|
Hi,
I passed and used itcertkeys.com study guides.
best of luck
1. You are the network administrator for Contoso Ltd. The company hires a consultant named Amy Jones from Litware Inc. Amy requires access to your network. She prefers to receive all of her e-mail at her info@smartcert.net.com address.
A. Create a user account that has an Exchange mailbox in active directory. Change the SMTP address on the e-mail address tab to the user property sheet to the ajones@litware.com. B. Create an e-mail enabled contact object for Amy Jones and specify the SMTP address ajones@litware.com as the e-mail address in active directory. C. Create a user account that does not have an Exchange mailbox in active directory. Use Exchange task wizard to assign an SMTP address for ajones@litware.com D. Create a user account that does not have an Exchange mailbox in active directory. Enter ajones@litware.com as the e-mail address on the General tab of the user property sheet.
Answer: C (verified by itcertkeys.com)
2. You are the administrator of the Windows 2000 network at Contoso Ltd. You have a mixed environment of Exchange server 5.5 computers and Exchange 2000 Server computers. You upgrade a computer named server 2 from Exchange server 5.5 to Exchange 2000 Server. You now have two Exchange sites configured as shown in the All of the Exchange servers are member servers in the contoso.com domain. You will not be upgrading server 3 or
A. On server3, create a directory replication connector between server4 and server3. B. On server 3, create a site connector between server 4 and server 3. C. On server 1, create a two-way connection agreement between server 4 and server 1. D. On server 1, create a one-way connection agreement from server 4 to server 1. E. On server 2, create a routing group connector between server 4 and server 2.
Answer: C (verified by itcertkeys.com)
3. You are the Exchange administrator for Litware, Inc. An employee named David Simpson reports that email message that he sent to an external mail account has not been received. The message was sent more than 30 minutes ago to Jim Hance at Parnell Aerospace. You examine the SMTP queues on your Exchange 2000 server
A. Freeze all the messages in the litware.com SMTP link queue. Create a custom filter to unfreeze all messages to Jim Hance. B. Freeze all messages in the parnellaerospace.com SMTP link queue. Create a custom filter to unfreeze all messages to Jim Hance. C. Configure a new SMTP virtual server. Set the relay restrictions to allow all computers to relay messages through the new SMTP virtual server. D. Configure a new SMTP virtual server Set the relay restrictions to prevent all computers from relaying messages through the new SMTP virtual server.
Answer: B (verified by itcertkeys.com)
4. You are the Exchange administrator for Just togs. All of the server computers on your network have identical processors and 256MB of RAM. Mailboxes are grouped according to user’s first names, as shown in the network A. Install Exchange 2000 Server on Dc1. Move Carmen’s mailbox to the default mailbox store on Dc1 B. Create a new storage group on Ex1. Create a new mailbox store in the new storage group. Move Carmen’s mailbox to the new mailbox store. C. Create a new mailbox store in the first storage group on Ex2. Move the Carmen’s mailbox to the new mailbox store. D. Move Carmen’s mailbox from the priv1.edb mailbox store to the priv2.edb mailbox store.
Answer: C (verified by itcertkeys.com)
5. You are the Exchange Administrator for Just Togs. Users whose mailboxes reside on a server named EX7 report that it occasionally takes long period of time to receive their E-mail messages. You monitor the justtogs.com links queue and notice that there are sometimes as many as 30 queued messages. You need to find out whether the justtogs.com link queue is the cause of the slow delivery times. You need to make sure that Exchange Administrators are notified when the problems occur.
A. Configure system monitor to chart the receive queue size on the MSExchanger3 private object. Configure system monitor to send an alert when the 'receive queue size' value of the MSExchangeIMC object is greater than 30. B. Configure the system monitor to log the local queue length on the SMTP server. Configure system monitor to send an alert when the local queue length value of the SMTP server object is greater than 30. C. Configure the system monitor to chart the local retry queue length on the SMTP server. Add the X400 queue growth monitor to EX7. Create a notification to process a script that notifies the administrators when the Ex7 server monitor enters a warning state. D. Configure system monitor to log the local queue length on the SMTP server. Add the X400 queue growth monitor to EX7. Create a notification to process script that notifies the administrators when the EX7 server monitor enters a critical state.
Answer: B (verified by itcertkeys.com)
6. You are the Exchange Administrator for Hanson Brothers. Your production Exchange 2000 Server environment was created fresh, without an upgrade from a previous version. You are configuring an Exchange 2000 Server computer as a recovery server for single mailbox recovery. You create a new Windows 2000 forest, and make the recovery server the only domain controller for that forest.
A. Demote the recovery server to a member server, and add it to the existing hansonbrothers.com domain. Join the recovery server to the production Exchange Administrative group. Perform the database restore again. B. Create a storage group and database that use the logical names from the production server. On the new database select the 'This database can be overwritten by a restore' check box. C. Reinstall Exchange 2000 server on the recovery server by running setup/disaster recovery. Then run ISINTEG-patch. Restart the information store service. D. Use ASDI Edit to set the Legacy Exchange DN value of the recovery server’s administrator group to be O=Hanson Brother, OU First Administrative Group
Answer: B (verified by itcertkeys.com)
7. You are the Exchange Administrator for Parnell Aerospace. The company recently acquired a company named Trey Research. The users from Trey Research are being migrated to the Parnell Aerospace Exchange A. Create an additional SMTP address for Trey Research.com on the SMTP connector’s address space property sheet. B. Create an internet Message Format that applies to the Trey Research.com SMTP domain. C. Create a recipient policy that appears to the Trey Research users so that it creates an additional SMTP address for each of those users. D. Create an MX record that directs internet mail designated for Trey Research.com to the SMTP connector. E. Create an additional SMTP virtual server and SMTP connector on the Exchange 2000 Server computer that hosts the Trey Research users.
