Study Guides and Actual Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA


Advertise

Submit Braindumps

Forum

Tell A Friend

    Contact Us

 Home

 Search

Latest Brain Dumps

 BrainDump List

 Certifications Dumps

 Microsoft

 CompTIA

 Oracle

  Cisco
  CIW
  Novell
  Linux
  Sun
  Certs Notes
  How-Tos & Practices 
  Free Online Demos
  Free Online Quizzes
  Free Study Guides
  Free Online Sims
  Material Submission
  Test Vouchers
  Users Submissions
  Site Links
  Submit Site

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Online Training Demos and Learning Tutorials for Windows XP, 2000, 2003.

 

 

 

 





Braindumps for "630-008" Exam

niceee one

 niceee one  
it is rocking site for all 
must visit itcertkeys.com
thanks


Google
 
Web www.certsbraindumps.com


Braindumps: Dumps for 70-293 Exam Brain Dump

Study Guides and Actual Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA


Advertise

Submit Braindumps

Forum

Tell A Friend

    Contact Us





Braindumps for "70-293" Exam

Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

 Question 1.
You are a network administrator for ITCertKeys. 

The network consists of an intranet and a perimeter network, as shown in the work area. The perimeter network contains:

• One Windows Server 2003, Web Edition computer named ITCertKeys1.
• One Windows Server 2003, Standard Edition computer named ITCertKeys2.
• One Windows Server 2003, Enterprise Edition computer named ITCertKeys3.
• One Web server farm that consists of two Windows Server 2003, Web Edition computers.

All servers on the perimeter network are members of the same workgroup.
The design team plans to create a new Active Directory domain that uses the existing servers on the perimeter network. The new domain will support Web applications on the perimeter network. The design team states that the perimeter network domain must be fault tolerant.

You need to select which server or servers on the perimeter network need to be configured as domain controllers.

Which server or servers should you promote?

To answer, select the appropriate server or servers in the work area.

Answer: 

Explanation:
We know web editions can’t be domain controllers, and we want fault tolerance, which means two Domain Controllers.

The answer is promoting the two servers that aren’t running Web Edition to dc’s (ITCertKeys2 and ITCertKeys3.

Reference:
MS training kit 70-290 chapter one lesson 1;”the server belongs to a domain but cannot be a domain controller”

Question 2.
You are a network administrator for ITCertKeys. The network consists of a single Active Directory domain and contains Windows Server 2003 computers.

You install a new service on a server named ITCertKeys3. The new service requires that you restart ITCertKeys3. When you attempt to restart ITCertKeys3, the logon screen does not appear. You turn off and then turn on the power for ITCertKeys3. 

The logon screen does not appear. You attempt to recover the failed server by using the Last Known Good Configuration startup option. It is unsuccessful. You attempt to recover ITCertKeys3 by using the Safe Mode Startup options. All Safe Mode options are unsuccessful.

You restore ITCertKeys3. ITCertKeys3 restarts successfully. You discover that ITCertKeys3 failed because the new service is not compatible with a security path.

You want to configure all servers so that you can recover from this type of failure by using the minimum amount of time and by minimizing data loss. You need to ensure that in the future, other services that fail do not result in the same type of failure.

What should you do?

A. Use Add or Remove Programs.
B. Install and use the Recovery Console.
C. Use Automated System Recovery (ASR).
D. Use Device Driver Roll Back.

Answer: B

Explanation:
1. We know that this service causes the failure.
2. We want minimum of time and minimum of data loss.
3. We want a solution for all servers.
4. We want to make sure other services that fail do not result in the same type of failure.

Server HELP
Recovery Console overview
Repair overview
Safe Mode

A method of starting Windows using basic files and drivers only, without networking. Safe Mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.and other startup options do not work, consider using the Recovery Console.

This method is recommended only if you are an advanced user who can use basic commands to identify and locate problem drivers and files. In addition, you will need the password for the built-in administrator account administrator account 

On a local computer, the first account that is created when you install an operating system on a new workstation, stand-alone server, or member server. By default, this account has the highest level of administrative access to the local computer, and it is a member of the Administrators group.

In an Active Directory domain, the first account that is created when you set up a new domain by using the Active Directory Installation Wizard.

By default, this account has the highest level of administrative access in a domain, and it is a member of the Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners, and Schema Admins groups to use the Recovery Console.

