name = MimeX, Updated Compilation

exam = 70-217

All i have done is fo through all the dumps. compiled them around. and formatted for use of trandumper (very useful, you can get it from this site under tools in the main page)

ive changed the answers of those who gave convincing reasons why the answer is correct.

(i have yet to start studying, i wil post later with my corrections and book refs)

Here ya go.

Compilation_1-77 (updated) also formatted for Trandumper

By MimeX

 

1. You are the admin of a win2k Network. Your network's organizational

unit (OU) structure is shown in the exhibit

You grand Create Users Objects permission to Anita for the Executive OU,

but she is unable to create users objects in the Users OU. Anita is able

to create users objects in the Workstation OU.

What should you do to enable Anita to create users objects in the Users

OU?

A. Clear the Allow inheritable permissions from parent to propagate to

this object check box in the Executive OU properties.

B. Select the Allow inheritable permissions from parent to propagate to

this object check box in the Users OU properties.

C. Add Anita to the Server Operators group. D. Move the Users OU to the

same level as the Executive OU

Answer:B

2. You add a new domain controller named GC01 to your network to take the

place of the existing global catalog server. You also enable GC01 as a

global catalog. You want to use GC00, the original server, as a domain

controller, but not as a GC server for the domain.

You want to increase disk space on GC00.

What should you do? (Choose all that apply)

A. Use the Active Directory Sites and Services. Select the NTDS settings

object for the GC00 Server to clear the Global Catalog check box.

B. On the GC00 server, run the Ntdsutil utility to defragment Active

Directory.

C. On the GC00 server, reinstall Win2k

D. On the GC01 server, run the Ntdsutil utility to enable the global

catalog server option.

Answer:A,B

3. You add three new SCSI hard disk drives to your company’s domain

controller. The SCSI disks are configured in a hardware RAID-5 array. You

have two other physical disks in this domain controller. You want to

optimize the speed of the Active Directory database.

What can you do? (Choose Two)

A. Move the Ntds.dit file to the RAID-5 array.

B. Move the log files to a separate physical disk from the OS

C. Move the log files and the Ntds.dit file to the RAID-5 array.

D. Move the netlogon share to the RAID-5 array.

E. Create a mirror volume and place the log files on the mirror.

Answer:A,B

4. You are the administrator of the Arbor Shoes company network. There is

one domain named arborshoes.com. The domain contains three sites named

Geneva, Milwaukee, and Portland. Each site has two domain controllers from

the arborshoes.com domain. Geneva and Portland each have 1,000 users.

Milwaukee has 500 users.

There are two IP site links: Geneva_Portland and Milwaukee_Portland. You

want to add another domain controller in each site to handle all

replication from eachsite.

What should you do?

A. Configure each new domain controller to be the IP preferred bridgehead

server for its site.

B. Create a connection object from each domain controller in each site to

the new domain controller in each site.

C. Create a new site link that has a lower cost that the existing site

links.

D. Delete the existing connection objects in each site and manually start

the KCC

Answer:A

5. You are the LAN admin for Arbor Shoes. You hire Sophie to be a LAN

administrator for the Dublin office. Arbor Shoes has one domain named

arborshoes.com. Each office has its own OU. Sophie needs to be able to

create child OUs under only ou-Dublin,dc=arborshoes, dc=com and verify the

existence of the created OUs.

Which permissions should you assign to Sophie on the Dublin OU? (Choose

THREE)

A. FC

B. List Contents

C. Create OU objects

D. Create All Child Objects

E. Write

F. Read

Answer:B,C,F

6. You are the administrator for Trey Research and A. Datum Corporation.

You manage a multidomain wind2k network of 5,000 users for the two

companies. The network is configured as shown in the exhibit:

The two companies have a total of six departments. Each department is an

OU in AD. Each Domain and OU has specific Group Policy settings that must

applied to all of its members. Your company is reorganizing all six

departments. Some, but not all, of the users in each OU have moved. Many

users have changed departments, and some have changed domains.

You want to accomplish the following goals in the least possible amount of

time.

Place the users account in the appropriate domains.

Apply the existing policies for each domain or OU to the moved accounts.

Do not disrupt user access to shared resources.

What should you do?

A. For all users, create new user accounts in the appropriate OUs. Assign

permissions to the accounts to apply the group policy settings, and the

delete the old accounts.

B. Fro the users moving between domains create new user accounts in the

appropriate OUs. Assign permissions to the accounts to apply the Group

Policy settings, and then delete the old accounts. For the users moving

between OUs in the same domain, select the accounts. Then choose MOVE from

the Action menu, targeting the new OU.

C. For the users moving between domains, use the Movetree utility,

specifying the source and target domains and OUs. For the users moving

between OUs in the same domain select the accounts. Then choose MOVE from

the ACTION menu, targeting the new OU.

D. For the users moving between domains, create new user accounts in the

appropriate OUs. Assign permissions to the account to apply the Group

Policy settings, and then delete the old accounts. For the users moving

between Ous in the same domain, select the accounts. Then choose Copy from

the Action menu, entering the appropriate account information for the new

users accounts. Then delete the old accounts.

Answer:C

7. You are the administrator of a win2k network. Your win2k domain

controller has been in operation for one year. During that year, you have

deleted numerous objects. However, the Ntds.dit file is the same size it

was before you deleted any objects. You want to reduce the size of the

Ntds.dit file.

What should you do? (Choose Two)

A. Delete all the log files from the NTDS folder and restart the server.

B. Use the Ntdsutil utility to perform an authoritive restore.

C. Run the Esentutl utility by using the /d switch.

D. Restart the server in directory services restore mode.

E. Use the Ntdsutil utility to compress the database to another drive.

Answer:C,D

ESENTUL /D will do an offline defrag of the directory. To do this you need to be in AD restore mode!

Answer A is bogus!

Answer B is wrong (why would you want to do a restore), unless want to be unemployed!

Answer E seemed correct until I researched

For all of you that have AD setup do a ESENTUTL /?, this will give you all possible options. They took this utility from Exchange (ESEUTIL) and renamed it!

8. You are the administrator of the company network for Arbor Shoes. Arbor

Shoes has three domains: arborshoes.com, na.arborshoes.com, and

sa.arborshoes.com. All the domains are in native mode. You are going to

remove the na.arborshoes.com domain in an effort to consolidate domains.

There are 300 users in na.arborshoes.com. You want to move all 300 users

at the same time to arborshoes.com.

What should you do?

A. At the command prompt, type the following command: Cscropt sidhist.vbs

/srcdc:dc1 /srcdom:na.arborshoes.com /dstdc:dc1/dstdom:arborshoes.com

B. At the command prompt, type the following command: Movetree /start /s

dc1.na.arborshoes.com/d dc1.arborshoes.com/sdn

cn=users,dc=na,dc=arborshoes,dc=com /ddn cn=users, dc=arborshoes, dc=com

C. In MMC, use the copy command in Active Directory Users and Computers

D. In MMC, use the move command in Active Directory Users and Computers

Answer:B

9. You are the enterprise administrator of a windows 2000 domain tree that

has five domains. All domains are in native mode. Each domain has one or

more users who are help desk staff. Each domain has a global group named

Help Desk members that contains the help desk staff from each domain.

There is an OU named Interns in the root domain. You want all help desk

staff to be able to reset passwords of the users in the Inters OU.

What should you do?

A. Create a new global security group named Help Desk Staff in the root

domain. Place the five help desk members groups in the Help Desk staff

group. Place the Help desk staff group in the Reset Interns group. On the

reset Interns group, assign the Reset password permission to the Help Desk

Staff group.

B. Create a new global security group named Help Desk Staff in the root

domain. Place the five help desk staff in the Help Desk Staff group.

Create a new local security group named Reset Interns in the root domain.

Place all users from the Interns OU in the Reset Inters group. On thee

Interns OU, assign the reset Password permission to the Reset Interns

group.

C. Create a new universal security group named Help Desk Staff in the root

domain. Place the five Help Desk members groups in the Help Desk Staff

group. Create a new local security group named reset Inter sin the root

domain. Place the Help Desk Staff group in the Reset Interns group. On the

Interns OU, assign the reset password permission to the Reset Interns

group

D. Create a new universal security group named Help Desk Staff in the root

domain. Place the five Help Desk Members groups in the Help Desk Staff

group. Create a new local security group named reset Interns in the root

domain. Place all users from the Interns OU in the Reset Interns group. On

the reset Interns group, assign the Reset Password permission to the Help

Desk staff group.

Answer:D

10. Your company's Win2k network consists of a single domain. You are the

enterprise admin of the domain. Two administrators named Ann and Bill make

changes to Active directory at approximately the same time at two

different domain controllers named ServerA and ServerB. Ann deletes an

empty OU named Branch1 from ServerA.

Before this deletion is replicated to ServerB, Bill move five existing

users from the Brach2 OU to the Branch1 OU at ServerB. Ten minutes later,

Bill discovers that the Branch1 OU is deleted from Active Directory. You

want to reinstate the configuration that Bill attempted to accomplish.

What should you do?

A. Perform an authoritive restore of the Brach1 OU at ServerA

B. Perform a nonauthoritive restore of the Branch1 OU at ServerA.

C. Perform an authoritive restore of the five users at ServerB

D. At ServerB, move the Branch1 OU from the LostAndFound container to its

original location.

E. At ServerA, create a new Branch OU. Move the five users from the

Branch2 OU to the new Branch1 OU.

F. At ServerB, create a new Branch1 OU. Move the five users from the

LostAndFound container to the new Branch1 OU.

Answer:A

All dumps says the answer is F but my answer is A.

Even though you create OU with same name, the SID will change. The only way to go back to original configuration is authoritative restore

11. You are the admin of your company's network. Your company has two

domains in six sites as shown in the exhibit.

