Truyen2U.Pro - Tên miền mới của Truyen2U.Net
  1. Home
  2. /
  3. Ngẫu Nhiên
  4. /
  5. ONTHI CK2
  6. /
  7. ONTHI CK2

ONTHI CK2

Trước Sau
Màu nền
Font chữ
Font size
Chiều cao dòng

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

1. You are the network administrator for Blue Yonder Airlines. The company uses a single Active Directory domain named blueyonderairlines.com. The company network consists of three subnets. The subnets are connected by two hardware routers. Each subnet contains one Windows Server 2003 computer with the Routing and Remote Access service enabled and configured. The relevant portion of the network is configured as shown in the Network exhibit. (Click the Exhibit button.)

Users on the 192.168.30.0/24 subnet report that they cannot access resources on Server1. You verify that Server1 and Server2 can connect to each other. You run the tracert command on Server3 and view the output shown in the Tracert exhibit. (Click the Exhibit button.)

You need to ensure that users on all three segments of the network can access resources on Server1. What should you do? A. Modify the route to the 192.168.30.0 network in the routing table on Router1. B. Modify the route to the 192.168.10.0 network in the routing table on Router2. C. Modify the route to the 192.168.30.0 network in the routing table on Server1.

D. Modify the route to the 192.168.10.0 network in the routing table on Server2. E. Modify the route to the 192.168.10.0 network in the routing table on Server3. Answer: B

2. You are the network administrator of your company. The company network contains two subnets that are connected by a router. All servers run Windows Server 2003. All network hosts are manually configured with TCP/IP information. The network is configured as shown in the exhibit. (Click the Exhibit button.)

A developer uses a server named Workstation6 for testing. She reports that she cannot access resources on a server named Server5. All other hosts on subnet A are able to access resources on Server5. From Workstation6 you successfully ping the IP address of the router interface on the local subnet. However, you cannot ping the IP address of Server5 or the IP address of the router interface on subnet B. You run the route print command on Workstation6 and receive the output as shown in the following table.

You need to ensure that Workstation6 can connect to Server5 and any other hosts on subnet B. What should you do? A. Change the IP address on Workstation6 to 131.107.142.128. B. Change the subnet mask on Workstation6 to 255.255.0.0. C. Change the default gateway on Workstation6 to 131.107.128.1. D. Change the IP address of the router interface connecting to subnet A to 131.107.142.1. E. Change the IP address on the router interface connecting to subnet B to 131.107.194.1. Answer: C

3. You are the network administrator for a Web hosting company. All servers run Windows Server 2003. All client computers run Windows XP Professional. Your company is assigned the following IP address ranges by the ISP: •131.107.10.0 through 131.107.10.255 •131.107.11.0 through 131.107.11.255 The company's data center contains 400 Windows Server 2003 computers and consists of two subnets named subnet A and subnet B. Subnet A contains 200 servers and uses the 131.107.10.0 network address. Subnet B also contains 200 servers and uses the 131.107.11.0 network address. All server IP addresses are assigned by DHCP. All computers in the data center have valid Internet-accessible IP addresses. As a result of a corporate acquisition, 200 additional servers will be added to your company's data center within

one month. The new servers will be placed on the network segment that maps to subnet A. The existing router does not have the capacity for an additional subnet, and the budget does not allow the purchase of a new router. You will need to add the additional servers to the existing subnet A. The ISP assigns you the additional IP address range 131.107.12.0 through 131.107.12.255. You need to change the IP addressing scheme to accommodate all required servers in subnet A and subnet B. You are authorized to make any necessary changes. The diagram in the work area shows the network configuration and the planned number of servers for each subnet. Which IP address should be assigned to each subnet? To answer, drag the appropriate IP address or addresses to the correct locations in the work area. Answer:

4. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains two domain controllers and three file servers. The DHCP server for the network is named Server2. All client computers are configured as DHCP clients. Users report that they cannot connect to the file servers on the network. On one of the affected computers, you run the ipconfig /all command. You receive the result shown in the IPconfig exhibit. (Click the Exhibit button.)

You log on to the DHCP server and view the DHCP console as shown in the DHCP exhibit. (Click the Exhibit button.)

You need to ensure that the users can connect to the network file servers. What should you do? A. Start the DHCP service on Server2. B. Increase the number of addresses available in the scope on Server2. C. Authorize the DHCP server in Active Directory. D. Add the Server2 computer account to the DHCP Administrators domain local group. Answer: A

5. You are the network administrator for your company. The network consists of a single Active Directory domain.

All servers run Windows Server 2003. The domain controllers in the domain are also configured as the DNS servers for the network. The DHCP server for the network is named Server1. You decide to move the DHCP service to a server named Server2. You stop the DHCP service on Server1. You log on to Server2 by using the local Administrator account, and you install DHCP. After you install DHCP on Server2, you create a new scope in DHCP. You activate the scope. Users report that they cannot log on to the network. You discover that the client computers are not receiving an IP address configuration from the DHCP server. You open Event Viewer on Server2 and view the event shown in the exhibit. (Click the Exhibit button.)

You need to ensure that client computers on the network can receive an IP address configuration from Server2. What should you do? A. Restart the DHCP service on Server2. B. Authorize the DHCP service on Server2 in Active Directory. C. Uninstall the DHCP service on Server1. D. Install DNS on Server2. Configure a secondary zone on Server2 for the Active Directory domain DNS zone. Answer: B

6. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All servers are configured with static IP addresses. All client computers run Windows XP Professional. All client computers are configured as DHCP clients. The relevant portion of the network is configured as shown in the Network exhibit. (Click the Exhibit button.)

A user named Maria reports that she cannot access network resources by using her client computer. Her client computer is named Client2. Maria reports that she received an error message about a duplicate address on the network when she started her computer this morning. You examine the DHCP scope properties on the DHCP server. The scope properties are shown in the DHCP exhibit. (Click the Exhibit button.)

You need to ensure that Maria can access the network by using her client computer. You also need to ensure that this problem will not recur. What should you do? A. Exclude the IP addresses 192.168.10.10 to 192.168.10.15 from the DHCP scope. Restart Client2. B. Add the additional IP addresses 192.168.10.201 to 192.168.10.250 to the DHCP scope. Restart Client2. C. Configure the DHCP scope to detect IP address conflicts. Restart Client2. D. Reconcile the DHCP scope on the DHCP server. Restart Client2. Answer: A

7. You are the network administrator for your company. All servers run Windows Server 2003. All servers are configured with static IP addresses. All client computers run Windows XP Professional. All client computers are configured as DHCP clients. The company has a main office and one branch office. The offices are separated by a router. A DHCP server is deployed in each office. One of the DHCP servers shuts down unexpectedly. It takes four hours to repair the server. During that time, several mobile users connect their portable computers to the network and report that they cannot connect to shared resources on the network. After the server is repaired, you create a new scope on each DHCP server that includes IP addresses for the other office. You activate the scopes. You test the new DHCP configuration by shutting down the DHCP server in the main office. You find out that the client computers in the main office are not receiving IP addresses from the DHCP server in the branch office. You need to ensure that when the DHCP server in one office fails, the client computers will receive a correct IP address configuration from the DHCP server in the other office. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. Configure the router between the offices to forward BOOTP broadcasts. B. Configure the DHCP server in each office with a DHCP scope that includes the same IP addresses as the DHCP server in the other office. Activate the scope. C. Configure the DHCP server in each office with an additional network adapter. Connect each new network adapter to the local network. Assign an IP address from the other office's network to each new network adapter. D. Install and configure a DHCP relay agent in each office.

Answer: D AND A

8. You are the network administrator for your company. All servers run Windows Server 2003. All servers are configured with static IP addresses. All client computers run Windows XP Professional. All client computers are configured as DHCP clients. The company has a main office and one branch office. The offices are separated by a router. A DHCP server is deployed in each office. The DHCP servers are named DHCP1 and DHCP2. You configure scopes on the DHCP1 and DHCP2 as shown in the following table.

You shut down DHCP1 for scheduled maintenance. While DHCP1 is shut down, client computers in both offices continue to receive correct IP address assignments from DHCP2. You restart DHCP1. Several users report that when they restart their computers, they receive error messages stating that a duplicate IP address exists on the network. You need to ensure that these error messages do not appear when you shut down and restart a DHCP server. You need to ensure that changes you make does not affect the current DHCP functionality. What should you do? A. On each DHCP server, configure a superscope that includes both DHCP scopes. B. Configure the router between the offices to block all broadcasts. C. Modify the Main scope on DHCP1 to include addresses 10.1.16.0 through 10.1.27.254. Modify the Branch scope on DHCP2 to include addresses 10.2.16.0 through 10.2.27.254. D. Modify the Main scope on DHCP2 to include addresses 10.1.16.0 through 10.1.31.254. Modify the Branch scope on DHCP1 to include addresses 10.2.16.0 through 10.2.31.254. Answer: C

9. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. Two of the servers on the network contain highly confidential documents. The company's written security policy states that all network connections with these servers must be encrypted by using an IPSec policy. You place the two servers in an organizational unit (OU) named SecureServers. You configure a Group Policy object (GPO) that requires encryption for all connections. You assign the GPO to the SecureServers OU. You need to verify that users are connecting to the two servers by using encrypted connections. What should you do? A. Run the net view command. B. Run the gpresult command. C. Use the IP Security Monitor console. D. Use the IPSec Policy Management console. Answer: C

10. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. One domain controller on the network is configured as a certification authority (CA). The network contains a Web server that runs IIS 6.0 and hosts a secure intranet site. The server also hosts other sites that do not require HTTPS. You configure a server certificate on the IIS server by using a certificate from your internal CA. All users are required to connect to the intranet site by using HTTPS. Some users report that they cannot connect to the secure intranet site by using HTTPS. You confirm that all users can connect to the nonsecure sites hosted on the Web server by using HTTP. You want to view the failed HTTPS requests. What should you do? A. Review the log files created by IIS on the Web server. B. Review the security log in Event Viewer on the Web server. C. Review the security log in Event Viewer on the CA. D. Review the contents of the Failed Requests folder on the CA. Answer: A

11. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains a Web server that runs IIS 6.0 and hosts a secure intranet site. All users are required to connect to the intranet site by authenticating and using HTTPS. However, because an automated Web application must connect to the Web site by using HTTP, you cannot configure the intranet site to require HTTPS. You need to collect information about which users are connecting to the Web site by using HTTPS. What should you do? A. Check the application log on the Web server. B. Use Network Monitor to capture network traffic on the Web server. C. Review the log files created by IIS on the Web server. D. Configure a performance log to capture all Web service counters. Review the performance log data. Answer: C

12. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains a Web server named Server1 that runs IIS 6.0 and hosts a secure Web site. The Web site is accessible from the intranet, as well as from the Internet. All users must authenticate when they connect to Server1. All users on the Internet must use a secure protocol to connect to the Web site. Users on the intranet do not need to use a secure protocol. You need verify that all users are using a secure protocol to connect to Server1 from the Internet. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. Monitor the events in the application log on Server1. B. Monitor the events in the security log on Server1. C. Monitor the Web server connections on Server1 by using a performance log. D. Monitor network traffic to Server1 by using Network Monitor. E. Monitor the IIS logs on Server1. Answer: E AND D

13. You are the administrator of an Active Directory domain. All servers run Windows Server 2003. All client

computers run Windows XP Professional. All computers are members of the domain. The Secure Server (Require Security) IPSec policy is assigned to a file server named Server6. The policy is configured as shown in the exhibit. (Click the Exhibit button.)

Users report that they cannot access shared folders on Server6. Users were able to access shared folders on Server6 prior to the implementation of the IPSec policy. You need to ensure that all client computers in the domain can access the shared folders on Server6. You must ensure that all communications between client computers and Server6 be encrypted. What should you do? A. On Server6, enable the All ICMP Traffic IP Security rule in the properties of the Secure Server (Require Security) IPSec policy. B. On Server6, enable the <Dynamic> IP Security rule in the properties of the Secure Server (Require Security) IPSec policy. C. On all client computers, assign the Client (Respond Only) IPSec policy. D. On all client computers, install an IPSec communication certificate in the local machine store. Answer: C

14. You are an administrator of a single Active Directory forest that contains one domain. All servers run Windows Server 2003. A server named VPN1 is configured with Routing and Remote Access. VPN1 is configured to allow only inbound VPN connections that use L2TP. You assign the Server (Request Security) IPSec policy on VPN1. You configure the policy to use Kerberos and certificates for authentication. From a Windows XP Professional computer named Client1, which does not belong to the domain, you attempt to establish a VPN connection to VPN1 and receive the error message shown in the exhibit. (Click the Exhibit button.)

