My reviewers and technical notes
NOTICE: The following procedure/reviewer contains here are all free and you can do
whatever you want with it. But I do not guarantee success or
support these actions. Any use of the information provided herein, is
performed at your own risk. You should make a backup copy of your files
prior to executing any of the following steps. Incorrect use of the
instructions can cause serious problems that may require a complete
reinstall of your operating system. I assumes no responsibility, expressed
or implied, regarding the consequences of any action taken as a result of
the information provided herein.
NAV Unable to Initialize Virus Scanning Engine Database IE issues Error: " The Print Spooler or one of its dependencies is not available. " helpful sites cd_dvd_hdd_fdd issues how do I Start Computer in SafeMode windows support page how to install lexmark printer? MS outlook issues PRINTERS/SCANNERS/CAMERA CDs not autorun when inserted in my CD/DVD drive in the MS Windows XP OS? A+ Certification Starting up and shutting down Windows 2000 Pro Amalgamation Braindump Network Admin_1 CDs not autorun when inserted in CD/ DVD drive in the MS Windows2000 or NT OS? Internetworking Technologies RAID LEVELs Internetworking Acronyms How do I troubleshoot a computer running Windows® 95/98 when it will not boot to the hard drive? DVD media may not ‘Autoplay’ in Windows XP Home/Pro Shells and stuff X linux partitions and disk mgmnt 315 from a Millionaire Bartleby Quotes of the Day Vocabulary 6 Civil Service Reviewer Internet acronyms Vocabulary 1 Vocabulary 10 Bible quiz DELL P1500 and S2500 Printers, Adding & setting up an optional paper tray 90-90 Diags MSWord Tips guide to subnetting TCP/IP basics having a successful job interview
1. You are the administrator of a Windows 2000 print server
named ServerA. ServerA is a member of a Windows 2000 Domain. You install a
high-speed laser print device on the network. You create and share a printer on
ServerA named FastLsr with the default settings.[CR][CR]You want all of the
users in your company to be able to use to FastLsr. You want the users in the
Payroll domain local group to have exclusive use of the print device between the
hours of 10:00 A.M and 3:00 P.M and shared use of the print device during all
other times.[CR][CR]What should you do?
Configure and share FastLsr to be available from 3:00 P.M
to 10:00 A.M. For the print device, create a second printer that has default
availability. For the second printer, assign the Everyone group the Deny-Print
permission and assign the Payroll group the Allow-Print permission. Instruct
users in the Payroll group to use the second printer.
*Configure and share FastLsr to be available from 3:00 P.M
to 10:00 A.M. For the print device, create a second printer that has default
availability. For the second printer, remove permissions for the Everyone group
and assign the Payroll group the Allow-Print permission. Instruct users in the
Payroll group to use the second printer.
Create and share a second printer device and configure it
to be available from 10:00 A.M to 3:00 P.M. For the second printer, assign the
Everyone group the Deny-Print permission and assign the Payroll group the
Allow-Print permission. Instruct users in the Payroll group to use the second
printer.
Create and share a second printer for the print device and
configure it to be available from 10:00 A.M to 3:00 P.M. For the second printer,
remove permissions for the Everyone group and assign the Payroll group the
Allow-Print permission. Instruct users in the Payroll group to use the second
printer.
2. You are a network administrator for your company. The
network consists of a single network segment in the company's New York office
and a single Active Directory domain. The network contains a Windows 2000 Server
computer named NYSrv04, which runs the DNS server service and the WINS server
service.[CR][CR]All client computers in the New York office use NYSrv04 for name
resolution. The network also contains four other Windows 2000 Server computers,
which are used for file and print sharing.[CR][CR]The company opens a new office
in San Francisco. The San Francisco office has a single network subnet, which
contains a Windows 2000 Server computer named SFSrv01, and 10 Windows 2000
Professional computers. SFSrv01 is configured as a domain controller in the
company's Active Directory domain. All computers in the San Francisco office are
members of the domain.[CR][CR]In accordance with the company's network plan, you
install WINS and DNS on SFSrv01. You configure the client computers in the San
Francisco office.[CR][CR]You need to ensure that the users in each office can
access the computers in both offices. [CR][CR]Which two actions should you take?
(Choose two)
*Configure WINS replication on SFSrv01 and NYSrv04 so that
SFSrv01 and NYSrv04 are replication partners.
Back up the WINS database on NYSrv04 and restore it on
SFSrv01.
Configure an Lmhosts file on SFSrv01 that includes the name
and IP address of NYSrv04.
*Configure the DNS server service on both NYSrv04 and
SFSrv01 to use Active Directory integrated zones.
Configure the DNS server service on SFSrv01 to forward name
resolution requests to NYSrv04.
3. You are a domain administrator for your company. The
network consists of a single Windows 2000 Domain and two TCP/IP subnets. A
server named ServerA provides DHCP services for the network.[CR][CR]You are
installing Windows 2000 Server and the DHCP service on a new stand-alone server
named ServerB. You configure ServerB with a DHCP scope for both network subnets.
The scope on ServerB excludes the addresses that are part of the DHCP scope on
ServerA. You configure both DHCP servers with the same scope options. [CR][CR]The
network is configured as shown in the exhibit.[CR][CR]When you stop the DHCP
service on ServerA, client computers on subnet A cannot obtain TCP/IP addresses.
However, client computers on subnet B can obtain TCP/IP addresses. [CR][CR]You
want to enable ServerB to issue TCP/IP addresses to client computers on both
subnets.[CR][CR]What should you do? <Q35.gif>
*Configure the router to forward BOOTP packets from subnetA
to serverB.
Configure the File Replication service on ServerA to
replicate the DHCP folder to ServerB.
Authorize ServerB as a DHCP server.
Authorize ServerA as a DHCP server.
4. You are a network administrator for Contoso
Pharmaceuticals. The network contains two Windows 2000 Server computers, which
run the DNS server service. The DNS servers are domain controllers for a single
domain named ad.contoso.com.[CR][CR]The DNS servers use standard zone types for
ad.contoso.com. The Windows 2000 Server computers and Windows 2000 Professional
computers in the domain are configured to dynamically register with the DNS
servers. DNS is the only name resolution service on the network.[CR][CR]A
Windows 2000 web server named ServerA contains an employee information Web site.
Users report that they attempt to access the Web site; they receive an error
message stating that the page cannot be displayed.[CR][CR]You confirm that you
can access the web site on ServerA by using the server's IP address. However,
when you run the ping ServerA command from the command line the reply you
receive contains a different IP address.[CR][CR]You want to correct the name
resolution problem and prevent it from happening again. [CR][CR]Which three
actions should you take? (Choose three)
Disallow zone transfers for the ad.contoso.com zone.
*Change the zone type to Active Directory integrated for
the ad.contoso.com zone.
Allow only secure objects for the ad.contoso.com zone.
*Disable dynamic updates for the ad.contoso.com zone.
*Run the ipconfig/release command on the computer that
responds to the ping. Run the ipconfig/renew command on ServerA.
*Delete the current DNS entry for ServerA. Run the ipconfig/registerdns
command on ServerA.
5. You are the network administrator for your company's New
York branch office. You receive three new Windows 2000 Server computers from the
main office. Each new server contains a single hard disk, which is configured as
a single NTFS logical volume.[CR][CR]You want to ensure that you can continue to
access the NTFS volume on each server in the event that Windows 2000 Server
fails to start. You want to be able to access each volume without having to
start the server from a CD-ROM or a floppy disk.[CR][CR]What should you do on
each server?
Ensure that the Everyone group has the Allow-Full Control
permission for the root folder of the hard disk.
Copy the i386 folder from the Windows 2000 Server CD-ROM to
the folder named \Windows\Options on the hard disk.
Place your domain users account in the local Administrators
group.
*Run the winnt32.exe/cmdcons command from the Windows 2000
Server CD-ROM.
6. You are the administrator of a Windows 2000 Server
computer named ServerA. You install Terminal Services on serverA in remote
administration mode. You use Terminal Services to administer ServerA for four
months.[CR][CR]After four months, you reinstall Terminal Services in application
server mode. You install and configure eight user applications on ServerA, and
the users in your company being connecting to serverA by using Terminal services
client software.[CR][CR]Three months later, users report that they cannot
connect to Server. You discover that you cannot connect to ServerA by using an
administrator user account. You verify that serverA is running properly and is
connected to the network.[CR][CR]You need to ensure that users and
administrators can connect to ServerA. [CR][CR]What should you do?
Modify the default Terminal Services user properties so
that all domain user accounts have permission to connect to Terminal Services.
In Terminal Services Configuration, delete and re-create
the default RDP-RCP connection
*Install and configure a Terminal Services Licensing server
on your network. Configure ServerA to use the new licensing server.
Ask a domain administrator to relocate ServerA's computer
account into an Organizational Unit (OU) named AuthorizedTerminalServer.
7. You are the administrator of four Windows 2000 Server
computers in the sales department. Each server has a single Pentium III-600
processor, 192 MB of RAM, and a single 30-GB hard disk. All computers have
100-Mbps network adapter cards.[CR][CR]Users in the sales department report that
when they attempt to access files or submit print jobs to a server named ServerA,
performance becomes very slow. You use system Monitor to monitor ServerA and
discover the information that is shown in the following table: (see exhibit) [CR][CR]You
need to improve the performance of ServerA for the users in the sales
department. [CR][CR]What should you do?<Q09.gif>
Upgrade or replace the RAM in the server.
*Upgrade or replace the hard disk in the server.
Upgrade or replace the processor in the server.
Upgrade or replace the network adapter card in the server.
8. You are a network administrator for your company. The
network consists of a single network subnet.[CR][CR]The network contains a
Windows 2000 Server computer named serverA, which runs the DNS server service.
All client computers run Windows 2000 Professional, and they are configured with
static IP addresses. The client computers are configured to use ServerA for DNS
name resolution.[CR][CR]Another administrator, named Peter, installs Windows
2000 Server on a new computer named ServerB. He installs the DNS server service
and the DHCP server service on ServerB. Peter configures the DHCP server to
issue dynamic IP addresses to client computers. He also configured the DHCP
server to configure client computers to use ServerB for DNS name
resolution.[CR][CR]You reconfigure all client computers to use DHCP to obtain IP
addressing information, and you uninstall the DNS server service from
ServerA.[CR][CR]All users now report that they cannot access any network
resources by name. [CR][CR]You need to ensure that users can access network
resources by name.[CR][CR]What should you do?
Configure the DNS server on ServerB to include a static A
(host) record that contains the name and IP address of ServerA.
Run the ipconfig/registerdns command on each client
computer.
Delete the Hosts file on each client computer.
*Reconfigure each client computer to remove ServerA's IP
address from the list of DNS servers and to obtain a list of DNS servers
automatically.
9. You are a network administrator for your company. The
network is configured as shown in the Network exhibit.[CR][CR]You view the
system log of FP01 and notice a large number of identical warning messages that
state the following: "The redirector was unable to initialize security context
or query context attributes."[CR][CR]The IP properties for FP01 are shown in the
IP Properties exhibit.[CR][CR]You need to prevent these warning message form
occurring. What should you do?<Q2930.gif>
*Configure the default gateway for FP01 to 192.168.1.254
Configure the default gateway for FP01 to 192.168.2.1
Configure the primary DNS server for FP01 to 192.168.1.15
Configure the primary DNS server for FP01 to 192.168.3.15
10. You are a domain administrator for your company. The
network consists of a single Active Directory domain. The network contains 10
Windows 2000 Server computers and 200 Windows 2000 Professional computers. A
server named ServerA has routing and remote access installed and is configured
for incoming dial-up connections.[CR][CR]Five employees will be traveling
overseas. They need to be able to dial in to ServerA while they are traveling.
The employees will be using Windows 2000 Professional portable computers to dial
in to the network.[CR][CR]You need to ensure that the dial-in connections on the
portable computers are as secure as possible.[CR][CR]Which three actions should
you take? (Choose three)
Configure ServerA to require EAP-CHAP authentication.
Configure ServerA to require MS-CHAP v2 authentication.
*Configure ServerA to require L2TP connections for all
dial-in users.
Configure ServerA to require Microsoft Point-to-Point
Encryption (MPPE) for all dial-in users.
*Install a server encryption certificate on ServerA and
enable IPSec.
*Install an encryption certificate on all client computers
and enable IPSec
11. You are the administrator of a Windows 2000 Server
computer named ServerA. The server has dual Pentium II-450 processors, 192 MB of
RAM, and two hard disks, which are configured as shown in the following table:
(see exhibit) [CR][CR]Users report that server performance is acceptable under
normal working conditions, such as accessing files and printing documents.
However, when a large accounting application is run, performance becomes
significantly slower. When the application is processing large amounts of data,
users report long waiting periods when they access files stored on the hard disk
or when they submit print jobs.[CR][CR]You monitor ServerA by using System
Monitor. You discover that when the accounting application is running, the
sustained processor utilization on both processors in 100 percent. There are
also numerous hard pages faults. When the application is not running, sustained
processor utilization drops to 50 percent, but the number of hard pages faults
remains high.[CR][CR]You need to improve the performance of ServerA. What should
you do? <Q13.gif>
*Upgrade the memory in ServerA.
Upgrade the processors in ServerA.
Move the paging file from the system partition to drive E.
Increase the default size of the paging file to at least
384 MB.
12. You are a network administrator for your company. A
user named Maria reports that her Windows 2000 Professional computer has stopped
responding.[CR][CR]You examine the computer and discover that it is displaying a
STOP message. Maria reports that the computer has been displaying a STOP message
intermittently during the past several days. You restart the computer and it
functions normally.[CR][CR]A few minutes later, Maria reports that the computer
has stopped responding again. You investigate and discover the same STOP
message. The documentation for Maria's computer indicates that a new network
adapter card was installed in the computer 10 days ago.[CR][CR]You set up a
second Windows 2000 Professional computer for Maria to use. You need to provide
access to her original computer so that she can copy three files onto a floppy
disk and copy them to the second computer. However, when you restart her
original computer, it displays a STOP message after only a few
minutes.[CR][CR]You need to provide Maria with access to the files on her
original computer. [CR][CR]You need to accomplish this task as quickly as
possible.[CR][CR]What should you do?
*Restart the original computer by using safe mode.
Restart the original computer by using the last known good
configuration.
Restart the original computer by using an Emergency Repair
Disk.
Restart the original computer by using the Windows 2000
Professional CD-ROM, and select the option to repair the installation.
13. You are a desktop administrator for your company. All
client computers run Windows 2000 Professional. You are installing a new Plug
and Play combination scanner and print device on a user's computer. You connect
the print device to the computer's parallel port. However, you discover that
Windows 2000 does not detect the new print device.[CR][CR]You open Device
Manager on the computer and discover that there is no listing for the printer or
for any unidentified devices. You run the Scan for hardware changes command in
Device Manager, but no new hardware is detected.[CR][CR]You want Windows 2000
Professional to detect and install drivers for the new print device. [CR][CR]What
should you do?
*In the system BIOS, enable Enhanced Parallel Port (EPP)
support.
In the Driver Signing Options dialog box, set File
Signature.
Use the Add/Remove Hardware wizard to install the
manufacturer's printer driver.
Turn off the computer, and then turn off the print device,
and then turn on the computer.
14. You are the administrator of an organizational unit (OU)
named Operations. You create a Group Policy Object to publish an application
named CorpOps to the users in the Operations OU.[CR][CR]Your company frequently
reassigns employees to different departments. When employees are reassigned,
their Active Directory user accounts are moved to a different OU. You need to
ensure that CorpOps is uninstalled when an employee's user account is moved to a
different OU.[CR][CR]What should you do?