Answer: A, C (verified by itcertkeys.com)
8. You are the Exchange Administrator for Contoso Ltd during the past six months, the company added six regional offices throughout the country. There are plans to open an additional six regional offices during the next six months. The users at the regional offices access their mailboxes by using Microsoft Outlook Web Access. Your A. Install two front-end Exchange 2000 Server computers. Place the new server on the perimeter network. Configure load balancing between the two servers. Configure certificate servers, and create a rule on the firewall to redirect port 443 to the servers. B. Install one front-end Exchange 2000 Server computer and continue to run Outlook Web Access on the existing Exchange server. Place the new server on the perimeter network. Configure unique URLs to connect to each server. Configure certificate servers, and create a rule on the firewall to redirect port 443 to the servers. C. Install two Exchange 2000 Server computers. Place the new server on the perimeter network. Configure unique URLs to connect to each server. Configure certificate services on the servers. Create a rule on the firewall to redirect port 443 to the servers. D. Install two front-end Exchange 2000 Server computers. Place the new server on the internal network. Configure load balancing between the two servers. Configure certificate services on the servers. Create a rule on the firewall to redirect port 443 to the servers.
Answer: A (verified by itcertkeys.com)
9. You are the Exchange Administrator at Axesome computers. An employee named Anita reports that she has problems when sending e-mail messages containing attachments to Bruno at Wheeler Copies. Bruno has told Anita that Wheeler Copies uses an older e-mail system, and there is a long series of random numbers and letters A. Configure a new POP3 virtual server. Set the message format to use Exchange rich-text format. Modify the connection control value to allow access from only the wheelercopies.com domain. B. Configure the new IMAP4 virtual server. Change the MIME message encoding to provide the message body as plan text. Modify the connection control value to allow access from only the wheelercopies.com domain. C. Create a new internet message format for the wheelercopies.com domain. Configure the domain message encoding to use Unicode. Disable BinHex for Macintosh. D. Create a new internet message format for the wheelercopies.com domain. Configure the domain message encoding to use MIME. Set the MIME character set to Unicode.
Answer: C (verified by itcertkeys.com)
10. You are the Exchange administrator of Miller textiles. Eric, the manager of human resources wants potential job candidates to send their resumes to jobs@millertextiles.com. Eric wants to prevent employees in other departments from being able to view these messages. Eric creates a Microsoft outlook public folder named A. Enable anonymous access for the job inquiries folder. B. Change the name of the job enquiries folder in the address list to jobs@millertextiles.com C. Change the SMTP address of the job enquiries folder to jobs@millertextiles.com D. Make the job enquiries folder visible in the address list. E. Change the permissions role for the default user to contributor.
Answer: C, E (verified by itcertkeys.com)
11. You are the Exchange Administrator for Spring First Home Loans. Your users send several hundred E-mail messages each day to Wood grove Bank. The administrator at A. Change the setting for the first retry interval on the SMTP from 10 minutes to 1 minute. B. Force a connection on the Woodgrovebank.com link queue. C. Create a custom filter to enumerate all messages in the woodgrivebank.com link queue. D. Unfreeze all messages in the woodgrovebank.com link queue.
Answer: D (verified by itcertkeys.com)
12. You are the Exchange administrator for Just Togs. You install a new Exchange 2000 server computer into your Windows 2000 domain. Your network is configured as shown in the Exhibit. A. On ns1.justtogs.com, configure an A record that points to ex1.justtogs.com. B. On ns1.justtogs.com, configure an MX record that points to ex1.justtogs.com. C. In the Hosts file on your computer, create an entry that points to ex1.justtogs.com. D. In the LMHosts on your computer, create an entry that points to ex1.justtogs.com
Answer: A
13. You are the Exchange Administrator for your company. You manage three Exchange 2000 Server computers. You discover that the registry of one of the servers is corrupt. When you restart the server and log on, you notice that both the NetLogon and the Exchange services on that server do not start. You must repair that server’s registry so you can start the Exchange services properly. What should you do?
A. Use Windows backup to restore the contents of the server’s Sysvol folder from the last backup. B. Use Windows backup to restore the system state data from the last backup. C. At a command prompt, copy the System all file to system Database in the c:\winnt\system32\config folder. D. Restart the server by using the last known good configuration.
Answer: B (verified by itcertkeys.com)
14. You are the Exchange Administrator for your company. A hard disk on one of the Exchange 2000 Server computers fails. The failed hard disk contained the Exchange 2000 System files. The hard disk that contained the transaction log files and Exchange databases was not affected by the failure. You replace the failed hard disk. You need to bring the server online, but the only available does not include the system files. What should you do?
A. Reinstall Exchange 2000 Server by running setup/DomainPrep on the server. B. Reinstall Exchange 2000 Server by running setup/DisasterRecovery on the server. C. Perform a normal installation of Exchange 2000 Server on the server. Create a new database that uses the same database names and paths as the original installation. D. Perform a normal installation of Exchange 2000 Server on the server. Create a storage group that uses the same database names and paths as the original installation.
Answer: B (verified by itcertkeys.com)
15. You are the Exchange Administrator for your company. Users in the Exchange organization access their e-mail by using Microsoft Outlook 2000, IMAP, and HTTP. The network is configured as shown in the exhibit.
A. Use the internet services manager console to disable basic authentication for the web server that supports the HTTP users. B. Use the internet services manager console to configure a server’s e-mail settings for base64 encoding. C. Use the internet services manager console to configure a server certificate for the web server and redirect all HTTP communications to the secure web server. D. Use the Exchange system manager console to disable authentication for the IMAP4 virtual server. E. Use Exchange system manager console to configure a server certificate for the IMAP4 virtual server and require a secure channel. F. Use the Exchange system manager console to explicitly deny the ANONYMOUS LOGON user the read permission.
Answer: C, E (verified by itcertkeys.com)
16. You are the Exchange Administrator for your company. You are planning for disaster recovery for your three Exchange 2000 Server computers named server 1, server2 and server 3. Each Exchange Server houses three databases. You plan to use a single backup for each storage group. You must configure the server so that the following goals are met in the event of failure: You must be able to restore the database on server 1 and server 2 to the state that existing one-minute before the failure. You must be able to restore all the databases on server 3 simultaneously.
