exam = 70-216
This is in TranDump format so anybody using TranDump can cut and paste it for
use.
The answers are correct but I didn't include explanations. You should make sure
you understand WHY the answers are correct.
1.Your network has 3 Win2000 WINS servers. How would you manually compact the
WINS database on one of the WINS servers?
A.Use the Compact command from the command line and specify the sysvol/wins
folder
B.Stop the Server's WINS Server. Use the jetpack command line tool to compact
the WINS database. Restart the server's WINS Server
C.Stop the Server's WINS Server. Use the Compact command from the command line.
Restart the Server's WINS Server
D.Backup the WINS Database. Use the jetpack command line tool to compact the
WINS database. Do an authoritative restore of the backup
Ans: B
2.You configure your windows 2000 Server to route all network traffic on your
Intranet. Users on both segments need access to files on the other segment.
You install and start IIS Web Service on the server. Users on both segments
report they cannot access the Web service. What must you do?
A. Disable all TCP/IP port filters
B. Stop and restart the web service
C. Use the Add Route command
D. Use IPCONFIG command
Ans: A
3.Your company policy is to allow only Administrators in your Houston office to
install and user Network Monitor. You have been informed that Admins in New
York are installing and using Network Monitor. After you install Network
Monitor, what should you do to monitor how many copies of Network Monitor are
currently running? (Choose two)
A. On the Tools Menu in Net Monitor select Identify Network Monitor Users
B. Install Network Monitor on a computer on the second segment
c. Remove the default Remote Access Policy
D. Remove the "access Network Monitor" permission for Domain Admins
Ans: AB
4. Your network has 1900 hosts and requires Internet connectivity. Your network
is not routed except for the connect to the Internet. You have been assigned
the following eight network addresses from your ISP:
192.24.32.0/24
192.24.33.0/24
192.24.34.0/24
192.24.35.0/24
192.24.36.0/24
192.24.37.0/24
192.24.38.0/24
192.24.39.0/24
Your goal is to minimize the complexity of the routing tables while maintaining
Internet connectivity for all hosts. What subnet mask should you use?
A.255.255.252.0
B.255.255.248.0
C.255.255.255.248
D.255.255.240.0
Ans: B
5. On your Windows 2000 server, you install Client Services for Netware and
NWLink with the default settings. How should you configure your Windows 2000
server to connect to all Netware servers, regardless of their versions?
A.Set the adapter to frame type 203.2
B.Set the adapter to Manual Frame Type Detection and add the frame type of each
Netware server
C.Edit the registry to allow all frame types
D.You can only connect to one type of Netware server at a time so this cannot
be accomplished
Ans: B
6. You are planning to migrate your 100 network computers from IPX to TCP/IP
and connect with the Internet. Your ISP assigns the address 192.168.16.9/24 to
your network. You require 10 subnets with at least 10 hosts
per subnet. What subnet mask should you use?
A. 255.255.255.224
B. 255.255.255.192
C. 255.255.255.240
D. 255.255.255.248
Ans:C
7. Your network consists of Windows 2000 server computers, 2000 Professional
computers and one Netware server. Admins must have complete access
to the Sys volume on the Netware server. All other users should
have read access only. What should you do to configure the appropriate access to
the Netware server? (Choose two)
A.Create an NT Gateway group on the 2000 server
B.Add the NT Gateway User Account to the NTGateway Group on the Netware Server
C.Grant Full Control permission to Admins and Read permission to users on the
Windows2000 Server
D.Grant Full Control Permission to Admins and Read permission for users on the
Netware Server
Ans: BC
8. Your network has two Win2000 based WINS servers. How should you configure
the network to automatically
backup the WINS database of both WINS servers?
A.Use the backup command and backup the Wins.db database
B.Configure the General properties of the WINS server to specify a default
backup path in the WINS console on both WINS servers
C.Backup the sysvol folder on both servers
D.Use the file replication service and replicate the WINS database to a secure
location
Ans: B
9. Your network contains 12 WIN2000 servers and 100 Wins2000 Professional
computers across 4 subnets connected by a router.
