Managing and Maintaining a Microsoft Windows Server 2003 Environment for a W2K MCSA

The company network consists of a single Active Directory domain named 21certify.com?. The New York office currently contains one Windows Server 2003 file server named 21certify A.. The

Managing and Maintaining a Microsoft Windows

Server 2003 Environment for a W2K MCSA

070-292

Version 9.0

Study Tips

This product will provide you questions and answers along with detailed explanations carefully compiled and written by our experts Try to understand the concepts behind the questions instead of cramming the questions Go through the entire document at least twice so that you make sure that you are not missing anything

Please Read Carefully

This 21certify Exam has been carefully written and compiled by 21certify Exams experts It is

designed to help you learn the concepts behind the questions rather than be a strict memorization tool Repeated readings will increase your comprehension

We continually add to and update our 21certify Exams with new questions, so check that you have the latest version of this 21certify Exam right before you take your exam

For security purposes, each PDF file is encrypted with a unique serial number associated with your 21certify Exams account information In accordance with International Copyright Law, 21certify Exams reserves the right to take legal action against you should we find copies of this PDF file has been distributed to other parties

Please tell us what you think of this 21certify Exam We appreciate both positive and critical

comments as your feedback helps us improve future versions

We thank you for buying our 21certify Exams and look forward to supplying you with all your

Certification training needs

Good studying!

21certify Exams Technical and Support Team

Q 1 You are the network administrator for 21certify The network consists of a single Active Directory domain named contoso.com The network contains 100 Windows 2000 Professional computers and three Windows Server 2003 computers Information about the three servers is shown in the following table

You add a network interface print device named 21certifyPrinter1 to the network You manually configure the IP address for 21certifyPrinter1 21certifyPrinter1 is not currently registered on the DNS server The relevant portion of the network is shown in the exhibit

You need to ensure that client computers can connect to 21certifyPrinter1 by using its name

What should you do?

A On 21certifySrvA, add an alias (CNAME) record that references

21certifyPrinter1

B In the Hosts file on 21certifySrvC, add a line that references

21certifyPrinter1

C On 21certifySrvA, add a service locator (SRV) record that reference 21certifyPrinter1

D On 21certifySrvA, add a host (A) record that references

You are a network administrator for Fabrikam, Inc A company named 21certify GmBh., recently

acquired Fabrikam, Inc., and another company named Proseware, Inc Your team is responsible for establishing connectivity between the companies

Each of the three companies has its own Active Directory forest The relevant portion of the network is shown in the exhibit

***MISSING***

21certify1, 21certify3, and 21certify5 runs Windows Server 2003 Each of these servers is the DNS server for its respective domain All three servers can currently resolve Internet host names 21certify3 is configured as a secondary zone server for fabrikam.com and proseware.com

You need to configure 21certify5 to resolve host names for 21certify.com and proseware.com as quickly

as

possible, without adding new zones to 21certify5

Which two actions should you perform? (Each correct answer presents part of the solution Choose two)

A Forward requests for 21certify.com to 131.107.1.2

B Forward requests for 21certify.com to 131.107.3.2

C Forward requests for 21certify.com to 131.107.10.2

D Forward requests for proseware.com to 131.107.1.2

E Forward requests for proseware.com to 131.107.3.2

F Forward requests for proseware.com to 131.107.10.2

Answer: ?

Note: Exhibit needed Will be provided in later versions

Q 3 You are the network administrator for 21certify The network consists of a single DNS domain named 21certify.com

You replace a UNIX server with a Windows Server 2003 computer named 21certify1

21certify1 is the DNS server and start authority (SOA) for 21certify.com A UNIX server

named 21certify2 is the mail server for 21certify.com

You receive reports that Internet users cannot send e-mail to the 21certify.com domain The host addresses are shown in the following window

You need to ensure that Internet users can send e-mail to the 21certify.com

domain What should you do?

A Add an _smtp service locator (SRV) DNS record for 21certify2

B Add a mail exchange (MX) DNS record for 21certify2

C Add an alias (CNAME) record for mail.21certify.com

D Enable the SMTP service on 21certify1

Answer: B

Q 4 You are the network administrator for 21certify The network contains Windows Server 2003

computers and Windows XP Professional computers You are configuring Automatic Update on the

servers

The written company network security policy states that all updates must be reviewed and approved

before they are installed All updates are received from the Microsoft Windows Update servers

You want to automate the updates as much as possible

What should you do?