Each site has one or more domain controllers. For fault-tolerance and

load-balancing purposes, on domain controller in each site is configured

as a GC. Users report that, several times a day, network performance and

data transfer for an application located in SiteA are extremely poor. You

want to improve network performance.

What should you do?

A. Configure at least two domain controllers in each site as GC servers.

B. Configure the domain controllers in only one site as GC servers.

C. Create site links between all sites and use the default replication

schedulers

D. Create site links between all sites and set the less frequent

replication schedules.

E. Create connection object between each domain controller. Use RPC as the

transport protocol.

F. Create connection objects between each domain controller. Use SMTP as

the transport protocol.

Answer:D

12. You are the enterprise administrator of a win2k domain named

fabrikam.com. The domain contains three domain controllers named DCA, DCB,

and DCC. DCA does not hold any operations master roles.

You backed up the System state data of DCA two weeks ago. Without warning

the DCA hard disk fails. You decide to replace DCA with a new computer.

You install a new Win22k server computer.

What should you do next?

A. Add the server to the domain. Do an authoritive restore of the original

backup of the original DCA System State data that you made two weeks ago.

B. Add the server to the domain. Use Windows Backup to create a backup of

the DCB System state data, and restore this backup on the new DCA.

C. Use the Active Directory installation wizard to make the new computer a

replica in the domain.

D. Use the Ntdsutil utility to copy the active Directory database from DCB

to the new DCA.

Answer:C

13. You are the administrator of a win2k domain. The domain has two domain

controllers named Server1 and Server2. The volume that contains the Active

Directory database file on Server1 is running out of disk space.

You decide to move the database file to an empty volume on a different

disk on Server1.

What should you do?

A. Restart Server1 in directory services restore mode. Use the Ntdsutil

utility to move the database file to the empty volume.

B. Use windows Backup to create a backup of the System State data of

Server1. Restart Server2 in directory services restore mode. Restore the

system State data to the empty volume.

C. Use the Logical disk Manager console to mount the empty volume in the

folder that contains the Active Directory database file.

D. Stop the NetLogon service on Server1. use Windows Explorer to move

Ntds.dit to the empty volume. Start the NetLogon service again. Force

replication from server2

Answer:A

14. You are the enterprise administrator of a Windows 2000 domain. The

domain has three domain controllers named DC1, DC2, and DC3. Because of

changed hardware requirements, you want to replace the domain controller

named DC1 with a newer computer named DC4. You want DC4 to be a domain

controller in the domain. You no longer want DC1 to function as a domain

controller.

What should you do?

A. Install DC4 as a stand-alone server in a workgroup named WG. Restore a

System State data backup of DC1 on DC4. On DC1, Use the Active Directory

Installation wizard to remove Active Directory from DC1.

B. Install DC4 as a stand-alone server in a workgroup named WG. Disconnect

DC1 from the network. Rename DC4 to DC1. On DC2, force replication of AD

to all its replication partners.

C. Install DC4 as a member server in the domain. On DC4, use the Active

Directory Installation wizard to install Active Directory on DC4. On DC1

use the Active Directory Installation wizard to remove Active Directory

from DC1.

D. Install DC4 as a member server in the domain. On DC1 use the Ntdsutil

to copy the Active Directory files to DC4. Use the Active Directory

Installation wizard to remove Active Directory from DC1.

Answer:C

15. You are the network administrator for your company. Your company’s

main office is in Seattle. Branch offices are in New York, Rome, and

Tokyo. The local administrators at each branch office need to be able to

control local resources.

You want to prevent the local administrators from controlling resources in

the other branch offices. You want only the administrators from the main

office to be allowed to create and manage user accounts. You want to

create an active directory structure to accomplish these goals.

What should you do?

A. Create a domain tree that has a top-level domain for the main office

and a child domain for each branch office. Grant the local administrators

membership in the Domain Admins group in their child domains.

B. Create a domain tree that has a top-level domain for the main office

and a child domain for each branch office. Grant the local administrators

membership in the Enterprise Admins group in the domain tree.

C. Create a single domain. Create a group named Branch Admins. Grant the

local administrators membership in this group. Assign permissions to the

local resources to this group.

D. Create a single domain. Create and OU for each branch office and an

additional OU named CorpUsers. Delegate authority for resource

administration to the local administrators for their own OUs. Delegate

authority to the CorpUsers OU only to the Domain Admins group.

Answer:D

16. You are the administrator of your company's network. Your company has

its main office in Seattle and branch offices in London, Paris, and Rio de

Janeiro. The local admin at each branch office must be able to control

users and local resources.

You want to prevent the local administrators from controlling resources in

branch offices other than their own.

You want to create an Active Directory structure to accomplish these

goals.

What should you do?

A. Create a top-level OU. Delegate control of this OU to administrators at

the main office.

B. Create child OUs for each office. Delegate control of these OUs to

administrators at the main office.

C. Create child OUs for each office. Delegate control of each OU to the

local administrators at each office.

D. Add the local administrators to the Domain Admins group.

E. Create users groups for each office. Grant the local administrators the

appropriate permissions to administer these user groups.

Answer:C

17. You install a windows 2000 Server computer on your network. You

promote the computer to be a domain controller. This computer also

functions as the DNS server for the domain. All client computer are

running win2k Prof. When users attempt to log on they receive an error

message sating that a domain controller cannot be located.

You verify that Active Directory is installed and functional on the

server.

You want to ensure that the domain controller is available for user

logons.

What should you do next?

A. Check DNS for the addition of an appropriate SRV record in the zone.

B. Check DNS for the addition of an appropriate A record in the zone.

C. Check for the presence of an NTDS folder on the domain controller.

D. Check for the presence of a Sysvol folder on the domain controller.

E. On the client computers, create a hosts file that contains the SRV

records for the domain controller.

F. On the client computers, create a Hosts file that contains the A record

for the DC.

Answer:A

18. You are the admin of a win2k network for Miller Textiles. The network

configuration is shown in the exhibit.

The millertextiles.com domain is hosted on Server1 as an AD intergraded

zone, and on Server3 as a secondary zone.

All the client computers on Segment B are win2k Prof PCs. All the client

PCs on Segment A are down level client computers all the client computers

use DHCP. You share some network resources on several of the client

computers on Segment A.

Several days later you attempt to connect to those shared resources from

client computers running on segment B, but you are unable to resolve the

host names of client computers on Segment A.

How should you correct this problem?

A. On the DHCP server, set the DNS Domain Name scope option to

millertextiles.com

B. On Server1 for the millertextiles.com zone, change the value of Allow

Dynamic Updates from the default settings to Yes.

C. Configure the millertextiles.com domain to allow zone transfers to all

the computers on the network.

D. On server2, enable updates for DNS clients that do not support dynamic

updates.

Answer:D

19. You are the admin of the Contoso, Ltd., company network. You are

designing a Win2k domain. Contoso, Ltd., has an Internet presence and owns

contoso.com, a registered domain name. The existing DNS zone is hosted on

WinNT server 4 computers.

You want to accomplish the following goals:

· Internal host names will not be exposed to the Internet.

· Internal users will be able to resolve external names for access to

Internet-based resources.

· Complexity and depth of domain names for Active Directory will be

minimized.

· To comply with management requirements, the existing DNS servers that

host the zone for contoso.com will not be upgraded.

You implement a DNS design as shown in the exhibit:

Which result(s) does your implementation produce? (All that apply)

A. Internal host names will not be exposed to the Internet.

B. Internal users will be able to resolve external names for access to

Internet-based resources

C. Complexity and depth of domain names for Active Directory will be

minimized

D. To comply with management requirements, the existing DNS servers that

host the zone for Contoso.com will not be upgraded

Answer:A,B,C

 

20. You are the administrator of your company's network. The network

consists of one win2k domain that spans multiple subnets. You are

configuring DNS for host name resolution throughout the network.

You want the following goals:

· DNS zone transfer traffic will be minimized on the network.

· Administrative overhead for maintaining DNS zone files will be

minimized.

· Unauthorized host computers will not have records created in the zone.

· All zone updates will come only from authorized DNS servers

· All zone transfer information will be secured as it crosses the network.

 

You take the following actions:

· Create an Active Directory intergraded zone.

· In the Zone Properties dialog box, set the Allow Dynamic Updates option

to Yes.

· On the Name Servers tab of the Zone Properties dialog box, enter the

names and addresses of all DNS servers on the network.

Which result(s) do these actions produce? (Choose all that apply)

A. DNS zone transfer traffic will be minimized on the network.

B. Administrative overhead for maintaining DNS zone files will be

minimized.

C. Unauthorized host computers will not have records created in the zone.

D. All zone updates will come only from authorized DNS servers

E. All zone transfer information will be secured as it crosses the

network.

Answer:A,B,D,E

21. You are the network administrator for Arbor Shoes. Part of your

multisite Windows 2000 network configuration is show in the exhibit.

Server1 is configured with the primary zone for arborshoes.com. Server3

and Server5 are configured with secondary zones for arborshoes.com.

You discover an error in several host records that is preventing client

computers in Atlanta from accessing some shared resources. You make the

necessary corrections on Server1.

You want these changes to be propagated to Atlanta immediately.

What should you do?

A. On the Action menu for the arborshoes.com zone, click Update Server

Data Files.

B. At Server5, perform the Transfer from master action for the

arborshoes.com zone.

C. At Server1, stop and start the DNS server service.

D. At Server5, select Allow zone transfers on the arborshoes.com zone.

Answer:A

22. You are the network administrator for LitWare, Inc. You are

implementing Windows 2000 on your network. Part of your network

configuration is shown in the exhibit.

You have installed Server2 and Server4 as domain controllers for

LitWare.com. You have installed Server1 and Server3 as DNS servers for the

litware.com domain.

Each server has a standard primary zone named litware.com.