A. Create one storage group on each server to contain the databases. Enable circular logging on server 1 and server 2. Create a full-text index for the databases on server 3. B. Create one storage group on server 1 and server 2 to contain the databases. Create a storage group for each database on server 3. Disable circular logging on server 1 and server 3. C. Create one storage group on server 3 to contain the databases. Create a storage group for each database on server1 and server 2. Disable circular logging on server 3. D. Create one storage group on server 3 to contain the databases. Create a storage group for each database on server1 and server 2. Create a full-text index for the databases on server 3. Enable circular logging on server 3.
Answer: B (verified by itcertkeys.com)
|
Question 1.
You are a network administrator for ITCertKeys.com. The network consists of a single Active Directory domain named ITCertKeys.com. All servers run Windows Server 2003. All client computers are Windows XP Professional computers that are members of the domain.
ITCertKeys wants to install a new application on only the computers where it is required. However, once installed on a particular computer, the application can be used by any user logged on to that computer. The application is installed by using a Windows Installer package.
You copy the .msi file to a shared folder on a file server. The shared folder is configured so that members of the Domain Admins group have the Allow – Full Control permission, and no other permissions are granted. ITCertKeys wants to automate installation as much as possible. Users must not be able install unauthorized copies of the application. You need to ensure that application will be deployed in accordance with ITCertKeys’s requirements. You create a security group and assign this group the Allow – Read permission for the shared folder that contains the .msi file.
Which two additional courses of action should you take?
(Each correct answer presents part of the solution. Choose two)
A. Make all users of the application members of the security group.
B. Make all unauthorized computers members of the security group.
C. Create a Group Policy object (GPO) that assigns the application to users.
Link the GPO to the domain. Set permissions on the GPO so that it applies only to the security
group you created.
D. Create a Group Policy object (GPO) that publishes the application to users.
Link the GPO to the domain. Set permissions on the GPO so that it applies only to the security
group you created.
E. Create a Group Policy object (GPO) that assigns the application to computers.
Link the GPO to the domain. Set permissions on the GPO so that it applies only to the security
group you created.
Answer: A, C
Explanation:
You need to make the users a member of the new created group and also the application should be assigned and not published in order that the users should not be able to install unauthorized copies of the application.
Linking the Policy to the Domain means that it will apply on a global scale, so as to cover user objects created anywhere underneath it. To scale down further to an exact group of users, we then create a security group and only add users who are authorized for the application.
We would also configure the apply Group policy setting to this group satisfying the configuration of permissions for the GPO policy. These users will most likely be the non-Admin users. If a user is not also part of the Domain Admins group, they would be denied access to go directly to the share and install application from there. User is only going to be able to get application by the GPO policy applying to their user account when they logon to a particular machine. Also setting policy as a user configuration means that it will apply to user account when user logs on which will further automate installation on publishing. This satisfies the requirement.
Incorrect Answers:
B: If we created a security group that contains all unauthorized computers, we would need to apply the Deny - Apply Group Policy permission to that security group. The latter is not one of the options.
D: We need to assign the application to users, not publish it. Assigned applications appear on the user's desktop, or start menu, which is part of the user profile. This means that the application will not be available to other users who log on to the computer.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 12-3 to 12-10, 12-13 to 12-28, 12- 34 to 12-39.
Question 2.
You are the network administrator for ITCertKeys.com. The network consists of a single Active Directory domain named ITCertKeys.com. All servers run Windows Server 2003. Each client computer runs either Windows 2000 Professional or Windows XP Professional. All desktop computers have computer accounts in an organizational unit (OU) named ITCertKeysDesktops, and all portable computers have computer accounts in an OU named ITCertKeysPortables. All employees have user accounts in an OU named ITCertKeysUsers. A written ITCertKeys policy requires that different Encrypting File System (EFS) policies be applied to portable computers and to desktop computers. In addition, policy settings in the Default Domain Policy Group Policy object (GPO) must apply to all computers. You create two new GPOs named DesktopEFSPolicy and PortableEFSPolicy to be applied to desktop computers and portable computers, respectively.
You configure each GPO to contain the policy settings required by the written ITCertKeys policy.
You need to ensure that the written ITCertKeys policy is enforced. Which two courses of action should you take? (Each correct answer presents part of the solution. Choose two)
A. Link the DesktopEFSPolicy GPO to the ITCertKeysDesktops OU.
Link the PortableEFSPolicy GPO to the ITCertKeys Portables OU.
B. In the Default Domain Policy GPO, assign the Domain Users security group the Deny – Full
Control permission. Assign the Domain Admins security group the Allow – Full Control
permission.
C. Link the DesktopEFSPolicy GPO and the PortableEFSPolicy to the domain.
Configure the ITCertKeysDesktops OU and the ITCertKeysPortables OU to block Group
Policy inheritance.
D. Enable the No Override setting for the Default Domain Policy GPO, the DesktopEFSPolicy
GPO, and the PortableEFSPolicy OU.
Answer: A, D
Explanation:
You want the Default Domain Policy settings to apply to all computers, so you must configure the No Overide, or else lower GPO settings with the Block Policy Inheritance will negate the particular policy from above. Also the same is true for the OU level GPOS that are configured. Any lower GPOs configured on child OUs with Block Policy inheritance will negate policy from a higher level set GPO policy. A. And D are correct.
Incorrect Answers:
B: The GPO must be applied based to computer type, not user group.
C: Lower GPO settings with the Block Policy Inheritance will negate the particular policy from above.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 10-16 to 10-20, 10-40 to 10-41.
Question 3.
You are a network administrator for ITCertKeys.com. The network consists of a single Active Directory domain named ITCertKeys.com. All servers run Windows Server 2003. ITCertKeys operates a call center in which 200 users use Windows XP Professional computers to access email, ITCertKeys’s intranet, and a database application. All client computers are configured identically. The call center users do not use computers outside of the call center.
