt to connect to those shared resources from client computers running on segment B, but you are unable to resolve the host names of client computers on Segment A.
How should you correct this problem?
A. On the DHCP server, set the DNS Domain Name scope option to millertextiles.com
B. On Server1 for the millertextiles.com zone, change the value of Allow Dynamic Updates from the default settings to Yes.
C. Configure the millertextiles.com domain to allow zone transfers to all the computers on the network.
D. On server2, enable updates for DNS clients that do not support dynamic updates.
19. You are the admin of the Contoso, Ltd., company network. You are designing a Win2k domain. Contoso, Ltd., has an Internet presence and owns contoso.com, a registered domain name. The existing DNS zone is hosted on WinNT server 4 computers.
You want to accomplish the following goals:
· Internal host names will not be exposed to the Internet.
· Internal users will be able to resolve external names for access to Internet-based resources.
· Complexity and depth of domain names for Active Directory will be minimized.
· To comply with management requirements, the existing DNS servers that host the zone for contoso.com will not be upgraded.
You implement a DNS design as shown in the exhibit:
Which result(s) does your implementation produce? (All that apply)
A. Internal host names will not be exposed to the Internet.
B. Internal users will be able to resolve external names for access to Internet-based resources
C. Complexity and depth of domain names for Active Directory will be minimized
D. To comply with management requirements, the existing DNS servers that host the zone for Contoso.com will not be upgraded
20. You are the administrator of your company's network. The network consists of one win2k domain that spans multiple subnets. You are configuring DNS for host name resolution throughout the network.
You want the following goals:
· DNS zone transfer traffic will be minimized on the network.
· Administrative overhead for maintaining DNS zone files will be minimized.
· Unauthorized host computers will not have records created in the zone.
· All zone updates will come only from authorized DNS servers
· All zone transfer information will be secured as it crosses the network.
You take the following actions:
· Create an Active Directory intergraded zone.
· In the Zone Properties dialog box, set the Allow Dynamic Updates option to Yes.
· On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network.
Which result(s) do these actions produce? (Choose all that apply)
A. DNS zone transfer traffic will be minimized on the network.
B. Administrative overhead for maintaining DNS zone files will be minimized.
C. Unauthorized host computers will not have records created in the zone.
D. All zone updates will come only from authorized DNS servers
E. All zone transfer information will be secured as it crosses the network.
21. You are the network administrator for Arbor Shoes. Part of your multisite Windows 2000 network configuration is show in the exhibit.
Server1 is configured with the primary zone for arborshoes.com. Server3 and Server5 are configured with secondary zones for arborshoes.com.
You discover an error in several host records that is preventing client computers in Atlanta from accessing some shared resources. You make the necessary corrections on Server1.
You want these changes to be propagated to Atlanta immediately.
What should you do?
A. On the Action menu for the arborshoes.com zone, click Update Server Data Files.
B. At Server5, perform the Transfer from master action for the arborshoes.com zone.
C. At Server1, stop and start the DNS server service.
D. At Server5, select Allow zone transfers on the arborshoes.com zone.
22. You are the network administrator for LitWare, Inc. You are implementing Windows 2000 on your network. Part of your network configuration is shown in the exhibit.
You have installed Server2 and Server4 as domain controllers for LitWare.com. You have installed Server1 and Server3 as DNS servers for the litware.com domain.
Each server has a standard primary zone named litware.com.
You configure the domain to run in native mode. When Server2 attempts to contact Server4 by name, it cannot establish a connection.
However, you cn ping both Server2 and Server4 from any computer in either site. You need to be able to resolve names of serves in both sites. You want the information to be updated regularly.
What should you do?
A. Configure Server1 and Server3 to allow dynamic updates in DNS.
B. Configure Server1 and Server3 to allow zone transfers to any server. Then configure the DNS notification options to notify each server of updates.
C. Reinstall Server4 as a member server in the same domain as Server2. Create a new site, and promote Server4 to a domain controller within the new site.
D. Re-create the litware.com zone on Server3 as a secondary zone. Configure Server3 to replicate DNS data from Server1.
23. You are hired by Fabrikam, Inc., to secure its Windows 2000 network. You use Security Templates to create a custom template and save it as Securefab.inf
You need to use this template on five domain controllers in the fabrikam.com domain.
What should you do? (Choose Two)
A. Copy the Securefab.inf file to the Sysvol shared folder on one domain controller.
B. Create a new security database.
C. Import the Securefab.inf file.
D. Rename Securefab.inf to Ntconfig.pol
E. Create a Group Policy object on the Domain Controller Organizational Unit.
24. You are the administrator for a windows 2000 network. Your network consists of one domain and two OUs. The OUs are named Corporate and Accounting. A user recently reported that she was not able to log on to the domain.
You investigate and find out that the user's account has been deleted. You have been auditing all objects in active Directory since the domain was created. But you cannot find a record of the user account deletion.
You want to find a record that identifies the person who deleted the account.
What should you do?
A. Search the security event logs on each domain controller for account management events.
B. Search the security event logs on each domain controller for object access events.
C. Search the Active Directory Users and Computers console on each domain controller for the user's previous account name.
D. Search the Active Directory Users and Computers console on each domain controller for the user's computer account.
25. You are the admin of your company's network. The network consists of one WinNT 4 domain. You create and implement a security policy that is applied to all windows 2000 Prof. Computers as they are staged and added to the network.
You want this security policy to be in effect at all times on all client computers on eth network. However, you find out that administrators periodically change security settings on computers when they are troubleshooting or doing maintenance.
You want to automate the security analysis and configuration of client computers on the network so that you can track changes to security policy and reapply the original security policy when it is changed.
What should you do?
A. Use Windows NT System Policy to globally configure the security policy settings on the client computers.
B. Use Windows 2000 Group Policy to globally configure the security policy settings on the client computers.
C. Use the Security and Configuration Analysis tool on the client computers to analyze and configure the security policy.
D. Schedule the Secedit command to run on the client computer stop analyze and configure the security policy.
26. You are the administrator of your company's network. The network consists of one Windows 2000 domain. The domain contains four organizational units as shown in the following exhibit:
You want to centralize security policy in your domain. You create the following three security templates and Group Policy Objects.