You configure the domain to run in native mode. When Server2 attempts to

contact Server4 by name, it cannot establish a connection.

However, you cn ping both Server2 and Server4 from any computer in either

site. You need to be able to resolve names of serves in both sites. You

want the information to be updated regularly.

What should you do?

A. Configure Server1 and Server3 to allow dynamic updates in DNS.

B. Configure Server1 and Server3 to allow zone transfers to any server.

Then configure the DNS notification options to notify each server of

updates.

C. Reinstall Server4 as a member server in the same domain as Server2.

Create a new site, and promote Server4 to a domain controller within the

new site.

D. Re-create the litware.com zone on Server3 as a secondary zone.

Configure Server3 to replicate DNS data from Server1.

Answer:D

23. You are hired by Fabrikam, Inc., to secure its Windows 2000 network.

You use Security Templates to create a custom template and save it as

Securefab.inf

You need to use this template on five domain controllers in the

fabrikam.com domain.

What should you do? (Choose Two)

A. Copy the Securefab.inf file to the Sysvol shared folder on one domain

controller.

B. Create a new security database.

C. Import the Securefab.inf file.

D. Rename Securefab.inf to Ntconfig.pol

E. Create a Group Policy object on the Domain Controller Organizational

Unit.

Answer:C,E

24. You are the administrator for a windows 2000 network. Your network

consists of one domain and two OUs. The OUs are named Corporate and

Accounting. A user recently reported that she was not able to log on to

the domain.

You investigate and find out that the user's account has been deleted. You

have been auditing all objects in active Directory since the domain was

created. But you cannot find a record of the user account deletion.

You want to find a record that identifies the person who deleted the

account.

What should you do?

A. Search the security event logs on each domain controller for account

management events.

B. Search the security event logs on each domain controller for object

access events.

C. Search the Active Directory Users and Computers console on each domain

controller for the user's previous account name.

D. Search the Active Directory Users and Computers console on each domain

controller for the user's computer account.

Answer:A

25. You are the admin of your company's network. The network consists of

one WinNT 4 domain. You create and implement a security policy that is

applied to all windows 2000 Prof. Computers as they are staged and added

to the network.

You want this security policy to be in effect at all times on all client

computers on eth network. However, you find out that administrators

periodically change security settings on computers when they are

troubleshooting or doing maintenance.

You want to automate the security analysis and configuration of client

computers on the network so that you can track changes to security policy

and reapply the original security policy when it is changed.

What should you do?

A. Use Windows NT System Policy to globally configure the security policy

settings on the client computers.

B. Use Windows 2000 Group Policy to globally configure the security policy

settings on the client computers.

C. Use the Security and Configuration Analysis tool on the client

computers to analyze and configure the security policy.

D. Schedule the Secedit command to run on the client computer stop analyze

and configure the security policy.

Answer:D

26. You are the administrator of your company's network. The network

consists of one Windows 2000 domain. The domain contains four

organizational units as shown in the following exhibit:

You want to centralize security policy in your domain. You create the

following three security templates and Group Policy Objects.

1. SecPol1 defines Password, Audit, and User Rights Policies.

2. SecPol2 defines User Desktop policy, File System security, and register

security.

3. SecPol3 defines a High Security User Desktop policy for network

administrators.

You want the GPOs to apply your security policies to users and computers

in the domain. You want to use the fewest assignments possible. Where

possible, you want Group Policy to apply at the OU level for more granular

administrative control. How should you apply security policies?

To answer, click the Select and Place button, and drag A, B, C, and D to

the correct locations. (Note: letters can be used more than once.)

Answer:Select & Drag The Secpol1 To All Locations

27. You edit the Default Domain Controllers Group Policy on the

arborshoes.com domain to required passwords to be at least eight

characters long.

However, users are able to create passwords that do not comply with the

implemented policy. What should you do?

A. Initiate replication to make sure the Group Policy containers and the

Group Policy template (GPT) are replicated.

B. Configure each client computer to have a local Group Policy that

requires password to be at least eight characters long.

C. Edit the Default Domain Group Policy to require password to be at least

eight characters long.

D. Edit the Default Domain Controllers Group Policy to force the password

to meet complexity requirements.

Answer:C

28. You are the windows 2000 network administrator for your company. You

are implementing the company's network security model. You network has

several servers that contain sensitive or confidential information. You

want to configure security auditing on these servers to monitor access to

specific folders. You also want to prevent users from gaining access to

these servers when the security logs become full.

What should you do?

A. Create a GPO that applies to the servers. Configure the GPO to enable

auditing for object access. Set up the individual objects to be audited in

windows Explorer, and then customize the Event Viewer logs to limit the

size of the security log to 1024 kb.

B. Create a GPO that applies to the servers. Configure the GOP to enable

auditing for directory services access. Set up the individual objects to

be audited in Windows Explorer, and then customize the Event Viewer logs

to limit the size of the security log to 1024 KB. Configure the security

event log so that it does not overwrite events.

C. Create a GPO that applies to the servers. Configure the GOP to enable

auditing for directory service access. Set up the individual objects to be

audited in Windows Explorer. Configure the security event log so that it

doesn't not overwrite events. Then configure the GPO to enable the Shut

down the system immediately if enable to log security audits setting.

D. Create a GPO that applies to the servers. Configure the GOP to enable

auditing for object access. Setup the individual objects to be audited in

Windows Explorer. Configure the security event log so that it does not

overwrite events. Then configure the GPO to enable the Shut down the

system immediately if enable to log security audits setting.

Answer:D

29. You are the security analyst for Duluth Mutual Life. You are assessing

the security weaknesses of the company's Windows 2000 network. The network

consists of three sites in one domain. The domain contains three OUs and

11000 users.

There are five domain controllers in the domain. You configure one of the

domain controllers to meet the security requirements of the company. You

need to duplicate those settings on the other four domain controllers.

You want to use the least possible amount of administrative effort.

What should you do?

A. Create a GPO for the domain controllers OU. Configure the GPO settings

to match the settings of the secured domain controller.

B. Open Security Configuration and Analysis on the secured domain

controller. Export the secured domain controller's security configuration

to a template file. Copy the template file to the Sysvol folder on each

domain controller.

C. Create a GPO for the domain. Assign Domain Users Red and Apply Group

Policy permissions. Configure the GPO settings to match the settings of

the secured domain controller.

D. Open Security Configuration and Analysis on the secured domain

controller. Export the secured domain controller's security configuration

information to a template file. Open Security Configuration and Analysis

on the other domain controllers, import the template file, and then select

Analyze Computer Now.

Answer:A

30. You are the administrator of a Windows 2000 network. Recently, your

network security was compromised and confidential data was lost. You are

now implementing a stricter network security policy.

You want to require encrypted TCP/IP communication on your network.

What should you do?

A. Create a GPO for the domain, and configure it to assign the Secure

Server IPSec Policy.

B. Create a GPO for the domain, and configure it to assign the Server

IPSec Policy and to enable Secure channel: Require strong session key.

C. Implement TCP/IP packet filtering, and open only the ports required for

your network services.

D. Edit the local security policies on the servers and client computers,

and enable Digitally sign client and server communications.

Answer:A

31. You are the administrator of your company's network, which consists of

one windows 2000 domain. There is a single top-level OU named Main and

five child OUs. The child OUs are named after the company's five

departments: Finance, Marketing, Sales, HR, and IT.

The accounts for all users and computers in each department are defined in

the OU for that department. All users and computers in the finance,

Marketing, Sales and HR OUs require the same desktop settings. Users and

computers in the IT OU require less restrictive settings.

You want to accomplish the following goals:

· All the assigned Group Policy settings are defined by the administrator

in the Main OU will be applied to all users and computers in the Finance,

Marketing, Sales, and HR OUs.

· Group Policy from the Main OU will not be applied to the IT OU.

· Administrators in the IT OU will be able to change the Group Policy

settings.

· When new child OUs are added to the domain, the Group Policy will be

applied to them automatically.

· Users will not be able to change their Group Policy settings.

You take the following actions:

· Create the GPO, configure the appropriate settings, and link the GPO to

the Main OU.

· In the Group Policy Options dialog box for the Main OU, select the No

Override check box.

· In the Group Policy dialog box for the IT OU, select the Block Policy

inheritance check box.

· Assign the Authenticated Users group Full Control permission to the GPO.

Which result(s) do these actions produce?

A. All the assigned Group Policy settings as defined by the administrator

in the Main OU are applied to all users and computers in the Finance,

Marketing, Sales, and HR OUs.

B. Group Policy from the Main OU is not be applied to the IT OU.

C. Administrators in the IT OU are able to change the Group Policy

settings.

D. When new child OUs are added to the domain, the Group Policy is applied

to them automatically.

E. Users cannot change their Group Policy settings.

Answer:A,D,C

No Override is specified on the GPO link atthe top level -

Main OU. Therefore, no GPO below it can be modified. That excludes answers

B & C. My answers = A, D, E

32. You are using RIS to deploy windows 2000 professional on 1,500

computers. Your network configuration is shown in the exhibit:

You have four RIS servers. You have deployed 100 computers. RIS server1

and RIS server3 are overworked and respond too slowly for the timely

deployment of you r computers.

You need more consistent performance results before you deploy the

remaining computers.

What should you do?

A. Create computer accounts for all the computers. Complete the Managed By

properties for each account.

B. Create one OU for each segment. Add users accounts for all the users to

the appropriate OUs. Specify the appropriate RIS server in the Lon on to

property for each user's account.

C. Create prestaged computer accounts for all the computer. Specify which

RIS server will control each computer.

D. Create one site for each segment. Move two RIS servers to each site.

Answer:C

33. You are the administrator for Arbor Shoes. Part of your network

configuration is shown in the exhibit.