Using the Recovery Console, you can enable and disable services
A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication service, and Routing and Remote Access service format drives, read and write data on a local drive (including drives formatted to use NTFS)

NTFS
An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of file allocation table (FAT). For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. NTFS also provides advanced features, such as file and folder permissions, encryption, disk quotas, and compression.), and perform many other administrative tasks.

The Recovery Console is particularly useful if you need to repair your system by copying a file from a floppy disk or CD-ROM to your hard drive, or if you need to reconfigure a service that is preventing your computer from starting properly.

Operating system does not start (the logon screen does not appear).
Feature: Last Known Good Configuration startup option
When to use it: When you suspect that a change you made to your computer before restarting might be causing the failure.

What it does: Restores the registry settings and drivers that were in effect the last time the computer started successfully.

For more information, see To start the computer using the last known good configuration.
Feature: Recovery Console When to use it: If using the Last Known Good Configuration startup option is unsuccessful and you cannot start the computer in Safe Mode

Safe Mode
A method of starting Windows using basic files and drivers only, without networking. Safe Mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.

This method is recommended only if you are an advanced user who can use basic commands to identify and locate problem drivers and files. To use the Recovery Console, restart the computer with the installation CD for the operating system in the CD drive. When prompted during text-mode setup, press R to start the Recovery Console.

What it does: From the Recovery Console, you can access the drives on your computer. You can then make any of the following changes so that you can start your computer:

• Enable or disable device drivers or services.
• Copy files from the installation CD for the operating system, or copy files from other removable media.
For example, you can copy an essential file that had been deleted.
• Create a new boot sector and new master boot record (MBR)

Master boot record (MBR)
The first sector on a hard disk, which begins the process of starting the computer. The MBR contains the partition table for the disk and a small amount of executable code called the master boot code.

You might need to do this if there are problems starting from the existing boot sector.

Question 3.
You are a network administrator for ITCertKeys. The network contains a Windows Server 2003 application server named ITCertKeysSrv. ITCertKeysSrv has one processor. ITCertKeysSrv has been running for several weeks.

You add a new application to ITCertKeysSrv. Users now report intermittent poor performance on ITCertKeysSrv. You configure System Monitor and track the performance of ITCertKeysSrv for two hours. You obtain the performance metrics that are summarized in the exhibit.

The values of the performance metrics are consistent over time.
You need to identify the bottleneck on ITCertKeysSrv and upgrade the necessary component. You need to minimize hardware upgrades.

What should you do?

A. Install a faster CPU in ITCertKeysSrv.
B. Add more RAM to ITCertKeysSrv.
C. Add additional disks and spread the disk I/O over the new disks.
D. Increase the size of the paging file.

Answer: C

Explanation:
Physical Disk\Disk Time threshold is 90 percent and the performance metrics values gives a percentage of 93.610. This means that the disk is not being read quickly enough, which could be a hardware issue, and it could also be that the amount of data on the disk is too large.

Incorrect Answers:
A: The CPU is operating below its threshold.
B, D: The values for these could be a result of the Physical Disk\Disk Time exceeding its threshold.

Reference:
Deborah Littlejohn Shinder, and Dr. Thomas W. Shinder; MCSA/MCSE Managing and Maintaining a Windows Server 2003 Environment Study Guide & DVD Training System.

Question 4.
You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named Itcertkeys.com. All computers on the network are members of the domain.

You administer a three-node Network Load Balancing cluster. Each cluster node runs Windows Server 2003 and has a single network adapter. The cluster has converged successfully.

You notice that the nodes in the cluster run at almost full capacity most of the time. You want to add a fourth node to the cluster. You enable and configure Network Load Balancing on the fourth node.

However, the cluster does not converge to a four-node cluster. In the System log on the existing three nodes, you find the exact same TCP/IP error event. The event has the following description: 

“The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 02:BF:0A:32:08:46.”

In the System log on the new fourth node, you find a similar TCP/error event with the following description: “The system detected an address conflict for IP address 10.50.8.70 with the system having network hardware address 03:BF:0A:32:08:46.” Only the hardware address is different in the two descriptions.

You verify that IP address 10.50.8.70 is configured as the cluster IP address on all four nodes.

You want to configure a four-node Network Load Balancing cluster.

What should you do?

A. Configure the fourth node to use multicast mode.
B. Remove 10.50.8.70 from the Network Connections Properties of the fourth node.
C. On the fourth node, run the nlb.exe resume command.
D. On the fourth node, run the wlbs.exe reload command.