1. SecPol1 defines Password, Audit, and User Rights Policies.
2. SecPol2 defines User Desktop policy, File System security, and register security.
3. SecPol3 defines a High Security User Desktop policy for network administrators.
You want the GPOs to apply your security policies to users and computers in the domain. You want to use the fewest assignments possible. Where possible, you want Group Policy to apply at the OU level for more granular administrative control. How should you apply security policies?
To answer, click the Select and Place button, and drag A, B, C, and D to the correct locations. (Note: letters can be used more than once.)
27. You edit the Default Domain Controllers Group Policy on the arborshoes.com domain to required passwords to be at least eight characters long.
However, users are able to create passwords that do not comply with the implemented policy. What should you do?
A. Initiate replication to make sure the Group Policy containers and the Group Policy template (GPT) are replicated.
B. Configure each client computer to have a local Group Policy that requires password to be at least eight characters long.
C. Edit the Default Domain Group Policy to require password to be at least eight characters long.
D. Edit the Default Domain Controllers Group Policy to force the password to meet complexity requirements.
28. You are the windows 2000 network administrator for your company. You are implementing the company's network security model. You network has several servers that contain sensitive or confidential information. You want to configure security auditing on these servers to monitor access to specific folders. You also want to prevent users from gaining access to these servers when the security logs become full.
What should you do?
A. Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Set up the individual objects to be audited in windows Explorer, and then customize the Event Viewer logs to limit the size of the security log to 1024 kb.
B. Create a GPO that applies to the servers. Configure the GOP to enable auditing for directory services access. Set up the individual objects to be audited in Windows Explorer, and then customize the Event Viewer logs to limit the size of the security log to 1024 KB. Configure the security event log so that it does not overwrite events.
C. Create a GPO that applies to the servers. Configure the GOP to enable auditing for directory service access. Set up the individual objects to be audited in Windows Explorer. Configure the security event log so that it doesn't not overwrite events. Then configure the GPO to enable the Shut down the system immediately if enable to log security audits setting.
D. Create a GPO that applies to the servers. Configure the GOP to enable auditing for object access. Setup the individual objects to be audited in Windows Explorer. Configure the security event log so that it does not overwrite events. Then configure the GPO to enable the Shut down the system immediately if enable to log security audits setting.
29. You are the security analyst for Duluth Mutual Life. You are assessing the security weaknesses of the company's Windows 2000 network. The network consists of three sites in one domain. The domain contains three OUs and 11000 users.
There are five domain controllers in the domain. You configure one of the domain controllers to meet the security requirements of the company. You need to duplicate those settings on the other four domain controllers.
You want to use the least possible amount of administrative effort.
What should you do?
A. Create a GPO for the domain controllers OU. Configure the GPO settings to match the settings of the secured domain controller.
B. Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration to a template file. Copy the template file to the Sysvol folder on each domain controller.
C. Create a GPO for the domain. Assign Domain Users Red and Apply Group Policy permissions. Configure the GPO settings to match the settings of the secured domain controller.
D. Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration information to a template file. Open Security Configuration and Analysis on the other domain controllers, import the template file, and then select Analyze Computer Now.
30. You are the administrator of a Windows 2000 network. Recently, your network security was compromised and confidential data was lost. You are now implementing a stricter network security policy.
You want to require encrypted TCP/IP communication on your network.
What should you do?
A. Create a GPO for the domain, and configure it to assign the Secure Server IPSec Policy.
B. Create a GPO for the domain, and configure it to assign the Server IPSec Policy and to enable Secure channel: Require strong session key.
C. Implement TCP/IP packet filtering, and open only the ports required for your network services.
D. Edit the local security policies on the servers and client computers, and enable Digitally sign client and server communications.
31. You are the administrator of your company's network, which consists of one windows 2000 domain. There is a single top-level OU named Main and five child OUs. The child OUs are named after the company's five departments: Finance, Marketing, Sales, HR, and IT.
The accounts for all users and computers in each department are defined in the OU for that department. All users and computers in the finance, Marketing, Sales and HR OUs require the same desktop settings. Users and computers in the IT OU require less restrictive settings.
You want to accomplish the following goals:
· All the assigned Group Policy settings are defined by the administrator in the Main OU will be applied to all users and computers in the Finance, Marketing, Sales, and HR OUs.
· Group Policy from the Main OU will not be applied to the IT OU.
· Administrators in the IT OU will be able to change the Group Policy settings.
· When new child OUs are added to the domain, the Group Policy will be applied to them automatically.
· Users will not be able to change their Group Policy settings.
You take the following actions:
· Create the GPO, configure the appropriate settings, and link the GPO to the Main OU.
· In the Group Policy Options dialog box for the Main OU, select the No Override check box.
· In the Group Policy dialog box for the IT OU, select the Block Policy inheritance check box.
· Assign the Authenticated Users group Full Control permission to the GPO.
Which result(s) do these actions produce?
A. All the assigned Group Policy settings as defined by the administrator in the Main OU are applied to all users and computers in the Finance, Marketing, Sales, and HR OUs.
B. Group Policy from the Main OU is not be applied to the IT OU.
C. Administrators in the IT OU are able to change the Group Policy settings.
D. When new child OUs are added to the domain, the Group Policy is applied to them automatically.
E. Users cannot change their Group Policy settings.
32. You are using RIS to deploy windows 2000 professional on 1,500 computers. Your network configuration is shown in the exhibit:
You have four RIS servers. You have deployed 100 computers. RIS server1 and RIS server3 are overworked and respond too slowly for the timely deployment of you r computers.
You need more consistent performance results before you deploy the remaining computers.
What should you do?
A. Create computer accounts for all the computers. Complete the Managed By properties for each account.
B. Create one OU for each segment. Add users accounts for all the users to the appropriate OUs. Specify the appropriate RIS server in the Lon on to property for each user's account.
C. Create prestaged computer accounts for all the computer. Specify which RIS server will control each computer.
D. Create one site for each segment. Move two RIS servers to each site.
33. You are the administrator for Arbor Shoes. Part of your network configuration is shown in the exhibit.
All the computers are running windows 2000 Prof. and are members of the arborshoes.com domain in the company LAN. All the users are members of the Power
Users group on their computers. Andrew has dial-up access to the Internet for a special project he is working on.
You do not want other users to share Andrew's Internet connection and to have unrestricted Internet Access.
