Windows Directory Infrastructure
70-217
Hi all,
I passed the exam yesterday (Jan. 15, 2003). I consolidated all the dumps starting fom Dec. 2002 to Jan. 2003, Also I purchased online test just to veryfiy the answers. Only two or three answers were wrong or different than the packages that I purchased and have updated the braindump answers.
The test was really easy, no cut & paste, noticed only three exhibits.
No doubt, it’s a great place to study, free of cost and off course granteed to pass the exam. I strongly believe all the exams reseller are copying evey thing from these dumps, therefore, no need to buy any exam, these dumps are more than enough.
Finally thanks to everyone who have participated here. Heading towards my last exam 70-219 some times next week.
Below are the questions appeared in my exam.
1. You are the enterprise administrator of a Windows 2000 domain tree that has five domains. All domains are in native mode. Each domain has one or more users who are help desk staff. Each domain has a global group named Help Desk Members that contains the help desk staff from each domain.
There is an OU named Interns in the root domain. You want all help desk staff to be able to reset passwords of the users in the Interns OU. What should you do?
a. Create a new global security group named Help Desk Staff in the root domain.
Place the five Help Desk Members groups in the Help Desk staff group.
Place the Help desk staff group in the Reset Interns group.
On the reset Interns group, assign the Reset password permission to the Help Desk Staff group.
b. Create a new global security group named Help Desk Staff in the root domain.
Place the five help desk staff in the Help Desk Staff group.
Create a new local security group named Reset Interns in the root domain.
Place all users from the Interns OU in the Reset Interns group.
On the Interns OU, assign the reset Password permission to the Reset Interns group.
c. Create a new universal security group named Help Desk Staff in the root domain.
Place the five Help Desk Members groups in the Help Desk Staff universal group.
Create a new local security group named Reset Interns in the root domain.
Place the Help Desk Staff group in the Reset Interns group.
On the Interns OU, assign the reset password permission to the Reset Interns group.
d. Create a new universal security group named Help Desk Staff in the root domain.
Place the five Help Desk Members groups in the Help Desk Staff group.
Create a new local security group named reset Interns in the root domain.
Place all users from the Interns OU in the Reset Interns group.
On the reset Interns group, assign the Reset Password permission to the Help Desk staff group.
Answer: C
2. You are the administrator of your company's network. The network consists of one Windows 2000 domain that spans multiple subnets. You are configuring DNS for host name resolution throughout the network.
You want to accomplish the following goals:
- DNS zone transfer traffic will be minimized on the network.
- Administrative overhead for maintaining DNS zone files will be minimized.
- Unauthorized host computers will not have records created in the zone.
- All zone updates will come only from authorized DNS servers.
- All zone transfer information will be secured as it crosses the network.
You take the following actions:
- Create an Active Directory integrated zone.
- In the Zone Properties dialog box, set the Allow Dynamic Updates option to "Only Secure Updates".
- On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network.
- Select Allow zone transfers only to servers listed on the network in the Name Servers tab on the Zone Transfers tab of the Zone Properties dialog box.
Which results do these actions produce? (Choose all that apply)
a. DNS zone transfer traffic will be minimized on the network.
b. Administrative overhead for maintaining DNS zone files will be minimized.
c. Unauthorized host computers will not have records created in the zone.
d. All zone updates will come only from authorized DNS servers.
e. All zone transfer information will be secured as it crosses the network.
Answer: A, B, C, D, E
3. You are the administrator of your company's network. Your company has two domains in six sites as shown in an exhibit.
Each site has one or more domain controllers. For fault-tolerance and load-balancing purposes, one domain controller in each site is configured as a global catalog server (GC). Users report that, several times a day, network performance and data transfer for an application located in SiteA are extremely poor.
You want to improve network performance. What should you do?
a. Configure at least two domain controllers in each site as GC servers.
b. Configure the domain controllers in only one site as GC servers.
c. Create site links between all sites and use the default replication schedulers.
d. Create site links between all sites and set the less frequent replication schedules.
e. Create connection object between each domain controller. Use RPC as the transport protocol.
f. Create connection objects between each domain controller. Use SMTP as the transport protocol.
Answer: D
4. You are the administrator of the Contoso, Ltd., company network. You are designing a Windows 2000 domain. Contoso, Ltd., has an Internet presence and owns contoso.com, a registered domain name. The existing DNS zone is hosted on Windows NT 4.0 Server computers.
You want to accomplish the following goals:
• Internal host names will not be exposed to the Internet.
• Internal users will be able to resolve external names for access to Internet-based resources.
• Complexity and depth of domain names for Active Directory will be minimized.
• To comply with management requirements, the existing DNS servers that host the zone for contoso.com will not be upgraded.
You implement a DNS design as shown in an exhibit. Which results does your implementation produce? (Choose all that apply)
a. Internal host names will not be exposed to the Internet.
b. Internal users will be able to resolve external names for access to Internet-based resources.
c. Complexity and depth of domain names for Active Directory will be minimized.
d. To comply with management requirements, the existing DNS servers that host the zone for Contoso.com will not be upgraded.