You verify that the VPN ports on VPN1 are not being blocked by any intermediate devices. You need to configure Client1 to allow it to establish a VPN connection to VPN1. What should you do? A. Assign the Client (Respond Only) IPSec policy. B. Assign the Server (Request Security) IPSec policy. C. Install a valid IPSec certificate in the local machine store. D. Configure the VPN connection so that only L2TP IPSec VPN is enabled. Answer: C

15. You are the administrator of an Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. A server named Filesrv1 contains confidential data that is only available to users in the human resources (HR) department. You want all computers in the HR department to connect to Filesrv1 by using an IPSec policy. You assign the Server (Request Security) IPSec policy to Filesrv1. Using Network Monitor, you notice that some computers in the HR department connect to Filesrv1 without using the IPSec policy. You need to configure Filesrv1 to ensure that all computers connect to it by using the IPSec policy.

What should you do? A. Assign the Secure Server (Require Security) IPSec policy. B. Assign the Client (Respond Only) IPSec policy. C. Unassign the Server (Request Security) IPSec policy. D. Restart the IPSec Services service. Answer: A

16. You are the network administrator for your company. All servers run Windows Server 2003. You configure the Routing and Remote Access service on a server named Server2. Server2 is connected to a modem pool and supports eight simultaneous inbound connections. You instruct remote users to dial in to Server2 from their home computers. The company's written business policy states that the only client computer operating systems that should be supported for dial-up access are Windows 95, Windows 98, Windows 2000 Professional, and Windows XP Professional. You need to configure the remote access policy to support the most secure authentication methods possible. You want to enable only the necessary authentication methods based on the supported client computers that will be connecting. Which authentication method or methods should you enable? (Choose all that apply.) A. PAP B. SPAP C. CHAP D. MS-CHAP Version 1 E. MS-CHAP Version 2 Answer: E AND D

17. You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company has a main office and one branch office. The perimeter networks for each office are configured as shown in the exhibit. (Click the Exhibit button.)

You configure an L2TP/IPSec VPN tunnel between Server1 and Server2. You also configure and assign an IPSec policy named RASIPSec that requires secure communications. You need to ensure that no unsecured traffic from the Internet reaches the internal network through this VPN. You also need to ensure that access to the VPN servers from their respective internal networks is not disrupted. What should you do? A. Configure input and output L2TP/IPSec packet filters on the internal interfaces of Server1 and Server2. B. Configure input and output L2TP/IPSec packet filters on the external interfaces of Server1 and Server2. C. In the properties of RASIPSec, edit the All IP Traffic IP Filter list to include the IP addresses for only Server1 and Server2. D. In the properties of RASIPSec, edit the All ICMP Traffic IP Filter list to include the IP addresses for only Server1 and Server2. Answer: B

18. You are the administrator of a Windows Server 2003 computer named Server1. The network contains another Windows Server 2003 computer named Server2 that has the DNS and WINS services installed. Two hundred Windows 2000 Professional computers regularly connect to Server1 to access file and print resources. Administrators report that network traffic has increased and that response times for requests for network resources on Server1 have increased. You need to identify whether Server1 is receiving requests for resources through NetBIOS broadcasts. What should you do? A. Use Network Monitor to capture traffic between Server1 and all client computers. B. Use Network Monitor to capture traffic between Server1 and Server2. C. Monitor Event Viewer for Net Logon error or warning events. D. Run the tracert command on Server1. Answer: A

19. You are the administrator of a Windows Server 2003 computer named Server1. Server1 is an FTP server located in the company's internal network. Administrators report an increased amount of FTP traffic to Server1. You need to configure Server1 to achieve the following goals: Identify the media access control (MAC) address of any computer that is performing FTP transfers from Server1. Find out the exact FTP commands that were executed. Ensure that you do not disrupt the operation of Server1. What should you do? A. Configure a performance alert to write an event to the application event log whenever the number of established FTP connections exceeds 1. B. Use a Network Monitor filter to capture IP traffic from any computer to Server1. C. Run the finger command on Server1 to identify the source of the FTP requests. D. Run the arp command on Server1 to identify the source of the FTP requests. Answer: B

20. You are the administrator of an Active Directory domain. The domain contains a Windows Server 2003 computer named Server1. Server1 functions as a domain controller and a DNS server. The domain also contains a Windows XP Professional client computer named Client1. You need to establish a detailed record of all of the communications that occur when a typical member of the Domain Users group named User1 logs on to the Active Directory domain from Client1. You might need to use this information as a troubleshooting tool if communications between Client1 and Server1 are disrupted or degraded. You want to use Network Monitor to obtain this baseline information. What should you do? To answer, move the appropriate actions from the list of actions to the answer area, and arrange them in the correct order. A. Start a capture. B. Enable TCP/IP filtering on Client1. C. Start Network Monitor on Server1 and select Local Area Network. D. Configure a capture filter to capture all traffic between Server1 and Client1. E. Configure a display filter to display all traffic between Server1 and Client1.

F. Configure a capture filter to capture all traffic between Server1 and *ANY. G. Configure a display filter to display all traffic between Server1 and *ANY. H. Log on to Client1 as User1 and allow the logon process to complete. I. Log on to Server1 as User1 and allow the logon process to complete. J. Stop the capture and save it in a secure, reliable location. Answer: C CStart Network Monitor on Server1 and select Local Area Network. D DConfigure a capture filter to capture all traffic between Server1 and Client1. A Start a capture. H HLog on to Client1 as User1 and allow the logon process to complete. J JStop the capture and save it in a secure, reliable location. (H BEFORE J) AND (A BEFORE H) AND (D BEFORE A) AND (C BEFORE D)

21. You are the administrator of an Active Directory domain. The network contains a Windows Server 2003 domain controller named Server1. Users report that they experience intermittent delays when they log on to Server1. Administrators report that replication attempts between Server1 and other domain controllers are occasionally delayed. You need to verify the cause of the intermittent connection delays to Server1. You also need to find out whether the problem is related to a hardware deficiency on Server1. You need to track these delays over a period of one day. What should you do first? A. Run the netdiag /verbose command to perform a network diagnostic test on Server1. B. Run the replmon command to view the Active Directory replication status on Server1. C. Use Network Monitor to view the network traffic packet contents between Server1 and all other computers. D. Create a System Monitor counter to track the queue lengths on the network adapter on Server1. Answer: D

22. You are the administrator of an Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional and are members of the domain. The domain contains a single DNS server named Server1. Root hints are enabled on Server1. Internet access for the company is provided by a Network Address Translation (NAT) server named Server2. Server2 is connected to

the Internet by means of a permanent connection to the company's ISP. Users report that they can no longer connect to http://www.adatum.com. Users can connect to internal resources and to other Internet Web sites. You can successfully access http://www.adatum.com from a computer outside of the corporate network. You need to ensure that the users can access http://www.adatum.com. You must also ensure that users retain their ability to access internal resources. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Disable Routing and Remote Access on Server2. B. Create a root zone on Server1. C. On all affected users' computers, run the ipconfig /flushdns command. D. Configure all affected users' computers to use the ISP's DNS server. E. Use the DNS console on Server1 to clear the DNS cache. Answer: C AND E

23. You are the network administrator for your company. All servers run Windows Server 2003. Twenty company employees connect to a terminal server named Server2 to run applications and to gain access to the Internet. The 20 employees report that they receive security messages while browsing Internet Web sites. The employees report that they cannot modify the Internet Explorer security settings on their client computers while connected to Server2. You need to allow these 20 employees to modify the Internet Explorer security settings on their client computers while connected to Server2. What should you do? A. Log on to Server2 as Administrator and add http:// to the list of trusted sites in Internet Explorer. B. Instruct the 20 employees to add http:// to the list of trusted sites in Internet Explorer on their client computers. C. Instruct the 20 employees to change the Internet Explorer privacy settings on their client computers to Low. D. Uninstall Internet Explorer Enhanced Security Configuration on Server2. Answer: D

24. You are the administrator of an Active Directory domain. All servers run Windows Server 2003. You configure a server named Server3 as the DNS server for the domain. The company recently started using a new ISP. Since the change to the new ISP occurred, users report that they cannot access Internet Web sites by using their fully qualified domain names (FQDNs). You manually configure a test computer to use the DNS server address of the new ISP. The test computer can successfully access Internet Web sites by using their FQDNs. You need to ensure that network users can access Internet Web sites by using their FQDNs, while ensuring that user access to internal resources is not disrupted. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. Create a root zone on Server3. B. Configure Server3 to use the default root hints. C. Configure a forwarder on Server3 to the new ISP's DNS server. D. Configure all computers on your network to use the new ISP's DNS server. Answer: B AND C

25. You are the administrator of an Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network is configured as shown in the exhibit. (Click the Exhibit button.)

DC1 is configured as a DNS server for the domain named contoso.com. DC1 is configured to use ISP-DNS as a

forwarder. A computer named NAT1 is a Network Address Translation (NAT) server. NAT1 provides Internet access for the entire company. You recently created a subnet named Subnet 10. You are configuring a DHCP server to support Subnet 10. You need to configure the DHCP server options for Subnet 10 to ensure that all users can access the Internet and internal resources. What should you do? To answer, drag the appropriate IP address or addresses to the correct location or locations in the work area. Answer:

26. You are the network administrator for your company. All servers run Windows Server 2003. The company is setting up a sales booth at a large trade show. Twelve company sales representatives will be working in the booth. The sales representatives each have a portable computer that runs Windows XP Professional. You configure a server named Server2 with a LAN connection and a dial-up connection to the Internet. All of the sales representatives' computers are also connected to the LAN. The 12 sales representatives report that they cannot connect to the Internet. You view the IP configuration on one of the portable computers as shown in the exhibit. (Click the Exhibit button.)

You need to provide the 12 sales representatives' portable computers with Internet access. What should you do? A. Configure Internet Connection Sharing (ICS) on Server2. B. Install the DHCP service on Server2. Create a scope for subnet 169.254.0.0/16. C. Modify the Internet Explorer properties on the 12 sales representatives' computers to specify 169.254.0.1 as the proxy server. D. Install the Connection Manager Administration Kit (CMAK) on Server2. Answer: A

27. You are the network administrator for your company. All servers run Windows Server 2003. You configure a server named Server2 as a Network Address Translation (NAT) server. Server2 has a single network adapter and a modem. Server2 connects to the Internet through a demand-dial connection. Users report that when they attempt to connect to Internet Web sites, they intermittently receive the following error message: "Page not found." After waiting for several minutes, they can connect to the Web sites. These errors occur throughout the day. You need to configure Server2 to allow users to always connect to Internet Web sites. What should you do? A. Set the demand-dial connection to Persistent. B. Set the dial-out hours on the demand-dial connection to any day and any time. C. Set a demand-dial filter. Configure the filter for Only allow the following traffic. Specify a new filter for outbound port 80.

D. Configure the demand-dial interface as the private interface. Answer: A

28. You are the network administrator for your company. All servers run Windows Server 2003. The company's main office is located in New York City, and four branch offices are located in various North American cities. The network is configured as shown in the exhibit. (Click the Exhibit button.)

Access to the Internet is provided by a Network Address Translation (NAT) server located in the Montreal office. The IP address of the NAT server is 192.168.10.254. Users in the Los Angeles office report that they cannot connect to the Internet. Users in the New York office report that they can successfully connect to the Internet. From a computer in the Los Angeles office, you cannot connect to servers located in the Montreal office by using their IP address. You want to find out where the communication failure resides by running a command prompt on a computer in the Los Angeles office. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. Run the pathping 192.168.10.254 command. B. Run the net view \\192.168.10.254 command. C. Run the tracert 192.168.10.254 command. D. Run the nslookup 192.168.10.254 command. Answer: A AND C

29. You are the administrator of a Windows Server 2003 computer named Server1. The LAN connection TCP/IP properties on Server1 are configured to use a static IP address.

An administrator reports that Server1 is receiving incorrect results to a query for server2.fourthcoffee.com. You log on to Server1 and run the ipconfig /flushdns command. You receive the following error message.