Write a Microsoft Visual Basic Scripting Edition (VBScript)
logoff script that uninstalls CorpOps. Assign the logoff script to the members
of the Operations OU.
Modify the permissions on the CorpOps installation package
so that only members of the Operations OU have the Read permission.
*Configure the Group Policy Object that publishes CorpOps
to uninstall the application when it falls out of the scope of management.
Modify the GPO so that CorpOps is assigned instead of
publishes.
15. You are a network administrator for your company. You
need to configure offline file settings for all users in the Boston
Organizational Unit. You add two new Group Policy Objects named CompGPO and
UserGPO and link them to the Boston OU. A representation of the details of the
GPOs is shown in the exhibit.[CR][CR]Users report that they cannot synchronize
their offline files. You need to ensure that users can synchronize their offline
files.[CR][CR]What should you do? <Q33.gif>
*Modify the computer configuration for CompGPO by changing
the Prevent use of Offline Files folder policy to Not Configured.
Modify the computer configuration for CompGPO by changing
the Subfolders always available offline policy to Enabled.
Modify the user configuration for UserGPO by changing the
Administratively assigned offline files policy to Enabled.
Modify the computer configuration for CompGPO by changing
the Disable user configuration of offline files policy to Enabled.
16. You are a member of the Enterprise Admins group for
Trey Research. The Active Directory forest consists of a forest root domain
named ad.treyresearch.com and two child domains named east.ad.treyresearch.com
and west.ad.treyresearch.com. The network consists of four Active Directory
sites, with five domain controllers at each site.[CR][CR]You want to restrict
the ability to log on locally to all of the domain controllers to members of the
local Administrators group. You want to accomplish this goal with the least
amount of administrative effort and without affecting other computers in the
domain.[CR][CR]What should you do?
Create a Group Policy Object that restricts the ability to
log on locally to members of the local Administrators group. Link the GPO to the
ad.treyresearch.com domain.
Create a Group Policy Object that restricts the ability to
log on locally to members of the local Administrators group. Link the GPO to the
ad.treyresearch.com domain. Enable the No override option for the GPO link.
Edit the default Domain Group Policy Object in each domain
to restrict the ability to log on locally to members of the local Administrators
group.
*Edit the default Domain Controllers Group Policy Object in
each domain to restrict the ability to log on locally to members of the local
Administrators group.
17. You are the administrator of your company's Active
Directory domain. The company recently expanded from one office in London to
include new offices in New York and Mexico City. All user accounts for the
entire company are currently in the Users container.[CR][CR]Company policy
states that network administrators may configure user accounts for only their
respective offices. You create an Active Directory group for each of the three
offices. The user accounts of the network administrator for each office are
members of each respective Active Directory group.[CR][CR]You need to configure
Active Directory so that each administrator group can administer the user
accounts in only its respective offline office. [CR][CR]What should you do?
Run the Delegation of Control wizard at the domain level
and delegate the Full Control permission to all three of the administrators
groups for all child objects.
Create a new Organizational Unit for all of the user
accounts. Move the user accounts into the new OU. Place all three of the
administrators group in the new OU.
Create a new organizational unit for each of the three
offices. Place each of the three administrators groups in its respective OU. Run
the Delegation of Control wizard on each of these OUs and delegate the Create,
delete, and manage user accounts task to the respective administrators group.
*Create a new organizational unit for each of the three
offices. Move the user accounts to the appropriate OUs. Run the Delegation of
Control wizard on each of these OUs and delegate the Create, delete, and manage
user accounts task to the respective administrators group.
18. You are the desktop administrator for your company. A
new shipment of computers arrived recently. These new computers will replace
outdated client computers.[CR][CR]You install Windows 2000 Professional on one
of the new computers. You attempt to join the computer to the domain. You
receive an error message stating that access has been denied.[CR][CR]You need to
be able to add the new computers to the domain. [CR][CR]After you install
Windows 2000 Professional on all of the new computers, what should you do?
Log on to each computer as local Administrator, and then
join each computer to the domain.
Obtain permission to create computer objects, and then join
each computer to the domain.
*For each computer, create a computer account in Active
Directory, and then join each computer to the domain.
Run the ipconfig/registerdns command on each computer, and
then join each computer to the domain.
19. You are an organizational unit administrator for your
company's Active Directory domain. The top-level OUs in Active Directory are
organized by physical location. All OU administrators have permissions to
administer only the OUs for which they are responsible. You have organized your
OUs and user accounts based on the projects the users are working on. [CR][CR]The
OU structure is shown in the exhibit.[CR][CR]The OU for your location has a
Resources OU under it. The resources OU contains published shared folders and a
Computers OU that contains all the computer accounts at your
location.[CR][CR]Multiple templates have been created for use with Microsoft
Project. These templates are in a file share named Templates that is published
to the Resources OU as ProjectTemplates. The ProjectLeads group has permissions
for the Template file share. All user accounts in the Project Delta OU are
members of the ProjectLeads group and therefore have access to the Templates
file share.[CR][CR]You need to ensure that Andrea has access to the Templates
file share. What should you do? <Q34.gif>
Delegate control of the Project Alpha OU to the
ProjectLeads group.
Move Andrea's user account to the Project Delta OU.
Assign Andrea the Allow-Read permission for the Resources
OU.
*Add Andrea's user account as a member of the ProjectLeads
group.
20. You are the administrator of a Windows 2000 Server
computer named ServerA. ServerA runs a custom client/server software
application. ServerA is located in your company's New York office.[CR][CR]You
install terminal Services on ServerA in remote Administration mode. You can
connect to ServerA by using the terminal Services client software installed on
your Windows 2000 Professional computer.[CR][CR]A user named Marc is responsible
for supporting the client/server application on ServerA. Marc needs to perform
administrative tasks on ServerA. Marc is located in your company's London
office.[CR][CR]You need to ensure that Marc can connect to ServerA by using
Terminal Services. You also need to ensure that Marc does not receive any
unnecessary administrative privileges on other servers in your
company.[CR][CR]What should you do?
Ask a domain administrator to add Marc's domain user
account to the Domain Admins user group. Install the Windows 2000 administrative
tools on Marc's client computer.
Create a local user account named Marc on ServerA. Install
the Windows 2000 administrative tools on Marc's client computer.
Ask a domain administrator to grant Marc's domain user
account permission to connect to Terminal servers. Instruct Marc to use Terminal
Services to connect to ServerA, and to log on by using his domain user account.
Create a local user account named Marc2 on serverA.
Instruct Marc to use Terminal Services to connect to serverA, and to log on by
using the Marc2 user account.
*Add Marc's domain user account to the local Administrators
group on ServerA. Instruct Marc to use Terminal Services to connect to ServerA,
and to log on by using his domain user account.
21. You are a domain administrator for your company. The
network consists of a single Active Directory domain. The network also contains
a Windows 2000 Server computer named ServerA. ServerA has Routing and Remote
Access installed and is configured for incoming dial-up connections. Employees
use Windows 2000 Professional portable computers to dial in to the
network.[CR][CR]You configure a remote access policy that allows members of the
Domain Users group to dial in to ServerA between 7:00 A.M and 7:00 P.M every
day. To increase dial-up security, the company issues smart cards to all
employees.[CR][CR]You need to configure ServerA and the remote access policies
to support the use of the smart cards for dial-up connections.[CR][CR]What
should you do?
Create a remote access policy that requires users to use
SPAP for authentication.
*Create a remote access policy that requires users to use
EAP-TLS for authentication.
Create a remote access policy that requires users to use
MS-CHAP v2 for authentication.
Install the Internet Authentication Server (IAS) on ServerA.
22. You are the administrator of some of your company's
Windows 2000 file servers. The company recently implemented disk
quotas.[CR][CR]On one of your file servers, you successfully configure a single
quota for all users. However, after further inspection within the Quota Entries
Window, you notice that users who have exceeded their quotas can still save
files to the server.[CR][CR]You need to ensure that the quota limits prevent
each user from saving files to the server after the users' quota limits are met
or exceeded. [CR][CR]What should you do?
Run the Secedit/configure command on the server to enforce
the Basicws.inf security template.
Configure a quota entry for each user individually.
*Enable the enforcement of quota limits.
Upgrade the hard disks on the server to dynamic disks.
23. You are the evening-shift administrator of a Windows
2000 Server computer. The server hosts shared files. The server is configured as
a single NTFS logical volume.[CR][CR]The day-shift administrator reports that
the server displayed a STOP message earlier in the day. The day-shift
administrator restarted the server, which resulted in the same STOP message. The
administrator also attempted to perform a repair installation, but the server
again displayed the same STOP message. You replace each hardware component in
the server with components that are known to function correctly, but the server
continues to display the STOP message.[CR][CR]You have a tape backup of the
server's shared files from two nights ago. The backup is approximately 400 GB in
size.[CR][CR]You need to provide users with access to the shared files as
quickly as possible. You need to ensure that the security permissions on the
shared files remain the same, and you want to minimize the amount of data that
is lost.[CR][CR]What should you do?
Restore the shared file from the backup tape to a FAT32
volume on a different Windows 2000 Server computer.
*Restore the shared files from the backup tape to NTFS
volume on a different Windows 2000 Server computer.
Restart the server by using the Recovery Console. Copy the
shared files onto floppy disks, and then copy the files from the floppy disks
onto a different Windows 2000 Server computer.
Perform a parallel installation of Windows 2000 Server on
the server.
24. You are an Organizational unit administrator of your
company's Active Directory forest. You accidentally delete the user ID of an
example named Marc. You re-create the user ID with the same name as before. Marc
now reports that he does not have the same permissions that he previously
had.[CR][CR]You need to ensure that Marc has all of the permissions he had all
of the permissions he had prior to the deletion. [CR][CR]Which two actions
should you take? (Choose two)
Add Marc's user account back into all the groups it was
previously a member of .
Ask the domain administrator to move Marc's user account
from the LostandFound container back into the OU it was previously a member of.
Ask the administrator to delete Marc's user ID from within
the LostandFound container.
*Ask the domain administrator to perform an authoritative
restore of Marc's user ID from a backup.
*Configure Marc's account so that it does not require
Kerberos preauthentication.
25. You are a network administrator for your company. A
user named Marc has a local user account on his Windows 2000 Professional
computer.[CR][CR]Marc is issued a USB print device. You need to configure Marc's
computer so that he can install the new device and appropriate drivers. You log
on to Marc's computer and disable the restrictions on loading unsigned drivers.
All other local computer policies are configured with default settings. You
restart Marc's computer.[CR][CR]Marc connects the print device to his computer.
He reports that the printer does not appear in the Printers system folder, and
he cannot print any documents.[CR][CR]You need to ensure that Marc can install
the printer and can print documents. [CR][CR]What should you do?
Add Marc to the local Print Operators group on his
computer.
Add the /fastdetect switch in the Boot.ini file on Marc's
computer.
Disable the Prevent users from installing printer driver
local security policy setting.
*In the Driver Signing Options dialog box, select the Apply
setting as system default check box.
26. You are the desktop administrator for your company.
Each of the company's desktop computers has been upgraded from Windows NT
Workstation 4.0 to Windows 2000 Professional. The hard disk on each computer has
one NTFS partition.[CR][CR]One of the desktop computers has an application that
stores its large data files on drive C. Recently the user of this computer has
been running out of disk space on drive C. However, the computer's hard disk
still contains unallocated space.[CR][CR]You need to increase available disk
space on drive C on this computer. [CR][CR]What should you do?
*Create a partition by using unallocated space, and
configure this partition as a mount point on drive C.
Create a stripe set that includes unallocated space and
drive C.
Upgrade the hard disk from a basic disk to a dynamic disk.
Extend drive C by using unallocated space.
27. You are the administrator of a Windows 2000 file server
named ServerA. ServerA is a member server in a Windows 2000 Domain. You create a
folder named H:\SalesHandbook on a volume that is formatted as NTFS. You share
the folder as SalesHandbook$.[CR][CR]You want users of Windows 2000 Professional
computer to be able to search Active Directory for the share by the name
SalesHandbook.[CR][CR]What should you do?
Publish the shared folder, and configure the name to be
SalesHandbook$ and the path to be \\ServerA\SalesHandbook.
*Publish the shared folder, and configure the name to be
SalesHandbook and the path to be \\ServerA\SalesHandbook$.
Publish the shared folder, and configure the name to be
SalesHandbook$ and the path to be H:\SalesHandbook.
Publish the shared folder, and configure the name to be
SalesHandbook and the path to be H:\SalesHandbook.
28. You are the administrator of some of your company's
file servers. Peter is hired as an intern in the human resources department.
Peter needs access to some HR files. He also needs to be able to read the file
named Handbook.doc, but he must not be able to make changes to
it.[CR][CR]Handbook.doc exists in a folder named HRResources. Peter needs to
have Read and Modify permissions for the other files in the HRResources
folder.[CR][CR]Peter is a member of the Domain Users group and the HR group. The
permissions on the HRResources folder are shown in the following table. (see
exhibit) [CR][CR]You need to ensure that Peter can access the appropriate files
and that he cannot make changes to Handbook.doc. [CR][CR]What should you do?
<Q14.gif>
Set the hidden and system attributes on Handbook.Doc.
Disable permissions inheritance on Handbook.doc.
Assign Peter the Allow-Read permission for Handbook.doc.
*Assign Peter the Deny-Write NTFS permission for
Handbook.doc.
29. You are the administrator of your company's Windows
2000 file servers. A user named Maria creates a folder named Data on a file
server. She uses Encrypting File System (EFS) to encrypt some of the files in
the Data folder.[CR][CR]Now, other users need access to files Maria stores in
the Data folder. In order to allow these users access to the files, you share
the Data folder. You then assign these users the Allow-Read share permission and
the Allow-Read NTFS permission for the shared Data folder.[CR][CR]Maria reports
that users can access the unencrypted files in the Data folder, but they cannot
access the encrypted files. When users attempt to access the encrypted files,
they receive an error message stating that access is denied.[CR][CR]You need to
allow the users to access all of the files in the Data folder. [CR][CR]What
should you do?
Change the NTFS permission to Full Control.
Change the share permission to Full Control.
*Instruct Maria to decrypt the files.
Share Maria's public key with all of the users.
30. You are the administrator of a Windows 2000 print
server named serverA. ServerA is a member of a Windows 2000 Domain. You install
a color laser print device on the network. You create and share a printer on
ServerA named ColorLsr with the default settings.[CR][CR]You want all of the
users in your company to be able to use ColorLsr, but you want the users in the
Managers domain local group to always have priority use of the print
device.[CR][CR]What should you do?
Create and share a second printer for the print device and
set the priority level to 1. For the second printer, assign the Everyone group
the Deny-print permission and assign and the Managers group the Allow-Print
permission. Instruct users in the Managers group to use the second printer.
Create and share a second printer for the print device and
set the priority level to 1. For the second printer, remove permissions for the
Everyone group and the Managers group the Allow-Print permission. Instruct users
in the Managers group to use the second printer.
Create and share a second printer for the print device and
set the priority level to 99. For the second printer, assign the Everyone group
the Deny-print permission and assign and the Managers group the Allow-Print
permission. Instruct users in the Managers group to use the second printer.
*Create and share a second printer for the print device and
set the priority level to 99. For the second printer, remove permissions for the
Everyone group and the Managers group the Allow-Print permission. Instruct users
in the Managers group to use the second printer.
