name = MimeX, Updated Compilation
exam = 70-217
All i have done is fo through all the dumps. compiled them around. and formatted for use of trandumper (very useful, you can get it from this site under tools in the main page)
ive changed the answers of those who gave convincing reasons why the answer is correct.
(i have yet to start studying, i wil post later with my corrections and book refs)
Here ya go.
Compilation_1-77 (updated) also formatted for Trandumper
By MimeX
1. You are the admin of a win2k Network. Your network's organizational
unit (OU) structure is shown in the exhibit
You grand Create Users Objects permission to Anita for the Executive OU,
but she is unable to create users objects in the Users OU. Anita is able
to create users objects in the Workstation OU.
What should you do to enable Anita to create users objects in the Users
OU?
A. Clear the Allow inheritable permissions from parent to propagate to
this object check box in the Executive OU properties.
B. Select the Allow inheritable permissions from parent to propagate to
this object check box in the Users OU properties.
C. Add Anita to the Server Operators group. D. Move the Users OU to the
same level as the Executive OU
Answer:B
2. You add a new domain controller named GC01 to your network to take the
place of the existing global catalog server. You also enable GC01 as a
global catalog. You want to use GC00, the original server, as a domain
controller, but not as a GC server for the domain.
You want to increase disk space on GC00.
What should you do? (Choose all that apply)
A. Use the Active Directory Sites and Services. Select the NTDS settings
object for the GC00 Server to clear the Global Catalog check box.
B. On the GC00 server, run the Ntdsutil utility to defragment Active
Directory.
C. On the GC00 server, reinstall Win2k
D. On the GC01 server, run the Ntdsutil utility to enable the global
catalog server option.
Answer:A,B
3. You add three new SCSI hard disk drives to your company’s domain
controller. The SCSI disks are configured in a hardware RAID-5 array. You
have two other physical disks in this domain controller. You want to
optimize the speed of the Active Directory database.
What can you do? (Choose Two)
A. Move the Ntds.dit file to the RAID-5 array.
B. Move the log files to a separate physical disk from the OS
C. Move the log files and the Ntds.dit file to the RAID-5 array.
D. Move the netlogon share to the RAID-5 array.
E. Create a mirror volume and place the log files on the mirror.
Answer:A,B
4. You are the administrator of the Arbor Shoes company network. There is
one domain named arborshoes.com. The domain contains three sites named
Geneva, Milwaukee, and Portland. Each site has two domain controllers from
the arborshoes.com domain. Geneva and Portland each have 1,000 users.
Milwaukee has 500 users.
There are two IP site links: Geneva_Portland and Milwaukee_Portland. You
want to add another domain controller in each site to handle all
replication from eachsite.
What should you do?
A. Configure each new domain controller to be the IP preferred bridgehead
server for its site.
B. Create a connection object from each domain controller in each site to
the new domain controller in each site.
C. Create a new site link that has a lower cost that the existing site
links.
D. Delete the existing connection objects in each site and manually start
the KCC
Answer:A
5. You are the LAN admin for Arbor Shoes. You hire Sophie to be a LAN
administrator for the Dublin office. Arbor Shoes has one domain named
arborshoes.com. Each office has its own OU. Sophie needs to be able to
create child OUs under only ou-Dublin,dc=arborshoes, dc=com and verify the
existence of the created OUs.
Which permissions should you assign to Sophie on the Dublin OU? (Choose
THREE)
A. FC
B. List Contents
C. Create OU objects
D. Create All Child Objects
E. Write
F. Read
Answer:B,C,F
6. You are the administrator for Trey Research and A. Datum Corporation.
You manage a multidomain wind2k network of 5,000 users for the two
companies. The network is configured as shown in the exhibit:
The two companies have a total of six departments. Each department is an
OU in AD. Each Domain and OU has specific Group Policy settings that must
applied to all of its members. Your company is reorganizing all six
departments. Some, but not all, of the users in each OU have moved. Many
users have changed departments, and some have changed domains.
You want to accomplish the following goals in the least possible amount of
time.
Place the users account in the appropriate domains.
Apply the existing policies for each domain or OU to the moved accounts.
Do not disrupt user access to shared resources.
What should you do?
A. For all users, create new user accounts in the appropriate OUs. Assign
permissions to the accounts to apply the group policy settings, and the
delete the old accounts.
B. Fro the users moving between domains create new user accounts in the
appropriate OUs. Assign permissions to the accounts to apply the Group
Policy settings, and then delete the old accounts. For the users moving
between OUs in the same domain, select the accounts. Then choose MOVE from
the Action menu, targeting the new OU.
C. For the users moving between domains, use the Movetree utility,
specifying the source and target domains and OUs. For the users moving
between OUs in the same domain select the accounts. Then choose MOVE from
the ACTION menu, targeting the new OU.
D. For the users moving between domains, create new user accounts in the
appropriate OUs. Assign permissions to the account to apply the Group
Policy settings, and then delete the old accounts. For the users moving
between Ous in the same domain, select the accounts. Then choose Copy from
the Action menu, entering the appropriate account information for the new
users accounts. Then delete the old accounts.
Answer:C
7. You are the administrator of a win2k network. Your win2k domain
controller has been in operation for one year. During that year, you have
deleted numerous objects. However, the Ntds.dit file is the same size it
was before you deleted any objects. You want to reduce the size of the
Ntds.dit file.
What should you do? (Choose Two)
A. Delete all the log files from the NTDS folder and restart the server.
B. Use the Ntdsutil utility to perform an authoritive restore.
C. Run the Esentutl utility by using the /d switch.
D. Restart the server in directory services restore mode.
E. Use the Ntdsutil utility to compress the database to another drive.
Answer:C,D
ESENTUL /D will do an offline defrag of the directory. To do this you need to be in AD restore mode!
Answer A is bogus!
Answer B is wrong (why would you want to do a restore), unless want to be unemployed!
Answer E seemed correct until I researched
For all of you that have AD setup do a ESENTUTL /?, this will give you all possible options. They took this utility from Exchange (ESEUTIL) and renamed it!
8. You are the administrator of the company network for Arbor Shoes. Arbor
Shoes has three domains: arborshoes.com, na.arborshoes.com, and
sa.arborshoes.com. All the domains are in native mode. You are going to
remove the na.arborshoes.com domain in an effort to consolidate domains.
There are 300 users in na.arborshoes.com. You want to move all 300 users
at the same time to arborshoes.com.
What should you do?
A. At the command prompt, type the following command: Cscropt sidhist.vbs
/srcdc:dc1 /srcdom:na.arborshoes.com /dstdc:dc1/dstdom:arborshoes.com
B. At the command prompt, type the following command: Movetree /start /s
dc1.na.arborshoes.com/d dc1.arborshoes.com/sdn
cn=users,dc=na,dc=arborshoes,dc=com /ddn cn=users, dc=arborshoes, dc=com
C. In MMC, use the copy command in Active Directory Users and Computers
D. In MMC, use the move command in Active Directory Users and Computers
Answer:B
9. You are the enterprise administrator of a windows 2000 domain tree that
has five domains. All domains are in native mode. Each domain has one or
more users who are help desk staff. Each domain has a global group named
Help Desk members that contains the help desk staff from each domain.
There is an OU named Interns in the root domain. You want all help desk
staff to be able to reset passwords of the users in the Inters OU.
What should you do?
A. Create a new global security group named Help Desk Staff in the root
domain. Place the five help desk members groups in the Help Desk staff
group. Place the Help desk staff group in the Reset Interns group. On the
reset Interns group, assign the Reset password permission to the Help Desk
Staff group.
B. Create a new global security group named Help Desk Staff in the root
domain. Place the five help desk staff in the Help Desk Staff group.
Create a new local security group named Reset Interns in the root domain.
Place all users from the Interns OU in the Reset Inters group. On thee
Interns OU, assign the reset Password permission to the Reset Interns
group.
C. Create a new universal security group named Help Desk Staff in the root
domain. Place the five Help Desk members groups in the Help Desk Staff
group. Create a new local security group named reset Inter sin the root
domain. Place the Help Desk Staff group in the Reset Interns group. On the
Interns OU, assign the reset password permission to the Reset Interns
group
D. Create a new universal security group named Help Desk Staff in the root
domain. Place the five Help Desk Members groups in the Help Desk Staff
group. Create a new local security group named reset Interns in the root
domain. Place all users from the Interns OU in the Reset Interns group. On
the reset Interns group, assign the Reset Password permission to the Help
Desk staff group.
Answer:D
10. Your company's Win2k network consists of a single domain. You are the
enterprise admin of the domain. Two administrators named Ann and Bill make
changes to Active directory at approximately the same time at two
different domain controllers named ServerA and ServerB. Ann deletes an
empty OU named Branch1 from ServerA.
Before this deletion is replicated to ServerB, Bill move five existing
users from the Brach2 OU to the Branch1 OU at ServerB. Ten minutes later,
Bill discovers that the Branch1 OU is deleted from Active Directory. You
want to reinstate the configuration that Bill attempted to accomplish.
What should you do?
A. Perform an authoritive restore of the Brach1 OU at ServerA
B. Perform a nonauthoritive restore of the Branch1 OU at ServerA.
C. Perform an authoritive restore of the five users at ServerB
D. At ServerB, move the Branch1 OU from the LostAndFound container to its
original location.
E. At ServerA, create a new Branch OU. Move the five users from the
Branch2 OU to the new Branch1 OU.
F. At ServerB, create a new Branch1 OU. Move the five users from the
LostAndFound container to the new Branch1 OU.
Answer:A
All dumps says the answer is F but my answer is A.
Even though you create OU with same name, the SID will change. The only way to go back to original configuration is authoritative restore
11. You are the admin of your company's network. Your company has two
domains in six sites as shown in the exhibit.