To answer, configure the appropriate option or options in the dialog box

Answer: Check "Keep my computer ", and click "Download "

Q 5 You are the network administrator for 21certify The network consists of a single Active Directory domain 21certify.com The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; 2,200 Windows 2000 Professional computers

The written company security policy states that all computers in the domain must be examined, with the following goals:

• To find out whether all available security updates are present

• To find out whether shared folders are present

• To record the file system type on each hard disk

You need to provide this security assessment of every computer and verify that the requirements of the written security policy are met

What should you do?

A Open the Default Domain Policy and enable the Configure Automatic Updates policy

B Open the Default Domain Policy and enable the Audit object access policy, the Audit

account management policy, and the Audit system events policy

C On a server, install and run mbsacli.exe with the appropriate configuration switches

D On a server, install and run HFNetChk.exe with the appropriate configuration switches

Answer: C

Q 6 You are the network administrator for 21certify The network contains Windows Server 2003 computers and Windows XP Professional computers

You install Software Update Services on a server named 21certify

A You create a new Group Policy

object (GPO) at the domain level

You need to properly configure the GPO so that all computers receive their updates from 21certify

A

How should you configure the GPO?

To answer, configure the appropriate option or options in the dialog box

Answer: Check "Enabled", Choose "http:// 21certifyA" in the "Set the intranet " and choose the same in

"Set the intranet stat "

Q 7 You are the regional network administrator for the Boston branch office of 21certify's network The company network consists of a single Active Directory domain 21certify.com All computers in the Boston office run Windows XP Professional

The domain contains an organizational unit (OU) named BostonClientsOU, which contains all the

computer objects for the Boston office A Group Policy object (GPO) named BClientsGPO is linked

to BostonClientsOU You have been granted the right to modify the GPO

BClientsGPO contains a software restriction policy that prevents the execution of any file that has

a vbs file extension All other applications are allowed to run

You want to use a script file named maintenance.vbs, which you will schedule to run every night on the computers in the Boston office The maintenance.vbs file is located in the Scripts shared folder on

a server named 21certifySrvC The contents of maintenance.vbs will frequently change based on the maintenance tasks you want to perform

You need to modify the software restriction policy to prevent unauthorized vbs scripts from running on the computers in the Boston office, while allowing maintenance.vbs to run You want to ensure that no other applications are affected by your solution You want to implement a solution that you can

configure once, without requiring additional administration in the future, when maintenance.vbs changes What should you do?

A Obtain a digital certificate

Create a new certificate rule

Set the security level of the rule to Unrestricted

Digitally sign maintenance.vbs

B Create a new path rule

Set the security level on the rule to Unrestricted

Set the path to \\21certifySrvC\Scripts\*.vbs

C Create a new path rule

Set the security level on the rule to Unrestricted

Set the path to \\21certifySrvC\Scripts\maintenance.vbs

D Create a new hash rule

Set the security level on the rule to Unrestricted

Create a file hash of maintenance.vbs

Answer: C

Q 8 You are the network administrator for 21certify 21certify has offices in three countries The

network contains Windows Server 2003 computers and Windows XP Professional computers The

network is configured as shown in the exhibit

Software Update Services (SUS) is installed on one server in each office Each SUS server is configured

to synchronize by using the default settings

Because bandwidth at each office is limited, you want to ensure that updates require the minimum amount of time

What should you do?

A Synchronize the updates with an SUS server at another office

B Select only the locales that are needed

C Configure Background Intelligent Transfer Service (BITS) to limit file transfer size to 9 MB

D Configure Background Intelligent Transfer Service (BITS) to delete incomplete jobs after 20 minutes

Answer: C

Q 9 You are the file server administrator for 21certify The company network consists of a single

Active Directory domain named 21certify.com The domain contains 12 Windows Server 2003

computers and 1,500 Windows XP Professional computers

You manage three servers named 21certify1, 21certify2, and 21certify3 You need to update the driver for the network adapater that is installed in Serve1

You log on to 21certify1 by using a nonadministrative domain user account named King You open the Computer Management console When you select Device Manager, you receive the following error message: “You do not have sufficient security privileges to uninstall devices or to change device

properties or device drivers”

You need to be able to run the Computer Management console by using the local administrator account The local administrator account on 21certify1, 21certify2, and 21certify3 has been renamed Tess Tess’s password is kY74X

In Control Panel, you open Administrative Tools You right-click the Computer Management shortcut and click Run ass on the shortcut menu

What should you do next?