Answer: A, B, C, D
5. You are the enterprise administrator of a Windows 2000 domain named fabrikam.com. The domain contains three domain controllers named DCA, DCB, and DCC. DCA does not hold any operations master roles. You backed up the System state data of DCA two weeks ago. Without warning, the DCA domain controller's hard disk fails. You decide to replace DCA with a new computer. You install a new Windows 2000 server computer. What should you do next?
a. Add the server to the domain. Do an authoritative restore of the original backup of the original DCA System State data that you made two weeks ago.
b. Add the server to the domain. Use Windows Backup to create a backup of the DCB System state data, and restore this backup on the new DCA.
c. Use the Active Directory installation wizard to make the new computer a replica in the domain.
d. Use the NTDSUTIL utility to copy the active Directory database from DCB to the new DCA.
Answer: C
6. You are the enterprise administrator of a Windows 2000 domain. The domain has three domain controllers named DC1, DC2, and DC3.
Because of changed hardware requirements, you want to replace the domain controller named DC1 with a newer computer named DC4. You want DC4 to be a domain controller in the domain. You no longer want DC1 to function as a domain controller.
What should you do?
a. Install DC4 as a stand-alone server in a workgroup named WG. Restore a System State data backup of DC1 on DC4. On DC1, use the Active Directory Installation wizard to remove Active Directory from DC1.
b. Install DC4 as a stand-alone server in a workgroup named WG. Disconnect DC1 from the network. Rename DC4 to DC1. On DC2, force replication of AD to all its replication partners.
c. Install DC4 as a member server in the domain. On DC4, use the Active Directory Installation wizard to install Active Directory on DC4. On DC1, use the Active Directory Installation wizard to remove Active Directory from DC1.
d. Install DC4 as a member server in the domain. On DC1, use the Ntdsutil to copy the Active Directory files to DC4. Use the Active Directory Installation wizard to remove Active Directory from DC1.
Answer: C
7. You are hired by Fabrikam, Inc., to secure its Windows 2000 network. You use Security Templates to create a custom template and save it as Securefab.inf.
You need to use this template on five domain controllers in the fabrikam.com domain. What should you do? (Choose two)
a. Copy the Securefab.inf file to the Sysvol shared folder on one domain controller.
b. Create a new security database.
c. Import the Securefab.inf file.
d. Rename Securefab.inf to Ntconfig.pol
e. Create a Group Policy object on the Domain Controller Organizational Unit.
f. Configure the file replication service to replicate the template file to all Domain Controllers.
Answer: C, E
8. You are the administrator for a Windows 2000 network. Your network consists of one domain and two Organizational Units (OU). The OUs are named Corporate and Accounting. A user recently reported that she was not able to log on to the domain. You investigate and find out that the user's account has been deleted. You have been auditing all objects in Active Directory since the domain was created. However, you cannot find a record of the user account deletion. You want to find a record that identifies the person who deleted the account. What should you do?
a. Search the security event logs on each domain controller for account management events.
b. Search the security event logs on each domain controller for object access events.
c. Search the Active Directory Users and Computers console on each domain controller for the User's previous account name.
d. Search the Active Directory Users and Computers console on each domain controller for the user's computer account.
Answer: A
9. You are the administrator of your company's network. The network consists of one Windows NT 4.0 domain. You create and implement a security policy that is applied to all Windows 2000 Professional client computers as they are staged and added to the network. You want this security policy to be in effect at all times on all client computers on the network. However, you find out that administrators periodically change security settings on computers when they are troubleshooting or doing maintenance. You want to automate the security analysis and configuration of client computers on the network so that you can track changes to security policy and reapply the original security policy when it has been changed.
What should you do?
a. Use Windows NT System Policy to globally configure the security policy settings on the client computers.
b. Use Windows 2000 Group Policy to globally configure the security policy settings on the client computers.
c. Use the Security and Configuration Analysis tool on the client computers to analyze and configure the security policy.
d. Schedule the Secedit command to run on the client computer, analyze and configure the security policy.
Answer: D
10. You are the administrator of a Windows 2000 network. Recently, your network security was compromised and confidential data was lost. You are now implementing a stricter network security policy. You want to require encrypted TCP/IP communication on your network. What should you do?
a. Create a GPO for the domain, and configure it to assign the Secure Server IPSec Policy.
b. Create a GPO for the domain, and configure it to assign the Server IPSec Policy and to enable Secure channel: Require strong session key.
c. Implement TCP/IP packet filtering, and open only the ports required for your network services.
d. Edit the local security policies on the servers and client computers and enable Digitally signed client and server communications.
Answer: A
11. You are the administrator of your company's network, which consists of one Windows 2000 domain. There is a single top-level OU named Main and five child OUs. The child OUs are named after the company's five departments:
Finance
Marketing
Sales
HR
IT
The accounts for all users and computers in each department are defined in the OU for that department. All users and computers in the Finance, Marketing, Sales and HR OUs require the same desktop settings. Users and computers in the IT OU require less restrictive settings.