All the computers are running windows 2000 Prof. and are members of the

arborshoes.com domain in the company LAN. All the users are members of the

Power

Users group on their computers. Andrew has dial-up access to the Internet

for a special project he is working on.

You do not want other users to share Andrew's Internet connection and to

have unrestricted Internet Access.

What should you do?

A. Create a high security zone in MS IE.

B. Create a group Policy Object that disables the configuration of

connection sharing. Grant Andrew Read and Apply group Policy permissions

to the GPO.

C. Create a group Policy Object that disables the configuration of

connection sharing. Grant Michel, Laura, and Anita Read and Apply group

Policy permissions to the GPO.

D. Remove the Internet connection from the All Users profile on Andrew's

computer, and then re-create the connection in Andrew's personal profile.

Answer:C

GPO disables ICS; and the Read and Apply Group Policy permissions

apply that policy to Andrew, who is the only one authorized to have

Internet access. My answer - C.

34. You are the admin of a Win2k domain. You want to deploy a new

application named Finance that will be used by all users in the domain.

The vendor of the Finance application supplied a MS install package for

the application.

You decide to deploy the Finance application in two phases. During phase

1, only members of a security group named Finance Pilot will use the

Finance application During Phase 2, all users in the domain will be able

to install the Finance Application.

You want to accomplish the following goals:

· During Phase 1, the Finance application will not be installed

automatically when users log on.

· During Phase 1, users who are members of the Finance Pilot group will be

able to install the app by using a Start menu shortcut.

· During phase 1, users who are not members of the finance Pilot group

will not be able to install the app by using a Start menu shortcut.

· The Finance application will be installed automatically the first time

any user in the domain logs on after phase 2 has begun.

You take the following actions:

· Create a new GPO named Deploy Finance and link the deploy Finance GPO to

the domain.

· Configure the deploy Finance GPO to assign the Finance application to

users.

· For phase 1, create a software category named Finance Pilot. Assign the

Finance application to the Finance Pilot software category.

· For Phase 2, remove the Finance application from the Finance Pilot

software category.

Which result(s) do these actions produce?

A. During Phase 1, the Finance application is not be installed

automatically when users log on.

B. During Phase 1, users who are members of the Finance Pilot group can

install the app by using a Start menu shortcut.

C. During phase 1, users who are not members of the finance Pilot group

cannot install the app by using a Start menu shortcut.

D. The Finance application is installed automatically the first time any

user in the domain logs on after phase 2 has begun.

Answer: A,B

35. You are the enterprise administrator of a Windows 2000 network. The

network has three domains named Contoso.com, west.Contoso.com, and

east.Contoso.com. All three domains are in a site named Boston. All three

domains contain OUs.

You want to implement new desktop policies for all users on the network.

The policies are configured in a Group Policy Object named Gpdesktop.

You also want to implement a logon script for users from the W2 OU. The

logon script policy is configured in a GPO named Gpscript. The users from

the W2 OU always log on to Windows 2000 Professional computers defined in

the W3 OU. You do not want to use Group Policy filtering.

You want to use the fewest GPO assignments possible.

What should you do?

To answer, Click the Select and Place button, and then drag the Gpdesktop

and Gpscript GPOs to the correct locations. (Note: Use each GPO only once)

 

Answer:Select & Drag The Gpdesktop To The Middle Position Of Contoso.Com

Domain, Drag Gpscript To The Second Positon Of The West.Contoso.Com Domain

36. You are the admin of a Win2k network. You are deploying Windows 2000

Prof. To 200 client PCs. A custom configuration is required for each one

of 50 of the client computers.

You are using MSM Server to install various applications on all the client

computers.

You want to use RIS to install Windows 2000 on all the client computers.

What should you do?

A. Create a CD-based RIS image and different answer files for each custom

configuration.

B. Create an RIPrep image for each configuration. Grant Read And Execute

permission to users for the image folder.

C. Install a test client computer for each custom configuration. Use the

Setup manager wizard to create an answer file for each configuration.

D. Use the Setup Manager wizard to create a Sysprep answer file. Use

third-party imaging software to create a separate image for each

configuration.

Answer:B

37. You are the administrator of a windows 2000 domain. The domain has 20

users and a windows 2000 Server computer named Glasgow. Users in the

domain frequently work on different Windows 2000 professional computers.

All Windows 2000 Professional computers are in the domain.

You want to accomplish the following goals:

· All users in the domain will be able to work on all win2k Prof Computers

and have their own predefined desktop settings available on all computers.

· Users will be allowed to make changes to the desktop settings while they

are logged on.

· Changes that users make to the desktop settings will not be saved when

they log off.

What should you do?

A. One each win2k Prof PC, delete the Systemdrive\Documetns and

Settings\Default User folder.

B. On each Windows 2000 Prof PC, rename the

Ssytemroot\System32\Config\Stem file to System.man.

C. Configure a roaming profile for each user in the domain. Use

\\Glasgow\profiles\%username% as the profile path. On the Glasgow server,

rename the ntuser.dat file to ntuser.man for each user.

D. Create a GPO named Delprofile. Assign the Delprofile GPO to the domain.

Configure the Delprofile GPO to delete the local copy of a user’s profile

when the user logs off.

Answer:C

38. You are the network administrator for Just Togs. Your windows 2000

network consists of 15,000 users. Users have recently reported that

documents are missing from the servers. You need to track the actions of

the users to find out who has been deleting the files.

You create a GPO on the justtogs.com domain and assign the appropriate

permissions to the GPO.

What actions should you audit? (Choose TWO)

A. Directory Services access

B. Object access

C. Process tracking

D. Privileged use

E. Delete and Delete subfolders and files

Answer:B,E

document files are not Active Directory objects, so no A. Process

Tracking is used for application developers. My answer - B, D.

39. You are the administrator of a Windows 2000 domain. To control the

desktop environment of users in the domain, you use a script file named

Desktop.vbs to change settings in the current user profile. This script

file is deployed as a login script for all users in the domain. The

Desktop.vbs script usually takes 15 seconds to complete its work.

You want to ensure that each user's desktop appears only aft the

Desktop.vbs script is completed.

What should you do?

A. For all users in the domain, set the logon script in the user profile

to Desktop.vbs.

B. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the

GPO as a logon script. Configure the GPO to run logon scripts

synchronously.

C. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the

GPO as a logon script. Configure the GPO to set a maximum wait time of 15

seconds for Group Policy scripts.

D. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the

GPO as a logon script. Configure the GPO to set a timeout of 15 seconds

for logon dialog boxes.

Answer:B

40. You are the administrator of a Windows 2000 domain named

arborshoes.com. You install RIS on the server. You are using RIS to

install 35 new client computers.

When you start a test client computer, the Client Installation wizard does

not appear. You are using network adapter cards that are not PXE

compliant.

You want to connect to the RIS server.

What should you do?

A. From a command prompt, run Rbfg.exe to create RIS a boot disk

B. Identify the GUID of each client computer.

C. Set up a DHCP Relay Agent.

D. Install window s2000 on the test client computer. Run RIPrep.exe from a

network share on the RIS server.

Answer:A

41. You are installing a new Windows 2000 Server computer on your existing

Windows NT network. You run DCPromo.exe to promote the server to a domain

controller in a domain named domain.local. You receive the following error

message: "The domain name specified is already in use on the network".

There are no other Windows 2000 domains on your network.

What should you do?

A. Place an entry in your DNS server host table for the domain.local

domain name.

B. Place an entry in your WINS database for the domain.local domain name.

C. Change the domain name to domain.com.

D. Change the downlevel domain name to domain1.

Answer:D

42. You are the administrator of your company´s network. The company has

two native-mode domains in six sites as shown in the exhibit. (Click the

Exhibit button).

Each site has one or more domain controllers. Users report that at times

of high network usage, authentication and directory searches are extremely

slow.You want to improve network performance.

What should you do?

A. Move all domain controllers into one site.

B. Promote more Windows 2000 Server computers in each site to be domain

controllers.

C. Install a DNS server in each site and configure it to use Active

Directory integration.

D. Designate a domain controller in only one site as a global catalog

server.

E. Designate a domain controller in each site as a global catalog server.

Answer:E

43. You are deploying Windows 2000 Professional on your network. You

recently installed a RIS server to expedite the deployment process. Your

network is now configured as shown in the exhibit. (Click the Exhibit

button).

When you attempt to use the RIS server to deploy Windows 2000 on Julia´s

and Carlos´s computers, you cannot establish the initial connection. Anita

and Peter installed Windows 2000 from CD-ROM and did not have any problems

with the installation.

What should you do to correct the problem?

A. Integrate the DNS server´s zones into Active Directory.

B. Install a DHCP server and authorize it in Active Directory.

C. Install a WINS server and configure the DNS server to use it for name

resolution.

D. Create computer accounts in Active Directory for Julia and Carlos, and

specify the name of the RIS server on the Remote Install tab of the

Computer Accounts property sheet.

Answer:B

44. You are the enterprise administrator of a Windows 2000 domain. The

domain is in native mode. You want to implement a policy to disable the

ShutDown command for all users in the domain except for the members of the

Domain Admins security group.

You create a new Group Policy object (GPO) named Shutdown. You configure

the Shutdown GPO to disable the Shutdown option. You assign the Shutdown

GPO to the domain. You want to ensure that the policy does not apply to

the members of the Domain Admins group.

What should you do?

A. On the Shutdown GPO, deny the Apply Group Policy permission to the

Domain Admins group.

B. On the Shutdown GPO, remove the Apply Group Policy permission from the

Authenticated Users group. Grant the Apply Group Policy permission to the

Users group.

C. Add the Domain Admins group to the Group Policy Owners group.

D. Create a new OU named No Shutdown. Move the Domain Admins group to the

No Shutdown OU. Configure the No Shutdown OU to block policy inheritance.

E. On the computers that the members of the Domain Admins group use to log

on, configure the local GPO to enable the Shutdown option.