A written ITCertKeys policy states that call center users are not allowed to install or run additional applications or to change the desktop settings on their computers. You need to prevent call center users from changing the configuration of the call center computers. Your solution must not restrict users in other parts of ITCertKeys from making changes to computers outside the call center.
What should you do?
A. Place all of the computer accounts for call center computers in an organizational unit (OU)
named Call Center Computers. Create a Group Policy object (GPO) that includes the
appropriate restrictions in the User Configuration section. Link the GPO to the Call Center
Computers OU.
B. Place all of the user accounts for call center users in an organizational unit (OU) named Call
Center Users. Create a Group Policy object (GPO) that includes the appropriate restrictions in
the User Configuration section. Link the GPO to the Call Center Users OU.
C. Place all of the user accounts for call center users in a security group named Call Center
Users. Change the default user rights assignment on the call center computers so that the Call
Center Users group has only the Allow log on locally right.
D. Place all of the user accounts for call center users in a security group named Call Center
Users. Configure these accounts so that all users use a common roaming profile stored on a
file server. Assigns the Call Center Users group the Allow – Full Control permission for the
roaming profile folder.
Answer: B
Explanation:
To restrict call center users from running certain applications and changing their desktops, we need to configure the required restrictions in a GPO and have it applied to all call center users. This can be achieved by placing all call center users in an OU and applying the GPO to that OU.
Incorrect Answers:
A: The GPO should apply to the users, not the computers.
C: We need to restrict the users from running additional applications or changing their desktop settings; this isn't achieved simply by restricting them to the local computer.
D: A roaming profile will not prevent users from running unauthorized applications. Furthermore, granting Allow - Full Control permission for the roaming profile folder would allow them to change their desktop settings.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 10-16 to 10-20, 10-40 to 10-41.
Question 4.
You are the network administrator for ITCertKeys.com. The network consists of a single Active Directory domain with two sates. The two sites are named ITCertKeys1 and ITCertKeys2. All servers run Windows Server 2003. ITCertKeys has two offices, and each office is configured as one of the sites. A 256-Kbps leased line connects the two offices. In addition, a site link connects the two sites. The site link is configured to replicate during off-peak hours. There are domain controllers in both sites. ITCertKeys1 contains all of the operations master role holders. You plan to create Group Policy objects (GPO) for each site. Some GPOs will be used to resolve potential support issues for a specific site, and you need to minimize any delay in the propagation of GPOs. You need to ensure that GPOs are applied to users in the appropriate site with minimal delay.
What should you do?
A. Configure the Group Policy Object Editor and Active Directory Users and Computers snap-ins
to connect to the infrastructure master.
B. Configure the Group Policy and Active Directory snap-ins to connect to a domain controller in
the site where the GPO must be applied.
C. Create a remote procedure call (RPC) connection object between the two sites.
D. Create a GPO that disabled Group Policy slow link detection. Link the GPO to both sites.
Answer: B
Explanation:
Creating the GPO on a domain controller in a particular site will apply the GPO much quicker than if the GPO where created on a domain controller of a different site across a site link. No replication has to occur for the settings to first take effect. Settings will apply much quicker since using a local domain controller of the site you need the GPO applied.
Incorrect Answers:
A: We need to apply the GPOs to the domain controllers in the site where the GPO is required, not he infrastructure master.
C, D: We need apply the GPO with minimal delay. The quickest way to apply the GPO is to apply it to the domain controller in the site where the GPO is required. This can be done by configuring the Group Policy and Active Directory snap-in to connect to a domain controller in the site where the GPO must be applied.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 10-31 to 10-48.
Question 5.
You are the network administrator for ITCertKeys.com. The network consists of a single Active Directory domain with two sites. The two sites are named ITCertKeys1 and ITCertKeys2.
ITCertKeys has two offices, and each office is configured as one of the sites. All servers run Windows Server 2003. The two offices are connected by a 256-Kbps leased line. In addition, ITCertKeys1 and ITCertKeys2 are connected by a site link. ITCertKeys1 has 1,000 users and ITCertKeys2 has 15 users. There are no domain controllers in ITCertKeys2. You create a Group Policy object (GPO) to redirect the My Documents folder. You link the GPO to the domain.
Users in ITCertKeys1 have their folders redirected successfully, but users in ITCertKeys2 do not. You need to ensure that users in ITCertKeys2 has their folders redirected.
What should you do?
A. Combine ITCertKeys1 and ITCertKeys2 into a single site.
B. Enable loopback processing in Merge mode in the GPO.
C. Remove the link for the GPO from the domain. Link the GPO to ITCertKeys1 and to
ITCertKeys2.
D. Create a new GPO that disables Group Policy slow link detection. Link the new GPO to
ITCertKeys2.
Answer: D
Explanation:
A. does not seem to be practical. B. Loopback will not fix the problem.
You have two sites because you actually are going over a leased line to connect to the other site, although it does not have a domain controller, it will use a domain controller in ITCertKeys 1. And the separate site allows you to group everything together for that site.
Answer D, will prevent slow link detection of the Folder Redirection GPO, thus allowing the GPO to apply. set this slow link policy setting to 0. Answer D solves the problem of the slow link threshold which is anything less than 500 Kbps which is the case here!
Incorrect Answers:
A: Combining the two sites will make administration more complex.
B: Merge mode merges the user's normal policy settings and the loopback settings. This is not relevant to this scenario.
C: Linking the GPO at the OU level won't accomplish anything because the GPO is applied to the domain already.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 11-28 to 11-48.
Question 6.
You are the network administrator for ITCertKeys.com. The network consists of as ingle Active Directory forest that contains an empty root domain named ITCertKeys.com and a child domain named research.ITCertKeys.com. You need to implement secure password protection for the accounts located in the research.ITCertKeys.com domain. What should you do?