You want to accomplish the following goals:
- All the assigned Group Policy settings are defined by the administrator in the Main OU will be applied to all users and computers in the Finance, Marketing, Sales, and HR OUs.
- Group Policy from the Main OU will not be applied to the IT OU.
- Administrators in the IT OU will be able to change the Group Policy settings.
- When new child OUs are added to the domain, the Group Policy will be applied to them automatically.
- Users will not be able to change their Group Policy settings.
You take the following actions:
- Create the GPO, configure the appropriate settings, and link the GPO to the Main OU.
- In the Group Policy Options dialog box for the Main OU, select the No Override check box.
- In the Group Policy dialog box for the IT OU, select the Block Policy inheritance check box.
- Assign the Authenticated Users group Full Control permission to the GPO.
Which results do these actions produce?
a. All the assigned Group Policy settings as defined by the administrator in the Main OU are applied to all users and computers in the Finance, Marketing, Sales, and HR OUs.
b. Group Policy from the Main OU will not be applied to the IT OU.
c. Administrators in the IT OU are able to change the Group Policy settings.
d. When new child OUs are added to the domain, the Group Policy is applied to them automatically.
e. Users cannot change their Group Policy settings.
Answer: A, C, D
12. You are the administrator of a Windows 2000 domain. You want to deploy a new application named Finance that will be used by all users in the domain. The vendor of the Finance application supplied a MS install package for the application. You decide to deploy the Finance application in two phases. During Phase 1, only members of a security group named Finance Pilot will use the Finance application. During Phase 2, all users in the domain will be able to install the Finance Application.
You want to accomplish the following goals:
- During Phase 1, the Finance application will not be installed automatically when users log on.
- During Phase 1, users who are members of the Finance Pilot group will be able to install the Finance application by using a Start menu shortcut.
- During Phase 1, users who are not members of the Finance Pilot group will not be able to install the Finance application by using a Start menu shortcut.
- The Finance application will be installed automatically the first time any user in the domain logs on after phase 2 has begun.
You take the following actions:
- Create a new GPO named Deploy Finance and link the deploy Finance GPO to the domain.
- Configure the Deploy Finance GPO to assign the Finance application to users.
- For Phase 1, create a software category named Finance Pilot. ASSIGN the Finance application to the Finance Pilot software category.
- For Phase 2, remove the Finance application from the Finance Pilot software category.
Which results do these actions produce?
a. During Phase 1, the Finance application will not be installed automatically when users log on.
b. During Phase 1, users who are members of the Finance Pilot group can install the Finance application by using a Start menu shortcut.
c. During Phase 1, users who are not members of the Finance Pilot group cannot install the Finance application by using a Start menu shortcut.
d. The Finance application is installed automatically the first time any user in the domain logs on after Phase 2 has begun.
Answer: A, B
13. You are the network administrator for Just Togs. Your Windows 2000 network consists of 15,000 users. Users have recently reported that documents are missing from the servers. You need to track the actions of the users to find out who has been deleting the files. You create a GPO on the justtogs.com domain and assign the appropriate permissions to the GPO.
What actions should you audit? (Choose two)
a. Object access
b. Process tracking
c. Privileged use
d. Delete and Delete subfolders and files
e. Directory Services access
Answer: A, D
14. You are installing a new Windows 2000 Server computer on your existing Windows NT network. You run DCPromo.exe to promote the server to a domain controller in a domain named domain.local. You receive the following error message:
"The domain name specified is already in use on the network".
There are no other Windows 2000 domains on your network. What should you do?
a. Place an entry in your DNS server host table for the domain.local domain name.
b. Place an entry in your WINS database for the domain.local domain name.
c. Change the domain name to domain.com.
d. Change the down level domain name to domain1.
Answer: D
15. You are the administrator of a Windows 2000 domain. The domain has a Windows 2000 Server computer named Toronto. Users in the domain frequently work on different Windows 2000 Professional computers. All Windows 2000 Professional computers are in the domain. You want to enable roaming profiles for all users.
You want to accomplish the following goals:
- All users in the domain will be able to work on all Windows 2000 Professional computers and have their own desktop settings available on all computers.
- All users in the domain will be able to make changes to their desktop settings. All users in the domain will be able to access their documents in the My Documents folder from any Windows 2000 Professional computer.
- The amount of data that is copied between the Toronto server and the Windows 2000 Professional computers each time a user logs on or off will be minimized.
What should you do? (Choose two)
a. Configure a roaming profile for each user in the domain. Use \\Toronto\Profiles\%Username% as the profile path.
b. Configure a roaming profile for each user in the domain. Use \\Toronto\Profiles\%Username%\Ntuser.man as the profile path.
c. Create a new Group Policy object (GPO) named Profilescript. Assign the Profilescript GPO to the domain. Configure the Profilescript GPO to assign a logon script to all users. Include the runas/profile explorer.exe command in the logon script.
d. Create a new Group Policy object (GPO) named Docs. Assign the Docs GPO to the domain. Configure the Docs GPO to redirect the My Documents folder to the \\Toronto\Docs\%Username% location.
e. Create a new Group Policy object (GPO) named Profiledocs. Assign the Profiledocs GPO to the domain. Configure the Profiledocs GPO to exclude the My Documents folder from each user's roaming profile.
