1. Your network has 3 Win2000 WINS servers. How would you manually compact the WINS database on one of the WINS servers?
a. Use the Compact command from the command line and specify the sysvol/wins folder. b. Stop the Server's WINS Server. Use the Jetpack command line tool to compact the WINS database. Restart the server's WINS Server c. Stop the Server's WINS Server. Use the Compact command from the command line. Restart the Server's WINS Server d. Backup the WINS Database. Use the jetpack command line tool to compact the WINS database. Do an authoritative restore of the backup
Answer:b verified by smartcert . net
The correct syntax for Jetpack.exe is: jetpack database_name temporary_database_name These are example commands to compact the DHCP database: cd %systemroot%\system32\dhcp net stop dhcpserver jetpack dhcp.mdb tmp.mdb net start dhcpserver
2. You are creating a DHCP scope for your 192.168.1.32/28 subnet. The subnet consists of Windows 2000, Windows 98, and Windows 95 computers.
You have two UNIX computers on this subnet that will be assigned the two highest available static IP addresses. The subnet's default gateway will be assigned the lowest available IP address on the subnet.
Which scope should you create on your DHCP server?
a. 192.168.1.34 - 192.168.1.46 b. 192.168.1.34 - 192.168.1.44 c. 192.168.1.33 - 192.168.1.45 d. 192.168.1.34 - 192.168.1.61 e. 192.168.1.33 - 192.168.1.60
Answer:b verified by smartcert . net [agreed and why] 192.168.1.32 (Subnet Address) 192.168.1.33 (Lowest avaliable IP) Reserved for Gateway 192.168.1.34-44 (avaliable scope IP) 192.168.1.45-46 (highest 2 IP) Reserved for Unix machines 192.168.1.47 (Broadcast address)
3. You install Network Monitor on a Windows 2000 Server to analyze ISO and TP4 communications to the Microsoft Exchange Server on your network. How should you configure Network Monitor? (Choose two)
a. Change the Temporary Capture Directory. b. Copy ISO.dll and TP4.dll to Netmon Subdirectory. c. Copy ISO.DLL and TP4.DLL to the NetMon\Parsers subdirectory. d. Modify the Parser.ini. e. Modify the Netmon.ini.
Answer:c, d verified by smartcert . net The information in this article applies to: Microsoft Exchange Server, versions 5.5, 4.0, 5.0 SUMMARY This article explains how to configure the ISO and TP4 Parser for Network Monitor. verified by smartcert . net
MORE INFORMATION - Copy the Iso.dll, Iso.ini, Tp4.dll files to your NetMon\Parsers subdirectory. These files are located in the BackOffice Resource Kit. - Make following additions to your Parser.ini file. The Parser.ini file is located in the NetMon directory.
4. Your network uses an address of 172.30.0.0/16. Your initially will need 25 subnets with a minimum of 1,000 hosts per subnet.. The projected growth for next year though, indicates a need for at least 55 subnets. What subnet mask should you configure to meet these needs?
A. 255.255.240.0 B. 255.255.248.0 C. 255.255.252.0 D. 255.255.254.0 E. 255.255.255.0
Answer: C verified by smartcert . net Original 900 dump had same answer, but referred to 25 subnets
Explanation: Max subnets = 62 Hosts per subnet = 1022 Subnet ID = 172.30.0.0 Subnet Host range = 172.30.0.1 - 172.30.3.254 Broadcast = 172.30.3.255
5. To centralize administration you implement a Remote Authentication Dial-In Service (RADIUS) server. Each of your branch offices will support their own Routing and Remote Access Server. You remove the default remote access policy.
What should you do to implement one company policy that requires all dial-up communications to use 40-bit encryption, and require secure communications? (Choose two)
a. Create one remote access policy on each Routing and Remote Access server. b. Create one remote access policy on the RADIUS server. c. Set encryption to Basic in the remote access policy. d. Set encryption to Strong in the remote access policy or policies. e. Enable the Secure Server IPSec policy on the RADIUS server. f. Enable the Server IPSec policy on the RADIUS server.