A. Configure the Default Domain Policy Group Policy object (GPO) of the
research.ITCertKeys.com domain to enable the Password must meet complexity requirements
policy.
B. Configure the Default Domain Controllers Policy Group Policy object (GPO) of the
research.ITCertKeys.com domain to enable the Password must meet complexity requirements
policy.
C. Configure the Default Domain Policy Group Policy object (GPO) of the ITCertKeys.com
domain to enable the Password must meet complexity requirements policy. Enable the No
Override setting on the GPO.
D. Configure the Default Domain Controllers Policy Group Policy object (GPO) of the
ITCertKeys.com domain to enable the Password must meet complexity requirements
policy. Enable the No Override setting on the GPO.
Answer: A
Explanation:
Password Policy must be configured at domain level for domain enforcement.
Incorrect Answers:
B: The password policy must be configured at the domain level, i.e., ITCertKeys .com and not
research. ITCertKeys .com.
C: We don't need the No Override setting if the GPO is applied at the domain level.
D: The GPO must be configured at the domain not the domain controller.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 10-41 to 10-42.
Question 7.
You are a network administrator for Litware, Inc. The network consists of a single Active Directory forest that contains two domains named litwareinc.com and dev.litwareinc.com. All domain controllers run Windows Server 2003. The functional level of the forest is Windows Server 2003.
Litware, Inc., acquires a company named Graphic Design Institute, The Graphic Design Institute network consists of a single Active Directory forest that contains a single domain named graphicdesigninstitute.com. All domain controllers run Windows Server 2003. The functional level of the forest is Windows Server 2003.
Users in the litwareinc.com domain require access to file and print resources stored on a computer named serverl.graphicdesigninstitute.com. Users in the graphicdesigninstitute.com domain require access to all computers in the litwareinc,com forest.
You must provide administrators with the ability to grant users access to the required resources.
What should you do?
A. Create a two-way forest trust relationship between the litwareinc.com domain and the
graphicdesigninstitute.com domain. In the litwareinc.com domain, enable forest-wide
authentication for the graphicdesigninstitute.com domain. In the graphicdesigninstitute.com
domain, enable selective authentication for the litwareinc.com domain.
B. Create a two-way external trust relationship between the litwareinc.com domain and the
graphicdesigninstitute.com domain.
C. Create a one-way forest trust relationship in which the graphicdesigninstitute.com domain
trusts the litwareinc.com domain. In the litwareinc.com domain, enable forest-wide
authentication for the qraphicdesigninstitute.com domain.
D. Create a one-way external trust relationship in which the litwareinc.com domain trusts the
graphicdesigninstitute.com domain. Create a second incoming external trust relationship on the
graphicdesigninstitute.com domain. Specify that the trust relationship is between the
dev.litwareinc.com domain and the graphicdesigninstitute.com domain.
Answer: A
Explanation:
When all domains in two forests trust each other and need to authenticate users, establish a forest trust between the forests. When only some of the domains in two Windows Server 2003 forests trust each other, establish one-way or two-way external trusts between the domains that require interforest authentication.
Using Active Directory Domains and Trusts, you can determine the scope of authentication between two forests that are joined by a forest trust. You can set selective authentication differently for outgoing and incoming forest trusts. With selective trusts, administrators can make flexible forest-wide access control decisions. If you use forest-wide authentication on an incoming forest trust, users from the outside forest have the same level of access to resources in the local forest as users who belong to the local forest.
Incorrect Answers:
B, D: We have two separate forests here. We would require a forest trust relationship between them.
C: Users in the ITCertKeys.com domain require access to the graphicdesigninstitute.com domain.
We will thus need the graphicdesigninstitute.com domain to trust the litwareinc.com domain.
Reference:
MS Press:MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure,Microsoft Press, Redmond, Washington, 2004, pp. 9-18 to 9-20, 9-23 to 9-26 2004, pp. 4-48 to 4-49. Syngress Press, Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, 2003, p. 254.
Question 8.
You are a network administrator for your company The company has one main office and 11 branch offices, The network consists of a single Active Directory domain. The domain contains an organizational unit (OLJ) named BranchOffices. The BranchOffices OU contains an OLJ for each of the 11 branch offices.
The network administrators who administer the branch offices are members of the BranchOffice Admins global group. You delegate full control of all child objects in the BranchOffices OU to the BranchOffice Admins group.
The company’s written security policy states the following requirements:
• Members of the BranchOffice Admins group must have the right to modify the assignment of Group Policy objects (GPOs) for the individual branch office OUs.
• Members of the BranchOffice Admins group must not be able to block the inheritance of GPOs at the individual branch office OUs.
• Members of the BranchOffice Admins group must not be able to modify any GPO settings at the
BranchOffices OU level.
You need to configure the delegation of the administration of GPO5 as defined by the written security policy. You must also ensure that you do not remove more permissions than is necessary from the BranchOffice Admins group.
What should you do?
A. • Modify the permissions granted to the BranchOffice Admins group so that the group is denied
permission to write the gPOptions attribute at the BranchOffices OLJ level.
• Configure the permission to apply to the BranchOffices QU and all child objects.
B. •Modify the permissions granted to the BranchOffice Admins group so that the group is
granted permission to read and write the gPOptions attribute at the BranchOffices OU level.
•Configure the permission to apply to child objects of the BranchOffices OU only.
C. •In the Group Policy Management Console (GPMC), remove the BranchOffice Admins group
from the Permissions tab for the BranchOffices QU.
•Add the BranchOffice Admins group to the LinkGPOs permission in the Delegation tab for
the BranchO fficesOU.
•Configure the permissions to apply to the BranchOffice Admins container only.
D. •In the Group Policy Management Console (GPMC), remove the BranchOffice Admins group
from the Permissions tab for the BranchOffices QU.
•Add the BranchOffice Admins group to the LinkGPOs permission in the Delegation tab for the
BranchOffices QU.
•Configure the permissions to apply to the BranchOffice Admins container and all child
containers.