Each site has one or more domain controllers. For fault-tolerance and
load-balancing purposes, on domain controller in each site is configured
as a GC. Users report that, several times a day, network performance and
data transfer for an application located in SiteA are extremely poor. You
want to improve network performance.
What should you do?
A. Configure at least two domain controllers in each site as GC servers.
B. Configure the domain controllers in only one site as GC servers.
C. Create site links between all sites and use the default replication
schedulers
D. Create site links between all sites and set the less frequent
replication schedules.
E. Create connection object between each domain controller. Use RPC as the
transport protocol.
F. Create connection objects between each domain controller. Use SMTP as
the transport protocol.
Answer:D
12. You are the enterprise administrator of a win2k domain named
fabrikam.com. The domain contains three domain controllers named DCA, DCB,
and DCC. DCA does not hold any operations master roles.
You backed up the System state data of DCA two weeks ago. Without warning
the DCA hard disk fails. You decide to replace DCA with a new computer.
You install a new Win22k server computer.
What should you do next?
A. Add the server to the domain. Do an authoritive restore of the original
backup of the original DCA System State data that you made two weeks ago.
B. Add the server to the domain. Use Windows Backup to create a backup of
the DCB System state data, and restore this backup on the new DCA.
C. Use the Active Directory installation wizard to make the new computer a
replica in the domain.
D. Use the Ntdsutil utility to copy the active Directory database from DCB
to the new DCA.
Answer:C
13. You are the administrator of a win2k domain. The domain has two domain
controllers named Server1 and Server2. The volume that contains the Active
Directory database file on Server1 is running out of disk space.
You decide to move the database file to an empty volume on a different
disk on Server1.
What should you do?
A. Restart Server1 in directory services restore mode. Use the Ntdsutil
utility to move the database file to the empty volume.
B. Use windows Backup to create a backup of the System State data of
Server1. Restart Server2 in directory services restore mode. Restore the
system State data to the empty volume.
C. Use the Logical disk Manager console to mount the empty volume in the
folder that contains the Active Directory database file.
D. Stop the NetLogon service on Server1. use Windows Explorer to move
Ntds.dit to the empty volume. Start the NetLogon service again. Force
replication from server2
Answer:A
14. You are the enterprise administrator of a Windows 2000 domain. The
domain has three domain controllers named DC1, DC2, and DC3. Because of
changed hardware requirements, you want to replace the domain controller
named DC1 with a newer computer named DC4. You want DC4 to be a domain
controller in the domain. You no longer want DC1 to function as a domain
controller.
What should you do?
A. Install DC4 as a stand-alone server in a workgroup named WG. Restore a
System State data backup of DC1 on DC4. On DC1, Use the Active Directory
Installation wizard to remove Active Directory from DC1.
B. Install DC4 as a stand-alone server in a workgroup named WG. Disconnect
DC1 from the network. Rename DC4 to DC1. On DC2, force replication of AD
to all its replication partners.
C. Install DC4 as a member server in the domain. On DC4, use the Active
Directory Installation wizard to install Active Directory on DC4. On DC1
use the Active Directory Installation wizard to remove Active Directory
from DC1.
D. Install DC4 as a member server in the domain. On DC1 use the Ntdsutil
to copy the Active Directory files to DC4. Use the Active Directory
Installation wizard to remove Active Directory from DC1.
Answer:C
15. You are the network administrator for your company. Your company’s
main office is in Seattle. Branch offices are in New York, Rome, and
Tokyo. The local administrators at each branch office need to be able to
control local resources.
You want to prevent the local administrators from controlling resources in
the other branch offices. You want only the administrators from the main
office to be allowed to create and manage user accounts. You want to
create an active directory structure to accomplish these goals.
What should you do?
A. Create a domain tree that has a top-level domain for the main office
and a child domain for each branch office. Grant the local administrators
membership in the Domain Admins group in their child domains.
B. Create a domain tree that has a top-level domain for the main office
and a child domain for each branch office. Grant the local administrators
membership in the Enterprise Admins group in the domain tree.
C. Create a single domain. Create a group named Branch Admins. Grant the
local administrators membership in this group. Assign permissions to the
local resources to this group.
D. Create a single domain. Create and OU for each branch office and an
additional OU named CorpUsers. Delegate authority for resource
administration to the local administrators for their own OUs. Delegate
authority to the CorpUsers OU only to the Domain Admins group.
Answer:D
16. You are the administrator of your company's network. Your company has
its main office in Seattle and branch offices in London, Paris, and Rio de
Janeiro. The local admin at each branch office must be able to control
users and local resources.
You want to prevent the local administrators from controlling resources in
branch offices other than their own.
You want to create an Active Directory structure to accomplish these
goals.
What should you do?
A. Create a top-level OU. Delegate control of this OU to administrators at
the main office.
B. Create child OUs for each office. Delegate control of these OUs to
administrators at the main office.
C. Create child OUs for each office. Delegate control of each OU to the
local administrators at each office.
D. Add the local administrators to the Domain Admins group.
E. Create users groups for each office. Grant the local administrators the
appropriate permissions to administer these user groups.
Answer:C
17. You install a windows 2000 Server computer on your network. You
promote the computer to be a domain controller. This computer also
functions as the DNS server for the domain. All client computer are
running win2k Prof. When users attempt to log on they receive an error
message sating that a domain controller cannot be located.
You verify that Active Directory is installed and functional on the
server.
You want to ensure that the domain controller is available for user
logons.
What should you do next?
A. Check DNS for the addition of an appropriate SRV record in the zone.
B. Check DNS for the addition of an appropriate A record in the zone.
C. Check for the presence of an NTDS folder on the domain controller.
D. Check for the presence of a Sysvol folder on the domain controller.
E. On the client computers, create a hosts file that contains the SRV
records for the domain controller.
F. On the client computers, create a Hosts file that contains the A record
for the DC.
Answer:A
18. You are the admin of a win2k network for Miller Textiles. The network
configuration is shown in the exhibit.
The millertextiles.com domain is hosted on Server1 as an AD intergraded
zone, and on Server3 as a secondary zone.
All the client computers on Segment B are win2k Prof PCs. All the client
PCs on Segment A are down level client computers all the client computers
use DHCP. You share some network resources on several of the client
computers on Segment A.
Several days later you attempt to connect to those shared resources from
client computers running on segment B, but you are unable to resolve the
host names of client computers on Segment A.
How should you correct this problem?
A. On the DHCP server, set the DNS Domain Name scope option to
millertextiles.com
B. On Server1 for the millertextiles.com zone, change the value of Allow
Dynamic Updates from the default settings to Yes.
C. Configure the millertextiles.com domain to allow zone transfers to all
the computers on the network.
D. On server2, enable updates for DNS clients that do not support dynamic
updates.
Answer:D
19. You are the admin of the Contoso, Ltd., company network. You are
designing a Win2k domain. Contoso, Ltd., has an Internet presence and owns
contoso.com, a registered domain name. The existing DNS zone is hosted on
WinNT server 4 computers.
You want to accomplish the following goals:
· Internal host names will not be exposed to the Internet.
· Internal users will be able to resolve external names for access to
Internet-based resources.
· Complexity and depth of domain names for Active Directory will be
minimized.
· To comply with management requirements, the existing DNS servers that
host the zone for contoso.com will not be upgraded.
You implement a DNS design as shown in the exhibit:
Which result(s) does your implementation produce? (All that apply)
A. Internal host names will not be exposed to the Internet.
B. Internal users will be able to resolve external names for access to
Internet-based resources
C. Complexity and depth of domain names for Active Directory will be
minimized
D. To comply with management requirements, the existing DNS servers that
host the zone for Contoso.com will not be upgraded
Answer:A,B,C
20. You are the administrator of your company's network. The network
consists of one win2k domain that spans multiple subnets. You are
configuring DNS for host name resolution throughout the network.
You want the following goals:
· DNS zone transfer traffic will be minimized on the network.
· Administrative overhead for maintaining DNS zone files will be
minimized.
· Unauthorized host computers will not have records created in the zone.
· All zone updates will come only from authorized DNS servers
· All zone transfer information will be secured as it crosses the network.
You take the following actions:
· Create an Active Directory intergraded zone.
· In the Zone Properties dialog box, set the Allow Dynamic Updates option
to Yes.
· On the Name Servers tab of the Zone Properties dialog box, enter the
names and addresses of all DNS servers on the network.
Which result(s) do these actions produce? (Choose all that apply)
A. DNS zone transfer traffic will be minimized on the network.
B. Administrative overhead for maintaining DNS zone files will be
minimized.
C. Unauthorized host computers will not have records created in the zone.
D. All zone updates will come only from authorized DNS servers
E. All zone transfer information will be secured as it crosses the
network.
Answer:A,B,D,E
21. You are the network administrator for Arbor Shoes. Part of your
multisite Windows 2000 network configuration is show in the exhibit.
Server1 is configured with the primary zone for arborshoes.com. Server3
and Server5 are configured with secondary zones for arborshoes.com.
You discover an error in several host records that is preventing client
computers in Atlanta from accessing some shared resources. You make the
necessary corrections on Server1.
You want these changes to be propagated to Atlanta immediately.
What should you do?
A. On the Action menu for the arborshoes.com zone, click Update Server
Data Files.
B. At Server5, perform the Transfer from master action for the
arborshoes.com zone.
C. At Server1, stop and start the DNS server service.
D. At Server5, select Allow zone transfers on the arborshoes.com zone.
Answer:A
22. You are the network administrator for LitWare, Inc. You are
implementing Windows 2000 on your network. Part of your network
configuration is shown in the exhibit.
You have installed Server2 and Server4 as domain controllers for
LitWare.com. You have installed Server1 and Server3 as DNS servers for the
litware.com domain.
Each server has a standard primary zone named litware.com.