The servers are used to serve file and print resources to the clients. You
install the WINS Server service on a server on one subnet. You configure the
WINS option
in a DHCP scope to configure all of the computers on the network to register
with and query the WINS
server for NetBIOS name resolution. Users on the remote subnets report that
they cannot access resources located on the WINS server by
using its Netbios name. Other TCP/IP connectivity is not affected. Users
located on the same subnet as the WINS server are not having any problems.
What should you do?
A.Install a WINS proxy agent on the remote subnets
B.Enable Dynamic Updates on the WINS server
C.Configure the remote clients to use DNS for Netbios name resolution
D.Configure the WINS server to include its own IP address as a WINS client
computer
Ans: D
10. You use a computer running Win2000 server and the DHCP Server service to
create a DHCP scope with a lease length of 15 days and a subnet mask of 21
bits.
You now want to change the configuration for the scope to have an unlimited
lease and
a subnet mask of 28 bits. How would you do this?
A.Delete the scope. Use the new scope wizard to create a new scope with a
subnet mask of 28bits and an unlimited lease. Activate the scope
B.Right click on the scope in DHCP and select properties. Edit the properties
of the scope and change the subnet mask to 28bits and
the lease to unlimited
C.Delete the scope. Use the new scope wizard to create a new scope with a
subnet mask of 28 bits. Edit the properties of the new
scope to set an unlimited lease. Activate the new scope.
D.Disable the scope. Edit the properties of the scope and change the subnet
mask to 28 bits and an unlimited lease. Enable the scope.
Ans: C
11. Admins of your Sales OU want to be able to manage EFS for their users.
These admins are all in a group named SalesAdmin which has full administrative
privileges to the OU.
You install an Enterprise Certificate Authority for use by the entire company.
However, the admins of the Sales OU notify you that they are unable to create a
Group Policy
that allows them to manage EFS for their OU. What should you do? (choose two)
A.Grant the enroll permission to the SalesAdmin group for the Recovery
Certificate Template
B.Add the SalesAdmin group's certificate to the CA's RCL
C.Add a new policy setting for an EFS Recovery Agent certificate in the
Certification Authority console for the CA
D.Install a Enterprise Subordinate CA on one of the computers in the Sales OU
Ans: AC
12. Your network consists of 90 client computers and 50 portable computers.
Computers in your network only run Win2000 Professional. Only 20 of the users
of the
portable computers will ever be in the office at the same time. You have a
subnetted Class B
subnet with a 25 bit mask for your network. All users need access to the
Internet while in the office.
How should you configure DHCP?
A. Create 2 scopes, one for the desktop computers and one for the portables.
B. Create a superscope with 2 scopes. One scope for the desktops and one for
the portables.
C. Create a superscope with 2 user classes. Set each class with a different
lease duration. Use a shorter lease for the portable computers
D. Create one scope with 2 user classes. Set the class for the desktops with a
default lease duration. Set the lease duration for the class for the portables
to 1 day.
Ans: D
13. You install the Win2000 DHCP server service on a member server in your
Win2000 domain. The domain contains only Win2000 Professional computers.
The DHCP server is located on the same network segment as the Win2000
Professional computers.
You create and activate a DHCP scope for the network segment. The win2000 Pro
computers are configured as DHCP client computers but they do not receive
IP addresses. What should you do so that each DHCP client receives an IP
address?
A.Stop and restart the DHCP server service
B.Authorize the DHCP server in Active Directory
C.Install a DHCP relay agent on one of the Win2000 Professional computers
D.Run "registerDNS" on the DHCP server
Ans: B
14. Your network consists of three network segments connected by a router. You
install the DHCP server service on a Win2000 server.
You create scopes for each subnet's range of addresses and activate the scopes.
Users from the second and third subnets report they cannot connect
to the network. Users on the first subnet have no problems. You check and find
that the computers on segments 2 and 3
are not receiving TCP/IP information from the DHCP server. What should you do?
A.Manually configure the IP address for the DHCP server on each client on
subnets 2 and 3
B.Enable dynamic updates on the DHCP server
C.Install a DHCP Relay Agent on a computer on segment 2 and 3
D.None of the above
Ans: C
15. All client computers in your domain are Win98 or Win2000. Win2000 users run
an Internet application that accesses files
on a WinNT computer. None of your Win2000 computers can connect to this NT
computer. But the NT computer can connect to the Win2000 computers.