Answer: A
Explanation:
We need to restrict the administrative abilities of the BranchOffice Admins group at the Branch level. The gPOptions attribute indicates whether the Block Policy Inheritance option of a domain or OU is enabled.
Denying the BranchOffice Admins group permissions to this attribute will prevent them from being able to block the inheritance of GPOs at the individual branch office OUs.
Incorrect Answers:
B: We must deny the BranchOffice Admins group permissions to the gPOptions attribute.
C, D: The BranchOffice Admins group must be able to administrate at the branch level. We should not remove them from the Delegation tab for the BranchOffices OU.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 10-16 to 10-20, 10-40 to 10-41.
Question 9.
You are the network administrator for your company. Your network consists of a single Active Directory domain. All the user accounts, groups, and application servers of the human resources (HR) department are located in an organizational unit (OU) named HR.
The managers in the HR department need access to the application servers to perform administrative tasks. A local group named HRManagers exists on each application server. The HRManagers local groups supply the permissions that the HR managers require. For security reasons, the company wants user accounts for managers in the HR department to be the only members of the HRManagers groups.
You need to ensure that membership of the HRManagers group on each application server is as secure as possible.
What should you do?
A. Create a Group Policy object (GPO) that configures restricted groups for each HRManagers
group. Link the GPO to the HR OU.
B. Create a new OU for application servers under the HR OU, and move the servers to the new
OU. Block permissions inheritance at the new OU.
C. Create a universal group named HRManagers and make the user accounts for HR managers
members of that group. Make the HRManaqers universal group a member of the HRManagers
local group on each application server.
D. Create a script that adds the user accounts for managers in the HR department to the
HRManagers local groups. Configure the script to act as the startup and shutdown script for
the application servers.
Answer: A
Explanation:
Given the organization structure of the company and the security concerns, the way to ensure that membership of the HRManagers group in each application servers is as secure as possible, you need to place restrictions on the group membership by creating a GPO that configures restricted groups for each HRManagers group and link this GPO to the HR OU.
Incorrect answers:
B: There is no need to create a new organizational unit and applying the block permissions inheritance at the new OU when all that is necessary is to create a GPO that configures restricted groups for each HRManagers group and linking this GPO to the HR OU.
C: Universal security groups are most often used to assign permissions to related resources in multiple domains. A universal security group has the following characteristics: (i) Open membership - You can add members from any domain in the forest. (ii) Access to resources in any domain - You can use a universal group to assign permissions to gain access to resources that are located in any domain in the forest. (iii) Available only in domains with a domain functional level set to Windows 2000 native or Windows Server 2003 Universal security groups are not available in domains with the domain functional level set to Windows 2000 mixed. This is not secure enough for the purposes of this question.
D: The Membership rules for local groups include the following: (i) Local groups can contain local user accounts from the computer where you create the local group. (ii) Local groups cannot be members of any other group.This option are thus not a viable option in the light of the security concerns and the nature of the HRManagers group.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 8: 6
Question 10.
You are the network administrator for your company. The network consists of a single Active Directory domain.
You are testing Group Policy objects (GPO5) on an organizational unit (OLJ) named Test. The Test OU contains a Windows XP Professional client computer that you use as a test computer.
The domain contains a group named Security. You create a new GPO and configure the Computer Configuration section to grant the Security group the Change the system time user right. You log on to the test computer and discover that the setting you set through the GPO is not in effect. You need to apply the GPO settings immediately.
What should you do?
A. Log off the test computer and log on again.
B. Log off the test computer. Create a test user account in the Test OU and then log on as the
test user account.
C. On the test computer, run the gpresult command.
D. On the test computer, run the gpupdate /force command.
Answer: D
Explanation:
GPOs are applied when users log on and when the computer is booted up. GPOs are set to reapply refreshed at a given interval. However, you can use the gpupdate /force command to apply the GPO immediately with out having to reboot the computer.
Incorrect Answers:
A, B: The computer configuration settings are applied when the computer boots, not at log on.
C: The Gpresult command-line tool allows you to create and display an RSoP query, which can be used to analyze the cumulative effects of GPOs, through the command line. It also provides general information about the operating system, user, and computer.
Reference:
MS Press: MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, 2004, pp. 10-15 to 10-17, 10-44, 11-4, 11-6, 11-19 to 11-22.
www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/refrGP.asp
|
Latest dump???
|
If anybody have the recent dumps pls mail me. my id is: surkulproductions@hotmail.com
|
Question 1.
What command would be entered to restart VSAN 100?
A. no vsan 100 start vsan 100 start
B. no vsan 100 resume vsan 100 resume
C. vsan 100 restart non-disruptive
D. vsan 100 restart disruptive
E. vsan 100 suspend no vsan 100 suspend
Answer: E
Explanation:
VSAN restart: vsan 100 suspended, no vsan 100 suspended
Question 2.
Persistent binding is:
A. binding an IP address to a NIC card and target ID number
B. Binding WWN of an initiator to a target port and target ID
C. Binding PWWN of an initiator to a target port Pwwn AND A TARGET id NUMBER
D. Binding target WWPNpWWN to an initiator instance and target ID number
E. Binding target Nwwn TO AN INITIATOR INSTANCE AND TARGET id NUMBER
Answer: B
Explanation:
Persistent binding.
Question 3.
What is used for in-band management of MDS switches?
A. FCIP
B. IP over Ethernet
C. IPFC
D. DNS
E. VRRP
Answer: C
Explanation:
Inband management: IPFC
Question 4.
AAA(TACACS+Radius) protocols can be used to authentication and/or authorize what on MDS?
A. Telnet and Console access
B. SSH
C. RBAC
D. Dhchap for fabric security
E. All the above
Answer: E
Explanation:
AAA can be used for Telnet, console, SSH, RBAC, DHCHAP
Question 5.