You configure the domain to run in native mode. When Server2 attempts to
contact Server4 by name, it cannot establish a connection.
However, you cn ping both Server2 and Server4 from any computer in either
site. You need to be able to resolve names of serves in both sites. You
want the information to be updated regularly.
What should you do?
A. Configure Server1 and Server3 to allow dynamic updates in DNS.
B. Configure Server1 and Server3 to allow zone transfers to any server.
Then configure the DNS notification options to notify each server of
updates.
C. Reinstall Server4 as a member server in the same domain as Server2.
Create a new site, and promote Server4 to a domain controller within the
new site.
D. Re-create the litware.com zone on Server3 as a secondary zone.
Configure Server3 to replicate DNS data from Server1.
Answer:D
23. You are hired by Fabrikam, Inc., to secure its Windows 2000 network.
You use Security Templates to create a custom template and save it as
Securefab.inf
You need to use this template on five domain controllers in the
fabrikam.com domain.
What should you do? (Choose Two)
A. Copy the Securefab.inf file to the Sysvol shared folder on one domain
controller.
B. Create a new security database.
C. Import the Securefab.inf file.
D. Rename Securefab.inf to Ntconfig.pol
E. Create a Group Policy object on the Domain Controller Organizational
Unit.
Answer:C,E
24. You are the administrator for a windows 2000 network. Your network
consists of one domain and two OUs. The OUs are named Corporate and
Accounting. A user recently reported that she was not able to log on to
the domain.
You investigate and find out that the user's account has been deleted. You
have been auditing all objects in active Directory since the domain was
created. But you cannot find a record of the user account deletion.
You want to find a record that identifies the person who deleted the
account.
What should you do?
A. Search the security event logs on each domain controller for account
management events.
B. Search the security event logs on each domain controller for object
access events.
C. Search the Active Directory Users and Computers console on each domain
controller for the user's previous account name.
D. Search the Active Directory Users and Computers console on each domain
controller for the user's computer account.
Answer:A
25. You are the admin of your company's network. The network consists of
one WinNT 4 domain. You create and implement a security policy that is
applied to all windows 2000 Prof. Computers as they are staged and added
to the network.
You want this security policy to be in effect at all times on all client
computers on eth network. However, you find out that administrators
periodically change security settings on computers when they are
troubleshooting or doing maintenance.
You want to automate the security analysis and configuration of client
computers on the network so that you can track changes to security policy
and reapply the original security policy when it is changed.
What should you do?
A. Use Windows NT System Policy to globally configure the security policy
settings on the client computers.
B. Use Windows 2000 Group Policy to globally configure the security policy
settings on the client computers.
C. Use the Security and Configuration Analysis tool on the client
computers to analyze and configure the security policy.
D. Schedule the Secedit command to run on the client computer stop analyze
and configure the security policy.
Answer:D
26. You are the administrator of your company's network. The network
consists of one Windows 2000 domain. The domain contains four
organizational units as shown in the following exhibit:
You want to centralize security policy in your domain. You create the
following three security templates and Group Policy Objects.
1. SecPol1 defines Password, Audit, and User Rights Policies.
2. SecPol2 defines User Desktop policy, File System security, and register
security.
3. SecPol3 defines a High Security User Desktop policy for network
administrators.
You want the GPOs to apply your security policies to users and computers
in the domain. You want to use the fewest assignments possible. Where
possible, you want Group Policy to apply at the OU level for more granular
administrative control. How should you apply security policies?
To answer, click the Select and Place button, and drag A, B, C, and D to
the correct locations. (Note: letters can be used more than once.)
Answer:Select & Drag The Secpol1 To All Locations
27. You edit the Default Domain Controllers Group Policy on the
arborshoes.com domain to required passwords to be at least eight
characters long.
However, users are able to create passwords that do not comply with the
implemented policy. What should you do?
A. Initiate replication to make sure the Group Policy containers and the
Group Policy template (GPT) are replicated.
B. Configure each client computer to have a local Group Policy that
requires password to be at least eight characters long.
C. Edit the Default Domain Group Policy to require password to be at least
eight characters long.
D. Edit the Default Domain Controllers Group Policy to force the password
to meet complexity requirements.
Answer:C
28. You are the windows 2000 network administrator for your company. You
are implementing the company's network security model. You network has
several servers that contain sensitive or confidential information. You
want to configure security auditing on these servers to monitor access to
specific folders. You also want to prevent users from gaining access to
these servers when the security logs become full.
What should you do?
A. Create a GPO that applies to the servers. Configure the GPO to enable
auditing for object access. Set up the individual objects to be audited in
windows Explorer, and then customize the Event Viewer logs to limit the
size of the security log to 1024 kb.
B. Create a GPO that applies to the servers. Configure the GOP to enable
auditing for directory services access. Set up the individual objects to
be audited in Windows Explorer, and then customize the Event Viewer logs
to limit the size of the security log to 1024 KB. Configure the security
event log so that it does not overwrite events.
C. Create a GPO that applies to the servers. Configure the GOP to enable
auditing for directory service access. Set up the individual objects to be
audited in Windows Explorer. Configure the security event log so that it
doesn't not overwrite events. Then configure the GPO to enable the Shut
down the system immediately if enable to log security audits setting.
D. Create a GPO that applies to the servers. Configure the GOP to enable
auditing for object access. Setup the individual objects to be audited in
Windows Explorer. Configure the security event log so that it does not
overwrite events. Then configure the GPO to enable the Shut down the
system immediately if enable to log security audits setting.
Answer:D
29. You are the security analyst for Duluth Mutual Life. You are assessing
the security weaknesses of the company's Windows 2000 network. The network
consists of three sites in one domain. The domain contains three OUs and
11000 users.
There are five domain controllers in the domain. You configure one of the
domain controllers to meet the security requirements of the company. You
need to duplicate those settings on the other four domain controllers.
You want to use the least possible amount of administrative effort.
What should you do?
A. Create a GPO for the domain controllers OU. Configure the GPO settings
to match the settings of the secured domain controller.
B. Open Security Configuration and Analysis on the secured domain
controller. Export the secured domain controller's security configuration
to a template file. Copy the template file to the Sysvol folder on each
domain controller.
C. Create a GPO for the domain. Assign Domain Users Red and Apply Group
Policy permissions. Configure the GPO settings to match the settings of
the secured domain controller.
D. Open Security Configuration and Analysis on the secured domain
controller. Export the secured domain controller's security configuration
information to a template file. Open Security Configuration and Analysis
on the other domain controllers, import the template file, and then select
Analyze Computer Now.
Answer:A
30. You are the administrator of a Windows 2000 network. Recently, your
network security was compromised and confidential data was lost. You are
now implementing a stricter network security policy.
You want to require encrypted TCP/IP communication on your network.
What should you do?
A. Create a GPO for the domain, and configure it to assign the Secure
Server IPSec Policy.
B. Create a GPO for the domain, and configure it to assign the Server
IPSec Policy and to enable Secure channel: Require strong session key.
C. Implement TCP/IP packet filtering, and open only the ports required for
your network services.
D. Edit the local security policies on the servers and client computers,
and enable Digitally sign client and server communications.
Answer:A
31. You are the administrator of your company's network, which consists of
one windows 2000 domain. There is a single top-level OU named Main and
five child OUs. The child OUs are named after the company's five
departments: Finance, Marketing, Sales, HR, and IT.
The accounts for all users and computers in each department are defined in
the OU for that department. All users and computers in the finance,
Marketing, Sales and HR OUs require the same desktop settings. Users and
computers in the IT OU require less restrictive settings.
You want to accomplish the following goals:
· All the assigned Group Policy settings are defined by the administrator
in the Main OU will be applied to all users and computers in the Finance,
Marketing, Sales, and HR OUs.
· Group Policy from the Main OU will not be applied to the IT OU.
· Administrators in the IT OU will be able to change the Group Policy
settings.
· When new child OUs are added to the domain, the Group Policy will be
applied to them automatically.
· Users will not be able to change their Group Policy settings.
You take the following actions:
· Create the GPO, configure the appropriate settings, and link the GPO to
the Main OU.
· In the Group Policy Options dialog box for the Main OU, select the No
Override check box.
· In the Group Policy dialog box for the IT OU, select the Block Policy
inheritance check box.
· Assign the Authenticated Users group Full Control permission to the GPO.
Which result(s) do these actions produce?
A. All the assigned Group Policy settings as defined by the administrator
in the Main OU are applied to all users and computers in the Finance,
Marketing, Sales, and HR OUs.
B. Group Policy from the Main OU is not be applied to the IT OU.
C. Administrators in the IT OU are able to change the Group Policy
settings.
D. When new child OUs are added to the domain, the Group Policy is applied
to them automatically.
E. Users cannot change their Group Policy settings.
Answer:A,D,C
No Override is specified on the GPO link atthe top level -
Main OU. Therefore, no GPO below it can be modified. That excludes answers
B & C. My answers = A, D, E
32. You are using RIS to deploy windows 2000 professional on 1,500
computers. Your network configuration is shown in the exhibit:
You have four RIS servers. You have deployed 100 computers. RIS server1
and RIS server3 are overworked and respond too slowly for the timely
deployment of you r computers.
You need more consistent performance results before you deploy the
remaining computers.
What should you do?
A. Create computer accounts for all the computers. Complete the Managed By
properties for each account.
B. Create one OU for each segment. Add users accounts for all the users to
the appropriate OUs. Specify the appropriate RIS server in the Lon on to
property for each user's account.
C. Create prestaged computer accounts for all the computer. Specify which
RIS server will control each computer.
D. Create one site for each segment. Move two RIS servers to each site.
Answer:C
33. You are the administrator for Arbor Shoes. Part of your network
configuration is shown in the exhibit.