Answer:b, c verified by smartcert . net
IAS is Microsoft's implementation of a RADIUS Server. It centralizes authentication, authorization and administration of RAS (NAS). As such, Remote Access Policies (RAPs) are centralized as well. For encryption, the default setting allows Microsoft Point-to-Point Encryption (MPPE) when requested by the remote access client. To force encryption for dial-up networking connections, you need to modify the encryption settings on the policy profile to require encryption. For dial-up networking connections, clear the No encryption option and select the following options on the Encryption tab on the properties of the remote access policy profile: - Basic You should use this option when communicating with older Microsoft dial-up networking clients who are connecting from outside North America. This option uses Microsoft Point-to-Point Encryption (MPPE) and a 40-bit encryption key. - Strong You should use this option when communicating with Windows 2000 and Windows 98 dial-up networking clients who are connecting from outside North America. This option uses MPPE and a 56-bit encryption key. - Strongest You should use this option when communicating with dial-up networking clients who are connecting from inside North America. This option uses MPPE and a 128-bit encryption key and is only available on North American versions of Windows 2000.
6. You administer your company's Windows 2000 network. Your network consists of 5 Windows 2000 Server computers, 300 Windows 2000 Professional computers, and 10 UNIX servers. One of your Windows 2000 Server computers is your DNS server. The DNS zone is configured as an Active Directory integrated zone. The DNS zone is also configured to allow dynamic updates.
Users report that although they can access the Windows 2000 computers by host name, they cannot access the UNIX servers by host name.
What should you do?
a. Manually enter A (host) records for the UNIX servers in the zone database b. Manually add the UNIX servers to the Windows 2000 domain c. On the DNS server, manually create a HOSTS file that contains the records for the UNIX servers d. Configure a UNIX computer to be a DNS server in a secondary zone
Answer:a verified by smartcert . net
Since Dynamic Updates is configured, the answer seems simple. The Unix Servers aren't able to send the Client FQDN (81) option which triggers the dynamic update. Windows 2000 clients by default, can register both A and PTR Records dynamically. This question does not mention a Windows 2000 DHCP Server, which can be enabled to update DNS Records (A and PTR) for clients that do not support Dynamic Updates.
7. You are the administrator for a Windows 2000 network. Your internal DNS server is located behind a firewall. When you test your DNS server by using the Monitoring tab on the server's properties page, the DNS server passes the simple test but fails the recursive test.
What should you do?
a. Run ipconfig /registerdns b. Delete the %systemroot%\system32\dns\cache.dns file c. Copy the %systemroot%\system32\dns\samples\cache.dns file to %systemroot%\dns, and overwrite the existing cache.dns file d. Create a forward lookup zone for the root zone. Name the forward lookup zone "."
Answer:c verified by smartcert . net
SYMPTOMS You may experience one or more of the following symptoms: 1 The DNS server is unable to resolve names for which it is not authoritative. 2 There are no servers listed on the DNS server Root Hints tab. 3 The servers listed on the Root Hints tab do not match the Cache.dns file in the %systemroot%\system32\dns folder. 4 When you replace the Cache.dns file in the %systemroot%\system32\dns folder, it does not update the root hints listed in the DNS Manager.
CAUSE This issue can occur because the DNS server is a domain controller and is configured to load zone data on startup from Active Directory and the registry. If the root hints specified in the Active Directory have been deleted, modified, incorrectly entered or damaged, this behavior occurs.
RESOLUTION To work around this issue if the DNS server needs hints for the Internet root servers: 1 If it is running, quit the DNS MMC snap-in. At a command prompt, type net stop dns, and then press ENTER. 2 After the DNS Server Service stops, type copy %systemroot%\system32\dns\samples\cache.dns %systemroot%\system32\dns, and then press ENTER. Note that if you are prompted to overwrite an existing file, type y, and then press ENTER.. 3 Start the Active Directory Users and Computers MMC snap-in. Click Advanced Features on the View menu. 4 Expand the System folder, expand MicrosoftDNS, right-click RootDNSServers, and then click Delete. 5 Click Yes when you are prompted to delete this object, and then click Yes again when you are prompted to delete this object and the objects it contains. 6 Quit the Active Directory Users and Computers MMC snap-in. 7 At the command prompt, type net start dns, and then press ENTER. Exit the command prompt. 8 Start the DNS MMC snap-in, and then verify that the root servers appear on the Root Hints tab in the server properties. 9 Start the Active Directory Users and Computers MMC snap-in, and then verify that the RootDNSServers container has been recreated and contains the root servers that were listed in the DNS Manager. If multiple domain controllers exist that are running DNS, the new root hints are automatically be replicated.