Answer:A

45. You are the administrator of a Windows 2000 domain. The domain has a

Windows 2000 Server computer named Toronto. Users in the domain frequently

work on different Windows 2000 Professional computers. All Windows 2000

Professional computers are in the domain.

You want to enable roaming profiles for all users.

You want to accomplish the following goals:

· All users in the domain will be able to work on all Windows 2000

Professional computers and have their own desktop settings available on

all computers.

· All users in the domain will be able to make changes to their desktop

settings. All users in the domain will be able to access their documents

in the My Documents folder from any Windows 2000 Professional computer.

· The amount of data that is copied between the Toronto server and the

Windows 2000 Professional computers each time a user logs on or off will

be minimized.

What should you do? (Choose two).

A. Configure a roaming profile for each user in the domain. Use

\\Toronto\Profiles\%User-

name% as the profile path.

B. Configure a roaming profile for each user in the domain. Use

\\Toronto\Profiles\%User-

name%\Ntuser.man as the profile path.

C. Create a new Group Policy object (GPO) named Profilescript. Assign the

Profilescript GPO to the domain. Configure the Profilescript GPO to assign

a logon script to all users. Include the runas/profile explorer.exe

command in the logon script.

D. Create a new Group Policy object (GPO) named Docs. Assign the Docs GPO

to the domain. Configure the Docs GPO to redirect the My Documents folder

to the \\Toronto\Docs\%User- name% location.

E. Create a new Group Policy object (GPO) named Profiledocs. Assign the

Profiledocs GPO to the domain. Configure the Profiledocs GPO to exclude

the My Documents folder from each user´s roaming profile.

Answer:A,D

46. You are deploying Windows 2000 Professional on your network of 1,000

users. Part of your network is shown in the exhibit. (Click the Exhibit

button).

You have recently installed a RIS server to assist in the deployment

process. You confirm that the client computers meet the requirements for

RIS deployment.

However, you still cannot connect the RIS client computers to the RIS

server. Existing client computers are able to connect to all servers for

network resources.

What can be causing the problem? (Choose all that apply).

A. The RIS server has no client-side tools installed.

B. The RIS server is not trusted for delegation.

C. The RIS server is not authorized in Avtive Directory.

D. The client computers are not configured to use DHCP.

E. The RIS server is not configured to respond to client computers

requesting service.

Answer:C,E

47. You are the administrator of your company´s network. The network

consists of two Windows 2000 domains named contoso.com and

mktg.contoso.com. You create separate zones for each domain on your DNS

server. Later, you add a second DNS server to the network. This server

also functions as a domain controller.

You convert the contoso.com zone to an Active Directory integrated zone

and set the zone to allow only secure updates to the zone database.

You discover that unauthorized computers are registering themselves in the

mktg.contoso.com domain. You check the zone´s properties and discover that

the zone is allowing unsecured dynamic updates. You also discover that the

option to select secure dynamic updates is not available.

What should you do to correct this problem?

A. Initiate a zone transfer between the mktg.contoso.com zone and the

contoso.com zone.

B. Reinstall mktg.contoso.com as a standard secondary zone.

C. Reinstall contoso.com as a standard primary zone.

D. Convert mktg.contoso.com to an Active Directory integrated zone.

Answer:D

48. You are the network administrator for Enchantment Lakes Corporation.

Enchantment Lakes Corporation and Five Lakes Publishing are planning a

merger. The planned Windows 2000 network configuration is shown in the

exhibit. (Click the Exhibit button).

You want to host the fivelakespublishing.com domain to the

enchantmentlakes.com DNS server. The fivelakespublishing.com domain uses

an Active Directory integrated zone on its DNS server. Five Lakes

Publishing will retain its domain structure after the merger is complete.

You want to set up the enchantmentlakes.com DNS server to host the

fivelakespublishing .com domain.

What should you do?

A. On Server1, create an Active Directory integrated zone named

fivelakespubliching.com. Enable WINS lookup, and specify Server7 as the IP

address for the WINS server.

B. On Server5, create a secondary zone named fivelakespublishing.com.

Configure DNS zone transfers to allow Server1 to replicate data.

C. On Server5, configure DNS zone transfers to allow Server1 to replicate

data. On Server1, create a secondary zone named fivelakespublishing.com.

D. On Server1, create an Active Directory integrated zone named

fivelakespublishing.com. Configure DNS zone transfers to allow Server5 to

replicate data.

Answer:C

49. You create a new Windows 2000 Avtive Directory network. Five months

after deployment of the network, you receive a report that the Active

Directory database file takes too much disk space on the ServerA domain

controller.

You want to reduce the size of the Active Directory database file.

What should you do? (Choose three).

A. Restart ServerA in directory services restore mode.

B. Stop the Net Logon service on ServerA.

C. Run Windows Backup to back up the System State data. Immediately run

Windows Backup again to restore the System State data from the backup

file.

D. Use the Ntdsutil utility to compact the database to a folder. Move the

compacted database file to the original location.

E. Restart ServerA and boot normally.

F. Start the Net Logon service on ServerA.

Answer:A,D,E

50. You are the administrator of a Windows 2000 network. The network is

composed of four domains named arborshoes.com, na.arborshoes.com,

sa.arborshoes.com, and fabrikam.com. the root of the forest is

arborshoes.com.

There are two Windows NT BDCs in each domain.

Graphic artists place finished artwork for Fabrikam, Inc., in a shared

folder located on a domain controller named bna01.fabrikam.com. Read and

Write permissions are granted to the Artists Domain Local group in the

fabrikam.com domain.

Sharon is a member of the Graphic Artists global distribution group in the

na.arborshoes.com domain. She is unable to gain access to the shared

folder. You want to allow Sharon access to the shared folder.

What should you do?

A. Change the Graphic Artists group type to Security and add it to the

Artists Domain Local group.

B. Change the Artists Domain Local group to a universal group and add it

to the Graphic Artists group.

C. Change the Graphic Artists group to a Domain Local group and add it to

the Artists Domain Local group.

D. Change the mode of the domain controller in na.arborshoes.com to native

mode. Add the Graphic Artists group to the Artists Domain Local group.

Answer:A

51.You are the network administrator for your company. Your company’s main

office is in Seattle Branch offices are in New York, Rome, and Tokyo The

local administrators at each branch office need to be able to control

local resources

You want to prevent the local administrators from controlling resources in

the other branch offices. You want only the administrators from the main

office to be allowed to create and manage user accounts. You want to

create an Active Directory structure to accomplish these goals

What should you do?

A. Create a domain tree that has a top-level domain for the main office

and a child domain for each branch office. Grant the local administrators

membership in the Domain Admins group in their child domains.

B. Create a domain tree that has a top-level domain for the main office

and a child domain for each branch office Grant the local administrators

membership in the Enterprise Admins group in the domain tree .

C. Create a single domain Create a group named Branch Admins Grant the

local administrators membership in this group. Assign permissions to the

local resources to this group.

D. Create a single domain. Create an organizational unit (au) for each

branch office and an additional OU named CorpUsers. Delegate authority for

resource administration to the local administrators for their own OUs.

Delegate authority to the CorpUsers OU only to the Domain Admins group

Answer:D

52. You are the administrator of your company's network. Your company has

two domains in six sites as shown in the exhibit (Click the Exhibit

button)

Each site has one or more domain controllers For fault-tolerance and

load-balancing purposes, one domain controller in each site is configured

as a global catalog server. Users report that, several times a day,

network performance and data transfer for an application located in Site A

are extremely poor.

You want to improve network performance.

What should you do?

A. Configure at least two domain controllers in each site as global

catalog servers

B. Configure the domain controllers in only one site as global catalog

servers

C. Create site links between all sites and use the default replication

schedules

D. Create site links between all sites and set less frequent replication

schedules

E. Create connection objects between each domain controller Use RPC as the

transport protocol.

F. Create connection objects between each domain controller. Use SMTP as

the transport protocol

Answer:D

53. You are the administrator of a Windows 2000 domain. The domain is in

native mode. The domain contains 15 Windows 2000 Server computers that are

functioning as domain controllers and 1,500 Windows NT Workstation client

computers

During a power outage, the first domain controller that you installed

suffers a catastrophic hardware failure and will not restart. After the

power outage, users report that password changes do not take effect for

several hours. In addition, users are not able to log on or connect to

resources by using their new passwords.

What should you do to correct this problem?

A. Using the Ntdsutil utility, connect to another domain controller and

transfer the PDC emulator role.

B. Using the Ntdsutil utility, connect to another domain controller and

seize the PDC emulator role.

C. Using the Ntdsutil utility, connect to another domain controller and

transfer the domain naming master role

D. Using the Ntdsutil utility, connect to another domain controller and

seize the domain naming master role

Answer:B

54. When you run DCPromo .exe to install the new domain, you receive an

error message stating that the existing domain cannot be contacted.

Installation of the new child domain will not proceed.

What should you do to correct this problem?

A. Create an Active Directory integrated zone for the child domain on the

new domain controller

B. Install WINS on the new domain controller.

C. Configure the new domain controller with the address of an

authoritative DNS server for the existing domain

D. Configure the new domain controller with the address of an existing

WINS server

E. Add SRV (service) records for the domain naming master to a Hosts file

on the new domain controller

Answer:E

55. You are the administrator of your company's WAN Your company has four

locations connected by dedicated 256-Kbps leased lines. You install and

configure a Windows 2000 domain controller at each location. For network

performance reasons, you want to control the bandwidth usage and

replication schedule of directory information to each domain controller in

each location.

What should you do? (Choose two.)