All the computers are running windows 2000 Prof. and are members of the
arborshoes.com domain in the company LAN. All the users are members of the
Power
Users group on their computers. Andrew has dial-up access to the Internet
for a special project he is working on.
You do not want other users to share Andrew's Internet connection and to
have unrestricted Internet Access.
What should you do?
A. Create a high security zone in MS IE.
B. Create a group Policy Object that disables the configuration of
connection sharing. Grant Andrew Read and Apply group Policy permissions
to the GPO.
C. Create a group Policy Object that disables the configuration of
connection sharing. Grant Michel, Laura, and Anita Read and Apply group
Policy permissions to the GPO.
D. Remove the Internet connection from the All Users profile on Andrew's
computer, and then re-create the connection in Andrew's personal profile.
Answer:C
GPO disables ICS; and the Read and Apply Group Policy permissions
apply that policy to Andrew, who is the only one authorized to have
Internet access. My answer - C.
34. You are the admin of a Win2k domain. You want to deploy a new
application named Finance that will be used by all users in the domain.
The vendor of the Finance application supplied a MS install package for
the application.
You decide to deploy the Finance application in two phases. During phase
1, only members of a security group named Finance Pilot will use the
Finance application During Phase 2, all users in the domain will be able
to install the Finance Application.
You want to accomplish the following goals:
· During Phase 1, the Finance application will not be installed
automatically when users log on.
· During Phase 1, users who are members of the Finance Pilot group will be
able to install the app by using a Start menu shortcut.
· During phase 1, users who are not members of the finance Pilot group
will not be able to install the app by using a Start menu shortcut.
· The Finance application will be installed automatically the first time
any user in the domain logs on after phase 2 has begun.
You take the following actions:
· Create a new GPO named Deploy Finance and link the deploy Finance GPO to
the domain.
· Configure the deploy Finance GPO to assign the Finance application to
users.
· For phase 1, create a software category named Finance Pilot. Assign the
Finance application to the Finance Pilot software category.
· For Phase 2, remove the Finance application from the Finance Pilot
software category.
Which result(s) do these actions produce?
A. During Phase 1, the Finance application is not be installed
automatically when users log on.
B. During Phase 1, users who are members of the Finance Pilot group can
install the app by using a Start menu shortcut.
C. During phase 1, users who are not members of the finance Pilot group
cannot install the app by using a Start menu shortcut.
D. The Finance application is installed automatically the first time any
user in the domain logs on after phase 2 has begun.
Answer: A,B
35. You are the enterprise administrator of a Windows 2000 network. The
network has three domains named Contoso.com, west.Contoso.com, and
east.Contoso.com. All three domains are in a site named Boston. All three
domains contain OUs.
You want to implement new desktop policies for all users on the network.
The policies are configured in a Group Policy Object named Gpdesktop.
You also want to implement a logon script for users from the W2 OU. The
logon script policy is configured in a GPO named Gpscript. The users from
the W2 OU always log on to Windows 2000 Professional computers defined in
the W3 OU. You do not want to use Group Policy filtering.
You want to use the fewest GPO assignments possible.
What should you do?
To answer, Click the Select and Place button, and then drag the Gpdesktop
and Gpscript GPOs to the correct locations. (Note: Use each GPO only once)
Answer:Select & Drag The Gpdesktop To The Middle Position Of Contoso.Com
Domain, Drag Gpscript To The Second Positon Of The West.Contoso.Com Domain
36. You are the admin of a Win2k network. You are deploying Windows 2000
Prof. To 200 client PCs. A custom configuration is required for each one
of 50 of the client computers.
You are using MSM Server to install various applications on all the client
computers.
You want to use RIS to install Windows 2000 on all the client computers.
What should you do?
A. Create a CD-based RIS image and different answer files for each custom
configuration.
B. Create an RIPrep image for each configuration. Grant Read And Execute
permission to users for the image folder.
C. Install a test client computer for each custom configuration. Use the
Setup manager wizard to create an answer file for each configuration.
D. Use the Setup Manager wizard to create a Sysprep answer file. Use
third-party imaging software to create a separate image for each
configuration.
Answer:B
37. You are the administrator of a windows 2000 domain. The domain has 20
users and a windows 2000 Server computer named Glasgow. Users in the
domain frequently work on different Windows 2000 professional computers.
All Windows 2000 Professional computers are in the domain.
You want to accomplish the following goals:
· All users in the domain will be able to work on all win2k Prof Computers
and have their own predefined desktop settings available on all computers.
· Users will be allowed to make changes to the desktop settings while they
are logged on.
· Changes that users make to the desktop settings will not be saved when
they log off.
What should you do?
A. One each win2k Prof PC, delete the Systemdrive\Documetns and
Settings\Default User folder.
B. On each Windows 2000 Prof PC, rename the
Ssytemroot\System32\Config\Stem file to System.man.
C. Configure a roaming profile for each user in the domain. Use
\\Glasgow\profiles\%username% as the profile path. On the Glasgow server,
rename the ntuser.dat file to ntuser.man for each user.
D. Create a GPO named Delprofile. Assign the Delprofile GPO to the domain.
Configure the Delprofile GPO to delete the local copy of a user’s profile
when the user logs off.
Answer:C
38. You are the network administrator for Just Togs. Your windows 2000
network consists of 15,000 users. Users have recently reported that
documents are missing from the servers. You need to track the actions of
the users to find out who has been deleting the files.
You create a GPO on the justtogs.com domain and assign the appropriate
permissions to the GPO.
What actions should you audit? (Choose TWO)
A. Directory Services access
B. Object access
C. Process tracking
D. Privileged use
E. Delete and Delete subfolders and files
Answer:B,E
document files are not Active Directory objects, so no A. Process
Tracking is used for application developers. My answer - B, D.
39. You are the administrator of a Windows 2000 domain. To control the
desktop environment of users in the domain, you use a script file named
Desktop.vbs to change settings in the current user profile. This script
file is deployed as a login script for all users in the domain. The
Desktop.vbs script usually takes 15 seconds to complete its work.
You want to ensure that each user's desktop appears only aft the
Desktop.vbs script is completed.
What should you do?
A. For all users in the domain, set the logon script in the user profile
to Desktop.vbs.
B. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the
GPO as a logon script. Configure the GPO to run logon scripts
synchronously.
C. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the
GPO as a logon script. Configure the GPO to set a maximum wait time of 15
seconds for Group Policy scripts.
D. Create a new GPO; Assign the GPO to the domain, Add Desktop.vbs to the
GPO as a logon script. Configure the GPO to set a timeout of 15 seconds
for logon dialog boxes.
Answer:B
40. You are the administrator of a Windows 2000 domain named
arborshoes.com. You install RIS on the server. You are using RIS to
install 35 new client computers.
When you start a test client computer, the Client Installation wizard does
not appear. You are using network adapter cards that are not PXE
compliant.
You want to connect to the RIS server.
What should you do?
A. From a command prompt, run Rbfg.exe to create RIS a boot disk
B. Identify the GUID of each client computer.
C. Set up a DHCP Relay Agent.
D. Install window s2000 on the test client computer. Run RIPrep.exe from a
network share on the RIS server.
Answer:A
41. You are installing a new Windows 2000 Server computer on your existing
Windows NT network. You run DCPromo.exe to promote the server to a domain
controller in a domain named domain.local. You receive the following error
message: "The domain name specified is already in use on the network".
There are no other Windows 2000 domains on your network.
What should you do?
A. Place an entry in your DNS server host table for the domain.local
domain name.
B. Place an entry in your WINS database for the domain.local domain name.
C. Change the domain name to domain.com.
D. Change the downlevel domain name to domain1.
Answer:D
42. You are the administrator of your company´s network. The company has
two native-mode domains in six sites as shown in the exhibit. (Click the
Exhibit button).
Each site has one or more domain controllers. Users report that at times
of high network usage, authentication and directory searches are extremely
slow.You want to improve network performance.
What should you do?
A. Move all domain controllers into one site.
B. Promote more Windows 2000 Server computers in each site to be domain
controllers.
C. Install a DNS server in each site and configure it to use Active
Directory integration.
D. Designate a domain controller in only one site as a global catalog
server.
E. Designate a domain controller in each site as a global catalog server.
Answer:E
43. You are deploying Windows 2000 Professional on your network. You
recently installed a RIS server to expedite the deployment process. Your
network is now configured as shown in the exhibit. (Click the Exhibit
button).
When you attempt to use the RIS server to deploy Windows 2000 on Julia´s
and Carlos´s computers, you cannot establish the initial connection. Anita
and Peter installed Windows 2000 from CD-ROM and did not have any problems
with the installation.
What should you do to correct the problem?
A. Integrate the DNS server´s zones into Active Directory.
B. Install a DHCP server and authorize it in Active Directory.
C. Install a WINS server and configure the DNS server to use it for name
resolution.
D. Create computer accounts in Active Directory for Julia and Carlos, and
specify the name of the RIS server on the Remote Install tab of the
Computer Accounts property sheet.
Answer:B
44. You are the enterprise administrator of a Windows 2000 domain. The
domain is in native mode. You want to implement a policy to disable the
ShutDown command for all users in the domain except for the members of the
Domain Admins security group.
You create a new Group Policy object (GPO) named Shutdown. You configure
the Shutdown GPO to disable the Shutdown option. You assign the Shutdown
GPO to the domain. You want to ensure that the policy does not apply to
the members of the Domain Admins group.
What should you do?
A. On the Shutdown GPO, deny the Apply Group Policy permission to the
Domain Admins group.
B. On the Shutdown GPO, remove the Apply Group Policy permission from the
Authenticated Users group. Grant the Apply Group Policy permission to the
Users group.
C. Add the Domain Admins group to the Group Policy Owners group.
D. Create a new OU named No Shutdown. Move the Domain Admins group to the
No Shutdown OU. Configure the No Shutdown OU to block policy inheritance.