MORE INFORMATION By default, when DNS is running on a Windows 2000 domain controller, the root hints are read from Active Directory upon startup first. If no root hints exist in Active Directory, the Cache.dns file is read. If the listing of root DNS servers becomes damaged in Active Directory or is missing, it may be necessary to replace them with the entries listed in the %systemroot%\system32\dns\backup\Cache.dns file. By default, the DNS service implements root hints using a file, Cache.dns, stored in the %SystemRoot%\System32\Dns folder on the server computer. This file normally contains the NS and A resource records for the Internet root servers. If, however, you are using the DNS service on a private network, you can edit or replace this file with similar records that point to your own internal root DNS servers.
8. Your WAN network consists of ten internal subnets in two physical buildings connected by routers. An additional subnet is configured for Internet access. All routers on the network will be multihomed Windows 2000 Servers running Routing and Remote Access.
You want to accomplish the following goals:
- Administrative overhead for routing tale configuration is minimized. - Broadcast traffic for routing table configuration is minimized. - Link redundancy within ten minutes is ensured in case of router failure. - Ensure convergence times of less than one minute for all known routes. - Internal routing information will never be exposed to external routers.
You take the following actions:
- Install RIP version 1 - Configure RIP to use all interfaces on all multihomed computers. - Enable RIP authentication by specifying a password on each interface.
What results do these actions produce? (Choose all that apply)
a. Administrative overhead for routing tale configuration is minimized. b. Broadcast traffic for routing table configuration is minimized. c. Link redundancy within ten minutes is ensured in case of router failure. d. Ensure convergence times of less than one minute for all known routes. e. Internal routing information will never be exposed to external routers.
Answer:a verified by smartcert . net
Original 900 dump --> a, e
Explanation a is correct because RIP V1 facilitates the automatic exchange of routing information. b Incorrect, Broadcast traffic for routing table configuration is not minimized because all RIP V1 route announcements are addressed to the IP Subnet and MAC-Level, even non-RIP hosts receive RIP announcements. The amount of broadcasts traffic can become significant on large networks. c and d Link redundancy within ten minutes in case or router failure and Ensure convergence times of less than one minute for all known routes is not ensured because by default each router table entry through learned through RIP is given a timeout of 3 minutes past the time it was received in a RIP announcement from a neighbouring RIP router. When a router fails because of hardware or software failure it can take several minutes for the topology change to propagate through the internetwork. With 10 subnets, this could take up to 30 minutes for a failed router to be recognized. This is also known as Slow Convergence Lontar: I choice E because "Enable RIP authentication by specifying a password on each interface"
9. You are the administrator of you company windows 2000 / novell netware 5.0 routed network. All client on the network are configured with windows 2000 professional. Both the windows 2000 professional client computers and windows 2000 server computers to communicate with the novell netware 5.0 servers NWLink has been installed on all windows 2000 client and server computers. What protocol or protocols muct be installed on the novell netware 5.0 server for network communication to succeed? (choose all that apply)
a. IPX/SPX b. TCP/IP c. NWLink d. Microsoft CHAP (MS-CHAP) e. SNMP
Answer:a verified by smartcert . net
Even though TCP/IP is the default protocol installed on Novell Netware 5-0, you still need use NWLINK and IPX for communication as CSNW or GSNW do not work over TCP/IP.
10. Your Web server is configured to run a third party Web application for users on your network. Users complain that each time they try to connect to a secure Web page stored on the Web server, they receive the error message "Web page requested is not available". They have no problem connecting to FTP.
You have verified that the Web service has started. What should you do to diagnose this problem?
a. Verify that port 443 is permitted in your TCP/IP filter. b. Verify that port 80 is permitted in your TCP/IP filter. c. Verify that port 21 and port 20 is permitted in your TCP/IP filter. d. Verify that the correct NTFS file permissions are configured for the web page.