You need to start the appropriate service or services to ensure that Server1 can correctly resolve name resolution queries. You want to achieve this goal by using the minimum amount of administrative effort. Which service or services should you start? To answer, select the appropriate service or services in the work area. Answer:

30. You are the network administrator for your company. The network contains a third-party application that runs as a service. The application service is secured with a domain-level service account. The properties of the service account are displayed in the work area. Users report that the application is no longer available. The application service is stopped. An administrator reports that the password of the service account had expired and was changed. You reset the

password on the service to match the new password of the service account. You unsuccessfully attempt to restart the service. You need to ensure that the service will start. You need to prevent this problem from happening again while retaining administrative control over the service account password. What should you do? To answer, configure the appropriate option or options in the dialog box in the work area. Answer:

31. You are the administrator of a Windows Server 2003 computer named Server1. Server1 has a third-party application installed on it. The third-party application runs as a service that is named Service1. Service1 fails periodically. You need to configure the recovery options for Service1 to meet the following requirements: If Service1 runs successfully for a day or more, you need to ensure that only the service is immediately restarted upon failure. If, after this failure, Service1 does not run successfully for another day, you must ensure the entire server is immediately restarted. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) A. Configure the Reset fail count after value for Service1 to 1 day. B. Configure the Restart service after value for Service1 to 1,440 minutes. C. Configure the response to the first failure to be to restart Service1. D. Configure the response to the first failure to be to restart Server1. E. Configure the response to the second failure to be to restart Service1. F. Configure the response to the second failure to be to restart Server1. Answer: F AND C AND A

32. You are the network administrator for Fabrikam, Inc. The network contains a DNS server named Server1. Server1 is configured to resolve queries for external internet resources. Server1 also hosts the fabrikam.com internal zone for Active Directory. Users report that they are directed to the wrong Web site when browsing for well-known Internet Web sites. You need to minimize the occurrence of unexpected results when users browse the Internet in the future. You also need to minimize disruption to users. What should you do? A. Enable the Disable recursion setting in the advanced properties of Server1. B. Enable Fail on load if bad zone data setting in the advanced properties of Server1. C. Enable the Secure cache against pollution setting in the advanced properties of Server1. D. Enable the Enable automatic scavenging of stale resource records setting in the advanced properties of Server1 and set it to 7 days. Answer: C

33. You are the administrator of a Windows Server 2003 computer named Server1. Server1 is a domain member server that has the DNS service installed. Server1 is configured with two network interfaces named NIC1 and NIC2. Routing is not enabled between the two network interfaces. NIC1 and NIC2 are configured as shown in the following table.

Resources on the preproduction network segment use the same fully qualified domain names (FQDNs) as resources in the production network. The TCP/IP properties on client computers in the preproduction environment are controlled by individual testers. You need to ensure that the users in the preproduction environment cannot resolve FQDNs from the production network. You want to accomplish this goal by using the DNS console on Server1. What should you do? A. Configure the interfaces properties on Server1 to listen on 192.168.2.10 only.

B. Configure the forwarders on Server1 to refer requests to 192.168.3.2. C. Configure Server1 to disable recursion. D. Configure Server1 to disable round robin. Answer: A

34. You are a network administrator for A. Datum Corporation. The network consists of a single Active Directory domain named adatum.net. Users regularly browse the internal network and the Internet from their client computers. All Web and e-mail hosting for a separate DNS domain named adatum.com is outsourced to an ISP. All name resolution requests for adatum.com are resolved by the ISP. You have no administrative control over the DNS servers at the ISP. You cannot list the contents of adatum.com by using the nslookup command on the DNS servers at the ISP. A Windows Server 2003 computer named Server1 is configured with a primary zone for adatum.net. All root hints have been removed from Server1. All client computers refer to this DNS server for name resolution. You need to configure DNS resolution to ensure that all client computers can locate and access resources in adatum.net, adatum.com, and the Internet. What should you do? A. Configure a secondary zone for adatum.com on Server1. B. Configure a primary zone for adatum.com on Server1. C. Configure conditional forwarding for adatum.com with the IP address of the DNS server at the ISP. D. Configure simple forwarding with the default settings with the IP address of the DNS server at the ISP. Answer: D

35. You are a network administrator for Coho Winery. The network consists of a single Active Directory domain named cohowinery.net. All domain controllers are configured as DNS servers and host an Active Directory-integrated zone for cohowinery.net. A local ISP provides users with access to the Internet. All Web sites for cohowinery.com are located on the perimeter network. A secondary DNS zone for cohowinery.com is located on the internal network on a Windows Server 2003 computer named Server1. All client computers refer only to this DNS server for name resolution. You need to configure DNS resolution to ensure that all client computers can log on to the network, access the Web sites, and browse the Internet. You must also ensure that the cohowinery.net zone is stored as securely as

possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Configure a secondary DNS zone for cohowinery.net on Server1. B. Configure a primary DNS zone for cohowinery.net on Server1. C. Configure conditional forwarding for cohowinery.net to point to the IP addresses of the domain controllers. D. Configure conditional forwarding for all other DNS domains to point to the IP address of the ISP DNS server. Answer: D AND C

36. You are a network administrator for the School of Fine Art. The network contains five Windows Server 2003 computers that also function as DNS servers. The servers are configured as shown in the work area. The Caracas and Santiago branches of the school each have five client computers. The Lima branch has 5,000 client computers. The Sao Paulo branch has 2,500 client computers. Server1 is located in the school's main office in Bogota. Server1 is the authoritative server for a zone named fineartschool.net. School management plans to update the network infrastructure in the main office. During these upgrades, there will be frequent changes to the name server (NS) resource records for fineartschool.net. You need to ensure that each DNS server on the WAN has a dynamically updated list of NS records for fineartschool.net. You also need to minimize zone replication traffic across the slow connections and minimize DNS lookups on Server1. How should you configure the DNS servers in the school's branches?

Answer:

37. You are a network administrator for the Graphic Design Institute. The network contains five Windows Server 2003 computers that also function as DNS servers. The servers are configured as shown in the work area. The Lagos and Nairobi branches of the school each have five Windows XP Professional client computers. The Tangier branch has 5,000 Windows XP Professional client computers, and the Cape Town branch has 2,500 Windows XP Professional client computers. Server1 is located in the school's main office in Cairo. Server1 is the authoritative server for a zone named graphicdesigninstitute.com. No changes are planned for the name server (NS) resource records for graphicdesigninstitute.com. The DNS servers in the Nairobi and Lagos branches are multiuse servers that are configured with the minimum hardware necessary to run Windows Server 2003. The DNS servers in the Cape Town and Tangier branches are configured as dedicated servers with hardware that is sufficient to sustain multiple DNS zones. You need to ensure that the following requirements are met: Each client computer can resolve names on the network as quickly as possible by using a fully qualified domain name (FQDN). Prevent zone replication traffic from occurring on the slow network connections. Minimize hard disk utilization on the DNS servers in the Lagos and Nairobi branches as much as possible. Ensure that DNS queries in Tangier and Cape Town are resolved locally. How should you configure the remote DNS servers? Answer:

38. You are a network administrator for Trey Research. The company's main office is in Tokyo, and it has a branch office in Seoul. The network consists of a single Active Directory forest that contains two domains as shown in the exhibit. (Click the Exhibit button.)

Server1 and Server2 each have the DNS service installed as shown in the following table.

You need to configure the primary and secondary DNS address referrals on the client computers in the Seoul office by using the minimum amount of administrative effort. You need to ensure that users have access to the Internet with as few network hops as possible. You also need to ensure that users can access resources on the internal network in Seoul only as quickly as possible, and that DNS lookup traffic over the WAN does not occur if the local DNS server is available. What should you do? A. Configure 131.107.0.1 as the primary DNS server. Configure 192.168.2.1 as the secondary DNS server. B. Configure 192.168.2.1 as the primary DNS server. Configure 131.107.0.1 as the secondary DNS server. C. Configure 192.168.2.1 as the primary DNS server. Configure 192.168.3.1 as the secondary DNS server. D. Configure 192.168.3.1 as the primary DNS server. Configure 192.168.2.1 as the secondary DNS server. Answer: D

39. You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. All client computers in the domain run Windows XP Professional. An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information. The application runs as a service in the security context of the Local System. The startup type of the service is set to Automatic. In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain. The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted. The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet. The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user. The worm exploits a bug in the application to cause the computer to fail. You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service. What should you do? A. In the computer settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed.

B. In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed. C. In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a hash rule for the Inventory.exe application. Configure the hash rule with a security level of Disallowed. D. In the computer settings section of the Default Domain Policy GPO, modify the existing software restriction policy hash rule for the Inventory.exe application so that the hash rule has a security level of Disallowed. Answer: C

40. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. The functional level of the forest and the two domains is Windows Server 2003. The corp.contoso.com zone is configured as an Active Directory-integrated zone. The corp.contoso.com zone is also configured to replicate to all domain controllers in the domain. The servers are configured as shown in the following table.

You plan to remove Server1 from the network. You need to install DNS to host the corp.contoso.com zone. Your

solution must be fault-tolerant. On which server or servers should you install DNS?

41. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains an organizational unit (OU) named Webservers. The Webservers OU contains the computer accounts of 12 Windows Server 2003 computers that function as intranet Web servers. A Group Policy object (GPO) named WebserversPolicy is linked to the Webservers OU. The GPO is used to configure various settings on the computers in the OU. A global group named WebserverAdmins is a member of the Administrators local group on each intranet Web server. You plan to install a security scanning application on each intranet Web server. The documentation for the application states that it uses a service account, which must be able to modify the HKEY_LOCAL_MACHINE\SYSTEM key in the registry of every computer on which the application is installed. You create the service account in the domain. The company's written security policy states that service accounts must be assigned only the minimum rights and permissions that they require to function. You need to configure the intranet Web servers so that they comply with the installation requirements of the security scanning application. You also need to comply with the company's security policy. You want to achieve this goal by using the minimum amount of administrative effort.

What should you do? A. Add the service account to the WebserverAdmins global group. B. Configure the required permissions as registry security settings in the WebserversPolicy GPO. C. Run the regedit.exe command to add the required permissions to the registry of each intranet Web server. D. Run the explorer.exe command to modify NTFS permissions on the Systemroot\System32\Config\System file. Assign the service account the Allow - Change permission. E. Configure file system security settings in the WebserversPolicy GPO to modify NTFS permissions on the Systemroot\System32\Config\System file. Assign the service account the Allow - Change permission. Answer: B

42. You are the network administrator for your company. The network contains a Windows Server 2003 computer named Server1. Three administrators are members of the Administrators local group on Server1. Twelve other administrators are members of the Domain Admins group. The Domain Admins group is also a member of the Administrators local group on Server1. Someone makes an unauthorized change to the HKEY_LOCAL_MACHINE\SYSTEM key in the registry on Server1, which causes the computer to fail. You fix the problem. You need to log all attempts to access the HKEY_LOCAL_MACHINE\SYSTEM key in the registry on Server1. You decide to enable auditing in the local security policy on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Enable auditing in the local security policy on Server1. Select the Audit object access (success and failure) option in the audit policy. B. Enable auditing in the local security policy on Server1. Select the Audit privilege use (success and failure) option in the audit policy. C. Enable auditing in the local security policy on Server1. Select the Audit system events (success and failure) option in the audit policy. D. Configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry. Specify auditing of the Full Control permission for Everyone. E. Configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry. Specify auditing of the Set Value permission for Everyone.

Answer: D AND A

43. You are the network administrator for your company. The network contains 25 servers and 1,000 client computers. The network architect has designed a software update infrastructure. You need to configure the software update infrastructure. The configuration must meet the following requirements: Client computers must receive critical updates from a Windows Server Update Services (WSUS) server. Three WSUS servers must be available for critical updates. Only servers in the perimeter network must be able to connect to the Internet. Client computers must not be able to connect to servers in the perimeter network. You install WSUS on four servers on the network. Which configuration should you apply to the four WSUS servers?

Answer:

44. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company has 16 sales representatives, who are mobile users. All 16 mobile users are members of the Power Users local group on their computers. From 5:00 P.M. until 9:00 A.M., the sales representatives' portable computers are usually turned off and disconnected from the corporate network. The company's written security policy states that all portable computers that are used by the mobile sales representatives must receive software updates from the Windows Update servers every day. User interaction with the update process must be minimized. On a portable computer named Client2, you verify the recent updates and notice that updates from the Windows Update servers were not applied. You need to ensure that software updates are applied to Client2 in compliance with company policy. What should you do? Answer:

45. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers. Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured. You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1? A. Install and configure Urlscan.exe. B. At the command prompt, type gpresult /scope COMPUTER. C. Open the WSUS console. Run the Status of Computers report. D. Open the WSUS console. Run the Synchronization Results report. Answer: C

46. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 15 Windows Server 2003 computers and 3,000 Windows XP Professional client computers. All computers are running the most recent service pack. You install and configure Windows Server Update Services (WSUS) on a server named Server1. All client computer accounts are in the Clients organizational unit (OU). You create a Group Policy object (GPO) named WSUS. Currently all client computers obtain their Windows security updates from Microsoft Update. You want all client computers, and no other computers, to obtain their updates from Server1. You need to configure all client computers to obtain Windows security updates from Server1. You need to accomplish this task with the minimum amount of administrative effort. What should you do? A. Link the WSUS GPO to the domain. Configure the GPO to point to Server1 for automatic updates. B. Link the WSUS GPO to the Clients OU. Configure the GPO to point to Server1 for automatic updates. C. Link the WSUS GPO to the domain. Specify Clients as the target computer group in WSUS. D. Link the WSUS GPO to the Clients OU. Specify Clients as the target computer group in WSUS. Answer: B

47. You are the network administrator for your company. All client computers run Windows XP Professional. All servers run Windows Server 2003. The company has offices in Los Angeles, San Francisco, and Seattle. Each office is configured as a separate IP subnet. DNS is the only method of name resolution used on the network. You need to implement a software update infrastructure on the network. You install Windows Server Update Services (WSUS) on a computer named Server1 in the Los Angeles office. You install WSUS on Server1 with all default settings. You create a Group Policy object (GPO) named WSUS. You have no plans to install additional WSUS servers. You need to ensure that client computers can successfully connect to the WSUS server. What should you do? A. Configure the Internet browser home page on all client computers to point to http: //windowsupdate.microsoft.com. B. In the WSUS GPO, specify the Server Name property to be the server's fully qualified domain name (FQDN).