What should you do?
A.On the NT computer run "registerDNS" command
B.On the DHCP server select Enable Updates for DNS Clients That Do Not Support
Dynamic Update checkbox
C.On the DNS server select Enable Updates for DNS Clients That Do Not Support
Dynamic Update checkbox
D.Run "Ipconfig /flushdns" on all of the Win2000 computers
Ans: B
16. Your network consists of two Win2000 Servers and 75 Win2000 Professional
desktops. One
server is a DHCP server which provides TCP/IP configuration to all of the
Win2000 Pro computers.
You have a global group configured for your helpdesk personnel. You want to
allow your help desk support personnel
to have only Read access to the DHCP console and the DHCP lease information.
What should you do?
A.Give the helpdesk global group NTFS read only permission to the
%root%/sysvol/DHCP folder
B.Add the helpdesk global group to the DHCP Admins group
C.Add the helpdesk global group to the DHCP users group
D.Add the helpdesk global group to the local admins group on the DHCP server
Ans:C
17. Your network consists of two Win2000 servers and 50 Win2000 Pro desktops.
You configure DHCP server to automatically update your DNS server's forward and
reverse
lookup zone files with the clients' DHCP information. In the reverse lookup
zone
some of the client computers do not have PTR records. What should you do?
A.Configure the DHCP server to always update DNS, even if a client computer
does not request it
B.Enable Dynamic Updates on the DNS server
C.Add the DHCP server to the DHCPProxyUpdate list
D.Configure the DHCP clients by putting a check mark in the "Update
DNS" box on the TCP/IP properties Advanced tab.
Ans: A
18. Your network consists of a single Win2000 domain and uses TCP/IP. You use
DHCP to assign addresses to your Win2000 Pro client computers.
You add several new Win 2000 Pro clients to your network. Users report that
occasionally they cannot access network resources located on servers but
workgroup
resources are sometimes available. The TCP/IP configuration of one of the
computers that is having problems shows the IP address of 169.254.0.16. What
should you do?
A.Add more IP addresses to the existing DHCP scope to include enough for all
client computers
B.Authorize DHCP in Active Directory
C.Create a new scope to include the new clients
D.change the problem clients to use H mode for netbios.
Ans: A
19.You install Certificate Services on two computers running Windows 2000
Server. CertRoot is an Enterprise Root Certificate Authority.
CertSub is an Enterprise Subordinate CA. You have two domains: sycom.com and
support.sycom.com. You add a new domain, tech.sycom.com.
You attempt to issue a certificate from CertSub for a user account in
tech.sycom.com. The Event Viewer shows the CA was unable to publish a
certificate
for tech.sycom.com\DC DC is a domain controller for tech.sycom.com. What is the
most likely reason you receive this error message?
A. DC (tech.sycom.com domain controller) is offline
B. You are not a member of the Certificate Administrators for tech.sycom.com
C. CertSub is not a member of the group "tech.sycom.com\Cert
Publishers"
D. The Enterprise CA is offline
Ans:C
20. All client computers in your domain use DHCP for TCP/IP configuration.
Your network admin installs a new T1 line and router for Internet access. This
router is to be used
by administrative staff only. You want to configure the administrative staffs'
client computers to use this new router, and ensure that non-administrative
staff
cannot gain Internet access through this new router. You must ensure that each
targeted client computer will only need to be configured once. What should you
do?
A. Remove the default Remote Access Policy
B. Set permissions on the Remote Access Policy to "No access" for the
Authenticated Users group
C. Use the route add -d command and map the new router information on each of
the administrative
client computers
D. Use the route add -p command on each of the administrative computers and
enter the new router information
Ans: D
21. Your network consists of two locations containing a Win2000 Server and 45
Win2000 Professional computers.