Answer:a Key point is secure page. SSL requests (on port 443) HTTP on port 80 HTTP server (HTTPS) on port 443 By default, Web data (HTTP) uses Transmission Control Protocol (TCP) port 80, while SSL (HTTPS) uses TCP port 443. The standard port for an SSL connection is port 443. When HTTPS is used in an Internet browser, port 443 is assumed. Port 20 en 21 is for FTP
11. Your domain is in mixed mode. Routing and Remote Access is enabled for remote access on Srv1. The domain also has a Windows NT 4.0 member server computer named Srv2. Srv2 is running Remote Access Service (RAS). Users in the domain use Windows 2000 Professional computers to dial in to the network through Srv1 or Srv2. However, Srv2 is not able to validate remote access credentials of domain accounts.
How should you configure the network to enable Srv2 to validate remote access domain users?
a. Add the Everyone group to the RRAS access group b. Configure srv2 as a DHCP relay agent c. Configure Srv1 to use MSChap for authentication and Srv2 to use Chap d. Add the Everyone group to the Pre-Windows 2000 Compatible Access group.
Answer: d verified by smartcert . net
For a Windows NT version 4.0 Service Pack 4 and later remote access server that is a member of a Windows 2000 mixed mode domain or a Windows 2000 remote access server that is a member of a Windows NT 4.0 domain that is accessing user account properties for a user account in a trusted Windows 2000 domain, verify that the Everyone group is added to the Pre-Windows 2000 Compatible Access group with the net localgroup "Pre-Windows 2000 Compatible Access" command. If not, issue the net localgroup "Pre-Windows 2000 Compatible Access" everyone /add command on a domain controller computer and then restart the domain controller computer.
12. Your network consists of Windows 2000 Server computers, Windows 2000 Professional computers, and one NetWare server. Administrators must have complete access to the Sys volume on the NetWare server. All other users should have read only access. Configuring Gateway Service for NetWare on a Windows 2000 Server computer.
What should you do to configure the appropriate access to the NetWare server? (Choose two)
a. Create an NT Gateway group on the 2000 server. b. Add the NT Gateway User Account to the NTGateway Group on the Netware Server c. Grant Full Control permission to Admins and Read permission to users on the Windows2000 Server d. Grant Full Control Permission to Admins and Read permission for users on the Netware Server
Answer:b,c verified by smartcert . net
page 644 internetworking guide RESKIT 2000 *create a Unique user account on Netware *create a Netware Group account named NTGATEWAY *Make the Netware user account member of the NTGATEWAY group account
Creating a gateway Before you can create a gateway to NetWare resources on a computer running Windows 2000 Server: - The NetWare server must have a group named NTGATEWAY with the necessary rights for the resources that you want to access. - You must have a user account on the NetWare network with the necessary rights for the resources that you want to access. - The NetWare user account you use must be a member of the NTGATEWAY group. The NetWare user account you use to enable gateways can be either a Novell Directory Services (NDS) account or a bindery account. If the server will have gateways to both NDS resources and resources on servers running bindery security, the user account must be a bindery account. (This account can connect to NDS resources through bindery emulation.) If you create gateways only to NDS resources, the account can be an NDS account. Creating a gateway is a two-step process: *. First, you enable gateways on the server running Windows 2000 Server. When you enable a gateway, you must type the name and password of the user account that has access to the NetWare server and is a member of the NTGATEWAY group on that NetWare server. You need to do this only once for each server that will act as a gateway. For each volume or printer to which you want to create a gateway, you activate a gateway. When you activate a gateway, you specify the NetWare resource and a share name that Microsoft client users will use to connect to the resource. To activate a gateway for a volume, you can use Gateway Service for NetWare (in Control Panel). To activate a gateway for a printer, you can use the Add Printer wizard. If you are activating a gateway to an NDS resource, and the gateway user account is a bindery user account, specify the resource that uses the bindery context name. If you are using a NDS user account, and you do not plan on also creating gateways to bindery resources, specify the NDS resource name. Security for gateway resources is provided on two levels: - On the computer running Windows 2000 Server and acting as a gateway, you can set share-level permissions for each resource made available through the gateway. - On the NetWare file server, the NetWare administrator can assign trustee rights to the user account that is used for the gateway or to the NTGATEWAY group. These rights are enforced for all Microsoft client users who access the resource through the gateway. There is no auditing of gateway access.