Answer: A

Explanation:
This normally happens when you don’t enable the network load balancing service in TCP/IP of the server when adding two IP’s (one for the server and one for the load balancing IP).

When you want to manage a NLB cluster with one network adapter you use multicast option.

My idea is since reload/suspend and remove the IP are all garbage answers could be that the other nodes are using multicast and this new node is using unicast that’s why on a single network adapter configuration it will cause an IP conflict.

Incorrect Answers:
B: The IP address cannot be changed, since the node has a single network adapter.
C: This command instructs a suspended cluster to resume cluster operations. Using the Resume command doesn't restart clustering operations but, instead, allows the use of Cluster Control commands, including those sent remotely. The Resume command can be targeted at a specific cluster, a specific cluster on a specific host, all clusters on the local machine, or all global machines that are part of the cluster.
D: The nlb.exe command replaces the wlbs.exe command previously used in Windows NT 4.0 and Windows 2000 Server.

Reference:
Syngress 070-293, Page 689

Question 5.
You are the network administrator for ITCertKeys. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service.

During testing, you notice the following intermittent problems:

• Name resolution queries sometimes take longer than one minute to resolve.
• Some valid name resolution queries receive the following error message in the Nslookup command and-line tool: “Non-existent domain”.

You suspect that there is a problem with name resolution.
You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem.

What should you do?

A. In the DNS server properties, on the Debug Logging tab, select the Log packets for 
    debugging option.
B. In the DNS server properties, on the Event Logging tab, select the Errors and warnings option.
C. In the System Monitor, monitor the Recursive Query Failure counter in the DNS object.
D. In the DNS server properties, on the Monitoring tab, select the monitoring options.

Answer: A

Explanation:
If you need to analyze and monitor the DNS server performance in greater detail, you can use the optional debug tool.

You can choose to log packets based on the following:

_Their direction, either outbound or inbound
_The transport protocol, either TCP or UDP
_Their contents: queries/transfers, updates, or notifications
_Their type, either requests or responses
_Their IP address

Finally, you can choose to include detailed information.

Note:
That’s the only thing that’s going to let you see details about packets.

Reference:
Syngress 070-293, page 414

Troubleshooting DNS servers
Using server debug logging options

The following DNS debug logging options are available:

• Direction of packets
Send Packets sent by the DNS server are logged in the DNS server log file.
Receive Packets received by the DNS server are logged in the log file.
• Content of packets
Standard queries Specifies that packets containing standard queries (per RFC 1034) are logged in the DNS server log file.

Updates Specifies that packets containing dynamic updates (per RFC 2136) are logged in the DNS server log file.

Notifies Specifies that packets containing notifications (per RFC 1996) are logged in the DNS server log file.

• Transport protocol
UDP Specifies that packets sent and received over UDP are logged in the DNS server log file.
TCP Specifies that packets sent and received over TCP are logged in the DNS server log file.

• Type of packet
Request Specifies that request packets are logged in the DNS server log file (a request packet is characterized by a QR bit set to 0 in the DNS message header).

Response Specifies that response packets are logged in the DNS server log file (a response packet is characterized by a QR bit set to 1 in the DNS message header).

• Enable filtering based on IP address Provides additional filtering of packets logged in the DNS server log file. This option allows logging of packets sent from specific IP addresses to a DNS server, or from a DNS server to specific IP addresses.

• File name Lets you specify the name and location of the DNS server log file.
For example: • dns.log specifies that the DNS server log file should be saved as dns.log in the systemroot

Question 6.
You are a network administrator for ITCertKeys. The network contains four Windows Server 2003 computers configured as a four-node server cluster.

The cluster uses drive Q for the quorum resource. You receive a critical warning that both drives of the mirrored volume that are dedicated to the quorum disk have failed.

You want to bring the cluster and all nodes back into operation as soon as possible.
Which four actions should you take to achieve this goal?

To answer, drag the action that you should perform first to the First Action box. Continue dragging actions to the corresponding numbered boxes until you list all four required actions in the correct order.
 