The two servers are Win2000-based routers. Although the two routers are not
connected directly to each other, they
are connected by a third router. This third router is administered by a
different company. Users in both
locations want to provide multicast based datacasting of information to the
other site. You add the
Internet Group Management Protocol (IGMP) to both servers. However, the third
router does not support multicast
forwarding or routing. How should you configure the network to allow IP
multicast traffic to pass between the two
locations? (choose three)
A. Create an IP-in-IP interface between the servers
B. Assign the interface to the IGMP routing protocol
C. Run the interface in IGMP proxy mode
D. Run the interface in IGMP point to point mode
E. Create a point to point interface between the servers
Ans: ABC
22. Your network is connected to the company network via a Win2000 Routing and
Remote Access two-way
demand-dial connection over ISDN. The ISDN link must only be used once each day
to transfer sales information to or from the main office
during non-business hours. Several times a day, an ISDN link is initiated
between the networks. You analyze the traffic and
discover that it is composed of router announcement broadcasts. What should you
do to prevent the link from being used during business hours? (Choose two)
A. Schedule the demand-dial interface to dial only during business hours
B. Set the Remote Access Policy to only allow connections during business hours
C. Create a demand-dial filter on the interface
D. Set a TCP/IP filter on the interface to prevent broadcast messages from
passing
Ans: AC
23. Your network has one primary internal and external DNS server. It has
secondary DNS servers that transfer zone information
from the primary external DNS server. The secondary DNS servers are installed
on two Win2000 Server computers and one WinNT4.0 server computer.
The primary external DNS server has only a limited number of resource records
in its zone file, and is used to host records for your company's
Web and mail servers. The Web server and the mail server have static IP
addresses. When you monitor the secondary DNS servers
using System Monitor, you notice a high number of hits when monitoring the
counter DNS:Zone Transfer SOA Requests Sent. How
should you minimize the bandwidth that is required for this traffic. (Choose all
that apply)
A. Configure the notify list on the primary external DNS server to notify the
secondary DNS servers when there are changes to be replicated.
B. Change the interval that the secondary DNS servers use to request updates
from the primary DNS server.
C. Increase the value of the Refresh interval in the SOA record
D. Decrease the value of the Refresh interval in the SOA record
E. Configure the notify list on the secondary DNS servers to only show the
primary DNS server.
Ans: AC
24. You have three Win2000 domain controllers in a single domain. Your primary
DNS server is installed
on a domain controller named dc1.sycom.com. You have two secondary DNS servers
installed on member servers named srv1.sycom.com
and srv2.sycom.com. You want to increase4 fault tolerance for your DNS
infrastructure. You also want to optimize and
simplify replication and zone transfer management on your network. What should
you do? (choose all that apply)
A. Remove the DNS service from the member servers
B. Install DNS on at least 2 more domain controllers.
C. Convert the zone to an Active Directory integrated zone.
D. Promote one of the secondary DNS servers to a primary server and have it
host a new zone.
E. Configure secure updates for your zone transfers
Ans. ABC
25. You configure DHCP to dynamically update the PTR records for clients who
lease IP addresses
from the server. From where is the domain name used in the PTR record obtained?
A. From the DHCPDISCOVER message
B. From the DHCPOFFER message
C. From the DHCPACK message
D. From the DHCPREQUEST message
Ans: D
26. Your network consists of one Win2000 domain named sycom.local. You want to
ensure that internal
name resolution traffic never passes outside the network. External name request
must be handled by an external DNS server.
What should you do?
A. Copy the systemroot\system32\dns\samples\cache.dns file to the
systemroot\system32\dns\cache.dns file
B. delete the root zone for your local namespace and configure all internal DNS
servers to forward name resolution
requests to the external DNS server
C. Install a caching DNS server on the DMZ.
D. Delete the sycom.local.dns file from the systemroot\system32\dns folder and
configure all DNS servers to
perform only iterative name resolution
Ans: B
27. Your internal DNS server is located behind a firewall. When you test this
DNS server
it passes the simple test but fails the recursive test. How do you resolve
this?
A. Configure your DNS as a caching only server
B. Copy the systemroot\system32\dns\samples\cache.dns file to the
systemroot\system32\dns\cache.dns file
C. Create an Active Directory integrated zone
D. Configure your primary DNS server to only secure zone updates
Ans: B
28. Your network consists of computers running Win2000 server, Win2000
Professional, Win95 and OS\2 with Lan Manager 2.2c. All are on the
same subnet. You want applications on the OS/2 client that use NetBIOS names to
be able to resolve
the NetBIOS names to IP Addresses from a WINS database. You install WINS on one
of the Win2000 servers.