A. Create a site for each location

B. Create a site that spans all the locations

C. Create server objects for each domain controller in every site

D. Create server objects for each domain controller in its own site

E. Copy all server objects from Default-First-Site-Name to each site

F. Move each server object from Default-First-Site-Name to the appropriate

site

Answer:A,F (GUESS)

56. You are the administrator of your company's network. Your company has

its main office in North America and has branch offices in Asia and Europe

The locations are connected by dedicated 256-Kbps lines The network

consists of one Windows 2000 domain. To minimize logon authentication

traffic across the slow links, you create a site for each office and

configure the site links between the sites.

Users in the branch offices report that it takes a long time to log on to

the domain. You monitor the network and discover that all authentication

traffic is still being sent to the domain controllers in the North America

site.

What should you do to correct this problem?

A. Schedule replication to occur more frequently between the sites

B. Schedule replication to occur less frequently between the sites

C. Create a subnet for each physical location, associate the subnets with

the North America site, and move server objects to the North America site

D. Create a subnet for each physical location, associate each subnet with

its respective site, and move each server object to its respective site

Answer:D

57. You are the administrator of your company's network . Your company’s

main office is in Seattle Large regional offices are located in Chicago,

Los Angeles, and New York, as shown in the exhibit (Click the Exhibit

button)

Three smaller branch offices are located within each region. The regional

offices are connected to the main office by T1 lines. The branch offices

are connected to the regional offices by ISDN lines Branch offices in

Boston, Dallas, and San Diego also have direct ISDN connections with

Seattle.

The network consists of one Windows 2000 domain. For fault-tolerance and

load-balancing purposes, each office has its own Windows 2000 domain

controller. Each office is configured as its own site. All site links have

been created.

You want to create a replication topology that allows only the regional

offices to communicate with the main office. You want to ensure that each

branch office communicates only with the closest regional office

What should you do?

A. Manually create connection objects between the domain controllers in

the main office and the regional offices Use SMTP as the transport

protocol

B. Manually create connection objects between each branch office and the

closest regional office. Use SMTP as the transport protocol

C. Allow the Knowledge Consistency Checker (KCC) to automatically create

the connection objects between the main office and all other offices.

D. Allow the Knowledge Consistency Checker (KCC) to automatically create

the connection objects between the branch offices and the regional offices

Answer:B (GUESS)

58. You are the administrator of your company's network. Your company’s

main office is in Chicago. Company operations are divided into two regions

East and West. The East region has an office in Miami and an office in New

York. The West region has an office in Denver and an office in Seattle.

The offices in the East region contain the human resources (HR) and

marketing (Mktg) departments. The offices in the West region contain the

sales and finance departments. Company IT policy states that Group Policy

must be applied only at the organizational unit (OU) level, and that user

groups must correspond to departments.

You want to accomplish the following goals:

· Control of users and resources can be delegated to local and

departmental administrators.

· The IT department can control Group Policy for the entire enterprise.

· A single Group Policy object (GPO) can be applied to the sales and

marketing departments.

· User environments can be customized by city.

You implement an au structure as shown in the exhibit (Click the Exhibit

button)

Which result or results does your implementation produce? (Choose all that

apply)

A. Control of users and resources can be delegated to local and

departmental administrators

B. The IT department can control Group Policy for the entire enterprise

C. A single GPO can be applied to the sales and marketing departments

D. User environments can be customized by city

Answer: MUST SEE EXHIBIT

59. You are the network administrator for the Lucerne Real Estate Company.

The network consists of one Windows 2000 domain named lucernerealestate

local. The network is not currently connected to the Internet.

You are installing a new domain named lucernerealestate1 local. During the

promotion process, you receive the following error message "The domain

name specified is already in use on the network"

What is the most likely cause of the problem?

A. The default-generated DNS domain name is already in use

B. DNS domain names cannot be named interactively

C. The default-generated NetBios domain name is already in use.

D. NetBios domain names cannot be named interactively

Answer:C

60.You are the administrator of your company's network. The Network

consists of one Windows 2000 domain. Your company has two locations, which

are connected by a dedicated T11ine

Users frequently report that logons to the network, file transfers, and

directory searches are extremely slow. When you monitor the network, you

discover that replication between domain controllers is generating

excessive network traffic between the locations.

You want to accomplish the following goals:

· Replication traffic between locations will be reduced.

· Logon response time for users will be improved.

· Average file transfer rates for users will be improved

· Directory search response times will be improved

· All domain controllers will have up-to-date replicas of the directory

· Fault tolerance for domain logons and directory searches will be

maintained

You take the following actions:

· Configure a domain controller in each location to be a global catalog

server

· Create a new subnet in Active Directory for each location

· Modify the location attribute of each domain controller's server object

Which result or results do these actions produce? (Choose all that apply)

A. Replication traffic between locations is reduced

B. Logon response time for users is improved.

C. Average file transfer rates for users are improved.

D. Directory search response times are improved.

E. All domain controllers have up-to-date replicas of the directory

F. Fault tolerance for domain logons and directory searches is maintained

Answer:A,B,D,E

61.You are the administrator of a newly installed Windows 2000 network for

a call center. You need to rename the Administrator account on all

computers on your network. You do not want to manually edit each account.

Because of a recent security breach, you must implement this policy

immediately.

What should you do? (Choose all that apply)

A. Use Group Policy to rename the Administrator account at the Default

Domain Group policy.

B. Use Group Policy to implement a user logon script

C. Send a network message to all users to restart their computers.

D. Use Group Policy to force all users to log off within 30 minutes.

Answer:A,

The answer to 61 should not include D. If the default refreshinterval for GPOs is 90 minutes, then applying a

GPO to force all users to log off doesn't make sense. You would still have to wait 90 minutes for THAT GPO to

apply, and by then, the Administrator account name has been changed.

IMHO, only choice A is a valid choice. I suppose you could send a net message to all users to

restart their computers or logoff/logon. I'm not sure I would concider that to be a good answer. Otherwise you

would have to wait the 90 minutes (unless you have previously configured your refreshinterval to something smaller.

0 minutes (which turns out to be 7 seconds) to 90 minutes (I think))

62. You are the administrator of a DNS server that runs on a Windows 2000

Server computer. You receive a report that the Windows 2000 Server

computer constantly uses more than 80 percent of the CPU You want to

monitor the number of DNS queries that are handled by the DNS server

What should you do?

A. Run the Nslookup command-line utility.

B. Use the Event Viewer and monitor the DNS server log

C. Use the monitoring function of the server properties in the DNS console

.

D. Use the DNS counters in System Monitor.

E. Check the contents of the Netlogondns file

Answer:D

63. You are the administrator of your company's network. You have been

auditing security events on the network since it was installed. A user on

your network named John Thorson recently reported that he was no longer

able to change his password.

Because there have been no recent changes to account policies, you suspect

that someone has been modifying the properties of user accounts in Active

Directory. There are thousands of entries in the event logs, and you need

to isolate and review the events pertaining to this problem in the least

possible amount of time.

What should you do?

A. In the security log, create a filter for events matching the following

criteria: Event source: Security

Category: Account Management User: JTHORSON

B. In the directory service log, create a filter for events matching the

following criteria:

Event source: NTDS Security Category: Security Search the remaining items

for events referencing John Thorson's account

C. In the directory service log, create a filter for events matching the

following criteria:

Event source: NTDS Security Category: Global Catalog User: JTHORSON

D. In the security log, create a filter for events matching the following

criteria:

Event source: Security Category: Account Management Search the remaining

items for events referencing John Thorson's account

Answer:D

64. You are the administrator for a Windows 2000 network. Your network

consists of one domain and two organizational units (OUs). The OUs are

named Corporate and Accounting

A user recently reported that she was not able to log on to the domain.

You investigate and find out that the user's account has been deleted. You

have been auditing all objects in Active Directory since the domain was

created, but you cannot find a record of the user account deletion. You

want to find a record that identifies the person who deleted the account

What should you do?

A. Search the security event logs on each domain controller for account

management events

B. Search the security event logs on each domain controller for object

access events

C. Search the Active Directory Users and Computers console on each domain

controller for the user's previous account name.

D. Search the Active Directory Users and Computers console on each domain

controller for the user's computer account.

Answer:A

65. You are the administrator of your company's network. The network is

configured in a Windows 2000 domain as shown in the exhibit (Click the

Exhibit button)

You want to strengthen the security of communications between client

computers and servers in the Reps organizational unit (OU). You do not

want to decrease overall productivity of the domain.

What should you do?

A. Create one Group Policy object (GPO) in the Sales OU. Increase maximum

service ticket lifetime in the GPO, and decrease maximum lifetime that a

user ticket can be renewed in the GPO

B. Create one Group Policy object (GPO) in the Sales OU. Decrease maximum

service ticket lifetime in the GPO, and decrease maximum lifetime that a

user ticket can be renewed in the GPO

C. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum

service ticket lifetime in the GPO, and increase maximum lifetime that a

user ticket can be renewed in the GPO

D. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum

service ticket lifetime in the GPO, and decrease maximum lifetime that a

user ticket can be renewed in the GPO

Answer:MUST SEE EXHIBIT

66. You are the administrator of your company's network. Your event log

shows that hackers are using brute force attacks to attempt to gain access

to your network. You do not want user accounts to be easily accessible.

You want to strengthen security to protect against brute force attacks.

What should you do? (Choose two)

A. Enable the Users must log on to change the password setting

B. Enable the Store password using reversible encryption for all users in

the domain setting

C. Enable the Password must meet complexIty requirements setting

D. Increase minimum password length

E. Increase minimum password age

Answer:A,C

67. You are the administrator for Arbor Shoes. Administrative control of

Active Directory has been delegated to several people in the company. You

need to track changes made to the arborshoescom domain. To ensure

accountability of the other administrators' actions, you want to monitor

user and computer account creation and deletion.

What should you do?