Network Data Management Protocol is used primarily for:
A. Coordinating hierarchical storage management
B. Mirroring file systems between disk subsystems over an IP network
C. Backing up Network Attached Storage devices
D. Synchronizing databases between multiple vendors
E. A common protocol and API to provision storage for different subsystem vendors
Answer: C
Explanation:
NDMP for NAS backup
Question 6.
Exhibit:
In the above picture, switch 3 and switch 5 are not IVR capable switches. All the ISLs are 1 GB links. Switches 2,4 and 6 are IVR-capable switches.
What is the FSPF costs from Switch 1 to reach Points 1,2, and 3?
A. 501.1502.2502
B. 1001.30025002
C. 501.1503.2505
D. 1000.3000.5000
E. 500.1500.2500
Answer: B
Explanation:
IVR with FSPF cost
Question 7.
During an E-port initialization, what internal link service is used to exchange Link Parameters and the operating environment of the two interconnecting ports as well as the capabilities of the switches connected by them?
A. EFP
B. FLOGI
C. PLOGI
D. ELP
E. SW_RSCN
Answer: A
Explanation:
EFP: Exchange Fabric Parameter
Question 8.
What load balancing option should best utilize all available ISLs on port Channel?
A. Flow Based
B. Source FCID based
C. Frame based
D. Source/Destination FCID Exchange based
E. Source and Destination FCID based
Answer: D
Explanation:
Best load balancing utilization
Question 9.
When using IVR traversing a FCIP link, what is not required?
A. Transit VSAN over FCIP link
B. Two or more VSANs in configuration
C. IVZ active for host to access storage
D. Border switch will be member of at least two VSANs
Answer: A
Question 10.
What does MDS FC-SP functionality mode “auto-active” represent?
A. Port will initiate FC-SP authentication after ESC.
B. Port will actively listen, but will not initiate authentication
C. Port will successfully complete FC-SP authentication only if remote end is in passive mode
D. Port will initiate FC-SP authentication with TACACS server as default
E. Port will use default of no authentication.
Answer: A
Explanation:
FC-SP auto-active: after ESC, it will initiate FC-SP authentication
Question 11.
Which are functions of the Domain identifier Assigned (DIA) ILS? Select two
A. It indicates that a Principal Switch has been selected, and that the upstream neighbor Switch
has been assigned a Domain identifier.
B. It indicates that the receiving Switch can proceed requesting a Domain Identifier.
C. It indicates that the principal switch selection and address assignment phase is completed and
the fabric is operational.
D. It indicates that the principal switch selection is started, but a principal switch has not been
identified yet.
E. It indicates that a Request Domain Identifier ILS has been received by principal switch.
Answer: A, C
Question 12.
What zoning option can be used in interop mode 2 and 3?
A. domain / port
B. nWWN
C. fcid
D. lin zoning
E. sWWN
Answer: A
Question 13.
You have a legacy JBOD that uses copper DB-9 connecters.
You want to connect your JBOD to a Fiber only Fiber Channel switch.
You want to convert the DB-9 connection to multi mode Fiber Optics.
What device would you use?
A. HSSC
B. MIA
C. GBIC
D. SFP
E. DUAL SC
Answer: B
Question 14.
FCIP Write Acceleration most effectively addresses which disaster recovery challenge?
A. Recovery Time Objective (time to recover)
B. Recovery Point Objective (time DR data is “behind” Production data)
C. Tape backup over the WAN
D. Load balancing
E. Bandwidth constraints
Answer: C
Question 15.
What port type can be used on a Fiber Channel switch when connecting a Fiber channel Hub that has one host attached to the hub and it is on a public network?
A. Fabric Loop
B. FLP
C. F
D. Loop Fabric
E. TL
Answer: A
Explanation:
public loop: FL port
Question 16.
What are the 3 types of Ordered Sets defined in Fiber Channel?
A. Offline sequence, online sequence, and link reset
B. Start of frame, end of frame, and idle
C. Frame delimiters, primitive signals, and primitive sequences
D. K28.5, D16.0,and D31.2
E. None of the above
Answer: C
Explanation:
Ordered sets: Frame delimiters, primitive signals, and primitive sequences
Question 17.
Hosts and storage are connected to 2 MDS units interconnected by lSLs in the following manner:
FCID Initiator/Target MDS VSAN Zone
0x01000a initiator 1 1 A
0x01000b Target 1 1 B
0x01000c initiator 2 2 A
0x02000a Target 2 1 A
0x02000b initiator 2 1 B
0x02000c Target 1 2 A
All default zones are set to deny and IVR is not enabled. Trunking is disabled on all of the lSLs, which reside in VSAN 1.
How many pairs of sourc-destination flows are possible over the ISLs in this configuration?
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: B
Explanation:
Domain pairs [0x0100a,0x0200c]zoneA, [0x01000b,0x02000b]zoneB
Question 18.
When using Fcanalyzer to capture a flow from FCID 010300 what would be the proper command?
A. Can not filter at FCID level on Fcanalyzer
B. MDS#fcanalyze local display -filter
(mdshdr.vsan==1)&&((fc.d_id==01300)or(fc.s_id==01300))
C. MDS(config)#fcanalyze locaal display-filter
(mdshdr.vsan==1)&&((fc.d_id==01300)or(fc.s_id==01300))
D. MDS(config)#fcanalyze display-filter
(mdshdr.vsan==1)&&((fc.d_id==01300)or(fc.s_id==01300))
E. MDS(config)#fcanalyze display-filter
(mdshdr.vsan==0x01)&&((fc.d_id==01300)or(fc.s_id==01300))
Answer: C
Explanation:
fcanalyzer config : MDS(config)#fcanalyze local display-filter ~~~
Question 19.
Which are true about the advertisement methods for Iscsi targets implemented by the MDS 9000? Select two.
A. By default, Iscsi TARGETS ARE ADVERTISED ON ALL gigabit Ethernet interfaces and
subinterfaces.
B. By default Iscsi TARGETS ARE NOT ADVERTISED AND THE ADMINISTRATOR CAN
CHOOSE WHETHER TO ADVERTISE THEM OR NOT BY CHANGING THE SWITCH
CONFIGURATION.