What should you do?
A. Create a high security zone in MS IE.
B. Create a group Policy Object that disables the configuration of connection sharing. Grant Andrew Read and Apply group Policy permissions to the GPO.
C. Create a group Policy Object that disables the configuration of connection sharing. Grant Michel, Laura, and Anita Read and Apply group Policy permissions to the GPO.
D. Remove the Internet connection from the All Users profile on Andrew's computer, and then re-create the connection in Andrew's personal profile.
34. You are the admin of a Win2k domain. You want to deploy a new application named Finance that will be used by all users in the domain. The vendor of the Finance application supplied a MS install package for the application.
You decide to deploy the Finance application in two phases. During phase 1, only members of a security group named Finance Pilot will use the Finance application During Phase 2, all users in the domain will be able to install the Finance Application.
You want to accomplish the following goals:
· During Phase 1, the Finance application will not be installed automatically when users log on.
· During Phase 1, users who are members of the Finance Pilot group will be able to install the app by using a Start menu shortcut.
· During phase 1, users who are not members of the finance Pilot group will not be able to install the app by using a Start menu shortcut.
· The Finance application will be installed automatically the first time any user in the domain logs on after phase 2 has begun.
You take the following actions:
· Create a new GPO named Deploy Finance and link the deploy Finance GPO to the domain.
· Configure the deploy Finance GPO to assign the Finance application to users.
· For phase 1, create a software category named Finance Pilot. Assign the Finance application to the Finance Pilot software category.
· For Phase 2, remove the Finance application from the Finance Pilot software category.
Which result(s) do these actions produce?
A. During Phase 1, the Finance application is not be installed automatically when users log on.
B. During Phase 1, users who are members of the Finance Pilot group can install the app by using a Start menu shortcut.
C. During phase 1, users who are not members of the finance Pilot group cannot install the app by using a Start menu shortcut.
D. The Finance application is installed automatically the first time any user in the domain logs on after phase 2 has begun.
35. You are the enterprise administrator of a Windows 2000 network. The network has three domains named Contoso.com, west.Contoso.com, and east.Contoso.com. All three domains are in a site named Boston. All three domains contain OUs.
You want to implement new desktop policies for all users on the network. The policies are configured in a Group Policy Object named Gpdesktop.
You also want to implement a logon script for users from the W2 OU. The logon script policy is configured in a GPO named Gpscript. The users from the W2 OU always log on to Windows 2000 Professional computers defined in the W3 OU. You do not want to use Group Policy filtering.
You want to use the fewest GPO assignments possible.
What should you do?
To answer, Click the Select and Place button, and then drag the Gpdesktop and Gpscript GPOs to the correct locations. (Note: Use each GPO only once)
36. You are the admin of a Win2k network. You are deploying Windows 2000 Prof. To 200 client PCs. A custom configuration is required for each one of 50 of the client computers.
You are using MSM Server to install various applications on all the client computers.
You want to use RIS to install Windows 2000 on all the client computers.
What should you do?
A. Create a CD-based RIS image and different answer files for each custom configuration.
B. Create an RIPrep image for each configuration. Grant Read And Execute permission to users for the image folder.
C. Install a test client computer for each custom configuration. Use the Setup manager wizard to create an answer file for each configuration.
D. Use the Setup Manager wizard to create a Sysprep answer file. Use third-party imaging software to create a separate image for each configuration.
37. You are the administrator of a windows 2000 domain. The domain has 20 users and a windows 2000 Server computer named Glasgow. Users in the domain frequently work on different Windows 2000 professional computers. All Windows 2000 Professional computers are in the domain.
You want to accomplish the following goals:
· All users in the domain will be able to work on all win2k Prof Computers and have their own predefined desktop settings available on all computers.
· Users will be allowed to make changes to the desktop settings while they are logged on.
· Changes that users make to the desktop settings will not be saved when they log off.
What should you do?
A. One each win2k Prof PC, delete the Systemdrive\Documetns and Settings\Default User folder.
B. On each Windows 2000 Prof PC, rename the Ssytemroot\System32\Config\Stem file to System.man.
C. Configure a roaming profile for each user in the domain. Use \\Glasgow\profiles\%username% as the profile path. On the Glasgow server, rename the ntuser.dat file to ntuser.man for each user.
D. Create a GPO named Delprofile. Assign the Delprofile GPO to the domain. Configure the Delprofile GPO to delete the local copy of a user’s profile when the user logs off.
38. You are the network administrator for Just Togs. Your windows 2000 network consists of 15,000 users. Users have recently reported that documents are missing from the servers. You need to track the actions of the users to find out who has been deleting the files.
You create a GPO on the justtogs.com domain and assign the appropriate permissions to the GPO.
What actions should you audit? (Choose TWO)
A. Directory Services access
B. Object access
C. Process tracking
D. Privileged use
E. Delete and Delete subfolders and files
39. You are the administrator of a Windows 2000 domain. To control the desktop environment of users in the domain, you use a script file named Desktop.vbs to change settings in the current user profile. This script file is deployed as a login script for all users in the domain. The Desktop.vbs script usually takes 15 seconds to complete its work.
You want to ensure that each user's desktop appears only aft the Desktop.vbs script is completed.
What should you do?
A. For all users in the domain, set the logon script in the user profile to Desktop.vbs.
B. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the GPO as a logon script. Configure the GPO to run logon scripts synchronously.
C. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the GPO as a logon script. Configure the GPO to set a maximum wait time of 15 seconds for Group Policy scripts.
D. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the GPO as a logon script. Configure the GPO to set a timeout of 15 seconds for logon dialog boxes.
40. You are the administrator of a Windows 2000 domain named arborshoes.com. You install RIS on the server. You are using RIS to install 35 new client computers.
When you start a test client computer, the Client Installation wizard does not appear. You are using network adapter cards that are not PXE compliant.
You want to connect to the RIS server.
What should you do?
A. From a command prompt, run Rbfg.exe to create RIS a boot disk
B. Identify the GUID of each client computer.
C. Set up a DHCP Relay Agent.
D. Install window s2000 on the test client computer. Run RIPrep.exe from a network share on the RIS server.
41. You are installing a new Windows 2000 Server computer on your existing Windows NT network. You run DCPromo.exe to promote the server to a domain controller in a domain named domain.local. You receive the following error message: "The domain name specified is already in use on the network". There are no other Windows 2000 domains on your network.