Answer: A, D
16. You are the administrator of a Windows 2000 network. The network is composed of four domains:
arborshoes.com (the root of the forest)
na.arborshoes.com
sa.arborshoes.com
fabrikam.com
There are two Windows NT 4.0 BDCs in each domain. Graphic artists place finished artwork for Fabrikam, Inc. in a shared folder located on a domain controller named na01.fabrikam.com. Read and Write permissions are granted to the Artists Domain local group in the fabrikam.com domain.
Sharon is a member of the Graphic Artists global distribution group in the na.arborshoes.com domain. She is unable to gain access to the shared folder. You want to allow Sharon access to the shared folder. What should you do?
a. Change the Graphic Artists group type to "Security" and add it to the Artists Domain local group.
b. Change the Artists Domain local group to a universal group and add it to the Graphic Artists group.
c. Change the Graphic Artists group to a Domain local group and add it to the Artists Domain local group.
d. Change the mode of the domain controller in na.arborshoes.com to native mode. Add the Graphic Artists group to the Artists Domain local group.
Answer: A
17. Your name is Avi Gaspan and you are the administrator of your company's WAN. Your company has four locations connected by dedicated 256-Kbps leased lines. You install and configure a Windows 2000 domain controller at each location. For network performance reasons, you want to control the bandwidth usage and replication schedule of directory information to each domain controller in each location. What should you do? (Choose two)
a. Create a site for each location.
b. Create a site that spans all the locations.
c. Create server objects for each domain controller in every site.
d. Create server objects for each domain controller in its own site.
e. Copy all server objects from Default-First-Site-Name to each site.
f. Move each server object from Default-First-Site-Name to the appropriate site.
Answer: A, F
18. You are the administrator of your company's network. Your company has its main office in North America and has branch offices in Asia and Europe. The locations are connected by dedicated 256-Kbps lines. The network consists of one Windows 2000 domain. To minimize logon authentication traffic across the slow links, you create a site for each office and configure the site links between the sites. Users in the branch offices report that it takes a long time to log on to the domain. You monitor the network and discover that all authentication traffic is still being sent to the domain controllers in the North America site. What should you do to correct this problem?
a. Schedule replication to occur more frequently between the sites.
b. Schedule replication to occur less frequently between the sites.
c. Create a subnet for each physical location, associate the subnets with the North America site and move server objects to the North America site.
d. Create a subnet for each physical location, associate each subnet with its respective site and move each server object to its respective site.
Answer: D
19. You are the administrator of your company's network. You have been auditing security events on the network since it was installed. A user on your network named JOHN THORSON recently reported that he was no longer able to change his password. Because there have been no recent changes to account policies, you suspect that someone has been modifying the properties of user accounts in Active Directory. There are thousands of entries in the event logs, and you need to isolate and review the events pertaining to this problem in the least possible amount of time. What should you do?
a. In the security log, create a filter for events matching the following criteria:
Event source: Security Category: Account Management
User: JTHORSON.
b. In the directory service log, create a filter for events matching the following criteria:
Event source: NTDS Security Category: Security.
Search the remaining items for events referencing John Thorson's account.
c. In the directory service log, create a filter for events matching the following criteria:
Event source: NTDS Security Category: Global Catalog
User: JTHORSON.
d. In the security log, create a filter for events matching the following criteria:
Event source: Security Category: Account Management.
Search the remaining items for events referencing John Thorson's account.
Answer: D
20. You are the administrator of a Windows 2000 network for Lucerne Real Estate. The network has 1,200 users. You are delegating part of the administration of the domain to three users. You delegate the authority to create and delete computer accounts to Carlos. You delegate the authority to change user account information to Julia. You delegate the ability to add client computers to the domain to Peter. You want to track the changes made to the directory by these three users.
What should you do?
a. Create a Group Policy object (GPO) for the domain controllers.
Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter.
Configure the GPO to audit directory services access and account management.
b. Create a Group Policy object (GPO) for the domain.
Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter.
Configure the GPO to audit directory services access and audit object access.
c. Create a Group Policy object (GPO) for the domain controllers.
Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter.
Configure the GPO to audit directory services access and audit object access.
d. Create a Group Policy object (GPO) for the domain.
Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter.
Configure the GPO to audit object access and process tracking.
Answer: A
21. You are the administrator of a Windows 2000 network. The network contains two Widnows 2000 controllers. You are configuring and audit policy fo rhte company help desk. The help desk has two employees: Carlos and Julia. Carlos is authorized to create and delete computer accouts. Julia is authorized to change user account information.