31. You are the administrator for one of your company's
branch office. All of the company's file servers have indexing enabled, with the
default values.[CR][CR]A user named Maria is responsible for document archiving
and retrieval Maria must log the files as she archives them.[CR][CR]A new
partition has been created on one of the file servers for archiving and
retrieval. A portion of the drive space on this partition is used for other
purposes. A shared folder has been created on the partition. Users place files
to be archived in this shared folder.[CR][CR]Maria logs the appropriate files
and moves them to a compressed folder on the partition. The folder is named
Archive. A portion of the contents of the archive folder is shown in the
exhibit.[CR][CR]Maria has Read and Modify permissions for the Archive folder.
The files are backed up on tape and the tape is stored off site. Maria reports
that she is running out of space on the partition. You will not be able to
purchase hardware during the next three months.[CR][CR]You need to free up space
on the partition. [CR][CR]What should you do? <Q31.gif>
Enable offline caching of files on the partition.
Disable indexing of the partition.
Configure a scheduled task to defragment the partition on a
weekly basis.
*Configure a scheduled task to compress the files on the
partition on a nightly basis.
32. You are a network administrator for your company. The
network consists of a single Windows 2000 Domain. All client computers run
Windows 2000 Professional and are members of the domain.[CR][CR]Peter is a user
in the graphics department. He connects a print device to his computer. He wants
other users in the graphics department to be able to find the printer in the
directory and to use it to print documents from the network.[CR][CR]Peter
reports that neither he nor any other users can find the printer in the
directory and that no remote users can submit print jobs. Peter can print
documents locally.[CR][CR]You need to ensure that Peter and other users in the
graphics department can find the printer in the directory and can print
documents from the network. [CR][CR]What should you do?
*In the printer properties, share the printer on Peter's
computer.
In the printer properties, assign the Everyone group the
Allow-Print permission.
In Active Directory users and Computers, add the printer as
a child object to Peter's computer object.
In Active Directory users and Computers, select the Trust
computer for delegation check box in Peter's computer properties.
In Active Directory Users and Computers, assign users in
the graphics department the Allow-Read Public Information permission for Peter's
computer object.
33. You are the desktop administrator for your company. You
need to configure one of the computers in a dual-boot configuration for Windows
98 and Windows 2000 Professional.[CR][CR]The computer has a single hard disk
that is partitioned into two primary partitions. The first partition is the
system partition for both operating systems, and it is 3 GB in size. The second
partition is for data, and its also 3 GB is size.[CR][CR]You need to configure
the computer so that both operating systems will function properly and will be
able to access all of the space on both partitions. [CR][CR]Which two actions
should you take? (Choose two)
Format the system partition as FAT.
*Format the system partition as FAT32.
*Format the system partition as NTFS.
Format the data partition as FAT.
*Format the data partition as FAT32.
Format the data partition as NTFS.
34. You are the administrator of a Windows 2000 file server
named ServerA. ServerA is a member of a Windows 2000 Domain. A folder on ServerA
named I:\Data\ServerAdmins is shared as ServAdmin.[CR][CR]NTFS and share
permissions are configured as shown in the following table: (see the
exhibit).[CR][CR]Users in the built-in Domain Admins group have persistent
mapped drives to ServAdmin.[CR][CR]You do not want users to see the shared
folder when they type \\ServerA from the Run command or when they browse the
network. You want domain administrators to be able to access the resources that
are in the folder.[CR][CR]What should you do? <Q10.gif>
Stop and disable the Computer Browser service on ServerA by
using Computer Management
Modify the share permissions to assign only the Local
Administrators group the Allow-Full Control permission.
*Publish ServAdmin in Active Directory. Assign permissions
for the published shared folder to only the Domain Admins group.
*Re-create ServAdmin as ServAdmin$. Instruct the users in
the Domain Admins group to delete and then re-create their persistent mapped
drive connections to ServAdmins$.
35. You are the administrator of your company's Windows
2000 file servers. There are 200 users in the[CR][CR]company.[CR][CR]A file
server named ServerA functions as a file and print server. ServerA has a single
partition that stored home folders and other shared user data.[CR][CR]You
configure quotas for all users' home folders. After you configure quotas on
ServerA, users report that they are being prevented from creating new files in
their home folders even though their home folders do not exceed the quota
limit.[CR][CR]You need to enforce quota limits based only on home folder usage.
You need to accomplish this task with the least amount of administrative
effort.[CR][CR]What should you do?
*Place all of the home folders on a single, separate
partition and configure quotas on the new partition.
Create a unique partition for each user's individual home
folder and configure quotas on each partition.
Assign the users the Allow-Take Ownership permission for
their home folders and then instruct the users to take ownership of their home
folders.
Create a quota entry for each individual user.
Share each home folder separately.
36. You are the administrator of a Windows 2000 file server
named ServerA. ServerA is a member server in a Windows 2000 Domain. You create a
fold named H:\EmployeeHandbook on a volume that is formatted as NTFS. You share
the folder as EmployeeHandbook$.[CR][CR]You want users of Windows 2000
Professional computers to be able to search the network for the share by name.
You want the users to be able to find the share without needing to know the name
of the server.[CR][CR]What should you do?
*Run the net share EmployeeHandbook$ command on a domain
controller.
*Publish the share in Active Directory by using Active
Directory Users and Computers.
Run the dcpromo command on ServerA.
Create a virtual directory for the folder with an alias of
EmployeeHandbook.
37. You are the administrator of a Windows 2000 file server
named ServerA. ServerA is a member of a Windows 2000 Domain. You create a folder
named I:Data on ServerA. In I:\Data, you create a subfolder for each of your
company's 200 departments.[CR][CR]You want the users in each department to have
full access to only their department's folder. You want to configure and manage
this access with the least amount of administrative effort.[CR][CR]What should
you do?
*I:\Data Configure share permissions to assign the
Everyone group the Allow-Full Control permission. Configure NTFS permissions for
each department's folder to assign the Allow-Full control permission to the
group that contains that department's users.
I:\Data Configure share permissions to assign the Everyone
group the Allow-Read permission only. Configure NTFS permissions for each
department's folder to assign the Allow-Full control permission to the group
that contains that department's users.
Share each department's folder. Configure share permissions
to assign the Allow-Full Control permission to the group that contains that
department's users. Configure NTFS permissions for each department's folder to
assign the Allow-Full control permission to the group that contains that
department's users.
Share each department's folder. Configure share permissions
to assign the Allow-Full Control permission to the group that contains that
department's users. Configure NTFS permissions for each department's folder to
assign the Everyone group the Allow-Full control permission.
38. You are the administrator of a Windows 2000 file server
named ServerA. ServerA is a member of a Windows 2000 Domain. A folder on ServerA
named I:\data\LimitedPublic is shared as LimPub. NTFS and share permissions are
configured as shown in the following table: (see exhibit)[CR][CR]You want all
users who have a valid domain account to be able to create files in the folder
and to be able to subsequently update the files that they create. You want to
prevent users from accessing other users' files, but you want to allow the
creator of a file to assign access for that file to other users.[CR][CR]Users
report that they can access LimPub, but they cannot create files in the
folder.[CR][CR]You need to configure permissions to allow appropriate access to
the folder. [CR][CR]What should you do?
Configure share permissions to assign the Everyone group
the Allow-Change permission. Configure NTFS permissions for the folder to assign
the Everyone group the Allow-Write permissions for the folder to assign the
Creator Owner group the Allow-Full Control permission.
Configure share permissions to assign the Everyone group
the Allow-Change permission. Configure NTFS permissions for the folder to assign
the Everyone group the Allow-Create/Write Data permission and to assign the
Creator Owner group the Allow-Full Control permission.
*Configure share permissions to assign the Everyone group
the Allow-Full Control permission. Configure NTFS folder permissions for the
folder to assign the Everyone group the Allow-Create Files/Write Data
permissions and to assign the Creator Owner group the Allow-Full Control
permission.
Configure share permissions to assign the Everyone group
the Allow-Full Control permission. Configure NTFS folder permissions for the
folder to assign the Everyone group the Deny-Read permission and to assign the
Creator Owner group the Allow-Full Control permission.
39. You are the administrator of your company's Internet
Web Server. The web server is a Windows 2000 Server computer that hosts several
Internet Web Sites, including the company's public internet Web site.[CR][CR]You
want to allow employees to download company documents from the web server when
the employees are away from the office. Employees will access the web server by
using Microsoft Internet Explorer.[CR][CR]You want to ensure that security of
each employee's network user name and password when the employees are accessing
the documents. You also want to ensure that only employees can access the
documents. [CR][CR]What should you do?
Create an FTP site and configure it to use only anonymous
user connections.
Create an FTP site and configure it to use only Basic
authentication for user connections.
Create a document Web site and configure it to use only
Basic authentication. Then enable directory browsing.
*Create a document web site and configure it to use only
integrated Windows authentication. Then enable directory browsing.
40. You are the network administrator for your company's
branch office in Chicago. All client computers in the Chicago office run Windows
98. The network in the Chicago office is connected by a T1 line to the network
in the main office in New York. Users on the network in the Chicago office
access file servers that are located on the network in the New York.[CR][CR]The
network in the New York office contains a WINS server. All company computers are
configured to use the WINS server for name resolution. Managers in the company
want to improve name resolution performance. You are instructed to install and
configure WINS on a Windows 2000 Server computer in the Chicago
office.[CR][CR]You install WINS on a Windows 2000 Server computer named ServerA.
You configure all client computers in the Chicago office to use ServerA for name
resolution. All users immediately report that they cannot access servers in the
New York office.[CR][CR]You need to ensure that client computers in the Chicago
office use ServerA for name resolution. You need to ensure that users in the
Chicago office can access servers in the New York office.[CR][CR]What should you
do?
Create an Lmhosts file on ServerA that includes the name
and IP address of the WINS servers in the New York office.
*Collaborate with an administrator in the New York office
to configure WINS replication between ServerA and the WINS server in the New
York office.
Configure the client computers in the Chicago office to use
the WINS server in the New York office as their primary WINS server and ServerA
as their secondary WINS server.
Ask a domain administrator to add ServerA's computer
account to an organizational unit (OU) named AuthorizedWINSServers.
41. You are a network administrator for your company. The
network contains a Windows 2000 Server computer named ServerA, which runs the
DNS server service. All client computers on the network use ServerA for name
resolution. ServerA is configured to forward name resolution requests to your
Internet Service provider's (ISP) DNS server.[CR][CR]A user named Marc uses a
Windows 2000 Professional computer on the network. His computer is configured to
obtain IP addressing information by using DHCP. He reports that he cannot access
a specific internet web site by using the site's URL. However, he can access
other web sites. When he attempts to access the specific web site, he receives
the following error message: "Server not found or DNS error." You can access the
specific web site from your client computer and from other client computers on
the network.[CR][CR]You need to ensure that Marc can access the specific web
site by using its URL. [CR][CR]What should you do on Marc's computer?
Stop and restart the DHCP client service.
Stop and restart the workstation service.
*Run the ipconfig/flushdns command.
Run the ipconfig/registerdns command.
42. You are a network administrator for your company. The
network consists of a single forest that contains two Windows 2000 Domains named
wingtiptoys.com and tailspintoys.com. You administer a Windows 2000 Server
computer named ServerA, which run the DNS server service. ServerA is located in
a Branch office. The branch office contains computers in both
domains.[CR][CR]ServerA contains an Active Directory integrated zone for only
wingtiptoys.com. You want ServerA to also locally resolve names for computers in
tailspintoys.com.[CR][CR]What should you do?
*Create a secondary zone for tailspintoys.com on ServerA.
Create an Active Directory integrated zone for
tailspintoys.com on ServerA.
Create a primary zone for tailspintoys.com on ServerA.
Create a reverse lookup zone for tailspintoys.com on
ServerA.
43. You are a network administrator for your company. The
network consists of a single subnet. A DNS server, a DHCP server, and a Windows
2000 Domain controller are configured on the subnet. You do not have permissions
on the DHCP server.[CR][CR]You add a new client computer to the network. Andrea
is the user of this computer. When Andrea attempts to connect to the domain
controller by using the domain controller's host name, she receives the
following error message; "The network path was not found." [CR][CR]The TCP/IP
configuration settings are shown in the exhibit.[CR][CR]You need to configure
the new client computer so that Andrea can connect to network resources by using
host names. You need to configure the computer with the least amount of
administrative effort.[CR][CR]What should you do? <Q32.gif>
In the client computer's Lmhosts file, add an entry for
each server.
*Configure the client computer to obtain the DNS server
address automatically.
Install the Simple TCP/IP services on the client computer.
Configure static IP settings on the client computer.
44. You are a network administrator for Contoso
Pharmaceuticals. The network consists of a single forest that contains four
Windows 2000 domains named contoso.com, domain1.contoso.com,
domain2.contoso.com, and domain3.contoso.com. In domain3.contoso.com you
administer two Windows 2000 Server computers named ServerA and ServerB. ServerA
and ServerB run the DNS server service.[CR][CR]Users on Windows 2000
Professional computers in domain3.contoso.com report that they cannot access
resources in domain1.contoso.com. When you escalate the problem to the
enterprise administrators, you are informed that the DNS zone for
domain3.contoso.com was recently corrupted with erroneous A (host) records.
However, after the enterprise administrators correct the A records, users still
report that they cannot access resources in domain1.contoso.com.[CR][CR]You want
users in domain3.contoso.com to be able to immediately access resources in
domain1.contoso.com. [CR][CR]Which two actions should you take? (Choose two)
Create an Active Directory integrated zone for
domain3.contoso.com on Both ServerA and ServerB.
*Clear the DNS cache on ServerA and ServerB by using the
DNS console.
*Run the ipconfig/flushdns command on each user's computer.
Run the ipconfig/release command on each user's computer.
Initiate a scavenging operation of stale resource records
on ServerA and ServerB by using the DNS console.
45. You are the network administrator for your company's
branch office in Chicago. The network in the Chicago office is connected by T1
line to the network in the main office in New York. The network in the New York
office contains a Windows 2000 Server computer named NYSrv04, which is a domain
controller and hosts an Active Directory integrated DNS zone. All client
computers in the New York and Chicago offices use NYSrv04 for name
resolution.[CR][CR]The company's network manager decides to place an additional
server on the network in the Chicago office to improve network performance. You
receive a new Windows 2000 Server computer named CHSrv01 from the main office.
CHSRv01 is configured as a domain controller for the company domain and as a DNS
server.[CR][CR]You need to configure DNS on CHSrv01 and you need to configure
the client computers that are on the network in the Chicago office. You need to
ensure that your configuration provides the fastest possible name resolution
performance. You need to minimize the amount of DNS traffic sent between the New
York and Chicago office.[CR][CR]You configure the client computers in the
Chicago office to use CHSrv01 for name resolution. [CR][CR]What should you do
next?
Configure CHSrv01 with a new primary zone, and configure
CHSrv01 to forward name resolution requests to NYSrv04.
Configure CHSrv01 with a new secondary zone, and configure
CHSrv01 to perform zone transfers from NYSrv04.
*Configure CHSrv01 as a caching-only server, and configure
CHSrv01 to forward name resolution requests to NYSrv04.
*Configure CHSrv01 with an Active Directory integrated
zone.
46. You are a domain administrator for your company. You
install a Windows 2000 Server computer named ServerA. ServerA is a member of the
company's Active Directory domain.[CR][CR]You install the DHCP service on
ServerA. When you restart serverA, the DHCP service does not start.[CR][CR]You
want to enable ServerA to start the DHCP service.[CR][CR]What should you do?