What should you do?
A. Place an entry in your DNS server host table for the domain.local domain name.
B. Place an entry in your WINS database for the domain.local domain name.
C. Change the domain name to domain.com.
D. Change the downlevel domain name to domain1.
42. You are the administrator of your company´s network. The company has two native-mode domains in six sites as shown in the exhibit. (Click the Exhibit button).
Each site has one or more domain controllers. Users report that at times of high network usage, authentication and directory searches are extremely slow.You want to improve network performance.
What should you do?
A. Move all domain controllers into one site.
B. Promote more Windows 2000 Server computers in each site to be domain controllers.
C. Install a DNS server in each site and configure it to use Active Directory integration.
D. Designate a domain controller in only one site as a global catalog server.
E. Designate a domain controller in each site as a global catalog server.
43. You are deploying Windows 2000 Professional on your network. You recently installed a RIS server to expedite the deployment process. Your network is now configured as shown in the exhibit. (Click the Exhibit button).
When you attempt to use the RIS server to deploy Windows 2000 on Julia´s and Carlos´s computers, you cannot establish the initial connection. Anita and Peter installed Windows 2000 from CD-ROM and did not have any problems with the installation.
What should you do to correct the problem?
A. Integrate the DNS server´s zones into Active Directory.
B. Install a DHCP server and authorize it in Active Directory.
C. Install a WINS server and configure the DNS server to use it for name resolution.
D. Create computer accounts in Active Directory for Julia and Carlos, and specify the name of the RIS server on the Remote Install tab of the Computer Accounts property sheet.
44. You are the enterprise administrator of a Windows 2000 domain. The domain is in native mode. You want to implement a policy to disable the ShutDown command for all users in the domain except for the members of the Domain Admins security group.
You create a new Group Policy object (GPO) named Shutdown. You configure the Shutdown GPO to disable the Shutdown option. You assign the Shutdown GPO to the domain. You want to ensure that the policy does not apply to the members of the Domain Admins group.
What should you do?
A. On the Shutdown GPO, deny the Apply Group Policy permission to the Domain Admins group.
B. On the Shutdown GPO, remove the Apply Group Policy permission from the Authenticated Users group. Grant the Apply Group Policy permission to the Users group.
C. Add the Domain Admins group to the Group Policy Owners group.
D. Create a new OU named No Shutdown. Move the Domain Admins group to the No Shutdown OU. Configure the No Shutdown OU to block policy inheritance.
E. On the computers that the members of the Domain Admins group use to log on, configure the local GPO to enable the Shutdown option.
45. You are the administrator of a Windows 2000 domain. The domain has a Windows 2000 Server computer named Toronto. Users in the domain frequently work on different Windows 2000 Professional computers. All Windows 2000 Professional computers are in the domain.
You want to enable roaming profiles for all users.
You want to accomplish the following goals:
· All users in the domain will be able to work on all Windows 2000 Professional computers and have their own desktop settings available on all computers.
· All users in the domain will be able to make changes to their desktop settings. All users in the domain will be able to access their documents in the My Documents folder from any Windows 2000 Professional computer.
· The amount of data that is copied between the Toronto server and the Windows 2000 Professional computers each time a user logs on or off will be minimized.
What should you do? (Choose two).
A. Configure a roaming profile for each user in the domain. Use \\Toronto\Profiles\%User-
name% as the profile path.
B. Configure a roaming profile for each user in the domain. Use \\Toronto\Profiles\%User-
name%\Ntuser.man as the profile path.
C. Create a new Group Policy object (GPO) named Profilescript. Assign the Profilescript GPO to the domain. Configure the Profilescript GPO to assign a logon script to all users. Include the runas/profile explorer.exe command in the logon script.
D. Create a new Group Policy object (GPO) named Docs. Assign the Docs GPO to the domain. Configure the Docs GPO to redirect the My Documents folder to the \\Toronto\Docs\%User- name% location.
E. Create a new Group Policy object (GPO) named Profiledocs. Assign the Profiledocs GPO to the domain. Configure the Profiledocs GPO to exclude the My Documents folder from each user´s roaming profile.
46. You are deploying Windows 2000 Professional on your network of 1,000 users. Part of your network is shown in the exhibit. (Click the Exhibit button).
You have recently installed a RIS server to assist in the deployment process. You confirm that the client computers meet the requirements for RIS deployment.
However, you still cannot connect the RIS client computers to the RIS server. Existing client computers are able to connect to all servers for network resources.
What can be causing the problem? (Choose all that apply).
A. The RIS server has no client-side tools installed.
B. The RIS server is not trusted for delegation.
C. The RIS server is not authorized in Avtive Directory.
D. The client computers are not configured to use DHCP.
E. The RIS server is not configured to respond to client computers requesting service.
47. You are the administrator of your company´s network. The network consists of two Windows 2000 domains named contoso.com and mktg.contoso.com. You create separate zones for each domain on your DNS server. Later, you add a second DNS server to the network. This server also functions as a domain controller.
You convert the contoso.com zone to an Active Directory integrated zone and set the zone to allow only secure updates to the zone database.
You discover that unauthorized computers are registering themselves in the mktg.contoso.com domain. You check the zone´s properties and discover that the zone is allowing unsecured dynamic updates. You also discover that the option to select secure dynamic updates is not available.
What should you do to correct this problem?
A. Initiate a zone transfer between the mktg.contoso.com zone and the contoso.com zone.
B. Reinstall mktg.contoso.com as a standard secondary zone.
C. Reinstall contoso.com as a standard primary zone.
D. Convert mktg.contoso.com to an Active Directory integrated zone.
48. You are the network administrator for Enchantment Lakes Corporation. Enchantment Lakes Corporation and Five Lakes Publishing are planning a merger. The planned Windows 2000 network configuration is shown in the exhibit. (Click the Exhibit button).
You want to host the fivelakespublishing.com domain to the enchantmentlakes.com DNS server. The fivelakespublishing.com domain uses an Active Directory integrated zone on its DNS server. Five Lakes Publishing will retain its domain structure after the merger is complete.
You want to set up the enchantmentlakes.com DNS server to host the fivelakespublishing .com domain.