E. On the computers that the members of the Domain Admins group use to log
on, configure the local GPO to enable the Shutdown option.
Answer:A
45. You are the administrator of a Windows 2000 domain. The domain has a
Windows 2000 Server computer named Toronto. Users in the domain frequently
work on different Windows 2000 Professional computers. All Windows 2000
Professional computers are in the domain.
You want to enable roaming profiles for all users.
You want to accomplish the following goals:
· All users in the domain will be able to work on all Windows 2000
Professional computers and have their own desktop settings available on
all computers.
· All users in the domain will be able to make changes to their desktop
settings. All users in the domain will be able to access their documents
in the My Documents folder from any Windows 2000 Professional computer.
· The amount of data that is copied between the Toronto server and the
Windows 2000 Professional computers each time a user logs on or off will
be minimized.
What should you do? (Choose two).
A. Configure a roaming profile for each user in the domain. Use
\\Toronto\Profiles\%User-
name% as the profile path.
B. Configure a roaming profile for each user in the domain. Use
\\Toronto\Profiles\%User-
name%\Ntuser.man as the profile path.
C. Create a new Group Policy object (GPO) named Profilescript. Assign the
Profilescript GPO to the domain. Configure the Profilescript GPO to assign
a logon script to all users. Include the runas/profile explorer.exe
command in the logon script.
D. Create a new Group Policy object (GPO) named Docs. Assign the Docs GPO
to the domain. Configure the Docs GPO to redirect the My Documents folder
to the \\Toronto\Docs\%User- name% location.
E. Create a new Group Policy object (GPO) named Profiledocs. Assign the
Profiledocs GPO to the domain. Configure the Profiledocs GPO to exclude
the My Documents folder from each user´s roaming profile.
Answer:A,D
46. You are deploying Windows 2000 Professional on your network of 1,000
users. Part of your network is shown in the exhibit. (Click the Exhibit
button).
You have recently installed a RIS server to assist in the deployment
process. You confirm that the client computers meet the requirements for
RIS deployment.
However, you still cannot connect the RIS client computers to the RIS
server. Existing client computers are able to connect to all servers for
network resources.
What can be causing the problem? (Choose all that apply).
A. The RIS server has no client-side tools installed.
B. The RIS server is not trusted for delegation.
C. The RIS server is not authorized in Avtive Directory.
D. The client computers are not configured to use DHCP.
E. The RIS server is not configured to respond to client computers
requesting service.
Answer:C,E
47. You are the administrator of your company´s network. The network
consists of two Windows 2000 domains named contoso.com and
mktg.contoso.com. You create separate zones for each domain on your DNS
server. Later, you add a second DNS server to the network. This server
also functions as a domain controller.
You convert the contoso.com zone to an Active Directory integrated zone
and set the zone to allow only secure updates to the zone database.
You discover that unauthorized computers are registering themselves in the
mktg.contoso.com domain. You check the zone´s properties and discover that
the zone is allowing unsecured dynamic updates. You also discover that the
option to select secure dynamic updates is not available.
What should you do to correct this problem?
A. Initiate a zone transfer between the mktg.contoso.com zone and the
contoso.com zone.
B. Reinstall mktg.contoso.com as a standard secondary zone.
C. Reinstall contoso.com as a standard primary zone.
D. Convert mktg.contoso.com to an Active Directory integrated zone.
Answer:D
48. You are the network administrator for Enchantment Lakes Corporation.
Enchantment Lakes Corporation and Five Lakes Publishing are planning a
merger. The planned Windows 2000 network configuration is shown in the
exhibit. (Click the Exhibit button).
You want to host the fivelakespublishing.com domain to the
enchantmentlakes.com DNS server. The fivelakespublishing.com domain uses
an Active Directory integrated zone on its DNS server. Five Lakes
Publishing will retain its domain structure after the merger is complete.
You want to set up the enchantmentlakes.com DNS server to host the
fivelakespublishing .com domain.
What should you do?
A. On Server1, create an Active Directory integrated zone named
fivelakespubliching.com. Enable WINS lookup, and specify Server7 as the IP
address for the WINS server.
B. On Server5, create a secondary zone named fivelakespublishing.com.
Configure DNS zone transfers to allow Server1 to replicate data.
C. On Server5, configure DNS zone transfers to allow Server1 to replicate
data. On Server1, create a secondary zone named fivelakespublishing.com.
D. On Server1, create an Active Directory integrated zone named
fivelakespublishing.com. Configure DNS zone transfers to allow Server5 to
replicate data.
Answer:C
49. You create a new Windows 2000 Avtive Directory network. Five months
after deployment of the network, you receive a report that the Active
Directory database file takes too much disk space on the ServerA domain
controller.
You want to reduce the size of the Active Directory database file.
What should you do? (Choose three).
A. Restart ServerA in directory services restore mode.
B. Stop the Net Logon service on ServerA.
C. Run Windows Backup to back up the System State data. Immediately run
Windows Backup again to restore the System State data from the backup
file.
D. Use the Ntdsutil utility to compact the database to a folder. Move the
compacted database file to the original location.
E. Restart ServerA and boot normally.
F. Start the Net Logon service on ServerA.
Answer:A,D,E
50. You are the administrator of a Windows 2000 network. The network is
composed of four domains named arborshoes.com, na.arborshoes.com,
sa.arborshoes.com, and fabrikam.com. the root of the forest is
arborshoes.com.
There are two Windows NT BDCs in each domain.
Graphic artists place finished artwork for Fabrikam, Inc., in a shared
folder located on a domain controller named bna01.fabrikam.com. Read and
Write permissions are granted to the Artists Domain Local group in the
fabrikam.com domain.
Sharon is a member of the Graphic Artists global distribution group in the
na.arborshoes.com domain. She is unable to gain access to the shared
folder. You want to allow Sharon access to the shared folder.
What should you do?
A. Change the Graphic Artists group type to Security and add it to the
Artists Domain Local group.
B. Change the Artists Domain Local group to a universal group and add it
to the Graphic Artists group.
C. Change the Graphic Artists group to a Domain Local group and add it to
the Artists Domain Local group.
D. Change the mode of the domain controller in na.arborshoes.com to native
mode. Add the Graphic Artists group to the Artists Domain Local group.
Answer:A
51.You are the network administrator for your company. Your company’s main
office is in Seattle Branch offices are in New York, Rome, and Tokyo The
local administrators at each branch office need to be able to control
local resources
You want to prevent the local administrators from controlling resources in
the other branch offices. You want only the administrators from the main
office to be allowed to create and manage user accounts. You want to
create an Active Directory structure to accomplish these goals
What should you do?
A. Create a domain tree that has a top-level domain for the main office
and a child domain for each branch office. Grant the local administrators
membership in the Domain Admins group in their child domains.
B. Create a domain tree that has a top-level domain for the main office
and a child domain for each branch office Grant the local administrators
membership in the Enterprise Admins group in the domain tree .
C. Create a single domain Create a group named Branch Admins Grant the
local administrators membership in this group. Assign permissions to the
local resources to this group.
D. Create a single domain. Create an organizational unit (au) for each
branch office and an additional OU named CorpUsers. Delegate authority for
resource administration to the local administrators for their own OUs.
Delegate authority to the CorpUsers OU only to the Domain Admins group
Answer:D
52. You are the administrator of your company's network. Your company has
two domains in six sites as shown in the exhibit (Click the Exhibit
button)
Each site has one or more domain controllers For fault-tolerance and
load-balancing purposes, one domain controller in each site is configured
as a global catalog server. Users report that, several times a day,
network performance and data transfer for an application located in Site A
are extremely poor.
You want to improve network performance.
What should you do?
A. Configure at least two domain controllers in each site as global
catalog servers
B. Configure the domain controllers in only one site as global catalog
servers
C. Create site links between all sites and use the default replication
schedules
D. Create site links between all sites and set less frequent replication
schedules
E. Create connection objects between each domain controller Use RPC as the
transport protocol.
F. Create connection objects between each domain controller. Use SMTP as
the transport protocol
Answer:D
53. You are the administrator of a Windows 2000 domain. The domain is in
native mode. The domain contains 15 Windows 2000 Server computers that are
functioning as domain controllers and 1,500 Windows NT Workstation client
computers
During a power outage, the first domain controller that you installed
suffers a catastrophic hardware failure and will not restart. After the
power outage, users report that password changes do not take effect for
several hours. In addition, users are not able to log on or connect to
resources by using their new passwords.
What should you do to correct this problem?
A. Using the Ntdsutil utility, connect to another domain controller and
transfer the PDC emulator role.
B. Using the Ntdsutil utility, connect to another domain controller and
seize the PDC emulator role.
C. Using the Ntdsutil utility, connect to another domain controller and
transfer the domain naming master role
D. Using the Ntdsutil utility, connect to another domain controller and
seize the domain naming master role
Answer:B
54. When you run DCPromo .exe to install the new domain, you receive an
error message stating that the existing domain cannot be contacted.
Installation of the new child domain will not proceed.
What should you do to correct this problem?
A. Create an Active Directory integrated zone for the child domain on the
new domain controller
B. Install WINS on the new domain controller.
C. Configure the new domain controller with the address of an
authoritative DNS server for the existing domain
D. Configure the new domain controller with the address of an existing
WINS server
E. Add SRV (service) records for the domain naming master to a Hosts file
on the new domain controller
Answer:E
55. You are the administrator of your company's WAN Your company has four
locations connected by dedicated 256-Kbps leased lines. You install and
configure a Windows 2000 domain controller at each location. For network
performance reasons, you want to control the bandwidth usage and
replication schedule of directory information to each domain controller in
each location.
What should you do? (Choose two.)