Configure the DHCP service to use a Domain Administrator
account to log on to the domain.
Configure the DHCP service to use an Enterprise
Administrator account to log on to the domain.
*Ask a member of the Enterprise Admins group to authorize
ServerA as a DHCP server.
Ask a member of the local Administrators group to authorize
ServerA as a DHCP server.
47. You are an administrator of a Windows 2000 Server
computer, which runs the DNS server service. The DNS server is located in one of
your company's branch offices. The network is your branch office contains 100
DNS clients that are all members of the same Windows 2000 Domain. The DNS server
is not a member of the domain.[CR][CR]You want the DNS server to perform
recursive queries on behalf of the DNS clients for names of hosts that are
outside of the domain and on the internet. [CR][CR]What should you do?
*Configure the DNS server to use forwarders to resolve DNS
names.
Configure the DNS server as a caching-only server.
Configure a secondary primary zone on the DNS server for
the domain.
Configure a primary zone on the DNS server for the domain.
48. You are the network administrator for your company's
branch office. A user named Marc reports that his Windows 2000 Professional
computer will not start.[CR][CR]You investigate, and you discover that Marc's
computer is displaying the following error message:[CR][CR]"Invalid disk or
operating system not found." [CR][CR]Your computer configuration documentation
indicates that Marc's computer is configured as a single NTFS logical
volume.[CR][CR]You need to restore Marc's computer to normal operation as
quickly as possible. [CR][CR]What should you do?
*Restart the computer by using the Windows 2000
Professional CD-ROM, and select the option for the Recovery Console. Run the
fixmbr and fixboot commands.
Restart the computer by using the Windows 2000 Professional
CD-ROM, and select the option for the Recovery Console. Run the enable
"Workstation" command.
Restart the computer by using the Windows 2000 Professional
CD-ROM, and perform a parallel installation to a different folder on the hard
disk
Restart the computer by using a floppy disk, and copy the
Ntldr file from the Windows 2000 Professional CD-ROM to the root folder of Drive
C.
49. You are a network administrator for your company. Users
report that an application server named ServerA that runs a customized
application is slow to respond. You configure System Monitor on ServerA. The
results are shown in the following table: (see exhibit) [CR][CR]You need to
improve the performance of ServerA. What should you do? <Q12.gif>
*Add additional RAM to ServerA.
Add an additional CPU to ServerA.
Add an additional network adapter to ServerA.
Add an additional Active Directory domain controller to the
network.
Upgrade to a faster disk subsystem on ServerA.
50. You are a network administrator for your company. The
network contains 2,500 Windows 2000 Professional computers, 70 Windows 2000
Server member servers, and 5 Windows 2000 Server domain controllers. All
computer accounts are in their default location in Active Directory.[CR][CR]You
need to deploy the most recent service pack to all of the computers with the
least amount of administrative effort. [CR][CR]What should you do?
*Create a script named Update.bat that runs the Update.exe
file from a network share. Create a Group Policy Object and link it to the
Computers container. Set the computer configuration to run the Update.bat script
on startup. Restart each computer.
Create a Group Policy Object and link it to the Domain
level. Configure the GPO to assign the Update.msi file under the user
configuration logon script. Log on to each computer as Administrator.
Create a Group Policy Object and link it to the Domain
level. Configure the GPO to assign the Update.msi file under the user
configuration logon script. Restart each computer.
Create a Group Policy Object and link it to the Computer
container. Configure the GPO to assign the Update.msi file under the computer
configuration. Restart each computer.
51. You are domain administrator for your company. The network consists of a
single Windows 2000 domain. The domain contains and organizational unit (OU)
structure as shown in the OU structure exhibit.[CR][CR]Each department has its
own departmental administrators who are responsible for the administration of
resources in their respective departments. Company Policy requires that these
departmental administrators have control of the objects only in their respective
OUs.[CR][CR]You use the Delegation of Control Wizard to delegate complete
control of the each departmental OU to the administrative staff in the
respective department. The departmental administrators can successfully create
users, groups, and printers in their respective OUs.[CR][CR]Maria is an
administrator in the sales department. Maria reports that she cannot create a
Group Policy Object in the Sales OU. When she attempts to create a Group Policy
new GPO in the OU, she receives the error message shown in the GROUP POLICY
ERROR exhibit.[CR][CR]You verify that Maria has the Allow- Full Control
permission for the Sales OU, but she still cannot create the GPO.[CR][CR]You
need to resolve this problem. What should you do?<Q2637.gif>
Add Maria to the Domain Admins Security Group.
*Add Maria to Group Policy Creator Owner Security group.
Assign Maria the Allow- Create Child Objects permission for the Corp OU.
Assign Maria the Allow-Modify Ownership permission for the sales OU, and
instruct here to take ownership of the OU.
52. You are the network administrator for your company. You create a global
distribution group named Public. The Public Group has the READ permission for a
resource on the domain controller. The resource is named Res1.[CR][CR]Ten
employees in the IT department need access to Res1. You add the user accounts
for the 10 employees to attempt to access Res1 immediately. They report that
they cannot access Res1.[CR][CR]You need to ensure that the 10 employees can
access Res1. [CR][CR]What should you do?
Configure the ITStaff group's group scope to be a universal group and instruct
10 employees to logout and to log in again.
Configure the Public group's group scope to be a universal group, and instruct
the 10 employees to log out and to log in again.
*Configure the ITStaff group's group scope to be a security group, and instruct
10 employees to logout and to log in again.
Move the user accounts of the 10 employees so that the accounts are in the same
organizational unit (OU) as the ITStaff group, and instruct 10 employees to log
out and log in again.
53. You are a network administrator for your company. The company has offices in
five cities. There is an Organizational Unit (OU) for each office.[CR][CR]You
install a new file server named ServerB. ServerB will host the My Documents
folder for all users in the New York OU.[CR][CR]At the domain level there is a
Group Policy Object (GPO) Named AllMyDocumentsGPO that redirects the My
Documents folder to \\ServerA\users\%username%. There is a separate GPO named
SettingsGPO that configures the desktop settings and removes the Run command
that is configured at the domain level.[CR][CR]You configure a GPO named
NYMyDocumentsGPO that redirects the My Documents folder for the users in the New
York office to \\ServerB\users\%username%. You verify that the My Documents
folder has been redirected. However, you notice that users in the New York
office do not have the corporate desktop settings and that the users can use the
Run command.[CR][CR]What should you do?
*On the New York OU, configure Group Policies to not block inheritance.
On the New York OU, remove the NYMyDocumentsGPO and then configure Group
Policies to not block inheritance.
On AllMyDocumentsGPO, modify the permissions by adding a NYUsers group and
assigning it the Deny -Apply Group Policy permission.
At the domain level, configure a new GPO for the croporate desktop settings. Add
a NYUsers group and assign it the Allow - Apply Group Policy permission for the
new GPO.
54. You are a network administrator for your company. You are responsible for a
child domain in your enterprise. The human resources (HR) department uses this
child domain. The domain contains Windows 2000 domain controllers and Windows NT
4.0 member servers.[CR][CR]The HR department institutes a new employee review
process. Under the new process, documents that are used for performance reviews
will be stored in the shared folder, and managers will be the only personnel who
will have access to that shared folder.[CR][CR]In that organizational unit (OU)
named Mgr1, existing global groups for managers are the IT Managers group, the
HR Managers group, the Finance Managers group and the Manufacturing Managers
group.[CR][CR]You want to add these managers groups to a new security global
group named All Managers. The All Managers group is in a separate OU named
AllMgr. However, when to attempt to add each of the managers groups to the All
Managers group, you notice that only individual users accounts are available to
be added and the managers group are not available to be added.[CR][CR]What
should you do?
Move the All Managers group to the Mgr1 OU.
*Ask the domain administrator to switch the domain to native mode.
Change the All Members group from a global group to a universal group.
Ask the domain administrator to assign you the Allow - Change permission for
each of the managers global groups.
55. You are the administrator of a Windows 2000 Server computer named ServerA.
ServerA runs Terminal Service. Company users log on to Terminal Services to run
custom Windows-based applications that are installed on ServerA.[CR][CR]A user
named Maria works in a branch office. Maria reports that she is having problems
using one of the applications on ServerA. You attempt to troubleshoot the
problem by talking to Maria over the telephone, but she cannot provide
sufficient information about what the application is doing.[CR][CR]You need to
see how Maria is using the application in order to resolve the problem. [CR][CR]What
should you do?
*Use Terminal Services to log on to ServerA from your client computer. Use
Terminal services Manager to shadow Maria's session and troubleshoot the
problem.
Log on to ServerA's console. Use Terminal Service Manager to shadow Maria's
session and troubleshoot the problem.
Ask a domain administrator to modify Mara's user account so that its Terminal
Services disconnect time is at least one hour. Instruct Maria to log off of
ServerA. Then, use Terminal Services from your client computer to log on to
ServerA by using Maria's user account, and run the application.
Ask a domain administrator to modify Mara's user account so that its Terminal
Services idle time is at least one hour. Instruct Maria to disconnect from
ServerA. Then, use Terminal Services from your client computer to log on to
ServerA by using Maria's user account, and run the application.
56. You are a network administrator for your company. The network consists of a
single Windows 2000 Domain. All servers run Windows 2000 Server. All client
computers run Windows 2000 Professional.[CR][CR]The manager of the accounting
department reports that files located in shared folders on a server named
ServerA are being deleted and must continually be restored from
backup.[CR][CR]You are asked to configure the local security policy on ServerA
to find out who is deleting the files. You enable auditing on the affected files
and folders for all users in the domain.[CR][CR]Which audit policy or security
policy should you enable on ServerA?
Audit Access of Global System Objects security policy.
Account Logon Events-Success audit policy.
Logon Events-Success audit policy.
*Object Access-Success audit policy.
Privilege Use-Success audit policy.
57. You are the desktop administrator for your company. The client computers you
administer are either Windows 95 or Windows 98 desktop computers. The network
consists of a single Windows 2000 Active Directory domain.[CR][CR]The company is
implementing a fault-tolerant distributed file system (DFS). You need to ensure
that users on all of your client computers can access the resources on the
fault-tolerant distributed file system.[CR][CR]Which two actions should you
take? (Choose two)
*Install the Active Directory client on all of the Windows 95 computers.
Install the standard DFS client on all of the Windows 95 computers.
Install the Windows 2000 Administration Pack on all of the Windows 95 computers.
*Install the Active Directory client on all of the Windows 98 computers.
Install the standard DFS client on all of the Windows 98 computers.
Install the Windows 2000 Administration Pack on all of the Windows 98 computers.
58. You are a domain administrator for your company. The network consists of a
single Windows 2000 Domain. All client computers run Windows 2000
Professional.[CR][CR]Each department has its own Organizational Unit (OU)
structure. Each department has departmental administrators who are responsible
for the administration of the OU structure. Top-level departmental OUs are
created by the domain administrators, and the departmental administrators are
delegated full control of these OUs. Child OUs are created by the departmental
administrators as necessary.[CR][CR]The departmental administrator for the
finance department is out of the office. The manager of the finance department
asks you to publish a shared folder named FinanceDocs on a server named ServerA
to Active Directory so that users can easily find the folder.[CR][CR]When you
attempt to create the shared folder in the Finance OU, you receive the following
error message:[CR][CR]"Windows cannot create the object because: Insufficient
access rights to perform this operation"[CR][CR]You need to publish the shared
folder. [CR][CR]What should you do?
Assign the Domain Admins group the Allow-Full Control share permission for
FinanceDocs.
Assign the Domain Admins group the Allow-Read & Executive NTFS permission for
FinanceDocs.
*Assign the Domain Admins group the Allow-Create Child Objects permission for
Finance OU.
Assign the Domain Admins group the Allow-Modify Owner share permission for
Finance OU and then take ownership.
59. You are a network administrator for your company. The network contains 200
Windows 2000 Professional computers.[CR][CR]One of the client computers is named
Client1. Client1 contains a shared folder named Public that is configured with
the default settings. The employee who uses Client1 wants all users on the
network to map a persistent drive to Public. However, many users report that
they cannot map a persistent drive to Public.[CR][CR]What should you do to
resolve the problem?
Enable the Guest account on Client1.
Modify the user limit for Public to allow 200 or more users.
*Relocate the share and the folder to a Windows 2000 Server computer.
Assign the Authenticated Users group the Allow-Full Control permission for
Public.
60. You are a domain administrator for your company. You are installing a new
Windows 2000 Server computer named ServerA, which has Internet Information
Services (IIS) installed.[CR][CR]You want to use ServerA to provide a corporate
intrasite to your employees. You create a Web site on ServerA.[CR][CR]You want
to enable users to access the intrasite by using the URL http://CLInfo. You want
to accomplish this task with the least amount of administrative
effort.[CR][CR]Which two actions should you take? (Choose two)
*Create a DNS entry for CLInfo that specifies the TCP/IP address of ServerA.
Create a WINS entry for CLInfo that specifies the TCP/IP address of ServerA.
Create a Hosts file entry for CLInfo that specifies the TCP/IP address of
ServerA. Then copy the Hosts file to each network computer.
Create the CLInfo Web site as virtual directory.
*Configure hosts headers on ServerA to include CLInfo.
61. You are a network administrator for your company. All servers run Windows
2000 Server. Users report that a file server named ServerA has very slow
response time. It takes several seconds to open small files that are located on
the server's hard disk, and it can take several minutes to open large files.
Users report that no problems occur when they access files that are stored on
other servers.[CR][CR]You monitor ServerA by using System Monitor. You discover
that the values for Disk Queue Length and Split I/O are consistently high, even
when users attempt to read small files. You also discover that the server has
more than 40 GB of free space available.[CR][CR]You need to optimize disk read
performance for ServerA. [CR][CR]What should you do?
*Use Disk Defragmenter to optimize the file structure on ServerA.
Use Disk Cleanup to remove unused files and folders from ServerA.
Disable write caching on the hard disk to optimize file access.
Configure the performance options on ServerA to optimize performance for
background services.
62. You are a network administrator for your company. Company executives plan to
deploy 25 new Windows 2000 member servers and 25 new Windows 2000 Domain
controllers. All Active Directory server accounts are in the default
locations.[CR][CR]You need to install 290 hot fixes as part of the operating
system installation on the new computers. The hot fixes must not be installed on
any current Windows 2000 Server computers.[CR][CR]You create a distribution
folder for the host fixes. [CR][CR]What should you do next?
Use Setup Manager to create an answer file that will run a script to install the
hot fixes from the distribution folder during setup.
*Use Setup Manager to create an answer file. Add lines in the Cmdlines.txt file
to install the hot fixes from the distribution folder during setup.
Create a script that will install all of the hot fixes automatically. Configure
a Group Policy Object and link it to the domain level to run the script on
startup.
Create a Group Policy Object and link it to the Domain Controllers OU and to the
Computers container. Configure the GPO to assign the hot fixes as assigned
applications.
63. You are the network administrator for your company's branch office. You
receive a memo from the main office indicating that a new custom software
application will be deployed to the Windows 2000 Professional computers in your
office that evening.[CR][CR]The following morning, the users in your office
report that their computers will not start. Each computer stops a responding at
the Windows 2000 Professional logon screen.[CR][CR]You contact the main office
and the application's developers inform you that the new application includes a
service named Data Listener. They discovered a problem with the service that is
preventing the client computers in your office from starting.[CR][CR]The
programmers at the main office will attempt to correct the problem. Until the
problem is corrected, you need to allow your users to start their client
computers normally and to access network resources.[CR][CR]You need to
accomplish this task as quickly as possible.[CR][CR]What should you do on each
client computer?