What else should you do to enable the applications on the OS/2 computer to
resolve NetBIOS names to IP addresses
from the WINS database?
A. Configure one of the Win2000 Professional computers as a WINS Proxy Agent
B. Add static mappings for the OS/2 computer in the WINS database
C. Configure the OS/2 computer as a WINS Client
D. Configure the OS/2 computer with a static IP address and add a PTR record in
the DNS database
Ans: A
29. Your network consists of one Win2000 Domain. All servers and clients are
running Win2000. You have configured your DNS standard primary zone to include
the addresses of all of your servers.
After adding new member servers to your network, users report that they can
find these servers in the directory
but cannot access them. What should you do?
A. Set the "Allow Dynamic Updates" setting for the DNS standard
primary zone to "Yes"
B. Add reservations for the new servers on the DHCP server
C. Create mapping for the new servers in the WINS database
D. Configure the new servers as DHCP Proxy servers
Ans: A
30. Your WIn2000 network has 3 subnets, A, B, and C. A is at the corporate
headquarters.
B is used to connect a router at the HQ office to a router at the remote
office. C is the subnet for the
remote office. You use two Win2000 servers as routers: RouterAB connects
SubnetA and SubnetB. RouterBC
connects subnetB and subnetC. You configure RouterAB and RouterBC to use
demand-dial connections.
What two steps must you take to allow a client commuter on SubnetC to access a
share on a client on SubnetA? (choose two)
A. Configure TCP/IP filter on the RouterAB demand-dial interface
B. Configure a static route for SubnetA on the demand-dial interface of
RouterBC
C. Configure a static route for SubnetB on the demand-dial interface of
RouterAB
D. Configure TCP/IP filter on the RouterBC demand-dial interface
Ans: BC
31. Your DNS Server runs on Win2000 server and provides name resolution within
your Internet Domain.
You have 5 Web servers to handle company information and client reservations.
Each Web server is configured to maintain
exactly the same content as all the other Web servers. All the Web servers
respond to the same host name.
Customers are complaining about response times from your Web server. After
monitoring your Web servers
you discover that four of the servers are idle. In the DNS Management console,
what should you do to ensure
load balancing and improve response times. (Choose two)
A. Assign a different IP address for each web server
B. Verify that A (host) records have been created for each Web Server
C. Configure a secondary DNS server to take some of the burden off of the
primary DNS server
D. Enable Round Robin in the DNS server's properties
Ans: BD
32. You are configuring a Win2000 network for dial-up access. Your company
issues smart cards to all users who have dial-up
access. What should you do to configure your Routing and Remote Access server?
(Choose all that apply)
A. Select the IPSec Protocol check box.
B. Configure the RRAS server to use SLIP for dial-in
C. Select the Extensible Authentication Protocol (EAP) check box
D. Install a smart card logon certificate on the RRAS server
Ans: CD
33. Your domain has a Win2000 member server computer named Srv1. Routing and
Remote Access and CHAP
are enabled for remote access on Srv1. You have also configured the appropriate
remote access policy to use CHAP.
However, users who require CHAP report that they are not able to dial into
SRV1. What should you do?
A. Configure SRV1 to disable LCP extensions
B. Configure clients to use MSCHAP for dialin
C. Configure SRV1 to use SPAP for dialin
D. Disable "Mutual authentication" on SRV1
Ans: A
34. You are configuring your users' portable computers to allow users to
connect to the company
network by using Routing and Remote Access. You test the portable computers on
the LAN and verify that they
can successfully connect to resources on the network by name. When you test the
connection through
RRAS all of the computers can successfully connect but they cannot access files
on computers which are on different segments by
using the computer names. What should you do to resolve this problem?