You wan to track the changes that Carlos and Julia are authorized to amek tin the domain. What should you do?
a. Create a Group Policy object (GPO) for the domain controllers.
Configure the GPO to audit directory services access and account management.
b. Create a Group Policy object (GPO) for the domain.
Configure the GPO to audit directory services access and audit object access.
c. Create a Group Policy object (GPO) for the domain controllers.
Configure the GPO to audit directory services access and audit object access.
d. Create a Group Policy object (GPO) for the domain.
Configure the GPO to audit object access and to audit process tracking.
Answer: A
22. You are the administrator of a Windows 2000 network. Your network has one domain named parnellaerospace.com. The parnellaerospace.com domain supports 8,000 users at three locations. The network has three sites connected by T1 lines, as shown below:
The West site has 2,500 users
The East site has 3,000 users
The Central site has 2,500 users
Each site contains a global catalog server.
The global catalog server in the West site is named LAX01-GC. The global catalog server in the Central site is named TUL01-GC. The global catalog server in the East site is named NYC01-GC. You want users located in the West site to query TUL01-GC if the West site global catalog server is offline. What should you do?
a. Create a new subnet, assign it to the West site, and move TULO 1-GC to the West site.
b. Configure the site link between the Central site and the West site to have a lower cost than the site link between the West site and the East site.
c. Add a global catalog server to the Central site that has an IP address in the West site subnet.
d. Configure TUL01-GC as a preferred bridgehead server.
e. Set the query policy on LAXO 1-GC to the default query policy.
Answer: B
23. You are the network administrator of a Windows 2000 network. Your company has 3 locations in North America and 3 locations in Europe. Your network includes 6 sites as shown below:
- The root of the forest is bluesskyairlines.com.
- England, France and Italy sites are in the eur.blueskyairlines.com domain
- NorthWestUS, CentralUS, and NorthEastUS sites are in the na.blueskyairlines.com domain
The connection between the NorthEastUS site and the England site is unreliable. You want to configure replication between the NorthEastUS site and the England site. What should you do?
a. Create an SMTP site link between the NorthEastUS site and the England site.
b. Create an IP site link between the NorthEastUS site and the England site.
c. Create an SMTP site link bridge between the NorthEastUS site and the England site.
d. Create an IP site like bridge between the NorthEastUS site and the England site.
Answer: A
24. You are the network administrator for your company. You are deploying Windows 2000 Professional on your network by RIS. Your company has several departments. To expedite the deployment of Windows 2000 and other third party applications, you have created a group named Department Managers. You want to allow members of the Department Managers group access to create custom images and post them to the RIS servers for deployment. In addition, you want to allow members of the group to install client computers from the RIS server. What should you do?
a. Grant the department managers group Read and Write permissions to the Remoteinstall folder.
b. Grant the department managers group Read and Write permissions to the Oschooser folder.
c. Grant the department managers group Full Control permissions to the RIPrep.exe.
d. Grant the department managers group Full Control permissions to the SysPrep utility.
e. Grant the department managers group Read and Write permissions to the admin folder.
Answer: A
25. You are the network administrator for Enchantment Lakes Corporation. Enchantment Lakes Corporation and Five Lakes Publishing are planning a merger. The planned Windows 2000 network configuration is shown in the exhibit below. You want to connect the fivelakespublishing.com domain to the enchantmentlakes.com DNS server. The fivelakespublishing.com domain uses an Active Directory integrated zone on its DNS server. Five Lakes Publishing will retain its domain structure after the merger is complete. You want to set up the enchantmentlakes.com DNS server to host the fivelakespublishing.com domain. What should you do?
a. On Server1, create an Active Directory integrated zone named fivelakespubliching.com. Enable WINS lookup, and specify Server7 as the IP address for the WINS server
b. On Server5, create a secondary zone named fivelakespublishing.com. Configure DNS zone transfers to allow Server1 to replicate data
c. On Server5, configure DNS zone transfers to allow Server1 to replicate data. On Server1, create a secondary zone named fivelakespublishing.com.
d. On Server1, create an Active Directory integrated zone named fivelakespublishing.com. Configure DNS zone transfers to allow Server5 to replicate data
Answer:C
26. You install a Windows 2000 Server computer on your network. You promote the computer to be
a domain controller. This computer also functions as the DNS server for the domain. All client
computers are running Windows 2000 Professional.
When users attempt to log on, they receive an error message stating that a domain controller
cannot be located. You verify that Active Directory is installed and functional on the server.
You want to ensure that the domain controller is available for user logons. What should you do
next?
a. Check DNS for the addition of an appropriate SRV (service) record in the zone.
b. Check DNS for the addition of an appropriate A (host) record in the zone.
c. Check for the presence of an NTDS folder on the domain controller.
d. Check for the presence of a Sysvol folder on the domain controller.
e. On the client computers, create a Hosts file that contains the SRV (service) records for the domain controller.
f. On the client computers, create a Hosts file that contains the A (host) record for the domain controller.