Answer:  

Explanation:
To recover from a corrupted quorum log or quorum disk
1. If the Cluster service is running, open Computer Management.
2. In the console tree, double-click Services and Applications, and then click Services.
3. In the details pane, click Cluster Service.
4. On the Action menu, click Stop.
5. Repeat steps 1, 2, 3, and 4 for all nodes.
6. If you have a backup of the quorum log, restore the log by following the instructions in "Backing up and restoring server clusters" in Related Topics.
7. If you do not have a backup, select any given node. Make sure that Cluster Service is highlighted in the details pane, and then on the Action menu, click Properties.
Under Service status, in Start parameters, specify /fixquorum, and then click Start.
8. Switch from the problematic quorum disk to another quorum resource.
For more information, see "To use a different disk for the quorum resource" in Related Topics.
9. In Cluster Administrator, bring the new quorum resource disk online.
For information on how to do this, see "To bring a resource online" in Related Topics.
10. Run Chkdsk, using the switches /f and /r, on the quorum resource disk to determine whether the disk is corrupted.
For more information on running Chkdsk, see "Chkdsk" in Related Topics.
If no corruption is detected on the disk, it is likely that the log was corrupted. Proceed to step 12.
11. If corruption is detected, check the System Log in Event Viewer for possible hardware errors.
Resolve any hardware errors before continuing.
12. Stop the Cluster service after Chkdsk is complete, following the instructions in steps 1 - 4.
13. Make sure that Cluster Service is highlighted in the details pane. On the Action menu, click Properties.
Under Service status, in Start parameters, specify /resetquorumlog, and then click Start.
This restores the quorum log from the node's local database.

Important
• The Cluster service must be started by clicking Start on the service control panel. You cannot
click OK or Apply to commit these changes as this does not preserve the /resetquorumlog parameter.
14. Restart the Cluster service on all other nodes.

Reference:
Robert J. Shimonski, Windows Server 2003 Clustering & Load Balancing.

Question 7.
You are a network administrator for ITCertKeys. ITCertKeys has a main office and two branch offices. The branch offices are connected to the main office by T1 lines. The network consists of three Active Directory sites, one for each office. All client computers run either Windows 2000 Professional or Windows XP Professional. Each office has a small data center that contains domain controllers, WINS, DNS, and DHCP servers, all running Windows Server 2003.

Users in all offices connect to a file server in the main office to retrieve critical files. The network team reports that the WAN connections are severely congested during peak business hours. Users report poor file server performance during peak business hours. The design team is concerned that the file server is a single point of failure. The design team requests a plan to alleviate the WAN congestion during business hours and to provide high availability for the file server.

You need to provide a solution that improved file server performance during peak hours and that provides high availability for file services. You need to minimize bandwidth utilization.

What should you do?

A. Purchase two high-end servers and a shared fiber-attached disk array.
    Implement a file server cluster in the main office by using both new servers and the shared fiber attached disk array.
B. Implement Offline Files on the client computers in the branch offices by using Synchronization Manager.  Schedule synchronization to occur during off-peak hours.
C. Implement a stand-alone Distributed File System (DFS) root in the main office.
    Implement copies of shared folders for the branch offices.
    Schedule replication of shared folders to occur during off-peak hours by using scheduled tasks.
D. Implement a domain Distributed File System (DFS) root in the main office.
    Implement DFS replicas for the branch offices.
    Schedule replication to occur during off-peak hours.

Answer: D

Explanation:
A DFS root is effectively a folder containing links to shared files. A domain DFS root is stored in Active Directory. This means that the users don’t need to know which physical server is hosting the shared files; they just open a folder in Active Directory and view a list of shared folders.

A DFS replica is another server hosting the same shared files. We can configure replication between the file servers to replicate the shared files out of business hours. The users in each office will access the files from a DFS replica in the user’s office, rather than accessing the files over a WAN link.

Incorrect Answers:
A: This won’t minimize bandwidth utilization because the users in the branch offices will still access the files over the WAN.
B: This doesn’t provide any redundancy for the server hosting the shared files.
C: You need DFS replicas to use the replicas of the shared folders.

Reference:
Robert Williams, Mark Walla; The Ultimate Windows Server 2003 system administrator's guide.

Question 8.
You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named Itcertkeys.com. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named ITCertKeysA.

You are planning a public key infrastructure (PKI) for the company. You want to deploy an enterprise certification authority (CA) on ITCertKeysA.

You create a new global security group named IT Approvers. You install an enterprise CA and configure the CA to issue Key Recovery Agent certificates.

The company’s written security policy states that issuance of a Key Recovery Agent certificate requires approval from a member of the IT Approvers group. All other certificates must be issued automatically.