C. On the WSUS server, configure the IIS Manager to require HTTP over SSL. D. Enable communication over port 443 between all client computers and the WSUS server. Answer: B

48. You are the network administrator for your company. The network consists of a single IP subnet. All servers run Windows Server 2003. All client computers run Windows XP Professional. You need to install Windows Server Update Services (WSUS) on a computer named Server1. Server1 has limited hard disk space. Server1 stores a minimal amount of information locally. Client computers must install Microsoft critical updates. You need to ensure that client computers download updates directly from Microsoft Update. Only approved updates should be downloaded. What should you do? A. Open the WSUS console. Specify the Update Source as Synchronize from Microsoft Update. B. Open the WSUS console. Modify the synchronization option to not store updates locally. C. Modify the default home page for all client computers to https: //windowsupdate.microsoft.com. D. Configure the client Group Policy object (GPO) to use Microsoft Update as its update source. Answer: B

49. You are the network administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Windows Software Update Services (WSUS) on a computer named Server1. This WSUS installation must meet the following requirements: Use the least amount of disk space on Server1. All updates must be tested before being deployed to the client computers. You clear the Automatically Approve Updates for Installation checkbox. You open the WSUS console. You need to complete the installation and meet the requirements. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Change the Advanced Synchronization Options dialog box so that updates are not stored locally. B. Change the Revisions to Updates setting so that new versions of previously approved updates are not

automatically approved. C. Change the Revisions to Updates setting to automatically approve all updates. D. Remove the Critical Updates option from Updates Classifications. Answer:A AND B

50. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You need to implement a new software update infrastructure. You discover that security patches, critical updates, and service packs have never been installed on any client computer on the network. You install Windows Server Update Services (WSUS) on a Windows Server 2003 computer named Server5. You synchronize and approve all of the current security patches, critical updates, and service packs. You need to ensure that all client computers receive all Microsoft security patches, critical updates, and service packs. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Open the WSUS console. Select the option to automatically approve WSUS updates. B. Install the Automatic Updates client on all client computers. C. Modify the Microsoft Update settings of the Default Domain Controller organizational unit (OU) Group Policy object (GPO) to point client computers to http ://server5. D. Modify the Microsoft Update settings of the Default Domain Policy Group Policy object (GPO) to point client computers to http: //server5. E. Open the WSUS console. Create a target group and assign all client computers to the group. Answer:B AND D

51. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run either Windows 2000 Professional with Service Pack 4 or Windows XP Professional. You install Windows Server Update Services (WSUS) on a computer named Server2. You create a Group Policy object (GPO) that configures all client computers to receive software updates from Server2. One week later, you run Microsoft Baseline Security Analyzer (MBSA) on all client computers to find out whether all updates are being applied. You discover that all of the Windows 2000 Professional client computers

receive updates, but the Windows XP Professional client computers do not receive updates. You verify that the GPO setting was applied on all Windows XP Professional computers. You need to ensure that the Windows XP Professional client computers receive their updates from Server2. What should you do? A. Make all users of Windows XP Professional client computers members of the Administrators local group. B. On all Windows XP Professional client computers, install the latest service pack. C. On all Windows XP Professional client computers, use the gpupdate /force command. D. On all Windows XP Professional client computers, delete the NoAutoUpdate value under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU. Answer:B

52. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Windows Server Update Services (WSUS) on a network server named Server1. When you attempt to synchronize Server1 with the Windows Update servers, you receive an error message. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that Server1 can communicate with the Windows Update servers. What should you do on Server1? A. Restart the IIS administration tool. B. Configure the Internet Explorer settings to bypass the proxy server. C. In the WSUS options, configure authentication to the proxy server. D. Install the ISA Firewall Client. Answer:C

53. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. A new low-priority update, Q318138, is released and is synchronized with the Windows Server Update Services (WSUS) server on the network. You decide to approve the update without testing. After the update is applied to client computers, users report that they can no longer run an accounting application.

You need to remove the update from all client computers until you can test the update. What should you do? A. Clear the Automatically approve new versions of previously approved updates option on the WSUS server. Resynchronize the server with the Windows Update server. B. Clear the update for approval on the WSUS server. Resynchronize the server with the Windows Update servers. C. Clear the update for approval on the WSUS server. Run the spuninst command from the Systemroot\$NtUninstallQ318138$\spuninst directory on each client computer. D. Clear the Automatically approve new versions of previously approved updates option on the WSUS server. Delete the Systemroot\$NtUninstallQ318138$ directory on each client computer. Answer: C

54. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You install and configure a single server to run Windows Server Update Services (WSUS). You configure the appropriate Group Policy settings to specify separate WSUS target groups for client and server computers. You need to ensure that computers automatically assign themselves to the correct computer group. What should you do? A. In the WSUS console, configure Computer Options so that Use group policy or registry settings on computers is selected. B. In the WSUS console, configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected. C. In the WSUS console, create the appropriate computer groups. D. Create organizational units (OUs) for each group. Answer: A AND C

55. You are the network administrator for your company. The company has offices in Seattle and Chicago. The network consists of a single Active Directory forest. All servers run Windows Server 2003. All client computers run Windows XP Professional with the latest service pack installed. There is a Windows Server Update Services (WSUS) Server named Server1 in the Seattle office. Server1 is configured to store updates locally. You need to configure a WSUS server named Server2 in the Chicago office. The installation must meet the

following requirements: Client computers in Chicago must automatically receive the same updates as client computers in Seattle. Client computers in Chicago must get updates from Server2. What should you do? A. Configure Server2 to inherit all settings from Server1. Assign all client computers in Chicago to a new Group Policy object (GPO). B. Configure Server2 to synchronize content from Server1. Assign all client computers in Chicago to a new Group Policy object (GPO). C. Configure Server2 to synchronize content from Microsoft Update. Assign the Chicago client computers to the same Group Policy object (GPO) as the Seattle client computers. D. Configure Server2 to synchronize content from Microsoft Update. Assign all client computers in Chicago to a new Group Policy object (GPO). Answer: A

56. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. You need to update six high-visibility servers with critical updates by using Windows Server Update Services (WSUS). You approve all of the updates. You need to ensure that the updates are applied within one hour. What should you do? A. On the WSUS server, type the gpupdate /force command at the command prompt. B. On the WSUS server, type the wuauclt /detectnow command at the command prompt. C. On each of the six servers, type the gpupdate /force command at the command prompt. D. On each of the six servers, type the wuauclt /detectnow command at the command prompt. Answer: D

57. You are the network administrator for your company. The network consists of a single subnet. The network contains 150 client computers and 16 servers. All computers on the network use the 10.10.0.0/16 addressing scheme.

Your manager instructs you to place the 16 servers into a separate subnet that uses the 192.168.1.0 public addressing scheme. You must plan for a maximum of 30 servers in the future. You need to configure a new subnet mask. The subnet mask must allow a sufficient number of IP addresses for the existing servers and for future server growth. However, you want to conserve addresses as much as possible. Which subnet mask should you use? To answer, drag the appropriate subnet mask to the correct location in the dialog box.

58. You are a network administrator for City Power & Light. The network consists of a single Active Directory domain named cpandl.com. You install a new client-server application on a Windows Server 2003 computer named Server1. Server1 is not a member of the domain. Server1 has static IP address 192.168.6.23. You install the client software on two Windows XP Professional domain computers in order to test access to the application on Server1. You plan to install the client software on 270 additional Windows XP Professional computers. The client software must be able to resolve to Server1 by using the fully qualified domain name (FQDN) server1.cpandl.com. A Windows Server 2003 computer named Server2 is the DNS server and has the IP address 192.168.6.1. The cpandl.com zone is configured to accept only secure updates. When you run the ping command to 192.168.6.23, you receive valid replies. When you attempt to run the client software on the two test computers, the software cannot locate Server1 and terminates. You need to correct this problem with the minimum amount of administrative effort.

What should you do? A. From a command prompt on Server1, run the ipconfig /registerdns command. B. On each of the two test computers, type the following line in the Hosts file: server1.cpandl.com 192.168.6.23 #pre C. Create an organizational unit (OU) named ApplicationServersOU. Create a computer account named Server1 in ApplicationServersOU. Set the Primary DNS Suffix Group Policy setting on an ApplicationServersOU Group Policy object (GPO) to cpandl.com. Restart Server1. D. On Server2, enter a host (A) record for Server1 that displays Server1's IP address as 192.168.6.23. On Server1, in the Computer Name Changes dialog box in System Properties, enter cpandl.com as the primary DNS suffix of the computer. Restart Server1. E. On Server1 in the Internet Protocol (TCP/IP) Properties dialog box, in the Preferred DNS server field, type 192.168.6.1. Answer: D

59. You are the network administrator for your company. The network consists of a single Active Directory domain. The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.)

You need to configure a server named Server1 to use a valid static IP configuration. You need to enable Server1 to communicate with all hosts on the network and on the Internet. You want Server1 to query the DNS server on the local subnet for name resolution. You also want to configure redundancy for name resolution. What should you do?

Answer:

60. You are the network administrator for City Power & Light. The network consists of a single Active Directory domain named cpandl.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. A server named Server1 functions as a DHCP server, and a server named Server2 functions as a DNS server. The relevant portion of the network is shown in the Network exhibit. (Click the Exhibit button.)

You configure Server1 to distribute IP addresses to all of the client computers on the 10.9.7.0 subnet. The DHCP server scope settings are shown in the DHCP exhibit. (Click the Exhibit button.)

All users of client computers on the 10.9.7.0 subnet report that they can see each other's computers in My Network Places but cannot access the Internet or the 10.9.8.0 subnet. Users of client computers in the 10.9.7.0 network cannot access servers on either subnet. Users of client computers on the 10.9.8.0 subnet can access servers on both subnets and can access the Internet. All servers use static IP addresses. You need ensure that all client computers can access the Internet. What should you do? A. On Server2, configure the DHCP Relay Agent. B. On Server2, add a host (A) record for Server1 at address 10.9.8.91.

C. On Server1, authorize DHCP. D. On Server1, activate the 10.9.7.0 scope. E. On Server1, disable the 001 Microsoft Disable Netbios Option option. Answer: A

61. You are the network administrator for your company. The network consists of a single subnet. A Windows Server 2003 computer named Server1 functions as a DHCP server. Server1 leases IP addresses in the 10.1.1.0/24 range to desktop client computers. There are 12 client reservations for other servers and network printers. You have configured several detailed scope and server options. If Server1 fails, you want to have a contingency plan that will allow you to use a domain controller named DC2 as a DHCP server as quickly as possible. You install DHCP on DC2 without any configuration and stop the DHCP Server service. You want to list the tasks that are required to back up Server1 and the tasks that are required to restore the backup to DC2. A backup age of 24 hours or less is acceptable. If Server1 fails, which set of tasks is required to enable DC2 to replace Server1 as the DHCP server? A. On Server1: Schedule the Backup utility to back up the System State data to tape every 24 hours. On DC2: Perform a non-authoritative System State restore. Using the Services console, start the DHCP Server service. Authorize DHCP. Reconcile the database. B. On Server1: Use the Backup utility to schedule a tape backup of the DHCP database every 24 hours. On DC2: Restore the tape backup of the DHCP database to a folder. Using the DHCP console, restore the backup from the same folder. From the command prompt, type net start dhcpserver. Authorize DHCP. C. On Server1: Schedule the Backup utility to back up the System State data to tape every 24 hours. On DC2: Perform an authoritative System State restore. Manually re-create the server and scope options that were on Server1. From a command prompt, type net start dhcpserver. Authorize DHCP. D. On Server1: Use the DHCP console to perform a DHCP backup every 24 hours. Copy the backup on a network share that is accessible by DC2. On DC2: Copy the backup to a local folder. Using the DHCP console, restore the backup from the local folder. From a command line, type net start dhcp. Authorize DHCP. Re-create the 12 client reservations. Answer: B

62. You are the network administrator for your company. The network contains 1,300 Windows XP Professional computers. All client computers receive their IP addresses from a DHCP server. You are configuring a DHCP scope to assign addresses to the client computers. You need to place all the client computers in the same subnet. You need to reserve 100 addresses for servers and printers that will not receive IP address assignments automatically. To allow for future growth, you need to configure the scope to host 3,800 client computers. How should you configure the scope?