Answer: a
27. You are the administrator of a Windows 2000 domain. The domain has an organizational unit
(OU) named Staff. Users in the Staff OU frequently work on different Windows 2000 Professional
computers. All Windows 2000 Professional computers are in the domain. The domain also has a
Windows 2000 Server computer named ServerA.
You want to accomplish the following goals:
• Users in the Staff OU will receive their user profile settings at every Windows 2000
Professional computer in the domain
• Each user in the Staff OU will be able to gain access to the documents in the user’s My
Documents folder from any Windows 2000 Professional computer in the domain
• To reduce network traffic documents in users’ My Documents folders will not be
automatically copied to or from the server when users log on to or log on of the domain
What should you do? (Choose all that apply
a. Configure a roaming profile for each user in the Staff OU
Use \ ServerAProfiles Username% as the profile path
b. Create a new Group Policy object (GPO) named Profile
Assign the Profile GPO to the Staff OU
Configure the Profile GPO to redirect the Desktop folder to \ ServerAProfiles Username%
c. Create a new Group Policy object (GPO) named Redirect
Assign the Redirect GPO to the Staff OU
Configure the Redirect GPO to redirect the My Documents folder to \ ServerAProfiles Username%
d. On the Windows 2000 Professional computers share the My Documents folder.
Configure the My Documents share to prevent files in the shared folder from
being cached
Answer: A, C
28. You add a new domain controller named GC01 to your network to take the place of the existing global catalog server. You also enable GC01 as a global catalog. You want to use GC00, the original server, as a domain controller but not as a GC server for the domain. You want to increase disk space on GC00.
What should you do? (Choose all that apply)
a. Use the Active Directory Sites and Services. Select the NTDS settings object for the GC00 Server to clear the Global Catalog check box.
b. On the GC00 server, run the Ntdsutil utility to defragment Active Directory.
c. On the GC00 server, reinstall Windows 2000.
d. On the GC01 server, run the Ntdsutil utility to enable the global catalog server option.
Answer: A, B
29. You are the network administrator of a Windows 2000 domain. The domain has an OU named Help Desk. A Group Policy (GPO) name Disable Regedit is assigned to the Help Desk OU. The only policy setting defined in the Disable Regedit GPO, which is the policy setting that disables use of registry editing tools. For performance reasons, your company wants to minimize the number of GPOs that are processed at logon. The company also decided that the restriction on the registry editing tools must no longer apply to the users of Help Desk OU. What should you do?
a. Remove the Disable Regedit GPO from the Help Desk OU.
b. Assign a new GPO in the Help Desk OU that enables the use of registry editing tools.
c. On the computers used by users in the Help Desk OU, edit the registry to allow the use of registry editing tools.
d. On the computers used by users in the Help Desk OU, configure the local GPO to allow the use of registry editing tools.
e. On the computers used by users in the Help Desk OU, delete the registry POL file from \systemroot\System32GroupPolicy folder.
Answer: A
30. You are the network administrator of a Windows 2000 domain. All of the domain resources are defined in two top levels OUs. The OUs are named West and East. William is the administrator of the West OU. Evert is the administrator of resources in the East OU.
You move Printer1 from the West OU to the East OU. After you move the printer, Evert can administer it. However, William reports that he can still remove print jobs from Printer1. You want Evert to be the only one to administer Printer1. What should you do?
a. Use the delegation of control wizard on the east OU to assign printer1 permission to Evert.
b. Configure the security properties for printer1 to disallow inheritable permissions to propagate.
c. Remove the permissions for William from Printer1.
d. Configure the printer permission on the west OU to apply to only the west OU.
Answer: C
31. You are the administrator of a Windows 2000 network. Your Windows 2000 domain controller has been in operation for one year. During that year, you have deleted numerous objects. However, the NTDS.DIT file is the same size it was before you deleted any objects. You want to reduce the size of the NTDS.DIT file. What should you do? (Choose two)
a. Delete all the log files from the NTDS folder and restart the server.
b. Use the Ntdsutil utility to perform an authoritive restore.
c. Run the Esentutl utility by using the /d switch.
d. Restart the server in Directory Services restore mode.
e. Use the Ntdsutil utility to compress the database to another drive.
Answer: D, E
32. You are the administrator of a Windows 2000 network named contoso.com. Your network is configured as shown in an exhibit. Your company plans to open a new office in Dallas. Members of your IT staff will be on-site in Dallas next week to install the new 10.1.3.0/24 network. You want to prepare the network in advance so that when the IT staff installs a new domain controller, it will automatically join the appropriate site.What should you do?
a. Delete the Default-First-Site-Name object in Active Directory Sites and Services.
b. Create a new subnet for the Dallas network. Create a new site and associate the new subnet with the new site.
c. In the Domain Controller OU, create a computer account that has the name of the new domain controller.
d. Use RIS to prestage the new domain controller.
e. Copy the installation source files to the new domain controller. Create an unattended install file with an automated DCPromo.bat file.