A. Modify the default Group Policy object (GPO) on the arborshoes.com

domain Configure the local audit policy to audit account management and

directory services access for success and failure.Monitor the security

logs for activity on the domain controllers

B. Modify the default Group Policy object (GPO) on the Domain Controllers

organizational unit (OU) Configure the local audit policy to audit account

management and directory services access for success and failure. Monitor

the security logs for activity on the domain controllers

C. Modify the default Group Policy object (GPO) on the Domain Controllers

organizational unit (OU) Configure the local audit policy to audit account

logon events and object access for success and failure. Monitor the

security logs for activity on the domain controllers

D. Modify the default Group Policy object (GPO) on the arborshoes.com

domain. Configure the local audit policy to audit account logon events and

object access for success and failure. Monitor the security logs for

activity on the domain controllers

Answer:B

68. You are the administrator of a Windows 2000 network. Recently, your

network security was compromised and confidential data was lost You are

now implementing a stricter network security policy You want to require

encrypted TCP/IP communication on your network

What should you do?

A. Create a Group Policy object (GPO) for the domain, and configure it to

assign the Secure Server IPSec Policy

B. Create a Group Policy object (GPO) for the domain, and configure it to

assign the Server IPSec Policy and to enable Secure channel: Require

strong session key.

C. Implement TCP/IP packet filtering, and open only the ports required for

your network services .

D. Edit the local security policies on the servers and client computers,

and enable Digitally sign client and server communications

Answer:A

69. You are the administrator of your company's network. The network

consists of one Windows NT 40 domain You create and implement a security

policy that is applied to all Windows 2000 Professional client computers

as they are staged and added to the network.

You want this security policy to be in effect at all times on all client

computers on the network. However, you find out that administrators

periodically change security settings on computers when they are

troubleshooting or doing maintenance. You want to automate the security

analysis and configuration of client computers on the network so that you

can track changes to security policy and reapply the original security

policy when it is changed.

What should you do?

A. Use Windows NT System Policy to globally configure the security policy

settings on the client computers

B. Use Windows 2000 Group Policy to globally configure the security policy

settings on the client computers

C. Use the Security and Configuration Analysis tool on the client

computers to analyze and configure the security policy

D. Schedule the Secedit command to run on the client computers to analyze

and configure the security policy

Answer:D

70. You want to implement a password policy for all users in an

organizational unit (OU) named Sales in a Windows 2000 network All the

users in the Sales OU are in a group named Sales Users You create a Group

Policy object (GPO) named PassB to enforce a minimum password length of

six characters. You assign the Pass6 GPO to the Sales OU.

There are no other GPOs assigned that specify a minimum password length

However, the week after you assign the PassB GPO to the Sales OU, users

from the Sales OU report that they can still change their passwords to

consist of fewer than six characters

How should you correct this problem?

A. Ensure that the Sales Users group has Read and Apply Group Policy

permissions on the PassB GPO

B. Apply the PassB GPO to the domain instead of to the Sales au. Filter

the policy for the Sales Users group

C. For the Sales OU, block policy inheritance

D. For the Sales OU, enforce policy inheritance on the PassB GPO

Answer:B

71. You are the administrator of a Windows 2000 network for Lucerne Real

Estate The network has 1,200 users. You are delegating part of the

administration of the domain to three users.

You delegate the authority to create and delete computer accounts to

Carlos You delegate the authority to change user account information to

Julia You delegate the ability to add client computers to the domain to

Peter. You want to track the changes made to the directory by these three

users.

What should you do?

A. Create a Group Policy object (GPO) for the domain controllers. Assign

Read and Apply Group Policy permissions to only Carlos, Julia, and Peter.

Configure the GPO to audit directory services access and account

management

B. Create a Group Policy object (GPO) for the domain. Assign Read and

Apply Group Policy permissions to only Carlos, Julia, and Peter Configure

the GPO to audit directory services access and audit object access

C. Create a Group Policy object (GPO) for the domain controllers. Assign

Read and Apply Group Policy permissions to only Carlos, Julia, and Peter

Configure the GPO to audit directory services access and audit object

access

D. Create a Group Policy object (GPO) for the domain. Assign Read and

Apply Group Policy permissions to only Carlos, Julia, and Peter Configure

the GPO to audit object access and process tracking

Answer:A

72. You are the Windows 2000 network administrator for your company You

are implementing the company's network security model. Your network has

several servers that contain sensitive or confidential Information. You

want to configure security auditing on these servers to monitor access to

specific folders. You also want to prevent users from gaining access to

these servers when the security logs become full.

What should you do?

A. Create a Group Policy object (GPO) that applies to the servers

Configure the GPO to enable auditing for object access Set up the

individual objects to be audited in Windows Explorer, and then customize

the Event Viewer logs to limit the size of the security log to 1 ,024 KB

B. Create a Group Policy object (GPO) that applies to the servers

Configure the GPO to enable auditing for directory service access. Set up

the individual objects to be audited in Windows Explorer, and then

customize the Event Viewer logs to limit the size of the security Jog to 1

,024 KB. Configure the security event log so that it does not overwrite

events

C. Create a Group Policy object (GPO) that applies to the servers.

Configure the GPO to enable auditing for directory service access Set up

the individual objects to be audited in Windows Explorer Configure the

security event log so that it does not overwrite events Then configure the

GPa to enable the Shut down the system immediately if unable to log

security audits setting.

D. Create a Group Policy object (GPO) that applies to the servers

Configure the GPO to enable auditing for object access Set up the

individual objects to be audited in Windows Explorer Configure the

security event log so that it does not overwrite events. Then configure

the GPa to enable the Shut down the system immedlately If unable to log

security audits setting.

Answer:D

73.You are the administrator of your company's network The network

consists of one Windows 2000 domain that has organizational units (OUs) as

shown in the exhibit (Click the Exhibit button)

All domain controllers in the domain are in OU1. Resources for two

separate office buildings are in OU2 and OU3. Nonadministrative users,

groups, and computers are in OU4 and OU5 Administrative users, computers,

and resources are in OU6.

You are designing a domain-wide security policy.

You want to accomplish the following goals:

· The same password and account lockout policies will be applied to all

users.

· Different security settings will be applied to administrative and

· nonadministrative computers Strict audit policies will be enforced for

only domain controllers and servers.

· The number of Group Policy object (GPO) links will be minimized

You take the following actions:

· Create a single GPO.

· Create one security template that has all required settings .

· Import the security template into the GPO

· Link the GPO to the domain.

Which result or results do these actions produce? (Choose all that apply)

A. The same password and account lockout policies are applied to all users

B. Different security settings are applied to administrative and

nonadministrative computers

C. Strict audit policies are enforced for only domain controllers and

servers

D. The number of GPO links is minimized

Answer:A

74. You are the administrator of a Windows 2000 network. Your network has

one domain named parnellaerospace.com The parnellaerospace.com domain

supports 8 ,000 users at three locations The network has three sites

connected by T1 lines, as shown in the exhibit (Click the Exhibit button )

The West site has 2,500 users; the East site has 3,000 users; and the

Central site has 2,500 users Each site contains a global catalog server.

The global catalog server in the West site is named LAX01-GC. The global

catalog server in the Central site is named TUL01-GC. The global catalog

server in the East site is named NYC01-GC.

You want users located in the West site to query TUL01-GC if the West site

global catalog server is offline.

What should you do?

A. Create a new subnet, assign it to the West site, and move TULO 1-GC to

the West site

B. Configure the site link betv\leen the Central site and the West site to

have a lower cost than the site link between the West site and the East

site

C. Add a global catalog server to the Central site that has an IP address

in the West site subnet

D. Configure TUL01-GC as a preferred bridgehead server

E. Set the query policy on LAXO 1-GC to the default query policy

Answer:B

75. You are the administrator of a Windows 2000 network named contoso.com

Your network is configured as shown in the exhibit (Click the Exhibit

button)

Your company plans to open a new office in Dallas Members of your IT staff

will be on-site in Dallas next week to install the new 10 1 3.0/24 network

You want to prepare the network in advance so that when the IT staff

installs a new domain controller, it will automatically join the

appropriate site.

What should you do?

A. Delete the Default-First-Site-Name object in Active Directory Sites and

Services

B. Create a new subnet for the Dallas network Create a new site and

associate the new subnet with the new site .

C. In the Domain Controller OU, create a computer account that has the

name of the new domain controller.

D. Use RIS to prestage the new domain controller.

E. Copy the installation source files to the new domain controller. Create

an unattended install file with an automated DCPromo.bat file

Answer:B

76. You are the administrator of a large Windows 2000 network. You have

three domains named adatumcom, us.adatum.com, and eur.adatum.com. Eric has

recently been hired to assist you with network administration. You want

him to be able to manage user accounts, back up servers, and configure

services on all workstations and servers only in the eur.adatum.com

domain.

What should you do?

A. Add Eric to the Enterprise Admins group and delegate control only at

the adatum.com domain

B. Move Eric's user account to the Domain Controllers organizational unit

(OU) in eur.adatum.com.

C. Add Eric's user account to the Domain Admins group in eur.adatum.com

D. Add Eric's user account to the Server aperators and Account aperators

group in eur.adatum.com.

Answer:D

77. You create an organizational unit (OU) structure for the

blueskyairlines.com domain. You want to delegate administrative control of

user objects on your Windows 2000 network

The User OU is a child of the Research OU. You create a group named

Research User Admin that includes users who have permissions to create and

manage the workstations in the Workstation OU. The Research User Admin

group has Full Control permission on the Research OU. You want user

accounts to be created only in the User OU.

Which three actions should you take? (Choose three)

A. Grant Full Control permission to the Research User Admin group on the

User OU for computer objects.

B. Remove the Research User Admin group from the Research OU ACL.

C. Grant Create Contact objects permission on the User OU.

D. Disable inheritance of permissions from the Research OU to the User OU

E. Deny Create User objects permission on the Research OU.

F. Grant Read and Write permissions to the blueskyairlines.com domain

Answer:A,D,E

The dumps say C,D,E are the correct answers but I have tested this out and it doesn't. Under this configuration,

the Research User Admin group cannot create user objects in the User UO.