What should you do?
A. On Server1, create an Active Directory integrated zone named fivelakespubliching.com. Enable WINS lookup, and specify Server7 as the IP address for the WINS server.
B. On Server5, create a secondary zone named fivelakespublishing.com. Configure DNS zone transfers to allow Server1 to replicate data.
C. On Server5, configure DNS zone transfers to allow Server1 to replicate data. On Server1, create a secondary zone named fivelakespublishing.com.
D. On Server1, create an Active Directory integrated zone named fivelakespublishing.com. Configure DNS zone transfers to allow Server5 to replicate data.
49. You create a new Windows 2000 Avtive Directory network. Five months after deployment of the network, you receive a report that the Active Directory database file takes too much disk space on the ServerA domain controller.
You want to reduce the size of the Active Directory database file.
What should you do? (Choose three).
A. Restart ServerA in directory services restore mode.
B. Stop the Net Logon service on ServerA.
C. Run Windows Backup to back up the System State data. Immediately run Windows Backup again to restore the System State data from the backup file.
D. Use the Ntdsutil utility to compact the database to a folder. Move the compacted database file to the original location.
E. Restart ServerA and boot normally.
F. Start the Net Logon service on ServerA.
50. You are the administrator of a Windows 2000 network. The network is composed of four domains named arborshoes.com, na.arborshoes.com, sa.arborshoes.com, and fabrikam.com. the root of the forest is arborshoes.com.
There are two Windows NT BDCs in each domain.
Graphic artists place finished artwork for Fabrikam, Inc., in a shared folder located on a domain controller named bna01.fabrikam.com. Read and Write permissions are granted to the Artists Domain Local group in the fabrikam.com domain.
Sharon is a member of the Graphic Artists global distribution group in the na.arborshoes.com domain. She is unable to gain access to the shared folder. You want to allow Sharon access to the shared folder.
What should you do?
A. Change the Graphic Artists group type to Security and add it to the Artists Domain Local group.
B. Change the Artists Domain Local group to a universal group and add it to the Graphic Artists group.
C. Change the Graphic Artists group to a Domain Local group and add it to the Artists Domain Local group.
D. Change the mode of the domain controller in na.arborshoes.com to native mode. Add the Graphic Artists group to the Artists Domain Local group.
51.You are the network administrator for your company. Your company’s main office is in Seattle Branch offices are in New York, Rome, and Tokyo The local administrators at each branch office need to be able to control local resources
You want to prevent the local administrators from controlling resources in the other branch offices. You want only the administrators from the main office to be allowed to create and manage user accounts. You want to create an Active Directory structure to accomplish these goals
What should you do?
A. Create a domain tree that has a top-level domain for the main office and a child domain for each branch office. Grant the local administrators membership in the Domain Admins group in their child domains.
B. Create a domain tree that has a top-level domain for the main office and a child domain for each branch office Grant the local administrators membership in the Enterprise Admins group in the domain tree .
C. Create a single domain Create a group named Branch Admins Grant the local administrators membership in this group. Assign permissions to the local resources to this group.
D. Create a single domain. Create an organizational unit (au) for each branch office and an additional OU named CorpUsers. Delegate authority for resource administration to the local administrators for their own OUs. Delegate authority to the CorpUsers OU only to the Domain Admins group
52. You are the administrator of your company's network. Your company has two domains in six sites as shown in the exhibit (Click the Exhibit button)
Each site has one or more domain controllers For fault-tolerance and load-balancing purposes, one domain controller in each site is configured as a global catalog server. Users report that, several times a day, network performance and data transfer for an application located in Site A are extremely poor.
You want to improve network performance.
What should you do?
A. Configure at least two domain controllers in each site as global catalog servers
B. Configure the domain controllers in only one site as global catalog servers
C. Create site links between all sites and use the default replication schedules
D. Create site links between all sites and set less frequent replication schedules
E. Create connection objects between each domain controller Use RPC as the transport protocol.
F. Create connection objects between each domain controller. Use SMTP as the transport protocol
53. You are the administrator of a Windows 2000 domain. The domain is in native mode. The domain contains 15 Windows 2000 Server computers that are functioning as domain controllers and 1,500 Windows NT Workstation client computers
During a power outage, the first domain controller that you installed suffers a catastrophic hardware failure and will not restart. After the power outage, users report that password changes do not take effect for several hours. In addition, users are not able to log on or connect to resources by using their new passwords.
What should you do to correct this problem?
A. Using the Ntdsutil utility, connect to another domain controller and transfer the PDC emulator role.
B. Using the Ntdsutil utility, connect to another domain controller and seize the PDC emulator role.
C. Using the Ntdsutil utility, connect to another domain controller and transfer the domain naming master role
D. Using the Ntdsutil utility, connect to another domain controller and seize the domain naming master role
54. When you run DCPromo .exe to install the new domain, you receive an error message stating that the existing domain cannot be contacted. Installation of the new child domain will not proceed.
What should you do to correct this problem?
A. Create an Active Directory integrated zone for the child domain on the new domain controller
B. Install WINS on the new domain controller.
C. Configure the new domain controller with the address of an authoritative DNS server for the existing domain
D. Configure the new domain controller with the address of an existing WINS server
E. Add SRV (service) records for the domain naming master to a Hosts file on the new domain controller
55. You are the administrator of your company's WAN Your company has four locations connected by dedicated 256-Kbps leased lines. You install and configure a Windows 2000 domain controller at each location. For network performance reasons, you want to control the bandwidth usage and replication schedule of directory information to each domain controller in each location.
What should you do? (Choose two.)
A. Create a site for each location
B. Create a site that spans all the locations
C. Create server objects for each domain controller in every site
D. Create server objects for each domain controller in its own site
E. Copy all server objects from Default-First-Site-Name to each site
F. Move each server object from Default-First-Site-Name to the appropriate site
56. You are the administrator of your company's network. Your company has its main office in North America and has branch offices in Asia and Europe The locations are connected by dedicated 256-Kbps lines The network consists of one Windows 2000 domain. To minimize logon authentication traffic across the slow links, you create a site for each office and configure the site links between the sites.
Users in the branch offices report that it takes a long time to log on to the domain. You monitor the network and discover that all authentication traffic is still being sent to the domain controllers in the North America site.