While performing network monitoring, you notice that the confidential files that are stored on 21certify1 are being transmitted over the network without encryption

You must ensure that encryption is always used when the confidential files on 21certify1 are stored and

transmitted over the network

What are two possible ways to accomplish this goal? (Each correct answer presents a complete

solution

Choose two)

A Enable offline files for the confidential files that are stored on 21certify1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files

B Use IPSec encryption between 21certify1 and the client computers of the users who need to access the confidential files

C Use Server Message Block (SMB) signing between 21certify1 and the client computers of the users who need to access the confidential files

D Disable all LM and NTLM authentication methods on 21certify1

E Use IIS to publish the confidential files

Enable SSL on the IIS server

Open the files as a Web folder

Answer: B, C

Q 11 You are the network administrator in the New York office of 21certify The company network consists of a single Active Directory domain 21certify.com The New York office currently contains one Windows Server 2003 file server named 21certify

A

All file servers in the New York office are in an organizational unit (OU) named New York Servers You have been assigned the Allow – Change permission for a Group Policy object (GPO) named

NYServersGPO, which is linked to the New York Servers OU

The written company security policy states that all new servers must be configured with

specified predefined security settings when the servers join the domain These settings differ

slightly for the various company offices

You plan to install Windows Sever 2003, on 15 new computers, which all functions as file servers You will need to configure the specified security settings on the new file servers

21certifyA currently has the specified security settings configured in its local security policy You need

to ensure that the security configuration of the new file servers is identical to that of 21certify

A You export a copy of 21certifyA’s local security policy settings to a template file

You need to configure the security settings of the new servers, and you want to use the minimum

amount of administrative effort

What should you do?

A Use the Security Configuration and Analysis tool on one of the new servers to import the template

file

B Use the default Domain Security Policy console on one of the new servers to import the template file

C Use the Group Policy Editor console to open NYServersGPO and import the template file

D Use the default Local Security Policy console on one of the new servers to import the template file

Answer: C

Q 12 You are the network administrator for 21certify The network consists of a single Active Directory

domain named 21certify.com The network contains Windows Server 2003 member servers, Windows

Server 2003 domain controllers, and Windows XP Professional computers The relevant portion of the

Active Directory structure is in the work area below

The written company security policy allows users to use Encryption File System (EFS) on only

portable computers The network security administrator creates a separate domain account as the data

recover agent (DRA) The Default Domain Policy contains the Internet Explorer security settings that

are required on all computers in the domain

Users are currently able to use EFS on any computer that will support EFS

You need to configure Group Policy to ensure compliance with the company security policy You want

to link the minimum number of GPOs to accomplish this goal All other domain GPOs must remain

How should you configure Group Policy to ensure that users can use EFS on only portable computers?

To answer, drag the appropriate Group Policy setting or settings to the correct organizational unit (OU)

or OUs

Answer:

Q 13 You are a network administrator for 21certify The network consists of a single Active Directory

domain named 21certify.com The domain contains Windows Server 2003 domain controllers, Windows

Server 2003 member servers, and Windows XP Professional computers

All company network administrators need to have the remote administrative tools available on any

computer that they log on to All network administrators are members of the domain Administrators

group The network administrator accounts are located in multiple organizational units (OUs)

You need to ensure that the administrative tools are available to network administrators You also need

to ensure that the administrative tools are always installed on computers that have 100 MB or more free

disks space

Which three actions should you perform? (Each correct answer presents part of the solution Choose

three)

A Create a Group Policy object (GPO) that will apply adminpak.msi at the domain level

B Create a Group Policy object (GPO) that will link adminpak.msi to the Domain Controllers OU

C Ensure that only the domain Administrators group is assigned the Allow – Read permission

and the Allow – Apply Group Policy permission for the new Group Policy object (GPO)

D Assign the domain Users group the Deny – Read permission on the Deny – Apply Group

Policy permission for the new Group Policy object (GPO)

E Create a WMI filter that queries the Win32_LogicalDisk object for more than 100 MB of free

space

F Create a WMI filter that queries the Win32_LogicalDisk object for less than 100 MB of free space Answer: A, C, D

Q 14 You are the network administrator for 21certify The network consists of a single Active Directory

forest named 21certify.com The forest contains two domains named 21certify.com and

corp.21certify.com The network consists of 15 subnets

The domain controllers are configured as shown in the following table

21certifySrvA and 21certifySrvB are registered in 21certify.com All other computers are registered in

corp.21certify.com

You create reverse lookup zones for all subnets

The corp.21certify.com domain contains a Windows NT Server 4.0 file and print server named Server5

You change the static IP address for 21certifySrvE

You need to ensure that this change is reflected in DNS

Which two resource records should you modify? (Each correct answer presents part of the solution

Choose two)