Restart the computer by using safe mode.
Restart the computer by using a startup floppy disk, and run the fixmbr command.
*Restart the computer by using the Recovery Console. Run the disable "Data
Listener" command.
Restart the computer by using the Windows 2000 Professional CD-ROM, and select
the option to repair the installation.
64. You are a network administrator for your company. All servers run Windows
2000 Server.[CR][CR]Users in the finance department report significantly slow
performance when they access a database application that is hosted on a
multiprocessor server named ServerA. The application was designed for symmetric
multiprocessing (SMP) and for use with Windows NT server 4.0 computers. The
application runs constantly as a background application.[CR][CR]Users do not
report problems when they access the same database application running on a
server named ServerB. Both servers have identical hardware.[CR][CR]You start
task manager on serverA. You view the information that is shown in the
exhibit.[CR][CR][CR][CR]You need to optimize performance for users in the
finance department when they access the database application. [CR][CR]What
should you do?<Q22.gif>
Configure the application to run in a separate memory space.
Configure the application's process to run with high priority and with affinity
for the second processor only.
Increase the amount of physical memory and increase the size of the paging file
on serverA.
*Set processor affinity for the application to allow the application to use all
available processors.
65. You are a network administrator for your company. A user named Marc reports
a problem with his Windows 2000 Professional computer.[CR][CR]You examine the
computer and discover that it is displaying a STOP message. The documentation
for Marc's computer indicates that the computer contains a single hard disk,
which is configured as a single NTFS logical volume.[CR][CR]Marc reports that
the computer was working normally until he connected a new USB digital camera to
the computer. The computer installed the camera's software drivers, and then
restarted. After the computer restarted, it displayed the STOP message and Marc
was not able to log on to the computer.[CR][CR]You need to return Marc's
computer to normal operation as quickly as possible. [CR][CR]What should you do?
Restart the computer by using safe mode.
*Restart the computer by using the last known good configuration
Restart the computer by using the Windows 2000 Professional CD-ROM, and select
the option to repair the installation.
Restart the computer by using the Windows 2000 Professional CD-ROM, and select
the option for Recovery Console.
66. You are a network administrator for your company. The network consists of a
single Windows 2000 Domain. All servers run Windows 2000 Server. All client
computers run Windows 2000 Professional.[CR][CR]A server in the sales department
has a tape backup device installed. The device functions normally by using the
driver from the Windows 2000 Server CD-ROM. You install an update driver for the
device that is supplied by the manufacturer. [CR][CR]When you restart the
server, you receive the following error message: "STOP:
IRQL_NOT_LESS_OR_EQUAL."[CR][CR]You restart the server, and you receive the same
error message. You need to correct the problem and return the server to normal
operation. [CR][CR]What should you do?
Restart the server in safe mode. Create a local computer policy to enable
Windows File Protection.
Restart the server in safe mode. Log on as an administrator. In the Driver
Signing Options dialog box, set File Signature Verification to Ignore.
*Restart the server by using the last known good configuration.
Restart the server by using the Recovery console. Enable the new device driver
by using the Service_system_start parameter.
67. You are a domain administrator for A. Datum Corporation. The company's
network consists of three domains, as shown in the exhibit.[CR][CR][CR][CR]You
are responsible for the sandiego.adatum.com domain. The sandiego.adatum.com
domain contains users accounts for 50 of the employees in the finance
department. Recently, a shared folder named FinanceA was created in the
sandiego.adatum.com domain. FinanceA can be accessed by only those 50 employees.
FinanceA contains forms that are used by the 50 employees.[CR][CR]You are
instructed to create a group on your domain controllers that will allow finance
users whose user accounts are in global from the other domains to access
FiannceA. You must accomplish this goal while minimizing replication
overhead.[CR][CR]What should you do?<Q23.gif>
Create a global group. Add the appropriate groups from the other domains to the
global group. Assign the global group permissions for FinanceA.
*Create a domain local group. Add the appropriate groups from the other domains
to the domain local group. Assign the domain local group permissions to the
FinanceA.
Create a universal group. Add the appropriate groups from the other domains to
the universal group. Assign the universal group permissions for FinanceA.
Create a distribution group. Add the appropriate groups from the other domains
to the distribution group. Assign the distribution group permissions for
FinanceA.
68. You are a network administrator for your company. The network consists of a
single Windows 2000 Domain. The domain contains four Windows 2000 Domain
controllers. The relevant portion of your network is configured as shown in the
exhibit.[CR][CR]The domain controller named DC1 is a multihomed computer that
provides DNS and DHCP services for the company intranet and only DHCP services
for a secure network used by the software development department. DC01 does not
route between the two networks. The computers in the software development
department are not members of the domain.[CR][CR]DC01 hosts an Active Directory
integrated DNS zone. DC01 is configured as shown in the following table: (see
exhibit) [CR][CR]You discover that Active Directory replication intermittently
fails between DC01 and the other domain controllers. When this occurs, you
receive the following error message: "RPC server is unavailable."[CR][CR]There
is no consistent pattern to the replication failures. The other domain
controllers do not experience this problem when replicating to each
other.[CR][CR]You need to ensure that replication occurs normally between all
domain controllers. [CR][CR]What should you do?<Q2406.gif>
In the TCP/IP properties for NIC1 on DC01, disable dynamic DNS registration.
Remove all A (host) records from the DNS zone for DC01 for the address
172.30.23.1. Remove the address 172.30.23.1 from the Interfaces tab in the
properties for DC01 in the DNS console.
*In the TCP/IP properties for NIC2 on DC01, disable dynamic DNS registration.
Remove all A (host) records from the DNS zone for DC01 for the address
192.168.1.1. Remove the address 192.168.1.1 from the Interfaces tab in the
properties for DC01 in the DNS console.
In the TCP/IP properties for NIC1 on DC01, disable dynamic DNS registration.
Remove all A (host) records from the DNS zone for DC01 for the address
192.168.1.1. Disable round robin functionality on DC01. Disable recursive
queries on DC01.
In the TCP/IP properties for NIC2 on DC01, disable dynamic DNS registration.
Remove all A (host) records from the DNS zone for DC01 for the address
172.30.23.1. Disable round robin functionality on DC01. Disable recursive
queries on DC01.
69. You are the desktop administrator for your company. The company is migrating
from a Windows NT 4.0 domain in to a new Windows 2000 Domain. As part of the
migration, you are removing Windows NT workstation 4.0 computer accounts from
the Windows NT domain and adding them to a Windows 2000 Active Directory
domain.[CR][CR]You add 10 Windows NT workstation computer accounts to the Active
Directory domain. When you attempt to add another Windows NT workstation
computer account to the Active Directory domain, you receive the following error
message: "The machine account for this computer either does not exist or is
unavailable."[CR][CR]You need to be able to add Windows NT workstation computer
accounts to the Windows 2000 Active Directory domain. [CR][CR]What should you
do?
Configure a DNS server for the Windows NT workstation computers that have not
been added to the Active Directory domain.
Delete from the Windows NT domain the computer accounts for the Windows NT
workstation computers that have not been added to the Active Directory domain.
*Ask the domain administrator to assign you the Allow-Create Computer objects
permission for the Computers container.
Ask the domain administrator to assign you the Allow-Create Computer objects
permission for the Domain Controllers container.
70. You are the administrator of an organizational Unit (OU) named New York. The
New York OU contains OUs named Operations, Accounting, and Executive. You create
a software deployment Group Policy Object that assigns an application named
CorpFinance. You link the GPO to the New York OU.[CR][CR]Users in the Operations
OU report that the CorpFinance application shortcut does not appear on their
Start menus. Users in the Accounting and Executive OUs report that the shortcut
appears on their Start menus.[CR][CR]You need to ensure that the CorpFinance
application shortcut appears on the Start menu for every user in the New York OU.
[CR][CR]What should you do?
Modify the GPO so that CorpFinance is published instead of assigned.
Modify the permissions on the CorpFinance installation package so that members
of the Operations OU have the Change permission.
*Configure the Operations OU to not block policy inheritance.
Configure the GPO to use the basic installation user interface.
71. You are a network administrator for your company. You need to create a Group
Policy Object that requires user accounts to have a minimum password length of
seven characters. All of the Active Directory user accounts are in the MN
Organizational Unit (OU).[CR][CR]Under the computer configuration, you create a
GPO named PasswordGPO that requires a minimum of seven characters, and you link
this GPO to the MN OU. After you link the GPO, you find out that users can
create passwords that are only one character in length.[CR][CR]You need to
ensure that all users in the MN OU are required to have a minimum password
length of seven characters. [CR][CR]What should you do?
*Remove the GPO link on the MN OU for PasswordGPO. At the domain level, add a
link to the PasswordGPO, and ensure that the GPO has the highest priority.
Create a new GPO and link it to the MN OU. Configure the password requirement
for this GPO to be minimum of seven characters, and make the GPO the highest
priority.
Run the Secedit/refreshpolicy machine_policy/enforce command on the domain
controller on which you created the GPO.
Run the Secedit/refreshpolicy user_policy/enforce command on the domain
controller on which you created the GPO.
72. You are a network administrator for your company. All user accounts and
groups are in the New York organizational unit (OU). The user accounts of the
help desk personnel are members of the Helpdesk group.[CR][CR]You need to allow
the Helpdesk group to manage group memberships, including creating and managing
new groups. However, you need to ensure that help desk personnel cannot create
or modify user objects.[CR][CR]What should you do?
Under the New York OU, create two new OUs and name them NY Users and NY groups.
Move all user accounts to the NY Users OU, and move all groups to the NY groups
OU. Modify the Active Directory permissions for the New York OU by assigning the
Helpdesk group the Allow-Full Control permission.
Under the New York OU, create two new OUs and name them NY Users and NY Groups.
Move all user accounts to the NY Users OU, and move all groups to the NY groups
OU. Modify the Active Directory permissions for the NY Groups OU by assigning
the Helpdesk group the Allow-Full Control permission.
Run the Delegation of Control wizard on the New York OU. Delegate the Modify the
membership of a group task to the Helpdesk group.
*Run the Delegation of Control wizard on the New York OU. Delegate the Create,
delete, and manage groups task to the Helpdesk group.
73. You are an administrator of your company's single Windows 2000 Domain. The
domain contains 10 departmental organizational unit (OUs). Each OU is controlled
by a separate administrative group.[CR][CR]During a routine security audit, you
discover that the local Administrators groups on member servers contain users
who are not administrators. You want to ensure that the local Administrators
group on every server contains only valid administrator accounts from the
appropriate department.[CR][CR]What should you do?
Configure Group Policy for each OU to specify the appropriate membership for the
local Administrators group on the servers in that OU.
Configure Group Policy for the domain to specify the appropriate membership for
the local Administrators group on the servers in that OU.
Configure Group Policy for the default Domain Controller OU to specify the
appropriate membership for the local Administrators group on the servers in that
OU.
*In each OU, create a new child OU that contains all of the appropriate
Administrator user accounts for that OU. Configure Group Policy for each new
child OU to specify the appropriate membership for the local Administrators
group on the servers in that OU.
74. You are a network administrator for your company. The network consists of a
single Windows 2000 Domain. The domain has an Organizational unit (OU)
structure, as shown in the exhibit.[CR][CR]All user accounts are created in the
Corp OU. All user accounts are members of a CorpUsers group that is located in
the Corp OU. All user accounts are also members of department-specific groups
that are located in the departmental OUs.[CR][CR]Each department has its own
administrative staff, which is responsible for creating computer accounts,
troubleshooting user and computer problems, and performing general system
maintenance.[CR][CR]Departmental administrators are members of groups named
<department>Admins located in the departmental OUs. Departmental administrators
have been delegated full control of their OUs. All Computer accounts are located
in their appropriate departmental OUs.[CR][CR]Group Policy Objects are
configured as shown in the following table: (see exhibit) [CR][CR]The
departmental administrators report that they cannot access Control Panel to the
Run command on their own computers or when they attempt to correct problems on
users' computers.[CR][CR]The departmental administrators require access to the
restricted tools. What should you do?<Q2507.gif>
Disable the No Override option for the Users GPO.
Enable the No Override option for the Department Admins GPO.
Select Block Policy inheritance in the Group Policy properties for each child OU.
Change the Group Policy processing order to ensure that the Department Admins
GPO is processed last.
*Assign the Deny-Apply Group Policy permissions to the various <department>Admins
groups for the Users GPO.
75. You are a network administrator for your company. The help desk manager
reports that the help desk is receiving a large number of requests from sales
representatives who need to have their passwords reset.[CR][CR]The help desk
manager asks you to delegate this task to someone other than help desk
personnel.[CR][CR]The user accounts of all sales representatives are in the
sales Users organizational unit. The user accounts of all sales managers are in
the Sales Manager OU and are members of the Sales Managers group. You decide to
allow the Sales managers to reset the passwords for their sales representatives
when necessary.[CR][CR]You need to configure Active Directory without
compromising overall network security.[CR][CR]What should you do to allow the
members of the Sales Managers group to reset passwords for the sales
representatives?
Run the Delegation of Control wizard at the domain level and delegate the
Create, Delete, and manage user accounts task to the Sales Managers group.
Run the Delegation of Control wizard on the Sales Users OU and delegate the
Create, Delete, and manage user accounts task to the Sales Managers group.
*Run the Delegation of Control wizard on the Sales Users OU and delegate the
Reset passwords on user accounts task to the Sales Managers group.
Run the Delegation of Control wizard at the domain level and delegate the Reset
passwords on user accounts task to the Sales Managers group.
76. You are a domain administrator for your company. You are installing a
Windows 2000 Server computer named ServerA and 25 Windows 2000 Professional
computers in a new branch office.[CR][CR]You want to enable the client computers
in the branch office to access the Internet as needed. You have a dial-up
account with a local Internet service provider (ISP).[CR][CR]You want to reduce
connection charges from your ISP. Therefore, you want the connection to be
active only when internet resources are requested.[CR][CR]Which three actions
should you take? (Choose three)
*Attach a modem to ServerA and create a dial-up connection to the ISP.
Attach a modem to one of the Windows 2000 Professional computers and create a
dial-up connection to the ISP.
Configure the modem to use software handshaking.
Configure the modem to use hardware handshaking.
*Configure the dial-up connection to enable on-demand dialing.
*Configure the dial-up connection to enable Internet Connection Sharing.
Configure the client computers in the branch office to enable Internet
Connection Sharing.
77. You are a domain administrator for your company. The network consists of a
single Active Directory domain and contains a Windows 2000 Server computer named
ServerA.[CR][CR]ServerA has Routing and Remote Access installed. Employees use
ServerA to connect to the corporate network by using a dial-up connection. The
remote access policy for ServerA change frequently.[CR][CR]The company is hiring
200 new employees who will work remotely. You need to add four Windows 2000
Server computers with Routing and Remote access installed so that the new
employees can dial in to the network.[CR][CR]You want to configure all of these
Routing and Remote Access servers to use the same remote access policies. You
want to configure and maintain the remote access policies with the least amount
of administrative effort.[CR][CR]What should you do?
Add the new Routing and Remote access server to the domain. Place the remote
access policies on ServerA.
Promote ServerA to a domain controller in the domain. Add the new Routing and
Remote Access Server as members of the domain.
*Install the Internet Authentication Service (IAS) on ServerA. Configure the new
Routing and Remote Access servers to use serverA for authentication requests.