What should you do to correct this problem?
A. Schedule replication to occur more frequently between the sites
B. Schedule replication to occur less frequently between the sites
C. Create a subnet for each physical location, associate the subnets with the North America site, and move server objects to the North America site
D. Create a subnet for each physical location, associate each subnet with its respective site, and move each server object to its respective site
57. You are the administrator of your company's network . Your company’s main office is in Seattle Large regional offices are located in Chicago, Los Angeles, and New York, as shown in the exhibit (Click the Exhibit button)
Three smaller branch offices are located within each region. The regional offices are connected to the main office by T1 lines. The branch offices are connected to the regional offices by ISDN lines Branch offices in Boston, Dallas, and San Diego also have direct ISDN connections with Seattle.
The network consists of one Windows 2000 domain. For fault-tolerance and load-balancing purposes, each office has its own Windows 2000 domain controller. Each office is configured as its own site. All site links have been created.
You want to create a replication topology that allows only the regional offices to communicate with the main office. You want to ensure that each branch office communicates only with the closest regional office
What should you do?
A. Manually create connection objects between the domain controllers in the main office and the regional offices Use SMTP as the transport protocol
B. Manually create connection objects between each branch office and the closest regional office. Use SMTP as the transport protocol
C. Allow the Knowledge Consistency Checker (KCC) to automatically create the connection objects between the main office and all other offices.
D. Allow the Knowledge Consistency Checker (KCC) to automatically create the connection objects between the branch offices and the regional offices
58. You are the administrator of your company's network. Your company’s main office is in Chicago. Company operations are divided into two regions East and West. The East region has an office in Miami and an office in New York. The West region has an office in Denver and an office in Seattle.
The offices in the East region contain the human resources (HR) and marketing (Mktg) departments. The offices in the West region contain the sales and finance departments. Company IT policy states that Group Policy must be applied only at the organizational unit (OU) level, and that user groups must correspond to departments.
You want to accomplish the following goals:
· Control of users and resources can be delegated to local and departmental administrators.
· The IT department can control Group Policy for the entire enterprise.
· A single Group Policy object (GPO) can be applied to the sales and marketing departments.
· User environments can be customized by city.
You implement an au structure as shown in the exhibit (Click the Exhibit button)
Which result or results does your implementation produce? (Choose all that apply)
A. Control of users and resources can be delegated to local and departmental administrators
B. The IT department can control Group Policy for the entire enterprise
C. A single GPO can be applied to the sales and marketing departments
D. User environments can be customized by city
59. You are the network administrator for the Lucerne Real Estate Company. The network consists of one Windows 2000 domain named lucernerealestate local. The network is not currently connected to the Internet.
You are installing a new domain named lucernerealestate1 local. During the promotion process, you receive the following error message "The domain name specified is already in use on the network"
What is the most likely cause of the problem?
A. The default-generated DNS domain name is already in use
B. DNS domain names cannot be named interactively
C. The default-generated NetBios domain name is already in use.
D. NetBios domain names cannot be named interactively
60.You are the administrator of your company's network. The Network consists of one Windows 2000 domain. Your company has two locations, which are connected by a dedicated T11ine
Users frequently report that logons to the network, file transfers, and directory searches are extremely slow. When you monitor the network, you discover that replication between domain controllers is generating excessive network traffic between the locations.
You want to accomplish the following goals:
· Replication traffic between locations will be reduced.
· Logon response time for users will be improved.
· Average file transfer rates for users will be improved
· Directory search response times will be improved
· All domain controllers will have up-to-date replicas of the directory
· Fault tolerance for domain logons and directory searches will be maintained
You take the following actions:
· Configure a domain controller in each location to be a global catalog server
· Create a new subnet in Active Directory for each location
· Modify the location attribute of each domain controller's server object
Which result or results do these actions produce? (Choose all that apply)
A. Replication traffic between locations is reduced
B. Logon response time for users is improved.
C. Average file transfer rates for users are improved.
D. Directory search response times are improved.
E. All domain controllers have up-to-date replicas of the directory
F. Fault tolerance for domain logons and directory searches is maintained
61.You are the administrator of a newly installed Windows 2000 network for a call center. You need to rename the Administrator account on all computers on your network. You do not want to manually edit each account. Because of a recent security breach, you must implement this policy immediately.
What should you do? (Choose all that apply)
A. Use Group Policy to rename the Administrator account at the Default Domain Group policy.
B. Use Group Policy to implement a user logon script
C. Send a network message to all users to restart their computers.
D. Use Group Policy to force all users to log off within 30 minutes.
62. You are the administrator of a DNS server that runs on a Windows 2000 Server computer. You receive a report that the Windows 2000 Server computer constantly uses more than 80 percent of the CPU You want to monitor the number of DNS queries that are handled by the DNS server
What should you do?
A. Run the Nslookup command-line utility.
B. Use the Event Viewer and monitor the DNS server log
C. Use the monitoring function of the server properties in the DNS console .
D. Use the DNS counters in System Monitor.
E. Check the contents of the Netlogondns file
63. You are the administrator of your company's network. You have been auditing security events on the network since it was installed. A user on your network named John Thorson recently reported that he was no longer able to change his password.
Because there have been no recent changes to account policies, you suspect that someone has been modifying the properties of user accounts in Active Directory. There are thousands of entries in the event logs, and you need to isolate and review the events pertaining to this problem in the least possible amount of time.
What should you do?
A. In the security log, create a filter for events matching the following criteria: Event source: Security
Category: Account Management User: JTHORSON
B. In the directory service log, create a filter for events matching the following criteria:
Event source: NTDS Security Category: Security Search the remaining items for events referencing John Thorson's account
C. In the directory service log, create a filter for events matching the following criteria:
Event source: NTDS Security Category: Global Catalog User: JTHORSON
D. In the security log, create a filter for events matching the following criteria:
Event source: Security Category: Account Management Search the remaining items for events referencing John Thorson's account
64. You are the administrator for a Windows 2000 network. Your network consists of one domain and two organizational units (OUs). The OUs are named Corporate and Accounting
A user recently reported that she was not able to log on to the domain. You investigate and find out that the user's account has been deleted. You have been auditing all objects in Active Directory since the domain was created, but you cannot find a record of the user account deletion. You want to find a record that identifies the person who deleted the account
What should you do?