Answer:

63. You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain named alpineskihouse.com. Your company acquires a company named Adventure Works. The Adventure Works network consists of a single Active Directory domain named adventure-works.com. A server named Server32 is a network-management application server in the adventure-works.com domain. Server32 accesses all of the desktop client computers to perform automated software upgrades and hardware inventory. The network-management software on Server32 references desktop computers by unqualified host names, which are resolved to clientname.adventure-works.com by using a DNS server. You join Server32 to your domain to become server32.alpineskihouse.com. The Server32 IP address is 10.10.10.90. You are gradually migrating all adventure-works.com desktop client computers to your domain to become clientname.alpineskihouse.com. You do not have access to the adventure-works.com DNS server. When Server32 attempts to apply an update to the client computers, the network-management software returns many alerts that say that desktop computers cannot be found. You want to allow the network-management software on Server32 to resolve unqualified client computer host names in adventure-works.com or alpineskihouse.com, and you want to use the minimum amount of administrative effort. What should you do? A. On the DNS server for alpineskihouse.com, add a zone for adventure-works.com. Create a host (A) record for server32.adventure-works.com that points to 10.10.10.90. B. On Server32, in System Properties, type adventure-works.com in the Primary DNS suffix of this computer field in the DNS Suffix and Netbios Computer Name setting. C. On Server32, configure a Hosts file that contains the name and IP address of every network computer. D. On Server32, in Advanced TCP/IP Settings, add adventure-works.com and alpineskihouse.com to the Append these DNS suffixes (in order) setting. Answer: D

64. You are the network administrator for A. Datum Corporation. The company uses the adatum.com namespace for its internal network. The company network consists of two networks that are connected by a WAN link. The 10.9.9.0 network uses the

10.9.9.0/24 address. The 10.9.8.0 network uses the 10.9.8.0/24 address. The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.)

The network contains the DNS servers that are configured as shown in the following table.

In the 10.9.9.0/24 network, a server named Server1 frequently needs to resolve names in the adatum.com namespace and on the Internet. You need to configure the TCP/IP properties of Server1 to use the most efficient server as its preferred DNS server. The number of hops required to resolve any name must be kept to a minimum. You also need to minimize the amount of network traffic that is caused by name resolution. On Server1, which DNS server should you configure as the preferred DNS server? A. DNS1 B. DNS2 C. DNS3 D. 131.107.5.1

Answer: C

65. You are the network administrator for Contoso, Ltd. The network contains two Windows Server 2003 computers and 220 Windows XP Professional computers. You plan to add 75 Windows XP Professional computers to a new subnet on the network. A server named Server1 hosts the DNS services for the network. You place Server1 in the new subnet. A server named Server2 hosts the DHCP services for the network. The router is configured as a DHCP relay agent. You place a client computer named Client1 in the new subnet. The relevant portion of the network is shown in the Network exhibit. (Click the Exhibit button.)

You configure the DHCP server with two scopes. One scope leases IP addresses to client computers on the 192.168.0.0 subnet. The other scope leases IP addresses to the 192.168.5.0 subnet. You test the new configuration with Client1. Client1 can ping Server2 by its IP address, but not by the name Server2.contoso.com. Client1 can ping Server1 by both its name and its IP address. You run the ipconfig command to verify the IP configuration of Client1. The results are shown in the IP Configuration exhibit. (Click the Exhibit button.)

You need to configure Client1 so that it can address all the hosts on the network by their names. How should you configure the DHCP service for the 192.168.0.0 scope on Server2? A. Set the default gateway as 192.168.0.100. B. Set the subnet mask to 255.255.0.0. C. Set the primary DNS suffix to contoso.com. D. Set the IP address of the DNS server to 192.168.0.100. Answer: D

66. You are a network administrator for your company's main office in Chicago. The main office contains 3,000 desktop computers. A Windows Server 2003 computer named Server14 is the DHCP server for the network. The hardware configuration of Server14 is shown in the following table.

Server14 is capable of supporting two processors. Nine hundred users from a branch office relocate to the main office in Chicago. The help desk reports that client computer IP addresses take an unusually long time to renew. You confirm that network utilization is within

acceptable limits. You notice that in the DHCP Server performance object, the milliseconds per packet (Avg.) counter is 40 percent higher than the baseline. You run System Monitor to baseline Server14 during normal business hours. You observe the performance results shown in the following table.

You want to improve the performance of Server14. What should you do on Server14? A. Move the database path to drive E. B. Move the database path to drive D. C. Increase RAM to 1024 MB. D. Add an additional processor. Answer: A

67. You are a network administrator for your company. The network consists of a single Active Directory domain. You manage the 10.10.0.0 subnet and the 10.9.0.0 subnet. The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.)

The DHCP server for the domain is a member server named Server9. Server9 successfully leases IP addresses to 600 desktop client computers and 200 portable computers. The portable computers connect to one subnet or the other during each day. Desktop client computers and portable computers run Windows XP Professional. Several portable computer users on the 10.10.0.0 subnet report that they receive error messages indicating duplicate IP addresses. Users with these errors cannot be authenticated by the domain controllers. You examine the DHCP log file on Server9 and notice several NACK messages. What is the most likely cause of these errors? A. Server9 is not authorized. B. The DHCP scope is not activated. C. The router is not a BOOTP router. D. A Windows NT Server 4.0 DHCP server is on the network. E. A Windows Server 2003 DHCP server with workgroup membership and an activated 10.10.0.0 scope is on the network. Answer: D

68. You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run Windows XP Professional, Windows 2000

Professional, or Windows NT Workstation. All client computers are configured with default settings. A server named Server1 functions as a DHCP and DNS server. All client computers are configured to use Server1 for name resolution. All DNS zones on Server1 are enabled for DNS dynamic updates. The company's written security policy states that, when possible, the computer account for each client computer should be the owner of its own DNS host record. A server named Server18 contains antivirus server software. Server18 must be able to contact client computers by using fully qualified domain names (FQDNs) to propagate virus definition updates. You need to ensure that Server18 can resolve FQDNs for all client computers on the network. Which option should you modify on Server1? A. the Dynamically update DNS A and PTR records only if requested by the DHCP clients check box B. the Always dynamically update DNS A and PTR records check box C. the Discard A and PTR records when lease is deleted check box D. the Dynamically update DNS A and PTR records for DHCP clients that do not request dynamic updates (for example, clients running Windows NT 4.0) check box Answer: D

69. You are the network administrator for your company. The network consists of a single Active Directory domain and two subnets. The network contains a Windows Server 2003 computer named Server2. On Server2, Routing and Remote Access is enabled and is configured as a dial-up server. A Windows Server 2003 computer named Server3 functions as a DHCP server. Server3 is authorized in the domain and leases 192.168.1.0/24 addresses to desktop client computers on the LAN and to Server2 for dial-up user connections. On Thursday, several dial-up users report that they cannot connect to Server2. You open DhcpSrvLog-Thu.log and notice several lines that are partially shown in the following list. 15,...NACK,192.168.1.107,server2 15,...NACK,192.168.1.103,server2 15,...NACK,192.168.1.104,server2 15,...NACK,192.168.1.105,server2 15,...NACK,192.168.1.106,server2 15,...NACK,192.168.1.108,server2

15,...NACK,192.168.1.110,server2 You want the dial-up users to have successful connections, and you want to avoid disrupting the LAN. What should you do? A. Delete the scope and create a new one in the 10.10.0.0 class. B. On Server3, configure the Conflict detection attempts setting to 2. C. For the default Routing and Remote Access Class, create a 051 Lease scope option lease duration that uses a longer lease duration than the LAN. D. Configure a static address pool on Server2 for the dial-up client computers. Answer: D

70. You are the network administrator for the Paris branch office of Fourth Coffee. The Paris office has a Windows Server 2003 DNS server named Server10. Server10 hosts a DNS primary zone named fourthcoffee.com. All computers in the Paris office are configured to use Server10 as their preferred DNS server. The Berlin branch office of Fourth Coffee has a UNIX DNS server named Server11. Server11 hosts a primary zone named engineering.fourthcoffee.com. The refresh interval of the engineering.fourthcoffee.com zone is set to 24 hours. In the Berlin office, a firewall filters all incoming network traffic from other offices. A rule on this firewall prevents all computers from the Paris office network, except Server10, from performing DNS lookups against Server11. There is a business requirement that no delay should occur between the time that a new record is created in the engineering.fourthcoffee.com zone and the time that the record can be resolved from any computers in the Paris office. All computers in the Paris office must be able to resolve names in the engineering.fourthcoffee.com namespace. You need to configure DNS on Server10 to meet the requirements. What should you do? A. Set up a stub zone named engineering.fourthcoffee.com. B. Set up conditional forwarding to Server11 for the engineering.fourthcoffee.com namespace. C. In the fourthcoffee.com zone, set up a delegation to the engineering.fourthcoffee.com zone on Server11. D. Set up a secondary zone named engineering.fourthcoffee.com that has Server11 as master.

Answer: B

71. You are the network administrator for A. Datum Corporation. The company registers the DNS domain name adatum.com. The adatum.com DNS domain will contain the host name records for three servers in the company that are accessible from the Internet. One of these servers functions as a Web server, one functions as an FTP server, and one functions as a mail server. The primary name server for the adatum.com zone is a Windows Server 2003 computer named DNS01. DNS01 is on a network segment that is accessible from the Internet. The company also wants to use the DNS namespace adatum.com to register hosts from the internal network. The internal network is protected by a firewall that filters traffic from the Internet. The written company security policy states that host names on the internal network must not be resolved by queries from the Internet. You install Windows Server 2003 on a computer named DNS02. DNS02 will be used to allow computers on the internal network to resolve host names in the adatum.com namespace. All computers on the internal network will be configured to use DNS02 as their DNS server. The company network is configured as shown in the exhibit. (Click the Exhibit button.)

You need to configure DNS01 and DNS02 so that all computers on the internal network can resolve the host names of other computers on the internal network, and

the three servers that are accessible from the Internet. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Create a primary DNS zone named adatum.com on DNS02. B. Create a secondary DNS zone named adatum.com on DNS02. C. Configure DNS forwarding from DNS02 to DNS01. D. Configure DNS forwarding from DNS01 to DNS02. E. Manually add a host (A) record for each computer on the internal network to the adatum.com zone on DNS01. F. Manually add a host (A) record for each Internet-accessible computer to the adatum.com zone on DNS02. Answer: A AND F

72. You are the network administrator for Margie¡'s Travel. The network consists of a single Active Directory forest that contains two domains named europe.margiestravel.com and namerica.margiestravel.com. The network contains Windows Server 2003 computers and Windows XP Professional computers. All client computers and 25 servers are dynamically assigned IP addresses by DHCP. All company computers are registered in either the europe.margiestravel.com DNS zone or the namerica.margiestravel.com DNS zone. All DNS servers contain copies of all zones. The written company network management policy states that computers cannot have duplicate host names. Client computers always connect to other computers by specifying only the name of the target computer. A fully qualified domain name (FQDN) is not required. You need to configure the client computers to ensure that all computer names can be resolved by using DNS without the domain name being specified. The configuration of client computers must be automated so that they do not need to be manually reconfigured if an additional domain is added to the forest. What should you do? A. Configure the Append these DNS suffixes option in the DNS client configuration of each client computer. B. Configure the 015 DNS Domain Name option on all DHCP scopes. C. Configure the Default Domain Policy Group Policy object (GPO) in each domain. Enable the DNS Suffix Search List policy setting in the GPO. D. Configure the Default Domain Policy Group Policy object (GPO) in each domain. Enable the Primary DNS Suffix policy setting in the GPO. Answer: C

73. You are a network administrator for Tailspin Toys. The network consists of three Active Directory domains named tailspintoys.com, asia.tailspintoys.com, and pacific.tailspintoys.com. An Active Directory application partition named asiapacificregion.tailspintoys.com has replicas on all domain controllers in the asia.tailspintoys.com and pacific.tailspintoys.com domains. Another Active Directory application partition named asiapacificdns.tailspintoys.com has been created on one of the DNS servers in the asia.tailspintoys.com domain. All the DNS servers run Windows Server 2003 and are configured as domain controllers. The DNS zones named tailspintoys.com, asia.tailspintoys.com, and pacific.tailspintoys.com are Active Directory-integrated zones. Company DNS management standards specify that all DNS zones must be replicated by using Active Directory. The intranet administrator of the Asia-Pacific regional division of the company wants a separate DNS zone to be created. This zone will be used to register host names for a regional intranet implementation. This zone must be replicated to all domain controllers in only the asia.tailspintoys.com and pacific.tailspintoys.com domains. The new zone will be named asiapacific.tailspintoys.com. You must create the asiapacific.tailspintoys.com zone. You need to choose the appropriate configuration settings to meet the requirements. How should you configure the asiapacific.tailspintoys.com zone? Answer:

74. You are the network administrator for Blue Yonder Airlines. All network servers run either Windows Server

2003, Windows 2000 Server, or Windows NT Server 4.0. All client computers run either Windows XP Professional, Windows 2000 Professional, Windows NT Workstation 4.0, or Windows 98. The network consists of an Active Directory domain named blueyonderairlines.com. All domain controllers in the domain run Windows Server 2003. All domain controllers also have the DNS service installed and host an Active Directory-integrated zone named blueyonderairlines.com. A Windows Server 2003 member server assigns IP addresses to all computers in the company. All IP addresses are assigned from the 10.1.0.0/24 scope. All computers in the company must always be registered automatically in the blueyonderairlines.com zone, regardless of the local TCP/IP configuration settings. Only computers that have valid computer accounts in the Active Directory domain must be able to register host (A) records in the zone. If a computer is removed from the network, the associated name registration must be removed from DNS. You are configuring the blueyonderairlines.com DNS zone and the 10.1.0.0/24 DHCP scope to comply with the stated requirements. Which configuration settings should you use?