Answer: B
33. You are the network administrator for Contoso. Ltd. Marc is moving from the IT department to the
sales department and will be the technical sales manager for the eastern United States. The
current OU structure is shown in the exhibit. (Click the Exhibit button)
You move Marc’s user account from the IT OU to the Technical Sales OU. You want Marc to be
able to create user accounts in ou= sales, ou= eastern, dc= contoso, dc= com.
What should you do?
a. Move Marc’s user account to the Sales OU.
b. Add Marc’s user account to the Account Operators group.
c. Grant Marc’s user account Create User Objects permission for the Sales OU.
d. Grant Marc’s user account Write permission for the Sales OU.
Answer: C
34. You are the administrator of your company’s Windows 2000 network. The network consists of a single domain named litware.com. All client computers are running Windows 2000 Professional and are members of the domain. All users are members of the Power Users group on their computers. A portion of the network is configured as shown in the exhibit.
A client computer named Client4 has dial-up access to the internet. You do not want other users to share the internet connection that is configured for Client4.
What should you do?
a. Create a Group Policy Object (GPO) that disables the configuration of connecton sharing. Grant Client1, Client2, and Clinet3 the Read permission and the apply Group Policy permission for the GPO.
b. Create a Group Policy Object (GPO) that disables the configuration of connection sharing. Grant Client4 the Read permission and the apply Group Policy permission for the GPO.
c. Create a Group Policy Object that creates a high-security zone for Microsfot Internet Explorer.
d. Create a Group Policy Object that deletes existing connection settings for Microsfot Internet Explorer.
Answer: B
35. You are backup operator of a Windows 2000 domain. The domain has 2 domain controllers. You want the Active Directory database file of both domain controllers to be automatically backed up once a week. What should you do?
a. Schedule a backup job that will backup the System State data once a week.
b. Schedule a backup job and select Schema.ini file in the System32 folder and all files in the NTDS folder to be backed up once a week.
c. Schedule a task that will run the NTDUTIL once a week.
d. Schedule a task that will copy the Ntds.dit file and the SYSVOL folder once a week.
Answer: A
36. You are the administrator for your company. You are deploying Windows 2000 on your network of 10,500 users. There are 15 departments in your company. Each department needs to use specific features of Windows 2000 and custom third party applications. You want to minimize the administrative time required to set up the client computers. You also want to provide customized software installations to the users.What should you do?
a. Install and configure a RIS server on your network.
Use RIPrep.exe to create multiple images for each department.
connect the client computers to the RIS server and deploy the custom images.
b. Install and configure a RIS server on your network.
Create different installation script files for each department.
Deploy the computers by using RIS.
c. Create a shared folder on one of the servers.
Copy the source files from the Windows 2000 Professional CD-ROM to the shared folder. Perform unattended installations from the shared folder by using script files, and then install the third-party applications.
d. Create a shared folder on one of the servers.
Copy the source files from the Windows 2000 Professional CD-ROM to the shared folder. Perform attended installations from the shared folder, and then select only the components you need for each department.
Answer: A
37. You are the administrator of a Windows 2000 domain. The domain has an organizational unit (OU) named Help Desk. All users in the Help Desk OU use an application named PhoneID. The PhoneID application is deployed by using a Group Policy object (GPO) named Phone App on the Help Desk OU. The Phone App GPO is configured to publish the PhoneID application to users by using a Microsoft Windows Installer package for the application. Currently, only the users in the Help Desk OU can start the PhoneID application. You want all users in the domain to be able to install the PhoneID application by using a Start menu shortcut.
What should you do?
a. Remove the Phone App GPO link to the Help Desk OU.
Assign the Phone App GPO to the domain.
Change the configuration of the Phone App GPO to assign the PhoneID application to users.
b. Create a new GPO named Phone For All.
Assign the Phone For All GPO to the domain.
Configure the Phone For All GPO to assign the PhoneID application to computers.
c. Configure the Phone App GPO to assign the PhoneID application to users.
Configure the permissions on the Phone App GPO to assign Apply Group Policy permission to the Authenticated Users group.
d. Configure the Phone App GPO to assign the PhoneID application to computers.
Configure the PhoneID Windows Installer package to upgrade the installed PhoneID application. Set the Windows Installer policy to disable rollback.
Answer: A
38. You are the administrator of a Windows 2000 network for Miller Textiles. The network configuration is shown in an exhibit.
The millertextiles.com domain is hosted on Server1 as an Active Directory integrated zone, and on Server3 as a secondary zone.
All client computers on Segment B are running Windows 2000 Professional. All client computers on Segment A are down level client computers. All client computers are DHCP clients as well. You share some network resources on several of the client computers on Segment A. Several days later you attempt to connect to those shared resources from client computers running on segment B, but you are unable to resolve the host names of client computers on Segment A. How should you correct this problem?
a. On the DHCP server, set the DNS Domain Name scope option to millertextiles.com.
b. On Server1 for the millertextiles.com zone, change the value of "Allow Dynamic Updates" from the default settings to "Yes".
c. Configure the millertextiles.com domain to allow zone transfers to all the computers on the network.
d. On Server2, enable updates for DNS clients that do not support dynamic updates.