Create a new domain controller named ServerB. Install the Internet
Authentication Server (IAS) on ServerB. Configure the new Routing and Remote
access servers to use serverB for authentication requests.
78. You are a domain administrator for your company. You are installing a
network in a new branch office. The network contains two Windows 2000 Server
computers and 10 Windows 2000 Professional computers. A Windows 2000 Server
computer named ServerA provides DHCP service for the network.[CR][CR]You are
installing a new Windows 2000 Server computer named ServerC. You have a dial-up
account with a local Internet service provider (ISP). You connect a 56-Kbps
modem to ServerC. You want to use serverC to provide shared access to the
internet.[CR][CR]Which three actions should you take? (Choose three)
Install the WinSock proxy client on ServerC.
Install the WinSock proxy client on all of the client computers.
Install the DNS service on ServerC.
*Install internet connection sharing on ServerC.
*Uninstall the DHCP service on serverA.
*Create a dial-up connection on ServerC and configure the connection with the
ISP account information.
79. You are a domain administrator for your company. The network consists of a
single Active Directory domain. The network contains 15 Windows 2000 Server
computers and 150 Windows 2000 Professional computers. A server named ServerA
has Routing and Remote Access Installed and is configured for incoming dial-up
connections.[CR][CR]You install Windows 2000 Professional on a home computer
named Home1. You create a new PPP dial-up connection to connect to ServerA. You
configure the connection to use both of the external modems on Home1 and to use
Multilink. You start the dial-up connection administrator connect to ServerA.
You notice that only one of the modems is connected to serverA.[CR][CR]What
should you do?
Configure the dial-up connection on Home1 to use SLIP.
*Configure ServerA to accept Multilink dial-up connections.
Replace the modems on ServerA with new modems that support SLIP
Replace the modems on Home1 with new modems that support Multilink.
80. You are the administrator of a Windows 2000 Server computer that runs
terminal Services. A user named Marc uses Terminal services to connect to the
server in order to run a custom Windows-based application that is installed on
the server.[CR][CR]The application takes two hours to generate a sales report.
Marc reports that he can connect to the server and log on, run the application,
and start the report. However, his Terminal Services client disconnects from the
server before the report is complete. When Marc attempts to reconnect to the
server, he discovers that the application is no longer running.[CR][CR]You need
to ensure that Marc's computer can remain connected to the server long enough
for the application to complete the sales report. You do not want to affect how
other users use the server.[CR][CR]What should you do?
In Terminal services Manager, shadow Marc's session after Marc has been
connected to the server for 20 minutes, and troubleshooting the problem.
In Active Directory Users and Computers, modify Marc's user account by
specifying a maximum Terminal Services disconnect time of three hours.
*In Active Directory Users and Computers, modify Marc's user account by
specifying a maximum Terminal Services idle time of three hours.
In Terminal Services Configuration, modify the RDP-TCP connections by setting
the maximum idle time to three hours.
81. You are the administrator of a Windows 2000 Server computer named ServerA.
ServerA has Internet Information services (IIS) installed and is used to host
your company's public internet web site.[CR][CR]The company plans to create a
secure web site where customers can access their account and billing
information. Customers will access this web site by using a variety of web
browsers. A new web site has been created and configured to use Basic
authentication.[CR][CR]You are asked to ensure that all information transmitted
between ServerA and the customers' computers is encrypted. [CR][CR]How should
you configure the new web site?
Enable the web site to use Integrated Windows Authentication.
Enable the web site to use Digest authentication for Windows domain servers.
*Enable the web site to use a web server certificate and enable SSL for the web
site.
Enable the web site to use a web server certificate and enable IPSec on ServerA.
82. You are the administrator of your company's file servers. An employee named
Maria is prompted to the new position of manager in the marketing department.
Maria needs to be able to review all the documents that are used by other
employees in the marketing department. However, she does not need to make
changes to these documents.[CR][CR]All the marketing documents are stored in
subfolders in a single marketing folder, which is shared as Marketing. Each
employee in the marketing department has a subfolder in the Marketing
folder.[CR][CR]Currently, only the employee, the Administrators group, and the
Power Users group have permissions for each employee's subfolder. Permissions
inheritance is enabled on the Marketing folder. [CR][CR]The resources and
permissions are shown in the following table: (See exhibit) [CR][CR]You need to
allow Maria to review the documents of all of the other marketing employees
without giving her unnecessary permissions. [CR][CR]What should you do?<Q01.gif>
Make Maria a member of the Power Users group.
Share each existing subfolder and assign Maria the Allow-Read permission for
each of the new shares.
*Assign Maria the Allow-Read NTFS permission for the Marketing folder.
Assign Maria the Allow-Read permission for the Marketing share.
83. You are the administrator of a Windows 2000 file server named ServerA.
ServerA is a member of a Windows 2000 Domain. On a volume that is formatted as
NTFS, you create and share folders for the sales department. Managers in the
sales department need to read and modify files in all of the department's
folders. Users named Peter, Maria, and Marc need to read files in the
G:\Sales\Reports folder, and they need full control of files in their personal
folders.[CR][CR]You configure folder and share permissions as shown in the
following table. (See exhibit) [CR][CR][CR][CR]A user in the Managers group
informs you that she can read the files in Marc's folder but cannot update
them.[CR][CR]You need to allow all users in the Managers group to update all of
the files in the sales department's folder. [CR][CR]What should you do?<Q02.gif>
*Instruct the users in the Managers group to access the files by using the Sales
share.
Assign the Managers group the Allow-Full Control permission for the Marc$ share.
Re-create the Marc$ share as Marc.
Ensure that the Managers group has the Allow-Full Control permission for the
published share object in Active Directory that is associated with the Sales
share.
84. You are a network administrator for your company. The network is configured
as shown in the exhibit.[CR][CR][CR][CR]You notice that connectivity from the
New York office to the London office is inconsistent. You need to find out where
the network packets are being dropped and what percentage of packets is being
dropped.[CR][CR]What should you do?<Q16.gif>
On NYDC01, run the tracert LONDCO01 command. View the results and find out where
the results time out.
On LONDC01, run the tracert NYDCO01 command. View the results and find out where
the results time out.
On NYDC01, run the ping LONDC01 command. View the results.
On LONDC01, run the ping NYDC01 command. View the results.
*On NYDC01, run the pathping LONDC01 command. View the results.
On TORDC01, run the pathping LONDC01 command. View the results.
85. You are a network administrator for Fabrikam, Inc. The network consists of a
Windows 2000 Domain named ad.fabrikam.com. The domain contains two DNS servers
that host an Active Directory integrated zone for ad.fabrikam.com. A Windows
2000 web server named ServerA is a member of ad.fabrikam.com.[CR][CR]An intranet
web site was recently created on ServerA. You want users to access the new Web
site by using the URL home.portal.fabrikam.com.[CR][CR]What should you do?
Create a new domain record named portal in the ad.fabrikam.com zone. In portal,
create CNAME (canonical name) record named home and specify
ServerA.ad.fabrikam.com as the target host.
*On one of the DNS severs, create a new zone named portal.fabrikam.com. In
portal.fabrikam.com, create a CNAME (canonical name) record named home and
specify ServerA.ad.fabrikam.com as the target host.
In ad.fabrikam.com, create CNAME (canonical name) record named home and specify
home.portal.fabrikam.com as the target host.
In ad.fabrikam.com, create CNAME (canonical name) record named home.portal and
specify ServerA.fabrikam.com as the target host.
86. You are a network administrator for your company. The network contains a DNS
server. All client computers are configured to use the DNS server for name
resolution. The network also includes four Windows 2000 Server computers, which
function as file and print server; 100 Windows 95 client computers; and 100
Windows 2000 Professional computers.[CR][CR]The network is currently configured
as a single logical subnet. The company adds two additional subnets, which are
connected to the original subnet by routers. All client computers are
distributed between the two new subnets. The servers remain on the original
subnet.[CR][CR]Users of the Windows 95 computers now report that they cannot
access server-based files and printers.[CR][CR]Users of the Windows 2000
Professional computers can successfully access the servers. You verify that the
Windows 95 computers are configured with the correct DNS server
address.[CR][CR]You need to ensure that all users can access server-based files
and printers. [CR][CR]What should you do?
Create an Lmhosts file on each Windows 95 computer. In the file, include the
name and IP address of the DNS server.
*Install WINS on a Windows 2000 Server computer. Configure all computers to use
the WINS server in addition to the DNS server for name resolution.
Configure the Windows 95 client computers to use b-node for NetBIOS name
resolution.
Install a WINS Proxy Agent on each of the new subnets. Configure the WINS Proxy
Agents to use the DNS server's IP address for WINS name resolution.
87. You are a domain administrator for your company. The network contains two
TCP/IP subnets that are connected by a router. The router is configured to
forward BOOTP packets. The two subnets contain a total of 180 Windows 2000
Professional computers.[CR][CR]A Windows 2000 Server computer named ServerA
provides DHCP services for the network. The DHCP scope on ServerA is configured
as shown in the following table. (See exhibit) [CR][CR][CR][CR]You are adding a
new Windows 2000 Server computer named ServerB. You install the DHCP service on
ServerB. You want ServerB to provide load balancing and redundancy for
ServerA.[CR][CR]How should you configure DHCP on ServerB?<Q03.gif>
Configure one scope with an IP address range of 172.30.10.1 to 172.30.10.100.
Configure a second scope with an IP address range of 172.30.11.1 to
172.30.11.100.
*Configure one scope with an IP address range of 172.30.10.101 to 172.30.10.200.
Configure a second scope with an IP address range of 172.30.11.101 to
172.30.11.200.
Configure one scope with an IP address range of 172.30.10.1 to 172.30.10.200.
Configure an IP address exclusion of 172.30.10.1 to 172.30.10.100.
Configure one scope with an IP address range of 172.30.11.1 to 172.30.11.200.
Configure an IP address exclusion of 172.30.11.1 to 172.30.11.100.
88. You are a network administrator for your company. The network uses static IP
addresses on servers and client computers.[CR][CR]You add a new client computer
to subnet A of the network. Your router administrator informs you that the new
client computer is incorrectly configured.[CR][CR]The relevant portion of the
network is shown in the exhibit.[CR][CR][CR][CR]You need to configure the client
computer so that it can connect to all local and remote computers. [CR][CR]What
should you do?<Q17.gif>
Modify the IP address of the client computer so it is the same as the IP address
of the file server.
Modify the IP address of the client computer so it is the same as the IP address
of the router.
*Modify the subnet mask of the client computer so it is the same as the subnet
mask of the file server.
Modify the subnet mask of the file server so it is the same as the subnet mask
of the client computer.
89. You are a network administrator for your company. The network contains
Windows 2000 Professional computers and Windows 2000 Server computers. A server
named ServerA provides DNS, WINS, and DHCP services. DHCP is configured to issue
ServerA's IP address for DNS and WINS name resolution.[CR][CR]ServerA's DNS zone
is configured to use DNS dynamic update protocol. All other computers on the
network are configured to use DHCP to obtain IP addressing
information.[CR][CR]Your company purchases another company and relocates the new
employees to your company's main office. The new employees use Windows 98 client
computers that are configured to use static IP addresses.[CR][CR]You need to
ensure that the Windows 98 computers obtain dynamic IP addresses, and that they
register themselves with ServerA by using DNS dynamic update protocol. [CR][CR]Which
two actions should you take? (Choose two)
Configure the Windows 98 client computers to use ServerA for DNS name
resolution.
Configure the Windows 98 client computers to use ServerA for WINS name
resolution.
*Configure the Windows 98 client computers to use DHCP to obtain IP addressing
information.
Configure the DNS server service on ServerA to perform lookups by using WINS.
*Configure the DHCP service on ServerA to register clients by using DNS dynamic
update protocol.
90. You are the network administrator for one of your company's branch offices.
The network is your office consists of two subnets. One subnet contains client
computers and one subnet contains servers. You are using standard, classful
subnet mask on the subnets. The relevant portion of the network is shown in the
exhibit.[CR][CR][CR][CR]You need to configure the client computer so that it can
connect to the file server and the domain controller on the network. [CR][CR]How
should you configure the computer? [CR][CR]Select And Place<Q18.gif>
*IP address: 192.168.12.12; Subnet mask: 255.255.255.0; Default gateway:
192.168.12.1.
IP address: 192.168.12.1; Subnet mask: 255.255.255.0; Default gateway:
192.168.12.12.
91. You are a network administrator for your company. The network is configured
as shown in the exhibit.[CR][CR]Users in the London office report that they
cannot connect to BOSFP01. You run the ping 10.1.4.253 command on NYROUTE1 and
receive a reply. You run the tracert command on a client computer in the London
office. The results are shown in the Tracert exhibit.[CR][CR]You need to ensure
that users in the London office can connect to BOSFP01. [CR][CR]What should you
do?<Q1920.gif>
On all client computers in the London office, run the following command: route
add 10.1.5.0 mask 255.255.255.0 10.1.1.254 -p
On NYROUTE1, run the following command: route add 10.1.5.0 mask 255.255.255.0
10.1.4.253 -p
*On LONROUTE1, run the following command: route add 10.1.5.0 mask 255.255.255.0
10.1.2.253 -p
On BOSROUTE1, run the following command: route add 10.1.1.0 mask 255.255.255.0
10.1.5.254 -p
92. You are a domain administrator for your company. The network contains 75
Windows 2000 Server computers and 1,000 Windows 2000 Professional computers. The
network also contains 50 UNIX client computers. The UNIX computers run
applications with hard-coded IP addresses for each of the servers.[CR][CR]One of
the servers is configured to provide DHCP services for the network. All of the
Windows 2000 computers are configured to use DHCP.[CR][CR]Users of the UNIX
client computers reports that on some days that cannot connect to various
servers.[CR][CR]You want to ensure that users of the UNIX client computers can
successfully connect to the servers.[CR][CR]What should you do?
Create a DHCP client reservation for each UNIX client computer.
*Create a DHCP client reservation for each server.
Create a DHCP scope for the servers that specifies a six-month lease time-out.
Create a DHCP scope for the servers that includes a vendor option for the UNIX
client computers.
93. You are the server and network administrator for a computer lab. The
computer lab contains two multiple-subnet networks that do not have routing
between them. The computer lab also contains a multihomed Windows 2000 Server
computer that provides the DNS server service for both networks.[CR][CR]Each
network also contains a DHCP server.[CR][CR]The initial network adapter
configuration of the DNS server is shown in the following table: (see exhibit) [CR][CR][CR][CR]At
any given time, the client computers in the computer lab might be running
Windows 2000 Professional, Windows NT workstation 4.0, or a third-party
operating system. All of the DNS clients in the computer lab receive their IP
configurations from DHCP servers. After functioning successfully for several
months, the DNS clients on the 10.10.6.0/24 network can no longer resolve host
names.[CR][CR]You want all computers in the computer lab to be able to resolve
DNS names. [CR][CR]What should you do?<Q04.gif>
Configure the DHCP servers to dynamically update DNS for DHCP clients.
Configure the DNS server service to listen only on LAN1.
Enable DHCP on LAN1.
*Manually configure the IP address for LAN2 as 10.10.6.1.