Answer:

75. You are the network administrator for Trey Research. Trey Research uses a DNS namespace named treyresearch.com on the company intranet. Three hundred records have been manually created in the treyresearch.com zone for hosts that do not support dynamic updates. The treyresearch.com primary zone is currently located on a Windows Server 2003 computer named DNS01. No secondary zone is currently configured. The company purchases a new computer to function as the primary name server for the treyresearch.com zone. The new computer will be named DNS02. When DNS02 is configured, DNS01 must be reconfigured to host treyresearch.com as a secondary zone. You install Windows Server 2003 on DNS02 and add the DNS service. You need to configure DNS02 to host the primary zone for the treyresearch.com namespace. The records that are currently in the treyresearch.com zone must be retained. You want to ensure that all host names can be resolved immediately after DNS02 becomes the new primary name server for the zone. What should you do? A. On DNS02, set up a primary zone named treyresearch.com. Copy the file %systemroot%\system32\dns\treyresearch.com.dns from DNS01 to the same location on DNS02. On DNS01, delete the treyresearch.com primary zone. On DNS01, set up a secondary zone named treyresearch.com. B.On DNS02, set up a primary zone named treyresearch.com.

Enable dynamic updates on the zone. On DNS01, delete the treyresearch.com primary zone. On DNS01, set up a secondary zone named treyresearch.com. C.On DNS02, set up a secondary zone named treyresearch.com. Add a name server (NS) record for DNS02 to the treyresearch.com primary zone. On DNS02, change the zone type of the treyresearch.com secondary zone to a primary zone. On DNS01, delete the treyresearch.com primary zone. On DNS01, set up a secondary zone named treyresearch.com. D.On DNS02, set up a stub zone named treyresearch.com. Add a name server (NS) record for DNS02 to the treyresearch.com primary zone. On DNS02, change the zone type of the treyresearch.com stub zone to a primary zone. On DNS01, delete the treyresearch.com primary zone. On DNS01, set up a secondary zone named treyresearch.com. Answer: C

76. You are the network administrator for Wingtip Toys. The network consists of a single Active Directory domain named wingtiptoys.com. The Active Directory-integrated DNS zone named wingtiptoys.com is replicated to all domain controllers. Only domain controllers have the DNS service installed. The network management department requires all hosts in the manufacturing division to be registered in the DNS namespace manufacturing.wingtiptoys.com. The manufacturing.wingtiptoys.com namespace does not exist on any of the DNS servers. You need to add support for the manufacturing.wingtiptoys.com namespace to all the existing DNS servers. To reduce administrative overhead, you want to find a solution that will not require reconfiguration if DNS servers are added to the domain in the future. What should you do? A. Create a subdomain named manufacturing in the wingtiptoys.com zone. B. Create a delegation named manufacturing in the wingtiptoys.com zone. C. Create a stub zone for manufacturing.wingtiptoys.com. D. Create a primary zone for manufacturing.wingtiptoys.com that is not Active Directory-integrated. Answer: A

77. You are the network administrator for The Phone Company. The network consists of a single Active Directory domain. All servers run either Windows Server 2003 or Windows 2000 Server. All client computers run either Windows 2000 Professional or Windows XP Professional. The DNS service is installed on three Windows Server 2003 computers that are configured as domain controllers. The company's network management standards state that a DNS domain must be created for each regional division in the company. A new regional division named South America is added to the company. You need to create a corresponding DNS zone named samerica.thephone-company.com. The network management standards contain the following additional requirements. All hosts must be registered in DNS. All DNS records must be kept up-to-date at all times, and any changes to the host name or IP address must be updated on the DNS record. When hosts are removed from the network, the corresponding DNS records must be deleted. To prevent problems caused by duplicate computer names, one host must not be able to overwrite another host¡¯s entry in DNS. To reduce administrative effort, all possible administrative tasks should be automated. To allow for different requirements between departments, configuration changes should, where possible, be applied only to individual zones. You must configure the samerica.thephone-company.com zone to meet the stated requirements. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.) A. Create a primary zone named samerica.thephone-company.com, and ensure that the Store the zone in Active Directory option is disabled. B. Create a primary zone named samerica.thephone-company.com, and ensure that the Store the zone in Active Directory option is enabled. C. Enable automatic scavenging of stale resource records on all the DNS servers, and configure the scavenging options on the samerica.thephone-company.com zone. D. Configure the Expires after setting on the samerica.thephone-company.com zone to be 1 days. E. Configure the Dynamic updates setting on the samerica.thephone-company.com zone to be Secure only. F. Configure the Dynamic updates setting on the samerica.thephone-company.com zone to be Secure and nonsecure. Answer: B AND C AND E

78. You are the network administrator for Litware, Inc. The network consists of a single Active Directory domain named litwareinc.com. The domain DNS servers are configured as shown in the following table.

You uninstall DNS from Server2 and reconfigure Server2 as a file server. Then you reconfigure Server4 as a caching-only server. Next, you reconfigure the domain controllers to use Active Directory-integrated DNS zones. You need to eliminate unnecessary zone transfer activity on the network. What should you change in the Notify dialog box? Answer:

79. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain named contoso.com. The network topology is shown in the exhibit. (Click the Exhibit button.)

The configurations of the DNS servers that host the zone named contoso.com are shown in the following table.

The refresh interval for the zone is one hour. The zone contains 10,000 records. The network connection to Caracas is operating at 90 percent of capacity. You remove Server3 from the network to perform hardware maintenance. Two hours later, you bring Server3 back on the network. You need to ensure that Server3 can immediately provide accurate responses to client computer requests for data. You also need to ensure that no unnecessary network traffic is generated by the DNS servers. What should you do on Server3? A. Transfer the zone from the master server. B. Reload the zone from the master server. C. Update server data files. D. Scavenge stale resource records. Answer: A

80. You are the network administrator for Contoso, Ltd. The network consists of a single Windows Server 2003 DNS zone named contoso.com. The network topology is shown in the exhibit. (Click the Exhibit button.)

All network servers run Windows Server 2003. All IP addresses are statically assigned. The primary DNS zone for contoso.com is hosted on a server at the company's main office in Cairo. Secondary zones for contoso.com are hosted on servers in the branch offices. Another administrator reports that network utilization is at 90 percent of capacity. You reconfigure the refresh interval and the minimum default Time to Live (TTL) interval for the contoso.com zone, as shown in the following table.

You need to configure the start of authority (SOA) resource record properties for the contoso.com zone. You also need to ensure that the server in the Cairo office will continue to attempt zone transfers if an initial attempt fails. What should you do? A. Configure the contoso.com zone to expire after 1 hour. B. Configure the contoso.com zone to expire after 4 hours. C. Configure the contoso.com zone to expire after 20 seconds. D. Configure the retry interval to be 1 hour. E. Configure the retry interval to be 4 hours. F. Configure the retry interval to be 20 seconds. Answer: D

81. You are a network administrator for Litware, Inc. The company's main office is located in Lima, and branch offices are located in five other cities. The network consists of a single DNS domain named litwareinc.com. The

network configuration is shown in the exhibit. (Click the Exhibit button.)

All network servers run Windows Server 2003. All client computer IP addresses are assigned by using a DHCP server that is located in each office. Client computers are reimaged often and are assigned new names each time they are reimaged. All client computers are configured to reference their local DNS server as the preferred DNS server and to reference the central DNS server as the alternate DNS server. A primary zone for litwareinc.com is configured on a server in the Lima office. Secondary zones are configured on a server in each branch office. The retry interval, the refresh interval, the expiration interval, and the default minimum Time to Live (TTL) interval are configured with the default settings. Network bandwidth utilization averages 40 percent. The network connection between the Lima office and the Bogota office fails an average of twice per day. Users in the Bogota office occasionally receive incorrect responses to queries against the local DNS server when the network connection is interrupted during a zone transfer. You need to change the configuration of the start of authority (SOA) resource record for litwareinc.com. In addition, you need to reduce the possibility that users can query local DNS zones before successful zone transfers occur. What should you do? A. Change the retry interval to 12 hours. B. Change the default minimum Time to Live (TTL) to 2 days. C. Change the refresh interval to 2 days. D. Change the expiration interval to 12 hours. Answer: D

82. You are the network administrator for Contoso, Ltd. The network consists of two Active Directory domains named contoso.com and corp.contoso.com. All DNS zones are configured to be Active Directory-integrated zones. You create a global security group named ConsoleAdmins in corp.contoso.com. You add a member of the Domain Users global group named Anne to ConsoleAdmins. Anne logs on to her Windows XP Professional computer named Computer1. Anne runs the nslookup command and receives the output shown in the exhibit. (Click the Exhibit button.)

You need to configure the zone properties to ensure that Anne can list the contents of corp.contoso.com from Computer1. What should you do? A. Allow zone transfers to 192.168.2.47. B. Allow zone transfers to 192.168.2.45. C. Allow zone transfers to 192.168.2.27. D. Allow zone transfers to 169.254.25.142. E. Assign the ConsoleAdmins group the Allow - Full Control permisson. F. Assign the ConsoleAdmins group the Allow - List Contents permission. Answer: C

83. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain named contoso.com. The domain contains 10 Windows Server 2003 computers.

The domain controllers are also configured as DNS servers. Each DNS server hosts an Active Directory-integrated forward lookup zone named contoso.com. The DNS servers are also configured with a reverse lookup zone named 192.168.1.x Subnet. The DHCP server is configured with a scope that has the following properties: an IP address range from 192.168.1.1 - 192.168.1.254 a subnet mask of 255.255.255.0 an exclusion range from 192.168.1.1 - 192.168.1.55 scope options that include the assignment of a DNS server and a WINS server The existing servers have static IP addresses within the range of 192.168.1.1 - 192.168.1.10. You assign a static IP address to a new UNIX server named Server1. You need to create a new host (A) resource record for Server1. In addition, you need to ensure that the DNS servers will respond to reverse lookup queries against the IP address for Server1. You also need to maximize the security and availability of the A record for Server1. What should you do? Answer:

84. You are the network administrator for Margie¡¯s Travel. The network consists of an Active Directory forest named margiestravel.com. The IT department manages the forest root domain, which is named margiestravel.com.

The root domain contains three Windows Server 2003 domain controllers named DC01, DC02, and DC03. These three domain controllers have the DNS service installed. The configuration of the margiestravel.com zone is shown in the exhibit. (Click the Exhibit button.)