A. Create a site for each location
B. Create a site that spans all the locations
C. Create server objects for each domain controller in every site
D. Create server objects for each domain controller in its own site
E. Copy all server objects from Default-First-Site-Name to each site
F. Move each server object from Default-First-Site-Name to the appropriate
site
Answer:A,F (GUESS)
56. You are the administrator of your company's network. Your company has
its main office in North America and has branch offices in Asia and Europe
The locations are connected by dedicated 256-Kbps lines The network
consists of one Windows 2000 domain. To minimize logon authentication
traffic across the slow links, you create a site for each office and
configure the site links between the sites.
Users in the branch offices report that it takes a long time to log on to
the domain. You monitor the network and discover that all authentication
traffic is still being sent to the domain controllers in the North America
site.
What should you do to correct this problem?
A. Schedule replication to occur more frequently between the sites
B. Schedule replication to occur less frequently between the sites
C. Create a subnet for each physical location, associate the subnets with
the North America site, and move server objects to the North America site
D. Create a subnet for each physical location, associate each subnet with
its respective site, and move each server object to its respective site
Answer:D
57. You are the administrator of your company's network . Your company’s
main office is in Seattle Large regional offices are located in Chicago,
Los Angeles, and New York, as shown in the exhibit (Click the Exhibit
button)
Three smaller branch offices are located within each region. The regional
offices are connected to the main office by T1 lines. The branch offices
are connected to the regional offices by ISDN lines Branch offices in
Boston, Dallas, and San Diego also have direct ISDN connections with
Seattle.
The network consists of one Windows 2000 domain. For fault-tolerance and
load-balancing purposes, each office has its own Windows 2000 domain
controller. Each office is configured as its own site. All site links have
been created.
You want to create a replication topology that allows only the regional
offices to communicate with the main office. You want to ensure that each
branch office communicates only with the closest regional office
What should you do?
A. Manually create connection objects between the domain controllers in
the main office and the regional offices Use SMTP as the transport
protocol
B. Manually create connection objects between each branch office and the
closest regional office. Use SMTP as the transport protocol
C. Allow the Knowledge Consistency Checker (KCC) to automatically create
the connection objects between the main office and all other offices.
D. Allow the Knowledge Consistency Checker (KCC) to automatically create
the connection objects between the branch offices and the regional offices
Answer:B (GUESS)
58. You are the administrator of your company's network. Your company’s
main office is in Chicago. Company operations are divided into two regions
East and West. The East region has an office in Miami and an office in New
York. The West region has an office in Denver and an office in Seattle.
The offices in the East region contain the human resources (HR) and
marketing (Mktg) departments. The offices in the West region contain the
sales and finance departments. Company IT policy states that Group Policy
must be applied only at the organizational unit (OU) level, and that user
groups must correspond to departments.
You want to accomplish the following goals:
· Control of users and resources can be delegated to local and
departmental administrators.
· The IT department can control Group Policy for the entire enterprise.
· A single Group Policy object (GPO) can be applied to the sales and
marketing departments.
· User environments can be customized by city.
You implement an au structure as shown in the exhibit (Click the Exhibit
button)
Which result or results does your implementation produce? (Choose all that
apply)
A. Control of users and resources can be delegated to local and
departmental administrators
B. The IT department can control Group Policy for the entire enterprise
C. A single GPO can be applied to the sales and marketing departments
D. User environments can be customized by city
Answer: MUST SEE EXHIBIT
59. You are the network administrator for the Lucerne Real Estate Company.
The network consists of one Windows 2000 domain named lucernerealestate
local. The network is not currently connected to the Internet.
You are installing a new domain named lucernerealestate1 local. During the
promotion process, you receive the following error message "The domain
name specified is already in use on the network"
What is the most likely cause of the problem?
A. The default-generated DNS domain name is already in use
B. DNS domain names cannot be named interactively
C. The default-generated NetBios domain name is already in use.
D. NetBios domain names cannot be named interactively
Answer:C
60.You are the administrator of your company's network. The Network
consists of one Windows 2000 domain. Your company has two locations, which
are connected by a dedicated T11ine
Users frequently report that logons to the network, file transfers, and
directory searches are extremely slow. When you monitor the network, you
discover that replication between domain controllers is generating
excessive network traffic between the locations.
You want to accomplish the following goals:
· Replication traffic between locations will be reduced.
· Logon response time for users will be improved.
· Average file transfer rates for users will be improved
· Directory search response times will be improved
· All domain controllers will have up-to-date replicas of the directory
· Fault tolerance for domain logons and directory searches will be
maintained
You take the following actions:
· Configure a domain controller in each location to be a global catalog
server
· Create a new subnet in Active Directory for each location
· Modify the location attribute of each domain controller's server object
Which result or results do these actions produce? (Choose all that apply)
A. Replication traffic between locations is reduced
B. Logon response time for users is improved.
C. Average file transfer rates for users are improved.
D. Directory search response times are improved.
E. All domain controllers have up-to-date replicas of the directory
F. Fault tolerance for domain logons and directory searches is maintained
Answer:A,B,D,E
61.You are the administrator of a newly installed Windows 2000 network for
a call center. You need to rename the Administrator account on all
computers on your network. You do not want to manually edit each account.
Because of a recent security breach, you must implement this policy
immediately.
What should you do? (Choose all that apply)
A. Use Group Policy to rename the Administrator account at the Default
Domain Group policy.
B. Use Group Policy to implement a user logon script
C. Send a network message to all users to restart their computers.
D. Use Group Policy to force all users to log off within 30 minutes.
Answer:A,
The answer to 61 should not include D. If the default refreshinterval for GPOs is 90 minutes, then applying a
GPO to force all users to log off doesn't make sense. You would still have to wait 90 minutes for THAT GPO to
apply, and by then, the Administrator account name has been changed.
IMHO, only choice A is a valid choice. I suppose you could send a net message to all users to
restart their computers or logoff/logon. I'm not sure I would concider that to be a good answer. Otherwise you
would have to wait the 90 minutes (unless you have previously configured your refreshinterval to something smaller.
0 minutes (which turns out to be 7 seconds) to 90 minutes (I think))
62. You are the administrator of a DNS server that runs on a Windows 2000
Server computer. You receive a report that the Windows 2000 Server
computer constantly uses more than 80 percent of the CPU You want to
monitor the number of DNS queries that are handled by the DNS server
What should you do?
A. Run the Nslookup command-line utility.
B. Use the Event Viewer and monitor the DNS server log
C. Use the monitoring function of the server properties in the DNS console
.
D. Use the DNS counters in System Monitor.
E. Check the contents of the Netlogondns file
Answer:D
63. You are the administrator of your company's network. You have been
auditing security events on the network since it was installed. A user on
your network named John Thorson recently reported that he was no longer
able to change his password.
Because there have been no recent changes to account policies, you suspect
that someone has been modifying the properties of user accounts in Active
Directory. There are thousands of entries in the event logs, and you need
to isolate and review the events pertaining to this problem in the least
possible amount of time.
What should you do?
A. In the security log, create a filter for events matching the following
criteria: Event source: Security
Category: Account Management User: JTHORSON
B. In the directory service log, create a filter for events matching the
following criteria:
Event source: NTDS Security Category: Security Search the remaining items
for events referencing John Thorson's account
C. In the directory service log, create a filter for events matching the
following criteria:
Event source: NTDS Security Category: Global Catalog User: JTHORSON
D. In the security log, create a filter for events matching the following
criteria:
Event source: Security Category: Account Management Search the remaining
items for events referencing John Thorson's account
Answer:D
64. You are the administrator for a Windows 2000 network. Your network
consists of one domain and two organizational units (OUs). The OUs are
named Corporate and Accounting
A user recently reported that she was not able to log on to the domain.
You investigate and find out that the user's account has been deleted. You
have been auditing all objects in Active Directory since the domain was
created, but you cannot find a record of the user account deletion. You
want to find a record that identifies the person who deleted the account
What should you do?
A. Search the security event logs on each domain controller for account
management events
B. Search the security event logs on each domain controller for object
access events
C. Search the Active Directory Users and Computers console on each domain
controller for the user's previous account name.
D. Search the Active Directory Users and Computers console on each domain
controller for the user's computer account.
Answer:A
65. You are the administrator of your company's network. The network is
configured in a Windows 2000 domain as shown in the exhibit (Click the
Exhibit button)
You want to strengthen the security of communications between client
computers and servers in the Reps organizational unit (OU). You do not
want to decrease overall productivity of the domain.
What should you do?
A. Create one Group Policy object (GPO) in the Sales OU. Increase maximum
service ticket lifetime in the GPO, and decrease maximum lifetime that a
user ticket can be renewed in the GPO
B. Create one Group Policy object (GPO) in the Sales OU. Decrease maximum
service ticket lifetime in the GPO, and decrease maximum lifetime that a
user ticket can be renewed in the GPO
C. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum
service ticket lifetime in the GPO, and increase maximum lifetime that a
user ticket can be renewed in the GPO
D. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum
service ticket lifetime in the GPO, and decrease maximum lifetime that a
user ticket can be renewed in the GPO
Answer:MUST SEE EXHIBIT
66. You are the administrator of your company's network. Your event log
shows that hackers are using brute force attacks to attempt to gain access
to your network. You do not want user accounts to be easily accessible.
You want to strengthen security to protect against brute force attacks.
What should you do? (Choose two)
A. Enable the Users must log on to change the password setting
B. Enable the Store password using reversible encryption for all users in
the domain setting
C. Enable the Password must meet complexIty requirements setting
D. Increase minimum password length
E. Increase minimum password age
Answer:A,C
67. You are the administrator for Arbor Shoes. Administrative control of
Active Directory has been delegated to several people in the company. You
need to track changes made to the arborshoescom domain. To ensure
accountability of the other administrators' actions, you want to monitor
user and computer account creation and deletion.
What should you do?