A The pointer (PTR) record in the corp.21certify.com zone

B The host (A) record in the corp.21certify.com zone

C The alias (CNAME) record in the corp.21certify.com zone

D The pointer (PTR) record in the stub zone

E The host (A) record in the stub zone

F The alias (CNAME) record in the stub zone

Answer: A, C

Q 15 You are the network administrator for the Tokyo office of 21certify The company network

consists of a single Active Directory domain 21certify.com The network in your office contains 20

Windows XP Professional computers

The domain contains an organizational unit (OU) named TokyoOU, which contains all the computer

objects for your office You have been granted the right to create and link Group Policy objects (GPOs)

on the TokyoOU

You need to prevent the computers in your office from executing unauthorized scripts that are written in the Microsoft Visual Basic, Scripting Edition (VBScript) language However, you want to be able to use VBScript files as startup scripts on all computers in your office You need to implement a solution that will not affect any other applications

You plan to implement software restriction policies, by using a GPO on TokyoOU You will set

the default security level Unrestricted

Which two actions should you perform to configure software restriction polices? (Each correct answer presents part of the solution Choose two)

A Create a new certificate rule

Set the security level on the rule to Unrestricted

Digitally sign all the vbs files that you want to use

B Create a new certificate rule

Set the security level on the rule to Restricted

Digitally sign all the vbs files that you want to use

C Create a new path rule

Set the security level on the rule to Unrestricted

Set the path to *.vbs

D Create a new path rule

Set the security level on the rule to Restricted

Set the path to *.vbs

E Create a new Internet zone rule

Set the security level on the rule to Unrestricted

Set the Internet zone to Local computer

F Create a new Internet zone rule

Set the security level on the rule to Restricted

Set the Internet zone to Local computer

Answer: B, D

Q 16 You are the network administrator for Test King The network consists of a single Active

Directory domain named 21certify.com The domain contains Windows Server 2003 computers and Windows XP Professional computers

The Default Domain Policy has been modified by importing a security template file, which

contain several security settings

A server named 21certify1 cannot run a program that us functioning on other similarly configured servers You need to find out whether additional security settings have been added to the local

security policy on 21certify1

To troubleshoot, you want to use a tool to compare the current security settings on 21certify1 against the security template file in order to automatically identify any settings that might have been added to the local security policy

Which tool should you run on 21certify1?

A Microsoft Baseline Security Analyzer (MBSA)

B Security Configuration and Analysis console

configured as the certificate server

You need to create a backup plan for 21certifyDC1 The backup must include only the minimum amount

of data needed to restore Active Directory and the certificate server

Which action or actions should you perform? (Choose all that apply)

A Back up the System State dat

Q 18 You are the network administrator for 21certify Your network consists of a single Active

Directory domain named 21certify.com All network servers run Windows Server 2003 Each domain controller contains one disk that is configured with both the system partition and the boot partition Every day, you use custom software to perform a fall backup of user profiles and user dat

A The custom backup software provides a bootable floppy disk that includes the drivers for the

backup medi

A

Every Sunday, you run the Automated System Recovery (ASR) wizard on your domain controllers

in conjunction with removable backup medi

A Data is backed up in a file named Backup1.bkf

One Monday morning, you install a new application on a domain controller named

21CERTIFYDC1 When you restart 21CERTIFYDC1, you receive the following error:

“NTLDR is missing Pres any key to restart.”

You need to bring 21CERTIFYDC1 back online as quickly as possible

What should you do?

A Restart 21CERTIFYDC1 by using the installation CD-ROM Reinstall the operating system and restore the contents of the latest full backup by using the Restore wizard Restart

21CERTIFYDC1

B Restart 21CERTIFYDC1 by using the installation CD-ROM

Restore the contents of Backup1.bkf by using the ASR disk

Restart 21CERTIFYDC1

C Restart 21CERTIFYDC1 by using the bootable floppy disk

Copy the contents of Backup1.bkf from the backup media to C:\winnt

Restart 21CERTIFYDC1

D Restart 21CERTIFYDC1 by using the bootable floppy disk

Copy the contents of the ASR disk to C:\

Restart 21CERTIFYDC1

Answer: B

Q 19 You are the network administrator for 21certify The network consists of a single Active Directory domain named 21certify.com All network servers run Windows Server 2003, and all client computers run Windows XP Professional

You create a shred folder named Client Docs on a member server named 21certify13 Client Docs will store project documents You configure shadow copies for the volume containing Client Docs You need to enable client computers to access previous version of the documents in Client Docs

What should you do?