You view the event logs of the domain controllers. You notice that there are frequent failures of Active Directory transactions, which are caused by DNS lookup failures against the margiestravel.com zone. You discover that the data in the DNS zones on DC03 is out of date. You need to find out why the DNS data on DC03 is out of date. What should you do on DC03? A. Use the Replmon utility to look for Active Directory replication errors. B. Use Event Viewer to examine the DNS Server log for zone transfer errors. C. Enable debug logging and examine the log file for transfer packets. D. Use System Monitor to monitor the DNS\Zone Transfer Failure counter. Answer: A

85. You are the DNS administrator for Adventure Works.

Adventure Works is an Internet service provider (ISP) that hosts Web sites for many companies. Each Adventure Works DNS server hosts multiple DNS zones for customers. Several Adventure Works administrators are allowed to add DNS zones. You want to produce a weekly report that will list all the zones that are hosted on each DNS server. What should you do? A. Use the dnslint utility to query each DNS server. B. Use the dnscmd utility to query each DNS server. C. Use the nslookup utility to query each DNS server. D. Use the adsiedit utility to query Active Directory for a list of DNS zones. Answer: B

86. You are the network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain named fabrikam.com. A Windows Server 2003 computer named Server1 functions as the DNS server for the domain. Wingtip Toys is a division of Fabrikam, Inc. The Wingtip Toys network consists of a single Active Directory domain named wingtiptoys.com. Server1 is a secondary zone server for wingtiptoys.com. You are monitoring notification traffic between the two domains. You need to keep a record of when the primary DNS server for wingtiptoys.com informs Server1 of available changes in the wingtiptoys.com zone. What should you do? A. Use the Performance console to create a log of the DNS performance counter Notification Received on Server1. B. Enable debug logging on Server1. Configure the log to record Notification events. C. Run the replmon command to monitor replication events on Server1. D. Run the dcdiag command to check DNS registration on Server1. Answer: B

87. You are the network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain named fabrikam.com. A Windows Server 2003 computer named Server1 is the only DNS server in the domain. It hosts no other zones.

Users report that connecting to computers within the fabrikam.com domain is slow. You need to find out whether DNS client traffic on Server1 is causing this problem. What should you do? A. Use System Monitor to create a log of the DNS counters Dynamic updates/sec and Total queries/sec. B. Use System Monitor to create a log of the NetworkInterface counter Total bytes/sec. C. Enable debug logging on Server1. Configure the log to capture Notification events. D. Enable debug logging on Server1. Configure the log to capture Update events. Answer: A

88. You are the network administrator for Contoso, Ltd. The network consists of two DNS domains named contoso.com and south.contoso.com. A Windows Server 2003 computer named Server1 is a domain controller and DNS server for contoso.com. Server1 is also a secondary zone server for south.contoso.com. A Windows 2000 Server computer named Server2 is a domain controller and the DNS server for south.contoso.com. The two DNS domains are connected through an ISDN line. You need to monitor the successful incremental zone transfers from south.contoso.com to contoso.com. What should you do? To answer, configure the appropriate option or options in the dialog box, and drag the appropriate computer and counter to the correct locations. (Not all parts of the dialog box are active.) Answer:

89. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; and 2,200 Windows 2000 Professional computers. The written company security policy states that all computers in the domain must be examined, with the following goals: to find out whether all available security updates are present to find out whether shared folders are present to record the file system type on each hard disk You need to provide this security assessment of every computer and verify that the requirements of the written security policy are met. What should you do? A. Open the Default Domain Policy and enable the Configure Automatic Updates policy. B. Open the Default Domain Policy and enable the Audit object access policy, the Audit account management policy, and the Audit system events policy. C. On a server, install and run mbsacli.exe with the appropriate configuration switches. D. On a server, install and run HFNetChk.exe with the appropriate configuration switches. Answer: C

90. You are a network administrator for your company. The network consists of a single Active Directory domain. The domain contains three Windows Server 2003 domain controllers, 20 Windows Server 2003 member servers, and 750 Windows XP Professional computers. The domain is configured to use only Kerberos authentication for all server connections. A user reports that she receives an "Access denied" error message when she attempts to connect to one of the member servers. You want to test the functionality of Kerberos authentication on the user's client computer. Which command should you run from the command prompt on the user's computer? A. netsh B. netdiag C. ktpass D. ksetup Answer: B

91. You are the network administrator for Humongous Insurance. The network consists of a single Active Directory domain named humongous.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You configure several Group Policy objects (GPOs) to enforce the use of IPSec for certain types of communication between specified computers. A server named Server2 runs the Telnet service. A GPO is supposed to ensure that all Telnet connections to Server2 are encrypted by using IPSec. However, when you monitor network traffic, you notice that Telnet connections are not being encrypted. You need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use? A. the IP Security Policy Management console B. the IP Security Monitor console C. the Resultant Set of Policy console D. Microsoft Baseline Security Analyzer (MBSA) Answer: C

92. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains Windows Server 2003 computers and Windows XP Professional computers. On a server named Server1, you configure Routing and Remote Access to be a remote access server. All remote access client computers obtain an IP address from a DHCP server. You create remote access policies and verify that users can establish dial-up connections to Server1. Users report that they cannot access other computers on the network while dialed in to Server1. You need to ensure that remote access users can connect to all computers on the company network while dialed in to Server1. In the Routing and Remote Access console, you select the properties page for Server1. What should you do next? To answer, configure the appropriate option or options in the Server1 properties. Answer:

93. You are a network administrator for your company. A Windows Server 2003 computer named Server1 is exhibiting connectivity problems. You monitor Server1 by using System Monitor and Network Monitor. While monitoring, you notice that Server1 has approximately 4 MB

of available memory, and the average CPU utilization is running at 95 percent. When you investigate the Network Monitor capture, you notice that some network packets sent to Server1 during the capture have not been captured. You need to ensure that the impact of monitoring on Server1 is reduced and that all packets sent to the computer are captured. What should you do? A. From a command prompt, run the diskperf command. B. Run Network Monitor in dedicated capture mode. C. Configure a Network Monitor capture filter. D. Increase the buffer size in Network Monitor. Answer: B

94. You are the network administrator for your company. The Denver office is currently connected to the corporate WAN by using a Windows Server 2003 computer named Server23. Server23 is configured as a dial-up router. Server23 has two network adapters. One network adapter connects to the Ethernet LAN. The other network adapter is a broadband networking device. The company plans to increase the number of employees in the Denver office by at least 25 percent. You need to confirm that the current network bandwidth of the broadband connection will be sufficient for the future expansion of the Denver office. You want to use System Monitor on Server23 to find out the current utilization of the broadband network connection. What should you do? A. Monitor the Bytes Total/sec counter on the Network Interface object. B. Monitor the Bytes Total/sec counter on the Server object. C. Monitor the Server\\Packets/sec counter on the Server object. D. Monitor the Current Bandwidth counter on the Network Interface object. Answer: A

95. You are the network administrator for your company. The network contains 12 Windows Server 2003 computers and 300 Windows XP Professional computers.

Three servers named Server4, Server5, and Server6 run a critical business application. When performing performance baselining on these three servers, you notice that Server6 has a larger number of concurrently connected users at any given moment than Server4 or Server5. The additional workload is causing performance problems on Server6. You need to identify which client computers are connecting to Server6. You plan to run Network Monitor on Server6 to capture all packets sent to Server6. The capture task must be configured to meet the following requirements. To reduce the size of the captured data, you want to capture only the packet headers. If a large number of packets are captured, the packets must be retained on the server. Captured packets must not overwrite previously captured packets. Which two tasks should you perform to configure Network Monitor? (Each correct answer presents part of the solution. Choose two.) A. Configure the Network Monitor display filters. B. Configure the Network Monitor capture filters. C. Increase the Network Monitor buffer size setting. D. Decrease the Network Monitor buffer size setting. E. Increase the Network Monitor frame size setting. F. Decrease the Network Monitor frame size setting. Answer: C AND F

96. You are the network administrator for your company. The network contains a Windows Server 2003 Web server named WebServer1. WebServer1 is connected to the Internet by means of a dedicated link. You are responsible for monitoring the bandwidth utilization of WebServer1. You run a System Monitor log on WebServer1, which monitors the Bytes Total/sec counter on the Network Interface object. The sample rate for the counter is set to 15 seconds. The log is archived once each day. The size of the System Monitor log is becoming too large for the available disk space. You need to reconfigure the System Monitor log settings to reduce the amount of data that is captured. What should you do? A. Retain the current counter, but set the sample rate to 5 seconds. B. Retain the current counter, but set the sample rate to 60 seconds. C. Change the counter to Total Bytes, and set the sample rate to 15 seconds.

D. Change the counter to Current Bandwidth, and set the sample rate to 60 seconds. Answer: B

97. You are the network administrator for your company. A Windows Server 2003 computer named Router11 is used to connect the network to the Internet. You find out that some computers on the network are infected with a worm, which occasionally sends out traffic to various hosts on the Internet. This traffic always uses a certain source TCP port number. You need to identify which computers are infected with the worm. You need to configure a solution on Router11 that will perform the following two tasks: Detect and identify traffic that is sent by the worm. Immediately send a notification to a network administrator that the infected computer needs to be repaired. What should you do? A. Configure a WMI event trigger. B. Configure a Network Monitor capture filter. C. Configure a Network Monitor trigger. D. Configure a System Monitor alert. Answer: C

98. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains Windows Server 2003 computers and Windows XP Professional computers. You configure a server named Server1 to be a file server. The written company security policy states that you must analyze network traffic that is sent to and from all file servers. You need to capture file-transfer network traffic that is being sent to and from Server1. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on a server named Server2, which is on the same network segment as Server1. You run Network Monitor on Server2. However, Network Monitor captures only network traffic that is sent to and from Server2. You need to capture all network traffic that is sent to and from Server1. What should you do? A. Install the Network Monitor driver on Server1. Run Network Monitor on Server2 to capture network traffic.

B. Open Network Monitor on Server2 and create a capture filter to enable the capture of all protocols. Run Network Monitor to capture network traffic. C. Install Network Monitor Tools on Server1. Run Network Monitor to capture network traffic. D. Open Network Monitor on Server2 and increase the capture buffer from 1 MB to 20 MB in size. Run Network Monitor to capture network traffic. Answer: C

99. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 25 Windows Server 2003 computers and 6,000 Windows XP Professional computers. The written company security policy states that network traffic to Web servers must be audited on a regular basis. A server named Server1 is configured as a Web server on the company's intranet. You install Network Monitor Tools from a Windows Server 2003 product CD-ROM on Server1. You run Network Monitor on Server1 for three hours. When you stop the network capture, you see that Network Monitor captured over 40,000 frames. As you look at the captured frames, you notice that an extremely large number of TCP connection requests have all come from the 131.107.0.1 IP address. In Network Monitor, you need to view only the frames for network traffic that are captured between Server1 and the 131.107.0.1 IP address. What should you do? A. Create an Address Capture filter for all network traffic between Server1 and the 131.107.0.1 IP address. B. Create a Find Frame Expression filter for network traffic captured between Server1 and the 131.107.0.1 IP address. C. Create an Address Display filter for all network traffic captured between Server1 and the 131.107.0.1 IP address. D. Create a Pattern Match capture trigger for the 131.107.0.1 IP address. Answer: C

100. You are the network administrator for Alpine Ski House. The network consists of a single Active Directory domain named alpineskihouse.com.

A supplier named Adventure Works allows Alpine Ski House to directly view the Adventure Works inventory. Adventure Works hosts a Web site that buyers can access through a VPN connection. Users in the purchasing department at Alpine Ski House access the Adventure Works Web site every day. During each visit to http://inventory.adventure-works.com, users click on up to six hyperlinks to access the desired data. In conversation with Adventure Works network administrators, you find out that the http://inventory.adventure-works.com Web site should cause cookies to be created on the purchasing department users' computers. The cookies cause the Web page to display the "Your last search results" hyperlink. This hyperlink would be very useful for users in your purchasing department, because they usually search for the same data during each visit to the Web site. However, none of your users see this hyperlink. You view the Internet Explorer Internet options on one of the purchasing department user's Windows XP Professional computers. The Privacy tab indicates a setting of High. Your company places a high priority on protecting user privacy and confidential data. You want to allow cookies that will cause http://inventory.adventure-works.com to display the last search results for each purchasing department user. How should you configure the Internet options on purchasing department computers? A. In the Privacy tab, use the Edit button to allow http://inventory.adventure-works.com. B. In the Privacy tab, change the privacy setting to Medium. C. Set the advanced privacy settings to Override automatic cookie handling. Block first-party cookies and accept third-party cookies. D. Set the advanced privacy settings to Override automatic cookie handling. Accept first-party cookies and block third-party cookies. Answer: A

101. You are the network administrator for City Power & Light. A new Windows Server 2003 computer named Server1 is located in a small branch office. Server1 runs third-party update software and needs to connect to the Internet to download software updates. Server1 distributes the updates to Windows XP Professional client computers in the branch office. You configure Server1 so that when you double-click the Internet Explorer icon, a VPN dial-up connection to the main office automatically starts. You want Server1 to access the Internet through a Microsoft Internet Security and Acceleration (ISA) Server computer named ISA1 in the main office.

ISA1 uses IP address 131.107.68.92 on the Internet and is also the Routing and Remote Access server to the LAN. The ISA1 LAN interface uses IP address 10.10.0.1. Inbound VPN connections receive 10.10.0.0 IP addresses. Client computers can connect to the internet only through ISA1. ISA1 has dynamically updated host (A) resource records for both ISA1 interfaces. On Server1, you double-click the Internet Explorer icon to initiate an Internet connection. Server1 successfully establishes a VPN connection to ISA1, but cannot connect to the Internet. The Internet Explorer settings for the VPN dial-up connection are shown in the exhibit. (Click the Exhibit button.)