The correct answer is A,D,E. I have tested this and you can create users under the User UO but you cannot

create users under Research UO(but the group retains all other previous permissions which makes sense).

 

 

 

78. You are admin of a w2k domain. The domain has an ou named trading. You

define a logon script for all the users in the trading ou. The logon

script is located at \\server2\docs\tradescript.vbs.

You want to use a GPO to assign the logon to the users in the trading ou.

What should you do? (Choose three)

A) Create a new GPO named script and assign the script GPO to the trading

ou.

B) Create a new GPO named script and assgin the script GPO to the domain.

Configure the permissions on the script GPO to grant READ permissions to

all users in the trading ou.

C) Copy the tradescipt.vbs file to the appropriate folder in Group policy

Template (GPT) of the script GPO.

D) Copy the tradescript.vbs file to the folder that shared as netlogon

script on the PDC emulator.

E) For each user in the trading ou, set the logon script in the user

profile to tradescript.vbs.

F) Add tradescript.vbs as an logon script to the script GPO.

Answer:A,C,F

my think: c must be right, in moc module8, there is an example, if u want use a script in gpo, it must be in gpt!!

79. You are admin af a w2k domain. The domian has an OU named NORTH. You

want to standardize the startmenu for the users in the NOTRH OU. Some

members of the DOMAIN ADMIN GROUP are in the NORTH OU. Folders and

shortcuts that form the standardized startmenu are on the network at

\\server2\menu. The EVERYONE has change permisson on the menu share.

You want to accomplish the following goals :

-Each member of the domain admin group will have a seperate startmenu that

the member can change

-All users in the NORTH OU, except members of the Domain Admin Group, will

use the \\server2\menu startmenu

-Users who use \\server2\menu startmenu will not be able to change the

contents of the startmenu

-Each user who is not a member in the NORTH OU will have a seperate

startmenu that the user can change

You take the following actions :

- Create a new GPO named menu.Assign the MenuGpo to the NORT OU

-Configure the MenuGpo to redirsct the startmenu folder for the

DomainUserGroup to \\server2\menu

-Change the permissions on the MenuGpo to deny Apply Group policy

permission to the Domain Admins.

Which result or results do these actions produce? Choose all that apply.

A)Each member of the Domain Admin Group will have a serparate startmenue

that the member can change.

B)All users in the NORT OU, except members of the Domain Admin Group, will

use the \\server2\menu startmenu

C)Users who use \\server2\menu startmenu will not be able to change the

contents of the startmenu

D)Each user who is not an member in the NORTH OU will have a separate

startmenu that the user can change

Answer:A,B,D

my think: also in module8 if u want users can not change there startmenue, u must set the NTFS permission

of \\server2\menu only "read", so c is incorrect.

 

 

80.You are admin of a w2k network. You are configereing RIS to deploy

Windows 2000 Prof. on new client computers.New users report that they

attempt to install their computers, they are unable to get an IP address.

What should you do?

A)Authorice the DHCP server in DHCP cache

B)Configure each computer to boot from a remote installation boot disk

C)Create a reservation in DHCP fpr each client

D)Start the Boot Information Negotiation Layer (BINL) service on the RIS

server

Answer:A

81.You want to use RIS to deploy your comps. Win2k. You need to find out the GUIDs

of the computers in your network. What should you do;

a) Use Network Monitor to capture and view the DHCPDiscover packets. Then search for GUID.

b) Use Network Monitor to capture and view the DHCPOffer packets. Then search for GUID.

c) Use Network Monitor to capture and view the DNS query packets. Then search for GUID.

d) something else

Answer:A

 

 

 

82. You are the Administrator of a Windows 2000 domain. The domain has an

Organization Unit (OU) named Sales. All users in the Sales OU use an

application named Planning. The Planning applicacion is deployed by using

a Group Policy object (GPO) named Planning App on the Sales OU.

The Planning App GPO is configured to assign the Planning application to

users by using a Microsoft Windows Installer Package for the application.

The Planning application will be replaced by another application in the

next month.

You want to accomplish the following goals:

Users who have not yet installed the Planning application will be

prevented from installing the application.

Users who have already installed the Planning application will be able to

continue to use it.

If key application files are missing when the Planning application starts,

the missing files will be reinstalled automatically.

If the vendor of the Planning App releases a software patch by using a

Windows Installer package, you will be able to assign the patch to only

the users who have already installed the application

You take the following actions

Create a new software category named OPTIONAL APPS

Configure the Planning App GPO to add the Planning application to the

OPTIONAL APPS software category

Configure the Planning App GPO to remove the Planning application , but

select the option to allow users to continue to use the software.

Which ones did you accomplish?

A. Users who have not yet installed the Planning application will be

prevented from installing the application.

B. Users who have already installed the Planning application will be able

to continue to use it.

C. If key application files are missing when the Planning application

starts, the missing files will be reinstalled automatically.

D. If the vendor of the Planning App releases a software patch by using a

Windows Installer package, you will be able to assign the patch to only

the users who have already installed the application

Answers: A , B

 

83. Your are the network administrator of a Windows 2000 network. The

network consists of 500 Windows 2000 Professional computers. You recently

discovered that users of these computers have been using the sames

passwords since their accounts were created. You need to correct this

problem to maintain security in the network.

You create a Group Policy object (GPO) and filter it to the users. You

want to configure the GPO to require users to create a different password

periodically.

Which two should you enable?

A. Minimum password length

B. User must log on to change the password

C. Enforcement of password history

D. Minimum password age

E. Maximum password age

Answers: C, E

84. You are the administrator of a Windows 2000 network that has only one

domain. You are configuring the network security settings for the domain’s

Windows 2000 Professional users.

Your Sales team uses portable comps and Routing and Remote Access to

connect to the company's network. Sales users need local Administrator

rights to their computerss so that they can run a third party application.

You want to configure the computerss to prevent the users from modifying

their existing network connections.

What should you do?

A. On each portable computer, create only the permitted LAN and Remote and

Routing Access connection. At the server, configure the Sales user

accounts to permit connect to only the specific computers.

B. Create a system policy to hide Network Neightborhood and disable

register-editing tools. Apply this policty to all the Sales users.

C. Create a Group Policy object (GPO) for the domain. Filter the GPO for

the Sales users. Configure the GPO to deny the Sales users access to the

properties of the LAN or Remote and Routing Access connection.

D. Create a Group Policy object (GPO) for the domain controllers

container. Filter the GPO for the Sales users. Configure the GPO to deny

the sales users access to the Network Connection Wizard.

Answer: C

 

85. Your are the administrator of a Windows 2000 network. Users in an

Organizational Unit (OU) named PROCS need to have a drive mapped to a

network location. These users log on from Windows 2000 Professional

computers. You want to use a logon script named USERLOG.CMD to implement

this drive-mapping for all current and future users in the PROCS OU. What

should you do?

A. Copy USERLOG.CMD to the NETLOGON share on each domain controller in the

domain. Select each user in the PROCS OU and set the logon script to

USERLOG.CMD.

B. Copy USERLOG.CMD to the SYSVOL share on each domain controller. Assign

read permission to the file for all users in the PROCS OU.

C. Create a Group Policy object (GPO) that enforces USERLOG.CMD as a logon

script. Assign the GPO to the PROCS OU.

D. Create a Group Policy object (GPO) that enforces USERLOG.CMD as a

startup script. Assign the GPO to the PROCS OU.

Answer: C

 

 

86. You are the administrator of a Windows 2000 network. Your company has 3

locations in North America and 3 locations in Europe. Your network

includes 6 sites as shown in the exhibit. (Click Exhibit).

The England, France and Italy sites are in the eur.blueskyairlines.com

domain. The NorthWestUS, CentralUS, and NorthEastUS sites are in the

na.blueskyairlines.com domain. The root of the forest is

bluesskyairlines.com.

The connection between the NorthEastUS site and the England site is

unreliable. You want to configure replication between the NorthEastUS site

and the England site.

What should you do?

A. Create an SMTP site link between the NorthEastUS site and the England

site.

B. Create an IP site link between the NorthEastUS site and the England

site.

C. Create an SMTP site link bridge between the NorthEastUS site and the

England site.

D. Create an IP site like bridge between the NorthEastUS site and the

England site.

Answer: A

(I am not 100%, it could be C, but it must be thru SMTP)

87.You are the network Administrator for blueskyairlines.you are implementing a windows 2000

network consisting of five sites in the blueskyairlines.com domain.

There are 15,000 users in Chicago,5000 users in Los angeles,2000 users in Miami,10,000 users in New York and 2000 users in Seattle.

You are designing the structure of DNS servers.You want to allow secure dynamic updates to

DNS in Chicago,Los Angeles and New York.

You want full DNS replication to occur in all sites.You do not want the Miami to have an

editable copy of the DNS zone.

How should you configure the DNS servers to accomplish these goals?

To answer,click the select & place button,and then drag the letter indicating the appropriate server type to each site.Next drag the number indicating the appropriate zone

type to each site.Two sites have been partially completed for you.

(Note:zone type and servers type can be used more than once)

A. view exhibit info

Answer:A

ZONE TYPE SERVER TYPE

 

select from these items select from these items

[1] Active Directory integrated [A] Domain controller

[2] Primary [B] Member server

[3] Secondary

[4] Cache only

 

 

 

********************------------[zone type] [server type]

* * LOS ANGELES

* *

* *-------------[zone type] [server type]

*[ZONE TYPE] [ A ] * MIAMI

* *

* *--------------[zone type] [server type]

* * NEW YORK

* *

********************--------------[zone type] [ B ]

CHICAGO SEATTLE