A. Configure TCP/IP filters on the RRAS server to allow TCP/IP traffic to pass
B. Install the DHCP Relay Agent on the RRAS server
C. Configure the RRAS server with a static IP address
D. Create A (Host) record for the RRAS server in DNS
Ans: B
35. Your domain has a WIn2000 member server named London and a DHCP server.
RRAS is enabled for remote access
on London. The domain is in native mode. Users in the domain dial in to the
network on Win2000 Professional
laptops. Dial-up connection configuration for the Win2000 Pro computers is set
to obtain an IP address
automatically. You do not want to change this configuration. You want to
designate a fixed IP address
for each dial-in user. Each individual user should receive the same IP address
when he dials in but
but each user must get a unique IP address. How would you configure this?
A. Configure each laptop with a specific static IP address
B. Create a user class for the laptops and exclude these IP addresses from the
DHCP scope
C. In Active Directory Users and Computers, assign a static IP address for each
user
D. Create a separate subnet for the laptops and configure DHCP to issue IP
addresses for this subnet only to the laptops
Ans: C
36. You configure your remote access server to allow DHCP to assign addresses
and configurations
to the client computers. Users report that they cannot access network resources
by using the server name or by searching Active Directory. You discover that
when you connect to the remote access
server your client computer is receiving an IP address but none of the DHCP
options. What should you do to resolve this?
A. Configure the RRAS server to act as a DHCP Relay Agent
B. Create a static mapping for the RRAS internal interface to the DHCP server
C. Enable TCP/IP filtering on the external interface of the RRAS Server
D. Install a DHCP Relay Agent on the DHCP server
Ans: A
37. Your domain is running in mixed mode. RRAS is enabled for remote access on
Srv1.
The domain also has a WinNT4.0 member server named Srv2. Srv2 is running Remote
Access Service.
Users in the domain use Win2000 Professional computers to dial in to the
network through Srv1 or Srv2.
However Srv2 is not able to validate remote access credentials of domain
accounts. How
would you configure the network to enable Srv2 to validate remote access domain
users?
A. Add the Everyone group to the RRAS access group
B. Configure srv2 as a DHCP relay agent
C. Configure Srv1 to use MSChap for authentication and Srv2 to use Chap
D. Add the Everyone group to the Pre-Windows 2000 Compatible Access group
Ans: D
38. You have Macintosh users who inform you that they cannot request valid user
certificates from your Enterprise Certificate Authority. What should you do to
allow these users to request certificates by using Web based enrollment?
A. In the Internet Information Services (IIS) console, access the properties
for the CertSrv virtual directory. On the Directory Security tab, set the
authentication type to "Basic Authentication."
B. In the Internet Information Services console, access the properties for the
CertSrv virtual directory. On the Directory Security tab, set the
authentication type to "Encrypted Authentication."
C. Install an Enterprise Subordinate Certificate Authority that uses a
commercial CA as a parent.
D. Delete the CA, install File and Print sharing for Macintosh, Reinstall the
CA.
Ans: A
39. You are the administrator of a Web server hosted on the Internet that runs
on a Win2000 Server. You want to download ActiveX controls automatically to
your customers' internet browsers. The default security settings on your
customers' browsers prevent this. What should you do to automate the
downloading of your ActiveX controls?
A. Install an Enterprise CA on one of your domain controllers and have it issue
a certificate for code signing.
B. Install an Enterprise Subordinate CA that uses a commercial CA as the
parent. Create a policy on the Subordinate CA that allows the Web developers to
request a certificate for code signing.
C. Install an Enterprise CA on one of your domain controllers. Install an
Enterprise Subordinate CA on one of your member servers. Issue code signing
certificates to your Web developers.
D. Configure your Web server to request code signing certificates from a
commercial CA such as Verisign.
Ans: B
40. You configure a Win2000 Server as the DNS server for your network. You
create both standard primary forward lookup and reverse lookup zones. When you
use the NSLOOKUP utility, you cannot resolve host names from IP addresses on
your network. When you run TRACERT.EXE you receive the message: "Unable to
resolve target system name." What should you do?
A. Configure the DNS to forward requests to an external DNS
B. Install a WINS server and configure DHCP to issue the IP address of the WINS
server to all DHCP clients
C. Create PTR (pointer) records in your reverse lookup zone
D. Copy the systemroot\system32\dns\cache\samples\cache.dns to
systemroot\system32\dns\cache\cache.dns
Ans: C