Some users on other VPN connections to ISA1 report that they can connect to the Internet, and other users report that they cannot. You want Server1 and all other VPN connections to ISA1 to consistently connect to the Internet. What should you do? A. In the Internet Explorer settings for the VPN dial-up connection on Server1, select the Bypass proxy server for local addresses check box. B. In the Internet Explorer settings for the VPN dial-up connection on Server1, enter 10.10.0.1 for the the proxy server address. C. In the Internet Explorer settings for the VPN dial-up connection on Server1, select the Automatically detect

settings check box. D. On the network properties for the 131.107.68.92 connection on ISA1, clear the Register this connection's addresses in DNS check box. Answer: D

102. You are the network administrator for your company. The network consists of two subnets: 10.10.10.0/24 and 10.10.11.0/24. On a nonbusiness day, you replace previous DNS servers with Windows Server 2003 DNS servers. The BIND servers used IP addresses 10.10.10.10 and 10.10.11.10. The Windows Server 2003 DNS server named DNS1 will use IP address 10.10.10.20. The Windows Server 2003 DNS server named DNS2 will use IP address 10.10.11.20. The IP configuration of DNS1 is shown in the IP Configuration exhibit. (Click the Exhibit button.)

A router has IP addresses 10.10.10.1, 10.10.11.1, and 131.107.68.1. The router routes traffic between both LAN subnets and between the LAN and the Internet as shown in the Network exhibit. (Click the Exhibit button.)

The router blocks outbound UDP port 53 traffic to all addresses except 131.107.68.1. A DHCP server named DHCP1 has two scopes to provide IP address configuration to 600 Windows XP Professional computers on the two subnets. On the next business day, users report that they can access all LAN hosts and the intranet, but they cannot access Internet Web sites. You can access the intranet and public Internet Web sites from the DNS servers. You want to allow all users to access public Internet Web sites and the intranet. You want to log all DNS queries from the LAN on the two new Windows Server 2003 DNS servers. What should you do? A. Configure both DHCP server scope options to use 10.10.10.20, 10.10.11.20, and 131.107.68.93 for DNS IP addresses. B. Configure both DNS servers to use 131.107.68.93 as a forwarder. C. Add the Internet service provider's (ISP) DNS server to the name servers list in your zone. D. Configure both DNS servers to allow zone transfers to 131.107.68.93. Answer: B

103. You are the network administrator for A. Datum Corporation. The network consists of a single Active

Directory domain named adatum.com. The domain contains a Microsoft Internet Security and Acceleration (ISA) Server computer named ISACorp and a DNS server named DNS1. Both servers are Windows Server 2003 computers. The company redesigns network addressing, and you change the static IP addresses for ISACorp to the addresses shown in the Network exhibit. (Click the Exhibit button.)

DNS1 contains the new host (A) resource records for ISACorp. A Windows Server 2003 file server named Server1 is on the 10.10.11.0 subnet. Server1 has antivirus software installed that checks hourly for new virus definitions on a central antivirus server named WWW in the perimeter network. WWW is a Web server, and you can also access it through a Web page to perform manual virus definition updates. You find out about a new virus threat and want to immediately download the new update to Server1. You cannot access the WWW virus update Web site when you attempt to download a new virus update. The static TCP/IP configuration on Server1 uses DNS1 as the preferred DNS server. You confirm that ISACorp is configured properly. On Server1, you view the Internet Explorer LAN settings that are shown in the LAN Settings exhibit. (Click the Exhibit button.)

You want to allow Server1 to connect to WWW. What should you do? A. On Server1, from a command prompt, run the ipconfig /flushdns command. B. On Server1, in the LAN settings in Internet Explorer, select the Automatically detect settings check box. C. On ISACorp, from a command prompt, run the ipconfig /flushdns command. D. On ISACorp, from a command prompt, run the ipconfig /registerdns command. Answer: A

104. You are the network administrator for Alpine Ski House. The network consists of two Active Directory domains. One domain is named alpineskihouse.com. A subsidiary company named Adventure Works has a domain named adventure-works.com. Both domains are in a single forest. A primary DNS server for alpineskihouse.com is located in the company's Seattle office. A primary DNS server for adventure-works.com is located in the company's Portland office. Both DNS servers are Windows Server 2003 computers. Each domain has three regional offices. Each regional office contains the following computers: a secondary DNS server in its respective domain a DHCP server a recently installed Microsoft Internet Security and Acceleration (ISA) Server computer that connects the LAN to the Internet

Company sales representatives visit the Seattle office, the Portland office, and all regional offices several times each month. All sales representatives use Windows XP Professional portable computers that are members of the alpineskihouse.com domain. You create an appropriate wpad.dat script file on each of the ISA servers in each regional office. On each DHCP server, you configure the 252 Proxy Autodiscovery option and the corresponding http://ISAServerName/wpad.dat string value. Sales representatives report that they cannot access the Internet by using Internet Explorer when they visit an office that is in the adventure-works.com domain. You need to ensure that all users can access the Internet at all times. You want to use the minimum amount of administrative effort. What should you do? A. Configure Windows XP Professional portable computers with the primary DNS suffix of adventure-works.com. B. Configure the Advanced TCP/IP Settings setting on the Windows XP Professional portable computers with a DNS suffix for this connection setting of adventure-works.com. C. On each DHCP server that is a member of the adventure-works.com domain, configure the 15 DNS Domain Name option to be adventure-works.com. D. On the primary DNS server for the adventure-works.com domain, add an _http service service locator (SRV) resource record for each ISA server in the adventure-works.com domain. Answer: C

105. You are the network administrator for your company. The network contains 100 Windows XP Professional computers. You configure a Windows Server 2003 computer named Dev1 as a DNS server. Dev1 has the IP address 192.168.1.2 and contains host (A) resource records for all network client computers that are located in the branch office. You install a Windows Server 2003 computer named Dev2 as a DHCP server. Dev2 is configured as shown in the following table.

You install a DSL connection for Internet access. You configure a server named Dev3 as an Internet Connection Sharing (ICS) host with two network adapters. The network adapter that has the IP address 131.107.96.21 connects to the DSL modem, and the network adapter that has the IP address 192.168.0.1 connects to the LAN. The ISP's DNS server has the IP address 131.107.62.9. Your users report that they cannot access the Internet. You need to ensure that all users in the company can access the Internet through the ICS host. What should you do? A. Remove DHCP from Dev2. B. Replace the DHCP scope on Dev2 with one that has a subnet mask of 255.255.255.192. C. Change the DHCP scope option 003 Default Gateway on Dev2 to 131.107.96.21. D. Install the DNS service on Dev3, and configure 131.107.62.9 as a forwarder. Answer: A

106. You are the network administrator for your company. You work in the company's branch office in Chicago. The network in your office consists of 40 Windows XP Professional desktop computers and one Windows Server 2003 computer named Server1. Server1 connects to the Internet through a 512-Kbps leased line. The main office of the company is in Seattle. Users of the desktop computers in the Chicago office are developers who are developing a new software product. You want these users to place daily builds of the product in a shared folder on Server1. You want developers in the Seattle office to be able to download the daily builds from Server1 by using FTP. You install IIS on Server1 and configure the FTP site so that it is available to the developers in the Seattle office. However, when you monitor inbound Internet connection attempts to Server1, you notice many attempted HTTP connections. You want to secure Server1 so that it is not susceptible to malicious Internet users. Server1 must also connect to the Internet to use Windows Update and to download virus definition updates. You do not want to purchase additional hardware or software.

What should you do on Server1? A. Enable Internet Connection Sharing (ICS). B. Configure port filtering on the network adapter to allow only TCP port 80 and TCP port 21. C. Enable Internet Connection Firewall (ICF) and create a service setting in the Internet Connection Firewall settings that allows internal and external TCP port 21 to Server1 internal and external TCP port 80 to Server1 D. Enable Internet Connection Firewall (ICF) and select the FTP Server check box in the Services tab. Enter Server1 as the server hosting the FTP services. Answer: D

107. You are a network administrator for your company. The network consists of five Windows Server 2003 computers and 50 Windows XP Professional computers on a single subnet. On Sunday, another administrator installs a new firewall between the LAN and the company's T1 Internet connection. The network is configured as shown in the exhibit. (Click the Exhibit button.)

Local host names are resolved on the network by using a WINS server. All client computers are configured to use ISP1 for DNS name resolution. On Monday morning, users report that they are no longer able to access secure and nonsecure Internet Web sites.

From a Windows XP Professional computer, you are able to succesfully perform the following tasks: Ping the IP addresses of Web servers on the Internet. Use Internet Explorer to open both secure and nonsecure Web sites by using an IP address in place of the URL. You run the nslookup command and attempt to resolve an Internet fully qualified domain name (FQDN). You receive the following error message: *** [131.107.100.200] can't find www.microsoft.com: No response from server > You need to use the minimum amount of administrative effort to provide users with the ability to browse Web sites on the Internet. What should you do? A. Configure the firewall to allow traffic on TCP ports 80 and 443. B. Configure the firewall to allow traffic on TCP port 53 and UDP port 53. C. Install and configure the DNS service on one of the local servers. D. Install and configure Microsoft Internet Security and Acceleration (ISA) Server on one of the local servers. Answer: B

108. You are the network administrator for your company. On a Windows Server 2003 computer named Server3, you use the Backup program to automatically back up eight servers. You use a scheduled task named AutoBack. The task runs in the security context of a domain account named NightBackup. The Default Domain Policy Group Policy object (GPO) is configured with the following account policies settings: Minimum password length: 8 characters Password expiration: 30 days Enforce password history: 12 passwords remembered Account lockout threshold: 3 invalid logon attempts Account lockout duration: 30 minutes The Backup program runs successfully for four weeks. After four weeks, you notice that nightly backups no longer occur. A successful backup occurs when you log on to Server3 with your own user account and perform a local backup. Your user account is a member of the Domain Admins group. You want the AutoBack scheduled task to perform unattended backups every night at 11:00 P.M. Which two actions should you perform in order to resume the nightly backups by using the AutoBack scheduled

task? (Each correct answer presents part of the solution. Choose two.) A. Unlock the NightBackup user account. B. Enable the NightBackup user account. C. On the properties sheet for the AutoBack.job scheduled task, reset the password. D. Reset the password for the NightBackup user account. E. Configure the local security policy on Server3 to grant the service account the Logon locally right. F. Configure the local security policy on Server3 to grant the service account the Logon as a service right. Answer: D AND C

109. You are the administrator of a Windows Server 2003 computer named Server1. Server1 functions as a DNS server. Your company is named Fabrikam, Inc. The company's Active Directory domain is named fabrikam.com. The domain contains Windows Server 2003 computers named ComputerA, ComputerB and ComputerC. You need to perform the following administrative tasks on Server1: Create a mail exchanger (MX) resource record for ComputerC.fabrikam.com with a priority of 10. Modify the MX records for ComputerA.fabrikam.com and ComputerB.fabrikam.com so that incoming mail will be delivered to ComputerC on first attempt, then to ComputerB if ComputerC is not available, and lastly to ComputerA if ComputerB and ComputerC are not available. What should you do? To answer, click the Simulation button and then perform the appropriate actions.

click the: Start -> Settings -> Control Panel double click the Administrative Tools--> DNS choose the Forward Lookup Zones--> farikam.com new Mail Exchange (MX)

--> Browse -->Server1-->Forward Lookup..-->fabrikam.com--ComputerC the ComputerC's Mail server priority set to 10

modify the ComputerB's Mail server priority to : 20

modify the ComputerA's Mail server priority to : 30

110. You are an enterprise administrator for your company, which is named Fabrikam, Inc. The network consists of a single Active Directory domain named fabrikam.com. You need to create a dedicated domain administrator account to use when you perform domain administration tasks. The account name must be configured as shown in the following table.

You need to assign the account a temporary password that must be changed on first logon. You also need to assign the minimum administrative rights to perform the following tasks to the specified groups:

What should you do? To answer, click the Simulation button and then perform the appropriate actions. Answer:

111. You are the administrator of a Windows Server 2003 computer named Server1. Routing and Remote Access is installed on Server1. You need to perform the following administrative tasks: Modify the Connections to Microsoft Routing and Remote Access server policy to allow remote access for members of the Domain Admins group. Add a static route for the 192.168.3.0/24 network, and configure 192.168.4.254 to be the gateway for that network. Configure an inbound packet filter to prevent all traffic from the 192.168.5.0 network on Local Area Connection 2. What should you do?

To answer, click the Simulation button and then perform the appropriate actions.

Answer:

Bạn đang đọc truyện trên: Truyen2U.Pro

Trước Sau
#cuoi#khoa#thi