C. By default, Iscsi targets are advertised only on Gigabit Ethernet interfaces but not on
subinterfaces.
D. By default, Iscsi targets are advertised on Gigabit Ethernet subinterfaces only but not on the
main Gigabit Ethernet interfaces. E. It can be limited by the administrator by configuring the
Gigabit Ethernet interfaces over which static iSCSI targets are advertised.
Answer: E, ?
Explanation:
iSCSI target advertise method :
Question 20.
What standard association is working in the definition of the Iscsi and Fiber Channel protocols respectively?
A. SNIA and IETF
B. FCIA and IETF
C. IETF and ANSI
D. FCIA and SNIA
E. SNIA and T11
Answer: C
Explanation:
IETF for iSCSI, ANSI(T11) for FCP
|
plz ad new dump i required thanks
|
Question 1.
Which statement is true about the hardware requirements of MPLS?
A. Because you do not need to run a routing protocol on P-routers, they require less memory than
routers supporting classic IP routing.
B. Because of the additional processing and memory requirements needed to build the LFIB,
MPLS is only available on high end routers.
C. MPLS is available on low end routers, built their use is limited because of the additional
processing and memory requirements needed to build the LFIB.
D. Because P-routers do not need to carry routes outside the MPLD domain, they require less
memory than routers that support the same application using classic IP routing.
Answer: C
Question 2.
If aggregation (summarization) were to be used on a network with ATM LSRs.
What would result?
A. LSPs would be broken in two.
B. There would be extra LFIB entries.
C. The size of the LFIB table would increase.
D. There would be extra LIB entries
Answer: A
Question 3.
What is true of MPLS TE?
A. Only the ingress LSR must see the entire topology of the network.
B. Every LSR needs additional information about links in the network, available resources, and
constraints.
C. Every core router must be able to create an LSP tunnel on demand.
D. Both RSVP and CR-LDP are used in conjunction to establish traffic engineering (TE) tunnels
and to propagate the labels.
Answer: B
Question 4.
What is a major drawback of using traditional IP routing over an ATM network when connecting multiple sites?
A. Each ATM switch in the path has to perform Layer 3 routing lookup.
B. ATM virtual circuits have to be established between the different sites.
C. There is high ATM management overhead between the ATM switch and the router at each
site.
D. Each ATM switch has to be manually configured to participate in Layer 3 routing.
E. There is high PNNI overhead.-
Answer: B
Explanation:
Drawbacks of Traditional IP Forwarding IP over ATM
1) Layer 2 devices have no knowledge of Layer 3 routing information - virtual circuits must be manually established.
2) Layer 2 topology may be different from Layer 3 topology, resulting in suboprtimal paths and link use.
3) Even if the two topologies overlap, the hub-and-spoke topology is usually used because of easier management.
Question 5.
What is true of MPLS TE?
A. Only the ingress LSR must see the entire topology of the network.
B. Every LSR needs additional information about links in the network, available resources, and
constraints.
C. Every core router must be able to create an LSP tunnel on demand.
D. Both RSVP and CR-LDP are used in conjunction to establish traffic engineering (TE) tunnels
and to propagate the labels.
Answer: B
Question 6.
In order for MPLS to be implemented on ATM switches, what requirements must the ATM switch meet? Select two.
A. become Layer 3 aware by running a routing protocol
B. use MPLS LDP or TDP to distribute and receive MPLS label information
C. use BGP to exchange MPLS VPN labels in the data plane
D. use RSVP to exchange MPLS traffic-engineering labels in the data plane
E. establish a full mesh of Layer 2 ATM virtual circuits between all the ATM switches in the MPLS
domain
F. use cell-mode MPLS and insert MPLS label in the ATM AAL5 header
Answer: A, B
Question 7.
When running basic MPLS in conjunction with VPNs, how many labels does each packet contain?
A. Each packet contains one label that identifies the VPN.
B. Each packet contains at least two labels. One label identifies the path to the egress router and
one that identifies the VPN.
C. Each packet contains at least three labels. One label identifies the ingress router, one
identifies the egress router and one identifies the path that will be taken.
D. Each packet contains at least three labels. One label identifies the ingress router, one label
identifies the path to the egress router, and one identifies the VPN.
Answer: B
Question 8.
On ingress, a label is imposed to a packet. Which process is responsible for this function?
A. LDP process.
B. Control plane process
C. Penultimate hop process.
D. Forwarding plane process.
Answer: B
Question 9.
How could you check for potential MTU size issues on the path taken by a PE-to-PE LSP?
A. Because MPLS packets are label switched, MTU problems can only be detected by the user
applications.
B. Use the ping vrf command with packet size set to the largest MTU along the path and DF bit
set from the local PE-router to ping the remote PE-router.
C. Use the ping vrf command with packet size set to the smallest MTU along the path and DF bit
set from the local PE-router to ping the remote PE-router.
D. Because MPLS packets are label switched, packets are automatically fragmented and
reassembled by the PE-routers. Therefore, there are no potential MTU issues.
Answer: B
Question 10.
Which one of the following is true regarding MPLS independent control label allocations?
A. The LSR can always assign a label for a destination prefix, even if it has no downstream label.
B. The LSR can assign a label for a destination prefix only if it has already receives a label from
the next-hop LSR, otherwise, it must request a label from the next-hop LSR.
C. The LSR will assign a label to a destination prefix only when asked for a label by an upstream
LSR.
D. The label for a destination prefix is allocated and advertised to all LDP peers, regardless of
whether the LDP peers are upstream or downstream LSRs for the destination prefix.
E. The LSR stores the receives label in its LIB, even when the label is not received from the next-
hop LSR.
F. The LSR stores only the labels received from the next-hop LSR, all other labels are ignored.
Answer: A
|
plz ad this dump for me thanks buddy
|
i need it thanks buddy
|
Latest dump needed plz ad it thanks
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.