Reason & Source : Windows 2000 Resource Kit Internetworking Guide Preparing the NetWare Server for Gateway Service for NetWare: To establish connectivity to NetWare resources for a Windows 2000 Server-based computer running Gateway Service for NetWare, you need to create user and group accounts. You must first create a unique user account on the NetWare network to serve as the NetWare interface for the Windows 2000 Server-based gateway computer running Gateway Service for NetWare. The password for the NetWare user account must be identical to the password used to enable the Windows 2000 Server gateway, described in "Configuring a Gateway on the Windows 2000 Server-Based Computer" later in this chapter. You must also create a unique NetWare group account named NTGATEWAY. You must create this account on the NetWare network. The NTGATEWAY group account acts as a common access point to NetWare resources for all Windows 2000 Server gateway users; therefore, you must set appropriate trustee access rights on the NTGATEWAY group account for all the NetWare resources that the group must access. Finally, make the NetWare user account that you created a member of the NTGATEWAY group account.
Preparing the NetWare Server for Client Service for NetWare: To establish connectivity to NetWare resources for a Windows 2000 Professional computer running Client Service for NetWare, you need to create a unique user account on the NetWare network and set the necessary rights for the user's resource needs. You or the user must also synchronize the passwords.
13. You are the administrator of your domain. You have client computers evenly distributed across five sites. Atlanta.xco.com recently upgraded its two DNS servers that service the subdomain. You suspect the upgrade has resulted in an incorrect configuration of your zone delegation.
What should you do to verify proper zone delegations?
a. Use System Monitor to confirm that the counters for the DNS zone transfer failure are zero. b. Use System Monitor to confirm that the counters for the DNS recursive query are zero. c. Run the nslookup -querytype=ns atlanta.xco.com command with the server option set to query the atalanta.xco.com server. Ping the records displayed in the output of the nslookup command. d. Run the nslookup -ls -d atlanta.xco.com command. Ping the records displayed in the output of the nslookup command.
Answer:c verified by smartcert . net
To verify a zone delegation using the nslookup command 1 At a Command Prompt, type: nslookup root_server_ip_address where root_server_ip_address is the IP address of a valid root server for your network. 2 At the nslookup command prompt, type: set norecursion 3 After the previous command completes, type: set q=rr_type **** q=querytype where rr_type is the type of resource record (RR) for the failed name for which you are attempting to verify (or troubleshoot) a zone delegation. For example, type set q=a if the type of RR used by the failed name is a host (A) RR. 4 Type the fully qualified domain name (FQDN) for the failed name. Use the trailing period (.) when entering the name. If zone delegations are set correctly, a list of name server (NS) RRs for delegated servers should be returned in the response. 5 If the NS query response contains no names or IP addresses for delegated servers, type q=ns and query again using the FQDN for the parent zone of the failed name. For example, if the failed name you used in the previous step was example.microsoft.com, query for microsoft.com. 6 If the response contains name server (NS) RRs, but no host (A) RRs, type set recursion and query individually for any of the A RRs of servers listed in the NS RRs. If, for each NS RR you encounter in a zone, you do not find at least one valid IP address in an A RR, you have a broken delegation. 7 Either fix the broken delegation or retry the delegation test described in the previous step using a different IP address. If more than one A RR or IP address is found, use it to repeat the delegation test described in the previous step. To fix a delegation, add or update an A RR in the parent zone with a valid IP address for a correct DNS server for the delegated zone.
14. Your domain has a Windows 2000 member server computer named London and a DHCP server. Routing and Remote Access is enabled for remote access on London. The domain is in native mode. Users in the domain dial in to the network by using Windows 2000 Professional portable computers. Dial-up connection configuration for the Windows 2000 Professional computers is set to obtain an IP address automatically. You do not want to change this configuration. You want to designate a fixed IP address for each of the users. All users should receive a different fixed IP address when a dial-up connection is made. How should you configure the network to accomplish this goal?
a. Configure each laptop with a specific static IP address b. Create a user class for the laptops and exclude these IP addresses from the DHCP scope c. In Active Directory Users and Computers, assign a static IP address for each user d. Create a separate subnet for the laptops and configure DHCP to issue IP addresses for this subnet only to the laptops
Answer:c You set static IP addresses for each individual user in Active Directory Users and Computers > Dial-In tab.
|