A. Modify the default Group Policy object (GPO) on the arborshoes.com
domain Configure the local audit policy to audit account management and
directory services access for success and failure.Monitor the security
logs for activity on the domain controllers
B. Modify the default Group Policy object (GPO) on the Domain Controllers
organizational unit (OU) Configure the local audit policy to audit account
management and directory services access for success and failure. Monitor
the security logs for activity on the domain controllers
C. Modify the default Group Policy object (GPO) on the Domain Controllers
organizational unit (OU) Configure the local audit policy to audit account
logon events and object access for success and failure. Monitor the
security logs for activity on the domain controllers
D. Modify the default Group Policy object (GPO) on the arborshoes.com
domain. Configure the local audit policy to audit account logon events and
object access for success and failure. Monitor the security logs for
activity on the domain controllers
Answer:B
68. You are the administrator of a Windows 2000 network. Recently, your
network security was compromised and confidential data was lost You are
now implementing a stricter network security policy You want to require
encrypted TCP/IP communication on your network
What should you do?
A. Create a Group Policy object (GPO) for the domain, and configure it to
assign the Secure Server IPSec Policy
B. Create a Group Policy object (GPO) for the domain, and configure it to
assign the Server IPSec Policy and to enable Secure channel: Require
strong session key.
C. Implement TCP/IP packet filtering, and open only the ports required for
your network services .
D. Edit the local security policies on the servers and client computers,
and enable Digitally sign client and server communications
Answer:A
69. You are the administrator of your company's network. The network
consists of one Windows NT 40 domain You create and implement a security
policy that is applied to all Windows 2000 Professional client computers
as they are staged and added to the network.
You want this security policy to be in effect at all times on all client
computers on the network. However, you find out that administrators
periodically change security settings on computers when they are
troubleshooting or doing maintenance. You want to automate the security
analysis and configuration of client computers on the network so that you
can track changes to security policy and reapply the original security
policy when it is changed.
What should you do?
A. Use Windows NT System Policy to globally configure the security policy
settings on the client computers
B. Use Windows 2000 Group Policy to globally configure the security policy
settings on the client computers
C. Use the Security and Configuration Analysis tool on the client
computers to analyze and configure the security policy
D. Schedule the Secedit command to run on the client computers to analyze
and configure the security policy
Answer:D
70. You want to implement a password policy for all users in an
organizational unit (OU) named Sales in a Windows 2000 network All the
users in the Sales OU are in a group named Sales Users You create a Group
Policy object (GPO) named PassB to enforce a minimum password length of
six characters. You assign the Pass6 GPO to the Sales OU.
There are no other GPOs assigned that specify a minimum password length
However, the week after you assign the PassB GPO to the Sales OU, users
from the Sales OU report that they can still change their passwords to
consist of fewer than six characters
How should you correct this problem?
A. Ensure that the Sales Users group has Read and Apply Group Policy
permissions on the PassB GPO
B. Apply the PassB GPO to the domain instead of to the Sales au. Filter
the policy for the Sales Users group
C. For the Sales OU, block policy inheritance
D. For the Sales OU, enforce policy inheritance on the PassB GPO
Answer:B
71. You are the administrator of a Windows 2000 network for Lucerne Real
Estate The network has 1,200 users. You are delegating part of the
administration of the domain to three users.
You delegate the authority to create and delete computer accounts to
Carlos You delegate the authority to change user account information to
Julia You delegate the ability to add client computers to the domain to
Peter. You want to track the changes made to the directory by these three
users.
What should you do?
A. Create a Group Policy object (GPO) for the domain controllers. Assign
Read and Apply Group Policy permissions to only Carlos, Julia, and Peter.
Configure the GPO to audit directory services access and account
management
B. Create a Group Policy object (GPO) for the domain. Assign Read and
Apply Group Policy permissions to only Carlos, Julia, and Peter Configure
the GPO to audit directory services access and audit object access
C. Create a Group Policy object (GPO) for the domain controllers. Assign
Read and Apply Group Policy permissions to only Carlos, Julia, and Peter
Configure the GPO to audit directory services access and audit object
access
D. Create a Group Policy object (GPO) for the domain. Assign Read and
Apply Group Policy permissions to only Carlos, Julia, and Peter Configure
the GPO to audit object access and process tracking
Answer:A
72. You are the Windows 2000 network administrator for your company You
are implementing the company's network security model. Your network has
several servers that contain sensitive or confidential Information. You
want to configure security auditing on these servers to monitor access to
specific folders. You also want to prevent users from gaining access to
these servers when the security logs become full.
What should you do?
A. Create a Group Policy object (GPO) that applies to the servers
Configure the GPO to enable auditing for object access Set up the
individual objects to be audited in Windows Explorer, and then customize
the Event Viewer logs to limit the size of the security log to 1 ,024 KB
B. Create a Group Policy object (GPO) that applies to the servers
Configure the GPO to enable auditing for directory service access. Set up
the individual objects to be audited in Windows Explorer, and then
customize the Event Viewer logs to limit the size of the security Jog to 1
,024 KB. Configure the security event log so that it does not overwrite
events
C. Create a Group Policy object (GPO) that applies to the servers.
Configure the GPO to enable auditing for directory service access Set up
the individual objects to be audited in Windows Explorer Configure the
security event log so that it does not overwrite events Then configure the
GPa to enable the Shut down the system immediately if unable to log
security audits setting.
D. Create a Group Policy object (GPO) that applies to the servers
Configure the GPO to enable auditing for object access Set up the
individual objects to be audited in Windows Explorer Configure the
security event log so that it does not overwrite events. Then configure
the GPa to enable the Shut down the system immedlately If unable to log
security audits setting.
Answer:D
73.You are the administrator of your company's network The network
consists of one Windows 2000 domain that has organizational units (OUs) as
shown in the exhibit (Click the Exhibit button)
All domain controllers in the domain are in OU1. Resources for two
separate office buildings are in OU2 and OU3. Nonadministrative users,
groups, and computers are in OU4 and OU5 Administrative users, computers,
and resources are in OU6.
You are designing a domain-wide security policy.
You want to accomplish the following goals:
· The same password and account lockout policies will be applied to all
users.
· Different security settings will be applied to administrative and
· nonadministrative computers Strict audit policies will be enforced for
only domain controllers and servers.
· The number of Group Policy object (GPO) links will be minimized
You take the following actions:
· Create a single GPO.
· Create one security template that has all required settings .
· Import the security template into the GPO
· Link the GPO to the domain.
Which result or results do these actions produce? (Choose all that apply)
A. The same password and account lockout policies are applied to all users
B. Different security settings are applied to administrative and
nonadministrative computers
C. Strict audit policies are enforced for only domain controllers and
servers
D. The number of GPO links is minimized
Answer:A
74. You are the administrator of a Windows 2000 network. Your network has
one domain named parnellaerospace.com The parnellaerospace.com domain
supports 8 ,000 users at three locations The network has three sites
connected by T1 lines, as shown in the exhibit (Click the Exhibit button )
The West site has 2,500 users; the East site has 3,000 users; and the
Central site has 2,500 users Each site contains a global catalog server.
The global catalog server in the West site is named LAX01-GC. The global
catalog server in the Central site is named TUL01-GC. The global catalog
server in the East site is named NYC01-GC.
You want users located in the West site to query TUL01-GC if the West site
global catalog server is offline.
What should you do?
A. Create a new subnet, assign it to the West site, and move TULO 1-GC to
the West site
B. Configure the site link betv\leen the Central site and the West site to
have a lower cost than the site link between the West site and the East
site
C. Add a global catalog server to the Central site that has an IP address
in the West site subnet
D. Configure TUL01-GC as a preferred bridgehead server
E. Set the query policy on LAXO 1-GC to the default query policy
Answer:B
75. You are the administrator of a Windows 2000 network named contoso.com
Your network is configured as shown in the exhibit (Click the Exhibit
button)
Your company plans to open a new office in Dallas Members of your IT staff
will be on-site in Dallas next week to install the new 10 1 3.0/24 network
You want to prepare the network in advance so that when the IT staff
installs a new domain controller, it will automatically join the
appropriate site.
What should you do?
A. Delete the Default-First-Site-Name object in Active Directory Sites and
Services
B. Create a new subnet for the Dallas network Create a new site and
associate the new subnet with the new site .
C. In the Domain Controller OU, create a computer account that has the
name of the new domain controller.
D. Use RIS to prestage the new domain controller.
E. Copy the installation source files to the new domain controller. Create
an unattended install file with an automated DCPromo.bat file
Answer:B
76. You are the administrator of a large Windows 2000 network. You have
three domains named adatumcom, us.adatum.com, and eur.adatum.com. Eric has
recently been hired to assist you with network administration. You want
him to be able to manage user accounts, back up servers, and configure
services on all workstations and servers only in the eur.adatum.com
domain.
What should you do?
A. Add Eric to the Enterprise Admins group and delegate control only at
the adatum.com domain
B. Move Eric's user account to the Domain Controllers organizational unit
(OU) in eur.adatum.com.
C. Add Eric's user account to the Domain Admins group in eur.adatum.com
D. Add Eric's user account to the Server aperators and Account aperators
group in eur.adatum.com.
Answer:D
77. You create an organizational unit (OU) structure for the
blueskyairlines.com domain. You want to delegate administrative control of
user objects on your Windows 2000 network
The User OU is a child of the Research OU. You create a group named
Research User Admin that includes users who have permissions to create and
manage the workstations in the Workstation OU. The Research User Admin
group has Full Control permission on the Research OU. You want user
accounts to be created only in the User OU.
Which three actions should you take? (Choose three)
A. Grant Full Control permission to the Research User Admin group on the
User OU for computer objects.