A. Search the security event logs on each domain controller for account management events
B. Search the security event logs on each domain controller for object access events
C. Search the Active Directory Users and Computers console on each domain controller for the user's previous account name.
D. Search the Active Directory Users and Computers console on each domain controller for the user's computer account.
65. You are the administrator of your company's network. The network is configured in a Windows 2000 domain as shown in the exhibit (Click the Exhibit button)
You want to strengthen the security of communications between client computers and servers in the Reps organizational unit (OU). You do not want to decrease overall productivity of the domain.
What should you do?
A. Create one Group Policy object (GPO) in the Sales OU. Increase maximum service ticket lifetime in the GPO, and decrease maximum lifetime that a user ticket can be renewed in the GPO
B. Create one Group Policy object (GPO) in the Sales OU. Decrease maximum service ticket lifetime in the GPO, and decrease maximum lifetime that a user ticket can be renewed in the GPO
C. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum service ticket lifetime in the GPO, and increase maximum lifetime that a user ticket can be renewed in the GPO
D. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum service ticket lifetime in the GPO, and decrease maximum lifetime that a user ticket can be renewed in the GPO
66. You are the administrator of your company's network. Your event log shows that hackers are using brute force attacks to attempt to gain access to your network. You do not want user accounts to be easily accessible. You want to strengthen security to protect against brute force attacks.
What should you do? (Choose two)
A. Enable the Users must log on to change the password setting
B. Enable the Store password using reversible encryption for all users in the domain setting
C. Enable the Password must meet complexIty requirements setting
D. Increase minimum password length
E. Increase minimum password age
67. You are the administrator for Arbor Shoes. Administrative control of Active Directory has been delegated to several people in the company. You need to track changes made to the arborshoescom domain. To ensure accountability of the other administrators' actions, you want to monitor user and computer account creation and deletion.
What should you do?
A. Modify the default Group Policy object (GPO) on the arborshoes.com domain Configure the local audit policy to audit account management and directory services access for success and failure.Monitor the security logs for activity on the domain controllers
B. Modify the default Group Policy object (GPO) on the Domain Controllers organizational unit (OU) Configure the local audit policy to audit account management and directory services access for success and failure. Monitor the security logs for activity on the domain controllers
C. Modify the default Group Policy object (GPO) on the Domain Controllers organizational unit (OU) Configure the local audit policy to audit account logon events and object access for success and failure. Monitor the security logs for activity on the domain controllers
D. Modify the default Group Policy object (GPO) on the arborshoes.com domain. Configure the local audit policy to audit account logon events and object access for success and failure. Monitor the security logs for activity on the domain controllers
68. You are the administrator of a Windows 2000 network. Recently, your network security was compromised and confidential data was lost You are now implementing a stricter network security policy You want to require encrypted TCP/IP communication on your network
What should you do?
A. Create a Group Policy object (GPO) for the domain, and configure it to assign the Secure Server IPSec Policy
B. Create a Group Policy object (GPO) for the domain, and configure it to assign the Server IPSec Policy and to enable Secure channel: Require strong session key.
C. Implement TCP/IP packet filtering, and open only the ports required for your network services .
D. Edit the local security policies on the servers and client computers, and enable Digitally sign client and server communications
69. You are the administrator of your company's network. The network consists of one Windows NT 40 domain You create and implement a security policy that is applied to all Windows 2000 Professional client computers as they are staged and added to the network.
You want this security policy to be in effect at all times on all client computers on the network. However, you find out that administrators periodically change security settings on computers when they are troubleshooting or doing maintenance. You want to automate the security analysis and configuration of client computers on the network so that you can track changes to security policy and reapply the original security policy when it is changed.
What should you do?
A. Use Windows NT System Policy to globally configure the security policy settings on the client computers
B. Use Windows 2000 Group Policy to globally configure the security policy settings on the client computers
C. Use the Security and Configuration Analysis tool on the client computers to analyze and configure the security policy
D. Schedule the Secedit command to run on the client computers to analyze and configure the security policy
70. You want to implement a password policy for all users in an organizational unit (OU) named Sales in a Windows 2000 network All the users in the Sales OU are in a group named Sales Users You create a Group Policy object (GPO) named PassB to enforce a minimum password length of six characters. You assign the Pass6 GPO to the Sales OU.
There are no other GPOs assigned that specify a minimum password length However, the week after you assign the PassB GPO to the Sales OU, users from the Sales OU report that they can still change their passwords to consist of fewer than six characters
How should you correct this problem?
A. Ensure that the Sales Users group has Read and Apply Group Policy permissions on the PassB GPO
B. Apply the PassB GPO to the domain instead of to the Sales au. Filter the policy for the Sales Users group
C. For the Sales OU, block policy inheritance
D. For the Sales OU, enforce policy inheritance on the PassB GPO
71. You are the administrator of a Windows 2000 network for Lucerne Real Estate The network has 1,200 users. You are delegating part of the administration of the domain to three users.
You delegate the authority to create and delete computer accounts to Carlos You delegate the authority to change user account information to Julia You delegate the ability to add client computers to the domain to Peter. You want to track the changes made to the directory by these three users.
What should you do?
A. Create a Group Policy object (GPO) for the domain controllers. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit directory services access and account management
B. Create a Group Policy object (GPO) for the domain. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter Configure the GPO to audit directory services access and audit object access
C. Create a Group Policy object (GPO) for the domain controllers. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter Configure the GPO to audit directory services access and audit object access
D. Create a Group Policy object (GPO) for the domain. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter Configure the GPO to audit object access and process tracking
72. You are the Windows 2000 network administrator for your company You are implementing the company's network security model. Your network has several servers that contain sensitive or confidential Information. You want to configure security auditing on these servers to monitor access to specific folders. You also want to prevent users from gaining access to these servers when the security logs become full.
What should you do?