94. You are a network administrator for your company. The network consists of a
single Active Directory domain. The network contains one Windows 2000 Server
computer, which runs the DNS server service, and 200 Windows 2000 Professional
computers. All of the Windows 2000 Professional computers use DHCP to obtain IP
addressing information. The network is connected to the internet through an
internet service provider.[CR][CR]On Monday, the ISP informs you that its
network will be unavailable on Tuesday evening because of maintenance and
changes. On Wednesday morning, all of your company's network uses report that
they cannot access internet web sites. When they attempt to access internet web
sites, they receive the following error messages; "Server not found or DNS
error." [CR][CR]Users can successfully log on to the domain and access resources
on the company's network, including the intranet web site.[CR][CR]You contact
the ISP and are informed that it has changed the IP address of its primary DNS
server. The ISP informs you that the new IP address is 192.168.167.100. [CR][CR]You
need to reconfigure your company's network so that users can access internet web
site.[CR][CR]What should you do?
Configure your company's DHCP server to configure client computers to use
192.168.167.100 for DNS name resolution.
*Configure your company's DNS server to forward requests to 192.168.167.100
Configure your company's Windows 2000 Professional computers to use
192.168.167.100 for DNS name resolution.
Configure your company's DNS server to use 192.168.167.100 for DNS name
resolution.
95. You are a network administrator for your company. Until recently, the
network consisted of one subnet.[CR][CR]However, because of recent growth, all
of the company's servers, the domain controller, and the DNS server are now on a
second subnet.[CR][CR]A server named Server1 separates the two subnets. Server1
has two network interfaces. Because of the addition of the new subnet you
configure all servers and client computers with appropriate new IP addresses,
class C subnet masks, and default gateway addresses. [CR][CR]The relevant
portion of the network is shown in the exhibit.[CR][CR][CR][CR]You test the
configuration from one of the client computers. You can ping other client
computers and the nearside interface of Server1. However, you cannot ping any of
the other servers by IP addresses or host name.[CR][CR]You need to ensure that
the client computers can connect to all of the servers. [CR][CR]What should you
do?<Q21.gif>
Change the subnet mask on all computers to 255.255.255.128.
*Enable IP routing on Server1.
Configure a DNS server address on each client computer and on each server.
Configure the IP addresses to be the same on both interfaces on Server1.
96. You are a network administrator for your company. The network consists of a
single Windows 2000 Domain. The domain contains Windows 2000 Server computers,
Windows 2000 Professional computers, and Windows NT workstation 4.0 computers.
You administer two Windows 2000 DNS servers, two Windows 2000 WINS servers, and
two Windows 2000 DHCP servers.[CR][CR]All of the servers have static IP
addresses and all of the client computers are DHCP clients. All servers and
client computers are configured as WINS clients.[CR][CR]You want all client
computers in the domain to be dynamically registered in DNS. [CR][CR]What should
you do?
For all computers in the domain, manually configure DNS parameters and run the
ipconfig/registerdns command.
Configure an Active Directory integrated zone for the domain.
*Configure the DHCP servers to register DHCP clients in DNS.
Configure the DNS zone for the domain to use WINS forward lookup, and ensure
that the Do not replicate this record check box is cleared.
97. You are a network administrator for your company. You are installing Windows
2000 Advanced Server on a new computer.[CR][CR]The server contains two PCI
network adapters and a PCI video adapter. The server's motherboard has a
built-in dual-channel SCSI adapter that hosts several devices, as shown in the
following table: (See exhibit) [CR][CR][CR][CR]The installation process begins
normally. However, prior to copying files, Windows 2000 Setup informs you that
it cannot detect any mass storage devices on your computer. The installation
will not resume.[CR][CR]You need to correct this problem and complete the
installation. [CR][CR]What should you do?<Q05.gif>
Reconfigure the second SCSI adapter to have a SCSI device ID of 7.
Reconfigure the removable disk cartridge drive to have a SCSI device ID of 4.
Reserve an IRQ for each SCSI adapter in the system BIOS.
*Restart setup and install the driver for the SCSI adapter during the initial
file copy.
Configure the system BIOS boot device option to boot from the SCSI hard drive.
98. You are the administrator of a Windows 2000 server computer that is used for
software development and testing. The server contains two hard disks, which are
configured as drive C and drive D. Both are formatted as NTFS.[CR][CR]The server
is configured with two installations of Windows 2000 Server. The server's
Boot.ini file is as follows:[CR][CR][boot loader][CR][CR]timeout=10[CR][CR]default=multi(0)disk(0)rdisk(0)partition(1)
\WINDOWS[CR][CR][operating systems][CR][CR]multi(0)disk(0)rdisk(0)partition(1)
\WINDOWS="Microsoft Windows 2000 Server I" /fastdetect[CR][CR]multi(0)disk(0)rdisk(1)partition(1)
\WINDOWS="Microsoft Windows 2000 Server II" /fastdetect[CR][CR]C:\CMDCONS\BOOTSECT.DAT="Microsoft
Windows Recovery Console"/cmdcons [CR][CR]You want the server to start the
Windows 2000 Server installation that is located on drive D, unless an
administrator selects the other installation during startup. [CR][CR]Which
Boot.ini file should you use?
*[boot loader] timeout=10 default=multi(0)disk(0)rdisk(1)partition(1) \WINDOWS
[operating systems] multi(0)disk(0)rdisk(0)partition(1) \WINDOWS="Microsoft
Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(1)
\WINDOWS="Microsoft Windows 2000 Server II" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft
Windows Recovery Console"/cmdcons
[boot loader] timeout=10 default=multi(0)disk(0)rdisk(0)partition(2) \WINDOWS
[operating systems] multi(0)disk(0)rdisk(0)partition(1) \WINDOWS="Microsoft
Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(1)
\WINDOWS="Microsoft Windows 2000 Server II" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft
Windows Recovery Console"/cmdcons
[boot loader] timeout=10 default=multi(0)disk(0)rdisk(0)partition(1) \WINDOWS
[operating systems] multi(0)disk(0)rdisk(0)partition(1) \WINDOWS="Microsoft
Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(1)
\WINDOWS="Microsoft Windows 2000 Server II" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft
Windows Recovery Console"/cmdcons
[boot loader] timeout=10 default=multi(0)disk(0)rdisk(1)partition(0) \WINDOWS
[operating systems] multi(0)disk(0)rdisk(0)partition(1) \WINDOWS="Microsoft
Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(0)
\WINDOWS="Microsoft Windows 2000 Server II" /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft
Windows Recovery Console"/cmdcons
99. You are a network administrator for your company. The network contains 50
Windows 2000 Server computers, which are in the Servers Organizational Unit (OU)
in Active Directory. The network also contains 1,500 Windows 2000 Professional
computers, which are in the computers contains in Active Directory.[CR][CR]You
need to deploy the most recent Windows 2000 service pack. The service pack must
update only the servers.[CR][CR]You download the service pack and extract the
file into a newly created shared folder named SPFiles.[CR][CR]You need to
install the service pack on all of the servers, and you want the installation to
occur with on all of the servers, and you want the installation to occur with no
user interaction.[CR][CR]What should you do?
Create a Group Policy Object and link it to the Servers OU. Under the computer
configuration, configure the GPO to assign the Update.msi file from the SPFiles
folder. Restart each server.
Create a Group Policy Object and link it to the Servers OU. Under the computer
configuration startup script, configure the GPO to assign the Update.msi file
from the SPFiles folder. Restart each server.
Create a Group Policy Object and link it to the Domain level. Under the user
configuration logon script, configure the GPO to assign the Update.msi file from
the SPFiles folder. Log on to each server as Administrator.
*Create a script that runs the Update.exe file from the SPFiles folder. Create a
Group Policy Object and link it to the Servers OU. Modify the computer
configuration of the GPO to run the script on startup. Restart each server.
100. You are the administrator of a Windows 2000 Server computer in your
company's accounting department. The server runs Terminal Services in
application mode. All users in the accounting department run their business
applications in Terminal Service sessions.[CR][CR]A manager in the accounting
department runs as application on the server. The application requires three
hours to process financial and accounting data. This application must be run
every Friday morning so that the data will be available to the director of
accounting application to run with the least amount of performance impact on the
other business applications.[CR][CR]What should you do?
Configure all other business applications to have High priority.
Configure all other business applications to have RealTime priority.
Configure the accounting application to have AboveNormal priority.
*Configure the accounting application to have BelowNormal priority.
101. You are the administrator of your company's Windows 2000 file servers.
Users on the network secure some of their files by using Encrypting File System
(EFS).[CR][CR]An employee named Marc leaves the company. An employee named Maria
needs access to some of Marc's files. The files are in a shared folder for which
all users have permission to read these files.[CR][CR]However, some of Marc's
files are protected EFS. You need to allow Maria access to all of Marc's files.
[CR][CR]What should you do?
Move the files to a partition that is formatted as either FAT or FAT32.
*Use an EFS Recovery Agent to decrypt the files.
Take ownership of the files and assign Maria the Allow-Read permission for the
files.
Assign Maria the Allow-Take Ownership permission for the files.
102. You are the administrator of a Windows 2000 Server computer named ServerA.
ServerA has Internet Information Services (IIS) installed and is used to host
your company's public Internet web site.[CR][CR]The company is developing a new
web site where business partners can exchange information about customer
purchases, order history, and credit card information.[CR][CR]You are asked to
ensure that all information transmitted between ServerA and each business
partner's computers is encrypted. [CR][CR]What should you do?
Install a Web server certificate and enable Digest authentication.
*Install a Web server certificate and enable SSL for the new Web site.
Configure the new web site to use Integrated Windows authentication.
Configure the new Web site folder to enable Encrypting File System (EFS).
103. You are a network administrator for your company. The company has 10 branch
offices and has plans to add at least 25 more branch offices during the next 12
months. The network is configured as shown in the exhibit.[CR][CR][CR][CR]Each
branch office has only one server. These servers are multifunction servers that
are domain controllers and application-based Terminal servers. The users of the
remote client computers connect to these servers by using Terminal Services over
the internet so that they can access a financial application.[CR][CR]You need to
ensure that remote users can log on to the Terminal servers and not to any other
domain controllers at the main office. You must also ensure that remote users
cannot log on to any other domain controller that is not an application-based
Terminal Server. When new application-based Terminal servers are added to the
domain, you want the servers to automatically configure settings to meet these
requirements.[CR][CR]You create a new group named Terminal Server-Users, and you
make the user accounts of all the users who need access to these
application-based terminal servers members of this group.[CR][CR]What should you
do next?<Q15.gif>
Create a new Group Policy Object and link it to the domain level. Configure this
GPO by assigning the Terminal-Server-Users group the Log on locally right.
Create a new Group Policy Object and link it to the domain Controllers
Organizational unit (OU). Configure this GPO by assigning the
Terminal-Server-Users group the Log on locally right.
*Create a new OU and move all terminal servers into this organizational unit (OU).
Create a Group Policy Object and link it to this new OU. Configure this GPO by
assigning the Terminal-Server-Users group the Log on locally right.
Modify the local security policy on all of the application-based Terminal
servers by assigning the Terminal-Server-Users group the Log on locally right.
Modify the Domain Controller security policy on one of the application-based
Terminal servers by assigning the Terminal-Server-Users group the Log on locally
right.
104. You are the administrator of a Windows 2000 web server named ServerA.
ServerA is a member of a Windows 2000 Domain. A folder on ServerA named I:\\WebData\Public_Information
is shared as a virtual directory named Public.[CR][CR]You also want users to be
able to access the virtual directory named Public.[CR][CR]You also want users to
be able to access the virtual directory by using the URLs http://serverA/PI and
http://ServerA/Information.[CR][CR]What should you do?
*In the Web sharing properties for the folder, add the aliases PI and
information.
Create two new shares for the folder and name PI and information.
Create two new folders name PI and Information. Copy the files from the existing
folder to the new folders. Share each of the new folders with the default
settings.
Create two new Web sites named PI and Information. Configure I:\\WebData\Public_Information
to be the root directory for both web sites.
105. You are the administrator of a Windows 2000 file and web server named
ServerA. ServerA is a member of a Windows 2000 Domain. A folder on ServerA
named: I:\Data\Accounting_vacation_requests is shared as AcctVac with default
NTFS and share permissions.[CR][CR]Users in the domain local group named AcctGrp
save vacation requests as Microsoft Word documents to AcctVac by using a mapped
drive.[CR][CR]You want other users in the domain to be able to view the vacation
requests by using the URL://ServerA/Vacation. [CR][CR]What should you do?
Rename the folder to I:\Data\Vacation. Modify NTFS permissions for the folder to
assign the Everyone group the Allow-Read permission and to assign the AcctGrp
group the Allow-Full Control permission.
Create a new share named Vacation for the folder. Modify NTFS permissions for
the folder to assign the Everyone group the Allow-Read permission and to assign
the AcctGrp group the Allow-Full Control permission.
*Configure the folder as virtual directory with the alias of Vacation. Assign
the Read and the Directory browsing access permissions for the virtual
directory.
Create a new Web site named Vacation on ServerA. Create a virtual directory with
the default settings in the new Web site.
106. You are the administrator of an organizational unit (OU) named WebServers.
The WebServers OU contains 20 Windows 2000 Web servers. The WebServers OU is an
immediate child OU of an OU named Servers. The Servers OU has a Group Policy
Object (GPO) named IPSecurity linked to it. The No Override option is not
selected on IPSecurity. IPSecurity settings must always apply to the servers in
the WebServers OU.[CR][CR]All of the web sites on the servers in the WebServers
OU are configured to allow only anonymous users connections.[CR][CR]A domain
administrator applies a new GPO named LogonLocally at the Servers OU.
LogonLocally restricts the ability to log on locally to members of the local
Administrators group. Users report that they can no longer access any of the Web
sites on the servers in the WebServers OU.[CR][CR]You need to ensure that users
can access the Web Sites on the servers in the WebServers OU. [CR][CR]What
should you do?
Configure the properties for the WebServers OU to block policy inheritance.
Link LogonLocally to the WebServers OU and select the No Override option.
*Create a GPO that allows members of the local Administrators and Guests groups
to log on locally. Link the GPO to the WebServers OU.
Create a GPO that allows members of the local Administrators and Users groups to
logon locally. Link the GPO to the WebServers OU.
107. You are a domain administrator for your company. The network contains a
Windows 2000 Server computer named ServerA. ServerA has Routing and Remote
access installed and has twelve 56-Kbps dial-up modems attached. The company has
25 employees who use Windows 2000 Professional portable computers to dial in to
the network by using ServerA.[CR][CR]The 25 employees report that they are
unable to connect to ServerA. You discover that all the modems on ServerA are
being used by other dial-in users. You examine the Routing and Remote Access
Server event logs and notice that some users have been connected for more than
six hours.[CR][CR]You want to increase the availability of dial-up connections
on ServerA. You want to ensure that employees do not stay connected on ServerA
during periods of inactivity.[CR][CR]What should you do?
*Configure the remote access policy on ServerA to enable an Idle Timeout setting
of 15 minutes.
Configure the remote access policy on ServerA to enable logon hour restriction
no longer than three hours.
Configure the dial-in user's domain user accounts with logon hour restrictions
no longer than three hours.
Configure the dial-in user's domains user accounts with location logon
restrictions that include the MAC address of ServerA.
108. You are a network administrator for your company. A new company policy
requires that new server installations include the most recent services pack.
Company executives plan 100 new server installations during the next three
months.[CR][CR]You need to deploy the new servers with the least amount of
administrative effort. [CR][CR]What should you do?
When each new computer is delivered, install Windows 2000 Server on it. Then run
the update.exe command from the service pack CD-ROM.
When each new computer is delivered, install Windows 2000 Server on it. Then run
the setup.exe command from the service pack CD-ROM.