A Create a Group Policy object (GPO) to enable Offline Files on all client computers

B On each client computer, customize the view for Client Docs to use the Documents (for any file type) folder template

C Create a Group Policy object (GPO) that installs the Previous Versions client software on

all client computers

D Assign the Allow – Full Control permission on Client Docs to all users

E On each client computer, install the Backup utility and schedule a daily backup

Answer: C

Q 20 You are the network administrator for 21certify All network servers run Windows Server 2003

A file server named 21certifySrvA has shadow copies enabled One shared folder on 21certifySrvA has the configuration shown in the following table

While viewing a previous version of 21certifyDocs, you open and edit Financials.xls However, when you try to save the edited file, you receive the following error message:

You need to save your changes to the previous version of Financials.xls You must ensure that other

users can continue to access current data on 21certifySrvA without interruption

What should you do?

A Copy the previous version of 21certifyDocs to a separate location

B Restore the previous version of 21certifyDocs to the default location

C Save Financials.xls in a separate location by using Microsoft Excel

D In the security properties of Financials.xls, assign the Allow – Modify permissions to the

Everyone group

Answer: A

Q 21 You are the network administrator for 21certify The network consists of a single Active Directory domain named 21certify.com All network servers run Windows Server 2003, and all client computers run Windows XP professional

A file server named 21certifyFileSrv is configured as a stand-alone Distributed File System (DFS) root The disk configuration of 21certifyFileSrv is shown in the following table

Disk

Volume

Contents

Disk0 MAIN System files

Disk1 DATA Database files

Disk1 USERS Files and data for

users

USERS hosts a shared folder named User Dat

A

You use Group Policy to deploy the Previous Versions client software to all client computers

However, users report that they cannot access any previous version of any of the files in User Dat

A

From your client computer, you open the Properties dialog box of User Data, as shown in the exhibit

***MISSING***

You need to enable all users to access previous versions of the file in User Dat

A To achieve this goal, you will modify 21certifyFileSrv

What should you do?

A Start the Distributed Link Tracking Client service

B Create a DFS link to User Dat

A

C Enable shadow copies of USERS

D Disable quota management on USERS

Answer: C

Q 22 You are the network administrator for 21certify The network consists of a single Active Directory domain named 21certify.com All network servers run Windows Server 2003 The domain contains five domain controllers and five member servers

A member server named 21certifyA has a locally attached tape device You have a total of seven backup

tapes to use for 21certify

A

You need to back up all data on 21certifyA every week You do not need to back up all data every day You must have the ability to completely restore 21certifyA to its state on the previous day by using a maximum of two tapes

Which backup types should you use?

To answer, drag the appropriate backup type to the corresponding backup schedule

Answer:

Q 23 You are the network administrator for 21certify The network consists of a single Active Directory domain named 21certify.com All network servers run Windows Server 2003, and all client computers run Windows XP Professional

A user named King uses a client computer named 21certify1 This computer has a locally attached tape device

You grant King the necessary permission to perform backups of a member server named 21certifySrvB King runs the Backup utility on 21certify1 to back up the files located on 21certifySrvB

You need to use your client computer to view the most recent backup logs for 21certifySrvB

What should you do?

A Use Notepad to view the contents of the backup report located on 21certifySrvB

B Use Notepad to view the contents of the backup report located on 21certify1

C Use Event Viewer to view the contents of the application log located on 21certifySrvB

D Use Event Viewer to view the contents of the application log located on 21certify1

Answer: C

Q 24 You are the network administrator for 21certify The network consists of a single Active Directory domain named 21certify.com All network servers run Windows Server 2003, and all client computers run Windows XP Professional

You use the Backup utility to schedule a full backup of 21CERTIFYDC1 every night You ensure that the Active Directory configuration is also backed up

One week later, 21CERTIFYDC1 stops accepting logon requests On investigation, you discover that the Active Directory configuration is corrupt

You need to restore 21CERTIFYDC1 as a functioning domain controller

Which two actions should you perform? (Each correct answer presents part of the solution Choose two)

A Restart 21CERTIFYDC1 in Directory Services Restore Mode

B Demote 21CERTIFYDC1 to a member server

C Run the ntbackup systemstate command on 21CERTIFYDC1

D Run the Backup utility and select the option to restore the System State dat

specifies how each

There are currently many incorrect name server (NS) records in the 21certify.com zone You delete all the

To answer, drag the appropriate server or servers to the correct location or locations in the dialog box

Answer:

Q 26

You are the network administrator for 21certify The network includes a file server named 21certify41,

which runs Windows Server 2003

You create a Automated System Recovery (ASR) disk for 21certify41 You back up the System

State

data on a backup server