A. Create a Group Policy object (GPO) that applies to the servers Configure the GPO to enable auditing for object access Set up the individual objects to be audited in Windows Explorer, and then customize the Event Viewer logs to limit the size of the security log to 1 ,024 KB
B. Create a Group Policy object (GPO) that applies to the servers Configure the GPO to enable auditing for directory service access. Set up the individual objects to be audited in Windows Explorer, and then customize the Event Viewer logs to limit the size of the security Jog to 1 ,024 KB. Configure the security event log so that it does not overwrite events
C. Create a Group Policy object (GPO) that applies to the servers. Configure the GPO to enable auditing for directory service access Set up the individual objects to be audited in Windows Explorer Configure the security event log so that it does not overwrite events Then configure the GPa to enable the Shut down the system immediately if unable to log security audits setting.
D. Create a Group Policy object (GPO) that applies to the servers Configure the GPO to enable auditing for object access Set up the individual objects to be audited in Windows Explorer Configure the security event log so that it does not overwrite events. Then configure the GPa to enable the Shut down the system immedlately If unable to log security audits setting.
73.You are the administrator of your company's network The network consists of one Windows 2000 domain that has organizational units (OUs) as shown in the exhibit (Click the Exhibit button)
All domain controllers in the domain are in OU1. Resources for two separate office buildings are in OU2 and OU3. Nonadministrative users, groups, and computers are in OU4 and OU5 Administrative users, computers, and resources are in OU6.
You are designing a domain-wide security policy.
You want to accomplish the following goals:
· The same password and account lockout policies will be applied to all users.
· Different security settings will be applied to administrative and
· nonadministrative computers Strict audit policies will be enforced for only domain controllers and servers.
· The number of Group Policy object (GPO) links will be minimized
You take the following actions:
· Create a single GPO.
· Create one security template that has all required settings .
· Import the security template into the GPO
· Link the GPO to the domain.
Which result or results do these actions produce? (Choose all that apply)
A. The same password and account lockout policies are applied to all users
B. Different security settings are applied to administrative and nonadministrative computers
C. Strict audit policies are enforced for only domain controllers and servers
D. The number of GPO links is minimized
74. You are the administrator of a Windows 2000 network. Your network has one domain named parnellaerospace.com The parnellaerospace.com domain supports 8 ,000 users at three locations The network has three sites connected by T1 lines, as shown in the exhibit (Click the Exhibit button )
The West site has 2,500 users; the East site has 3,000 users; and the Central site has 2,500 users Each site contains a global catalog server. The global catalog server in the West site is named LAX01-GC. The global catalog server in the Central site is named TUL01-GC. The global catalog server in the East site is named NYC01-GC.
You want users located in the West site to query TUL01-GC if the West site global catalog server is offline.
What should you do?
A. Create a new subnet, assign it to the West site, and move TULO 1-GC to the West site
B. Configure the site link betv\leen the Central site and the West site to have a lower cost than the site link between the West site and the East site
C. Add a global catalog server to the Central site that has an IP address in the West site subnet
D. Configure TUL01-GC as a preferred bridgehead server
E. Set the query policy on LAXO 1-GC to the default query policy
75. You are the administrator of a Windows 2000 network named contoso.com Your network is configured as shown in the exhibit (Click the Exhibit button)
Your company plans to open a new office in Dallas Members of your IT staff will be on-site in Dallas next week to install the new 10 1 3.0/24 network You want to prepare the network in advance so that when the IT staff installs a new domain controller, it will automatically join the appropriate site.
What should you do?
A. Delete the Default-First-Site-Name object in Active Directory Sites and Services
B. Create a new subnet for the Dallas network Create a new site and associate the new subnet with the new site .
C. In the Domain Controller OU, create a computer account that has the name of the new domain controller.
D. Use RIS to prestage the new domain controller.
E. Copy the installation source files to the new domain controller. Create an unattended install file with an automated DCPromo.bat file
76. You are the administrator of a large Windows 2000 network. You have three domains named adatumcom, us.adatum.com, and eur.adatum.com. Eric has recently been hired to assist you with network administration. You want him to be able to manage user accounts, back up servers, and configure services on all workstations and servers only in the eur.adatum.com domain.
What should you do?
A. Add Eric to the Enterprise Admins group and delegate control only at the adatum.com domain
B. Move Eric's user account to the Domain Controllers organizational unit (OU) in eur.adatum.com.
C. Add Eric's user account to the Domain Admins group in eur.adatum.com
D. Add Eric's user account to the Server aperators and Account aperators group in eur.adatum.com.
77. You create an organizational unit (OU) structure for the blueskyairlines.com domain. You want to delegate administrative control of user objects on your Windows 2000 network
The User OU is a child of the Research OU. You create a group named Research User Admin that includes users who have permissions to create and manage the workstations in the Workstation OU. The Research User Admin group has Full Control permission on the Research OU. You want user accounts to be created only in the User OU.
Which three actions should you take? (Choose three)
A. Grant Full Control permission to the Research User Admin group on the User OU for computer objects.
B. Remove the Research User Admin group from the Research OU ACL.
C. Grant Create Contact objects permission on the User OU.
D. Disable inheritance of permissions from the Research OU to the User OU
E. Deny Create User objects permission on the Research OU.
F. Grant Read and Write permissions to the blueskyairlines.com domain
Q Answer Explanation
1 B
2 A,B
3 A,B
4 A
5 B,C,F
6 C
7 D,E
8 B
9 D you have to ASSIGN PERMISSIONS for them to be able to RESET PASSWORDS! without the permissions they can't do jack squat! (C??)
10 F
11 D
12 C
13 A
14 C
15 D
16 C
17 A
18 D
19 A,B,C
20 A,B
21 A
22 D
23 C,E
24 A
25 D
26 Select & Drag The Secpol1 To All Locations
27 C
28 D
29 A
30 A
31 A,B,C,D, No Override is specified on the GPO link atthe top level - Main OU. Therefore, no GPO below it can be modified. That excludes answers B & C. My answers = A, D, E
32 C
33 B GPO disables ICS; and the Read and Apply Group Policy permissions apply that policy to Andrew, who is the only one authorized to have Internet access. My answer - C.
34 A,B,
35 Select & Drag The Gpdesktop To The Middle Position Of Contoso.Com Domain, Drag Gpscript To The Second Positon Of The West.Contoso.Com Domain
36 A
37 C
38 A,C document files are not Active Directory objects, so no A. Process Tracking is used for application developers. My answer - B, D.
39 B
40 A
41 D
42 E
43 B
44 A
45 A,D
46 C,E
47 D
48 C
49 A,D,E
50 A
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77