*When the first new computer is delivered, install Windows 2000 Server on it. On
drive C, create a folder named Win2000 and copy the contents of the Windows 2000
Server CD-ROM into this folder. Run the update.exe -s:c:\Win2000 command from
the service pack CD-ROM. Create a new installation CD-ROM that contains the
contents of the Win2000 folder, and use this CD-ROM for all subsequent new
server installations.
Install Windows 2000 Server on an existing server. On drive C, create a folder
named i386 and copy the contents of the Windows 2000 Server CD-ROM into this
folder. Run the setup.exe -s:c:\i386 command from the service pack CD-ROM.
Create a new installation CD-ROM that contains the contents of this folder, and
use this CD-ROM for all subsequent new server installations.
109. You are a network administrator for your company. The network consist of a
single domain that contains an Organizational Unit (OU) named New York. All user
accounts in the domain are in the New York OU.[CR][CR]You configure a Group
Policy Object named StartMenuGPO and link it to the New York
OU.[CR][CR]StartMenuGPO redirects the Start menu to a shared network folder. You
want all user accounts except the domain administrator accounts to have
StartMenuGPO applied.[CR][CR]You notice that on your computer, the Start menu
has been redirected. You need to ensure that no administrator accounts have
StartMenuGPO applied. You also need to ensure that the domain administrators can
administer all GPOs.[CR][CR]What should you do?
Modify the permissions on StartMenuGPO by configuring the Read permission for
the Domain Admins group to Deny.
*Modify the permissions on StartMenuGPO by configuring the Apply Group Policy
permission for the Domain Admins group to Deny.
Remove StartMenuGPO. Move the administrative accounts to the Users container.
Create a new GPO and link it to the domain level to redirect the Start menu.
Create a new GPO and link it to the New York OU. Configure the Start menu to be
redirected to the C:\Documents and Settings\Administrator folder. Assign the
Domain Admins group Allow-Full Control permission for this GPO.
110. You are the administrator of an Organizational unit (OU) named Operations.
You need to provide a new software application to the users in the Operations OU.
You want the shortcut for the new application to appear on every user's Start
menu, and you want the application to be installed the first time a user clicks
the shortcut.[CR][CR]You configure a Group Policy Object (GPO) to deploy the
application, as shown in the exhibit.[CR][CR][CR][CR]Users report that the
shortcut for the new application does not appear on their Start menus. You need
to ensure that the shortcut appears on every user's Start menu, and that the
application is installed the first time a user clicks the shortcut.[CR][CR]What
should you do?<Q36.gif>
Modify the GPO by selecting the Maximum option under Installation user interface
options.
*Modify the GPO by selecting the Assigned option under Deployment Type.
Move the application's installation package to a network share.
Share the folder that contains the application's installation package, and
publish the shared folder in Active Directory.
111. You are a network administrator for Contoso Pharmaceuticals. The network
contains three Windows 2000 Server computers, which run the DNS server service,
and two UNIX BIND-based DNS servers. The Windows 2000 DNS servers are domain
controllers for a single domain named ad.contoso.com. The DNS zone type for
ad.contoso.com is Active Directory integrated. The zone is configured with
default refresh and expire intervals and default zone transfer
properties.[CR][CR]Windows 2000 Server computers in the domain are configured to
dynamically register with the Windows 2000 DNS servers. However, all Windows
2000 Professional and UNIX computers are configured to use the BIND-based DNS
servers for name resolution.[CR][CR]You create secondary zones for
ad.contoso.com in each of the BIND-based DNS servers, and you configure the
ad.contoso.com domain controllers as the master DNS servers. When you inspect
the secondary zone on the BIND-based DNS servers the next day, there are no
records in the zone.[CR][CR]You need to ensure that the secondary zones on the
BIND-based DNS servers include up-to-date DNS records. [CR][CR]What should you
do?
On one of the domain controllers, select the Allow zone transfers check box in
the properties for the zone.
On one of the domain controllers, increase the expire interval for the
ad.contoso.com zone to two days.
*On one of the domain controllers, change the zone type for ad.contoso.com to
standard primary. On the remainder of the domain controllers, change the zone
type to standard secondary.
On each of the domain controllers, assign the Pre-Windows 2000 Compatible Access
group the Allow-Read permission for the ad.contoso.com zone.
112. You are a network administrator for your company. The network consists of a
single Windows 2000 Domain. All client computers run Windows 2000 Professional
and are members of the domain.[CR][CR]Client computers in the research
department and the graphics department are new and have clean installs of
Windows 2000 Professional. Client computers in the other departments have been
upgraded from Windows NT workstation 4.0 to Windows 2000
Professional.[CR][CR]The domain contains an organizational unit (OU) hierarchy,
as shown in the exhibit.[CR][CR]You want to ensure that all upgraded computers
have the same security configuration as the computers that have the clean
installs. You also want to ensure that all client computers have strong password
policies applied, and that an administrator is required to unlock locked user
accounts for the research department and the human resources (HR)
department.[CR][CR]You create a Group Policy Object named DefaultSec, which
applies security setting that are required for all users and computers. You
create a second GPO named HiSec, which has the security setting that are
required by the HR and the Research departments. Both GPOs use custom security
templates.[CR][CR]You import the Basicwk.inf security template into the Default
Domain GPO. [CR][CR]How should you link the GPOs to the OUs?[CR][CR]To answer
click the select and place button, and then drag the appropriate Group Policy
Object to the[CR][CR]appropriate department OU. Note that GPOs can be used more
than once.[CR][CR]SELECT AND PLACE<Q2627.gif>
[FC]
?See exhibit for answer.
113. You are the administrator for your company's intranet web site. The web
site is hosted on a Windows 2000 Server computer.[CR][CR]You need to install a
new web server component that will be used with a new web site that is in
development. The new component is an ISAPI-based application. You install the
component in a virtual directory named COMMON and configure the Read, Script,
and Execute permissions.[CR][CR]When the developers test their applications by
using the new component, they receive an error message stating that the
component could not be started.[CR][CR]You want to ensure that the new component
functions properly on the web site. [CR][CR]What should you do?
Configure the intranet web site to remove the default application.
Configure the COMMON virtual directory to run with low application protection.
Configure the COMMON virtual directory to run with high application protection.
Configure the Execute permission on the intranet web site to enable Scripts
only.
*Configure the Execute permission on the intranet web site to enable Scripts and
Executables.
114. You are a network administrator for your company. To meet the requirement
of the company's new password policy, you must configure a minimum length of
eight characters for new network passwords.[CR][CR]On a domain controller named
DC01, you modify the Default Domain Group Policy Object (GPO). You test the new
configuration on your Windows 2000 Professional computer. You can still create
two-character password.[CR][CR]You need to ensure that the password policy
changes are immediately enforced for all users in the domain. [CR][CR]What
should you do?
On DC01, run the Secedit/refreshpolicy machine_policy/enforce command.
*On DC01, run the Secedit/refreshpolicy user_policy/enforce command.
Create a new GPO and configure the password policy. Link the new GPO to the
organizational unit (OU) that contains all user accounts.
Create a new GPO and configure the password policy. Link the new GPO to the
organizational unit (OU) that contains all computer accounts.
115. You are an enterprise administrator for Trey Research, a company that is
based in Los Angeles. The network consists of three Windows 2000 domains in two
sites, as shown in the exhibit.[CR][CR]Trey Research anticipates company growth
of up to 200 percent during the next 12 months, and plans to add as many as
three new sites and four new child domains to the network during that
time.[CR][CR]Company IT policy dictates that user account and password security
policy settings must be applied consistently to all users throughout the
company. You configure the Group Policy Object to the treyresearch.com domain as
shown in the following table: (see exhibit) [CR][CR]You later discover that the
settings that defined in the Enterprise security GPO are being applied to users
located in only the treyresearch.com domain. You need to ensure that these
settings are applied to all users in the company.[CR][CR]What should you
do?<Q2808.gif>
Delete the Default Domain GPO in the child domains.
*Enable the No Override option for the Enterprise Security GPO.
Create a new site that contains all domains, and link the Enterprise Security
GPO to the site.
Create and link new GPOs in the child domains with the same settings as in the
root domain.
116. You are the administrator of a Windows 2000 Server computer. The server
runs a client/server application that is used by 2,000 users in your
company.[CR][CR]During a scheduled maintenance period, you install a faster
network adapter card in the server, and you install the software drivers
provided by the card manufacturer. You remove the server's old network adapter
card and uninstall the old drivers.[CR][CR]You restart the server and log on by
using the local Administrator account. Shortly after you log on, the server
stops responding and displays a STOP message. You restart the server again, and
it displays a STOP message a few seconds after it displays the logon
screen.[CR][CR]You remove the new network adapter card and reinsert the original
card. You restart the server and it again displays the STOP message a few
seconds after it displays the logon screen.[CR][CR]You need to return the server
to normal operation as quickly as possible. [CR][CR]What should you do?
Restart the server using the last known good configuration. Reinstall the
drivers for the original network adapter card.
*Restart the server by using safe mode. Uninstall the new network adapter card
drivers, and restart the computer. Reinstall the drivers for the original
network adapter card.
Restart the server by using the Windows 2000 Server CD-ROM, and select the
option to repair the installation. Restart the server. Reinstall the drivers for
the original network adapter card.
Restart the server by using the Windows 2000 Server CD-ROM, and select the
option for the Recovery Console. Copy the drivers for the original network
adapter card from the CD-ROM provided by the network adapter card manufacturer.
117. You are a desktop administrator for your company. All client computers run
Windows 2000 Professional with the default installation settings.[CR][CR]Users
in the sales department use portable computers. The users require dial-up access
to the company network when they are out of the office. You are asked to
configure network dial-up access for a new sales employee named
Peter.[CR][CR]You insert a PC Card modem into Peter's computer. You then restart
the computer and log on as a local administrator. You start the Network
Connection wizard, but the modem does not appear in the list of devices that you
can select for marketing the dial-up connection.[CR][CR]You need to be able to
install the modem in Peter's computer. [CR][CR]What should you do?
In the system BIOS, reserve an IRQ for the COM port that is used by the modem.
In the Driver Signing Options dialog box, set File Signature Verification to
Ignore.
Use Device Manager to disable the computer's built-in serial ports.
*Manually install the modem device driver provided by the manufacturer.
118. You are a network administrator for Contoso Pharmaceuticals. The network
contains two Windows 2000 Server computers, which run the DNS server service.
The DNS servers are domain controllers for a single domain named
ad.contoso.com.[CR][CR]The DNS servers use standard zone types for
ad.contoso.com. The Windows 2000 Server computers and Windows 2000 Professional
computers in the domain are configured to dynamically register with the DNS
servers. DNS is the only name resolution service on the network.[CR][CR]A
Windows 2000 web server named ServerA contains an employee information Web site.
Users report that they attempt to access the Web site; they receive an error
message stating that the page cannot be displayed.[CR][CR]You confirm that you
can access the web site on ServerA by using the server's IP address. However,
when you run the ping ServerA command from the command line the reply you
receive contains a different IP address.[CR][CR]You want to correct the name
resolution problem and prevent it from happening again. [CR][CR]Which three
actions should you take? (Choose three)
Disallow zone transfers for the ad.contoso.com zone.
*Change the zone type to Active Directory integrated for the ad.contoso.com
zone.
Allow only secure objects for the ad.contoso.com zone.
Disable dynamic updates for the ad.contoso.com zone.
*Run the ipconfig/release command on the computer that responds to the ping. Run
the ipconfig/renew command on ServerA.
*Delete the current DNS entry for ServerA. Run the ipconfig/registerdns command
on ServerA.
119. You are a domain administrator for your company. The network consists of a
single Active Directory domain. The network contains 10 Windows 2000 Server
computers and 200 Windows 2000 Professional computers. A server named ServerA
has routing and remote access installed and is configured for incoming dial-up
connections.[CR][CR]Five employees will be traveling overseas. They need to be
able to dial in to ServerA while they are traveling. The employees will be using
Windows 2000 Professional portable computers to dial in to the
network.[CR][CR]You need to ensure that the dial-in connections on the portable
computers are as secure as possible.[CR][CR]Which three actions should you take?
(Choose three)
Configure ServerA to require EAP-CHAP authentication.
Configure ServerA to require MS-CHAP v2 authentication.
*Configure ServerA to require L2TP connections for all dial-in users.
Configure ServerA to require Microsoft Point-to-Point Encryption (MPPE) for all
dial-in users.
*Install a server encryption certificate on ServerA and enable IPSec.
*Install an encryption certificate on all client computers and enable IPSec
120. You are the administrator of a Windows 2000 print server named serverA.
ServerA is a member of a Windows 2000 Domain. You install a color laser print
device on the network. You create and share a printer on ServerA named ColorLsr
with the default settings.[CR][CR]You want all of the users in your company to
be able to use ColorLsr, but you want the users in the Managers domain local
group to always have priority use of the print device.[CR][CR]What should you
do?
Create and share a second printer for the print device and set the priority
level to 1. For the second printer, assign the Everyone group the Deny-print
permission and assign and the Managers group the Allow-Print permission.
Instruct users in the Managers group to use the second printer.
Create and share a second printer for the print device and set the priority
level to 1. For the second printer, remove permissions for the Everyone group
and the Managers group the Allow-Print permission. Instruct users in the
Managers group to use the second printer.
Create and share a second printer for the print device and set the priority
level to 99. For the second printer, assign the Everyone group the Deny-print
permission and assign and the Managers group the Allow-Print permission.
Instruct users in the Managers group to use the second printer.
*Create and share a second printer for the print device and set the priority
level to 99. For the second printer, remove permissions for the Everyone group
and the Managers group the Allow-Print permission. Instruct users in the
Managers group to use the second printer.
121. You are a network administrator for your company. You are responsible for a
child domain in your enterprise. The human resources (HR) department uses this
child domain. The domain contains Windows 2000 domain controllers and Windows NT
4.0 member servers.[CR][CR]The HR department institutes a new employee review
process. Under the new process, documents that are used for performance reviews
will be stored in the shared folder, and managers will be the only personnel who
will have access to that shared folder.[CR][CR]In that organizational unit (OU)
named Mgr1, existing global groups for managers are the IT Managers group, the
HR Managers group, the Finance Managers group and the Manufacturing Managers
group.[CR][CR]You want to add these managers groups to a new security global
group named All Managers. The All Managers group is in a separate OU named
AllMgr. However, when to attempt to add each of the managers groups to the All
Managers group, you notice that only individual users accounts are available to
be added and the managers group are not available to be added.[CR][CR]What
should you do?
Move the All Managers group to the Mgr1 OU.
*Ask the domain administrator to switch the domain to native mode.
Change the All Members group from a global group to a universal group.
Ask the domain administrator to assign you the Allow - Change permission for
each of the managers global groups.
122. You are a domain administrator for your company. You are installing a
network in a new branch office. The network contains two Windows 2000 Server
computers and 10 Windows 2000 Professional computers. A Windows 2000 Server
computer named ServerA provides DHCP service for the network.[CR][CR]You are
installing a new Windows 2000 Server computer named ServerC. You have a dial-up
account with a local Internet service provider (ISP). You connect a 56-Kbps
modem to ServerC. You want to use serverC to provide shared access to the
internet.[CR][CR]Which three actions should you take? (Choose three)
Install the WinSock proxy client on ServerC.
Install the WinSock proxy client on all of the client computers.
Install the DNS service on ServerC.
*Install internet connection sharing on ServerC.
*Uninstall the DHCP service on serverA.
*Create a dial-up connection on ServerC and configure the connection with the
ISP account information.
back on top
|