B. Remove the Research User Admin group from the Research OU ACL.
C. Grant Create Contact objects permission on the User OU.
D. Disable inheritance of permissions from the Research OU to the User OU
E. Deny Create User objects permission on the Research OU.
F. Grant Read and Write permissions to the blueskyairlines.com domain
Answer:A,D,E
The dumps say C,D,E are the correct answers but I have tested this out and it doesn't. Under this configuration,
the Research User Admin group cannot create user objects in the User UO.
The correct answer is A,D,E. I have tested this and you can create users under the User UO but you cannot
create users under Research UO(but the group retains all other previous permissions which makes sense).
78. You are admin of a w2k domain. The domain has an ou named trading. You
define a logon script for all the users in the trading ou. The logon
script is located at \\server2\docs\tradescript.vbs.
You want to use a GPO to assign the logon to the users in the trading ou.
What should you do? (Choose three)
A) Create a new GPO named script and assign the script GPO to the trading
ou.
B) Create a new GPO named script and assgin the script GPO to the domain.
Configure the permissions on the script GPO to grant READ permissions to
all users in the trading ou.
C) Copy the tradescipt.vbs file to the appropriate folder in Group policy
Template (GPT) of the script GPO.
D) Copy the tradescript.vbs file to the folder that shared as netlogon
script on the PDC emulator.
E) For each user in the trading ou, set the logon script in the user
profile to tradescript.vbs.
F) Add tradescript.vbs as an logon script to the script GPO.
Answer:A,C,F
my think: c must be right, in moc module8, there is an example, if u want use a script in gpo, it must be in gpt!!
79. You are admin af a w2k domain. The domian has an OU named NORTH. You
want to standardize the startmenu for the users in the NOTRH OU. Some
members of the DOMAIN ADMIN GROUP are in the NORTH OU. Folders and
shortcuts that form the standardized startmenu are on the network at
\\server2\menu. The EVERYONE has change permisson on the menu share.
You want to accomplish the following goals :
-Each member of the domain admin group will have a seperate startmenu that
the member can change
-All users in the NORTH OU, except members of the Domain Admin Group, will
use the \\server2\menu startmenu
-Users who use \\server2\menu startmenu will not be able to change the
contents of the startmenu
-Each user who is not a member in the NORTH OU will have a seperate
startmenu that the user can change
You take the following actions :
- Create a new GPO named menu.Assign the MenuGpo to the NORT OU
-Configure the MenuGpo to redirsct the startmenu folder for the
DomainUserGroup to \\server2\menu
-Change the permissions on the MenuGpo to deny Apply Group policy
permission to the Domain Admins.
Which result or results do these actions produce? Choose all that apply.
A)Each member of the Domain Admin Group will have a serparate startmenue
that the member can change.
B)All users in the NORT OU, except members of the Domain Admin Group, will
use the \\server2\menu startmenu
C)Users who use \\server2\menu startmenu will not be able to change the
contents of the startmenu
D)Each user who is not an member in the NORTH OU will have a separate
startmenu that the user can change
Answer:A,B,D
my think: also in module8 if u want users can not change there startmenue, u must set the NTFS permission
of \\server2\menu only "read", so c is incorrect.
80.You are admin of a w2k network. You are configereing RIS to deploy
Windows 2000 Prof. on new client computers.New users report that they
attempt to install their computers, they are unable to get an IP address.
What should you do?
A)Authorice the DHCP server in DHCP cache
B)Configure each computer to boot from a remote installation boot disk
C)Create a reservation in DHCP fpr each client
D)Start the Boot Information Negotiation Layer (BINL) service on the RIS
server
Answer:A
81.You want to use RIS to deploy your comps. Win2k. You need to find out the GUIDs
of the computers in your network. What should you do;
a) Use Network Monitor to capture and view the DHCPDiscover packets. Then search for GUID.
b) Use Network Monitor to capture and view the DHCPOffer packets. Then search for GUID.
c) Use Network Monitor to capture and view the DNS query packets. Then search for GUID.
d) something else
Answer:A
82. You are the Administrator of a Windows 2000 domain. The domain has an
Organization Unit (OU) named Sales. All users in the Sales OU use an
application named Planning. The Planning applicacion is deployed by using
a Group Policy object (GPO) named Planning App on the Sales OU.
The Planning App GPO is configured to assign the Planning application to
users by using a Microsoft Windows Installer Package for the application.
The Planning application will be replaced by another application in the
next month.
You want to accomplish the following goals:
Users who have not yet installed the Planning application will be
prevented from installing the application.
Users who have already installed the Planning application will be able to
continue to use it.
If key application files are missing when the Planning application starts,
the missing files will be reinstalled automatically.
If the vendor of the Planning App releases a software patch by using a
Windows Installer package, you will be able to assign the patch to only
the users who have already installed the application
You take the following actions
Create a new software category named OPTIONAL APPS
Configure the Planning App GPO to add the Planning application to the
OPTIONAL APPS software category
Configure the Planning App GPO to remove the Planning application , but
select the option to allow users to continue to use the software.
Which ones did you accomplish?
A. Users who have not yet installed the Planning application will be
prevented from installing the application.
B. Users who have already installed the Planning application will be able
to continue to use it.
C. If key application files are missing when the Planning application
starts, the missing files will be reinstalled automatically.
D. If the vendor of the Planning App releases a software patch by using a
Windows Installer package, you will be able to assign the patch to only
the users who have already installed the application
Answers: A , B
83. Your are the network administrator of a Windows 2000 network. The
network consists of 500 Windows 2000 Professional computers. You recently
discovered that users of these computers have been using the sames
passwords since their accounts were created. You need to correct this
problem to maintain security in the network.
You create a Group Policy object (GPO) and filter it to the users. You
want to configure the GPO to require users to create a different password
periodically.
Which two should you enable?
A. Minimum password length
B. User must log on to change the password
C. Enforcement of password history
D. Minimum password age
E. Maximum password age
Answers: C, E
84. You are the administrator of a Windows 2000 network that has only one
domain. You are configuring the network security settings for the domain’s
Windows 2000 Professional users.
Your Sales team uses portable comps and Routing and Remote Access to
connect to the company's network. Sales users need local Administrator
rights to their computerss so that they can run a third party application.
You want to configure the computerss to prevent the users from modifying
their existing network connections.
What should you do?
A. On each portable computer, create only the permitted LAN and Remote and
Routing Access connection. At the server, configure the Sales user
accounts to permit connect to only the specific computers.
B. Create a system policy to hide Network Neightborhood and disable
register-editing tools. Apply this policty to all the Sales users.
C. Create a Group Policy object (GPO) for the domain. Filter the GPO for
the Sales users. Configure the GPO to deny the Sales users access to the
properties of the LAN or Remote and Routing Access connection.
D. Create a Group Policy object (GPO) for the domain controllers
container. Filter the GPO for the Sales users. Configure the GPO to deny
the sales users access to the Network Connection Wizard.
Answer: C
85. Your are the administrator of a Windows 2000 network. Users in an
Organizational Unit (OU) named PROCS need to have a drive mapped to a
network location. These users log on from Windows 2000 Professional
computers. You want to use a logon script named USERLOG.CMD to implement
this drive-mapping for all current and future users in the PROCS OU. What
should you do?
A. Copy USERLOG.CMD to the NETLOGON share on each domain controller in the
domain. Select each user in the PROCS OU and set the logon script to
USERLOG.CMD.
B. Copy USERLOG.CMD to the SYSVOL share on each domain controller. Assign
read permission to the file for all users in the PROCS OU.
C. Create a Group Policy object (GPO) that enforces USERLOG.CMD as a logon
script. Assign the GPO to the PROCS OU.
D. Create a Group Policy object (GPO) that enforces USERLOG.CMD as a
startup script. Assign the GPO to the PROCS OU.
Answer: C
86. You are the administrator of a Windows 2000 network. Your company has 3
locations in North America and 3 locations in Europe. Your network
includes 6 sites as shown in the exhibit. (Click Exhibit).
The England, France and Italy sites are in the eur.blueskyairlines.com
domain. The NorthWestUS, CentralUS, and NorthEastUS sites are in the
na.blueskyairlines.com domain. The root of the forest is
bluesskyairlines.com.
The connection between the NorthEastUS site and the England site is
unreliable. You want to configure replication between the NorthEastUS site
and the England site.
What should you do?
A. Create an SMTP site link between the NorthEastUS site and the England
site.
B. Create an IP site link between the NorthEastUS site and the England
site.
C. Create an SMTP site link bridge between the NorthEastUS site and the
England site.
D. Create an IP site like bridge between the NorthEastUS site and the
England site.
Answer: A
(I am not 100%, it could be C, but it must be thru SMTP)
87.You are the network Administrator for blueskyairlines.you are implementing a windows 2000
network consisting of five sites in the blueskyairlines.com domain.
There are 15,000 users in Chicago,5000 users in Los angeles,2000 users in Miami,10,000 users in New York and 2000 users in Seattle.
You are designing the structure of DNS servers.You want to allow secure dynamic updates to
DNS in Chicago,Los Angeles and New York.
You want full DNS replication to occur in all sites.You do not want the Miami to have an
editable copy of the DNS zone.
How should you configure the DNS servers to accomplish these goals?
To answer,click the select & place button,and then drag the letter indicating the appropriate server type to each site.Next drag the number indicating the appropriate zone
type to each site.Two sites have been partially completed for you.
(Note:zone type and servers type can be used more than once)
A. view exhibit info
Answer:A
ZONE TYPE SERVER TYPE
select from these items select from these items
[1] Active Directory integrated [A] Domain controller
[2] Primary [B] Member server
[3] Secondary
[4] Cache only
********************------------[zone type] [server type]
* * LOS ANGELES
* *
* *-------------[zone type] [server type]
*[ZONE TYPE] [ A ] * MIAMI
* *
* *--------------[zone type] [server type]
* * NEW YORK
* *
********************--------------[zone type] [ B ]
CHICAGO SEATTLE