Answer: D
39. You are the network administrator for Arbor Shoes. Part of your multi-site Windows 2000 network configuration is show in an exhibit.
Server1 is configured with the primary zone for arborshoes.com. Server3 and Server5 are configured with secondary zones for arborshoes.com. You discover an error in several host records that is preventing client computers in Atlanta from accessing some shared resources. You make the necessary corrections on Server1. You want these changes to be propagated to Atlanta immediately.
What should you do?
a. On the Action menu for the arborshoes.com zone, click "Update Server Data Files".
b. At Server5, perform the Transfer from master action for the arborshoes.com zone.
c. At Server1, stop and start the DNS server service.
d. At Server5, select Allow zone transfers on the arborshoes.com zone.
Answer: B
40. You are the network administrator for LitWare, Inc. You are implementing Windows 2000 on your network. Part of your network configuration is shown in an exhibit. You have installed Server2 and Server4 as domain controllers for LitWare.com. You have installed Server1 and Server3 as DNS servers for the litware.com domain. Each server has a standard primary zone named litware.com. You configure the domain to run in native mode.
When Server2 attempts to contact Server4 by name, it cannot establish a connection. However, you can ping both Server2 and Server4 from any computer in either site. You need to be able to resolve names of serves in both sites. You want the information to be updated regularly. What should you do?
a. Configure Server1 and Server3 to allow dynamic updates in DNS.
b. Configure Server1 and Server3 to allow zone transfers to any server. Then configure the DNS notification options to notify each server of updates.
c. Reinstall Server4 as a member server in the same domain as Server2. Create a new site and promote Server4 to a domain controller within the new site.
d. Re-create the litware.com zone on Server3 as a secondary zone. Configure Server3 to replicate DNS data from Server1.
Answer: D
41. You are the administrator of a Windows 2000 domain. To control the desktop environment of users in the domain, you use a script file named Desktop.vbs to change settings in the current user profile. This script file is deployed as a login script for all users in the domain. The Desktop.vbs script usually takes 15 seconds to complete its work. You want to ensure that each user's desktop appears only after the Desktop.vbs script is completed.
What should you do?
a. For all users in the domain, set the logon script in the user profile to Desktop.vbs.
b. Create a new GPO; Assign the GPO to the domain.
Add Desktop.vbs to the GPO as a logon script.
Configure the GPO to run logon scripts synchronously.
c. Create a new GPO; Assign the GPO to the domain.
Add Desktop.vbs to the GPO as a logon script.
Configure the GPO to set a maximum wait time of 15 seconds for Group Policy scripts
d. Create a new GPO; Assign the GPO to the domain.
Add Desktop.vbs to the GPO as a logon script.
Configure the GPO to set a timeout of 15 seconds for logon dialog boxes.
Answer: B
42. Your company's network consists of a single Windows 2000 domain. You are the administrator for an organizational unit named Finance. Four Group Policy Objects are linked to the Finance OU. They are listed on the Group Policy tab as below:
Remove Run GPO - removes the Run command from the Start menu. This GPO affects only the users in
Atlanta.
Enable Display and Distribute Software GPO - enables Display in the Control Panel. This GPO affects all
users in the Finance department.
Disable Display and Remove Run GPO - removes the Run command from the Start menu and a policy
that disables display in the Control Panel. This GPO affects only the users in Chicago.
Enable Run GPO - enables the Run command from the Start menu. This GPO affects only the users in
New York
You discover that users in Chicago are making unauthorized changes to their desktop settings by using Display in the Control Panel. You need to ensure that users in the Finance OU cannot access Display in the Control Panel.
What should you do?
A. Set the Chicago Disable Display & Remove Run GPO to No override.
B. Set the All Users Enable Display & Distribute Software GPO to Block Inheritance.
C. Raise the priority of the All Users Enable Display & Distribute Software GPO.
D. Lower the priority of the All Users Enable Display & Distribute Software GPO.
Answer: D
43. You are the enterprise administrator of a Windows 2000 domain. The domain is in native mode. You want to implement a policy to disable the ShutDown command for all users in the domain except for the members of the Domain Admins security group. You create a new Group Policy object (GPO) named Shutdown. You configure the Shutdown GPO to disable the Shutdown option. You assign the Shutdown GPO to the domain. You want to ensure that the policy does not apply to the members of the Domain Admins group.
What should you do?
a. On the Shutdown GPO, deny the Apply Group Policy permission to the Domain Admins group.
b. On the Shutdown GPO, remove the Apply Group Policy permission from the Authenticated Users group. Grant the Apply Group Policy permission to the Users group.
c. Add the Domain Admins group to the Group Policy Owners group.
d. Create a new OU named No Shutdown. Move the Domain Admins group to the No Shutdown OU. Configure the No Shutdown OU to block policy inheritance.
e. On the computers that the members of the Domain Admins group use to log on, configure the local GPO to enable the Shutdown option.
Answer: A
|