You need to ensure that members of the IT Approvers group can approve pending enrolment requests for a Key Recovery Agent certificate.

What should you?

A. Assign the IT Approvers group the Allow – Enroll permissions for the Key Recovery Agent.
B. Assign the IT Approvers group the Allow – Issue and Manage Certificates permission for the CA.
C. For all certificate managers, add the IT Approvers group to the list of managed subjects.
D. Add the IT Approvers group to the existing IT Publisher group in the domain.
E. Assign the IT Approvers group the Allow – Full Control permission for the Certificate Templates container in the Active Directory configuration naming context.

Answer: B

Explanations:
1. In order to approve certificates you need certificate manager rights.
2. In order to get those rights you need Issue and Manage Certificates rights.
3. The option to enable auto enroll or wait for approval is made at the certificate template (in this case the key recovery template).
From the windows 2003 help.
A. will allow enroll only.
C. will allow all certificate managers.
D. cert publisher group is meant to include the CA servers only.
E. no need to give them full control on the certificate template when we have role separation in windows 2003 pki.

Reference:
Windows 2003 help.

Question 9.
You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named Itcertkeys.com. All computers on the network are members of the domain.

You are planning a public key infrastructure (PKI) for the company. You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.

You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied. You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003.

Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication.

You want to ensure that users receive certificates that can be used to authenticate to Web sites. Which two actions should you take? 
(Each correct answer presents part of the solution. Choose two)

A. On the User Authenticate certificate template, select the Reenroll All Certificate Holders command.
B. Assign the Domain Users group the Allow – Autoenroll permission for the User 
    Authentication certificate template.
C. Configure the CA to enable the User Authentication certificate template.
D. Assign the Domain Users group the Allow – Issue and Manage Certificates permission for the CA.

Answer: B, C

Explanation:
Certificate enrollment methods and domain membership
The domain membership of computers for which you want to enroll certificates affects the certificate enrollment method that you can choose.

Certificates for domain member computers can be enrolled automatically (also known as auto-enrollment), while an administrator must enroll certificates for non-domain member computers using the Web or a floppy disk.
The certificate enrollment method for non-domain member computers is known as a trust bootstrap process, through which certificates are created and then manually requested or distributed securely by administrators, to build common trust.

Allowing for autoenrollment
You can use autoenrollment so that subjects automatically enroll for certificates, retrieve issued certificates, and renew expiring certificates without subject interaction.

For certificate templates, the intended subjects must have Read, Enroll and Autoenroll permissions before the subjects can enroll.

To ensure that unintended subjects cannot request a certificate based on this template, you must identify those unintended subjects and explicitly configure the Deny permission for them. This acts as a safeguard, further ensuring that they cannot even present an unacceptable request to the certification authority. Note that Read permission does not allow enrollment or autoenrollment, it only allows the subject to view the certificate template.

Renewal of existing certificates requires only the Enroll permission for the requesting subject

Certificates obtained in any way, including autoenrollment and manual requests, can be renewed automatically.

These types of renewals do not require Autoenroll permission, even if they are renewed automatically.

Planning for autoenrollment deployment
Autoenrollment is a useful feature of certification services in Windows XP and Windows Server 2003, Standard Edition. Autoenrollment allows the administrator to configure subjects to automatically enroll for certificates, retrieve issued certificates, and renew expiring certificates without requiring subject interaction. The subject does not need to be aware of any certificate operations, unless you configure the certificate template to interact with the subject.

To properly configure subject autoenrollment, the administrator must plan the appropriate certificate template or templates to use. Several settings in the certificate template directly affect the behavior of subject autoenrollment.

• On the Request Handling tab of the selected certificate template, the selection of an autoenrollment user interaction setting will affect autoenrollment:

• Setting 							
fect on autoenrollment behavior
Enroll subject without 				This setting will allow "silent" autoenrollment without requiring 
requiring any user input			the user to take any action. This setting is preferred when clients 											require certificates but may not be aware that they are using 												them.

Prompt the user during 			The user will receive a message and may need to take an action 
Enrollment							when enrollment is performed. This action may be necessary 												when the certificate is intended for a smart card, which would 												require the user to provide their personal identification (PIN).

Prompt the user during 			This setting prompts the user both during enrollment and
enrollment and require 			whenever the private key is used.
user input when the private 		This is the most interactive autoenrollment behavior,	
key is used							as it requires the user to confirm all use of the private key.
										It is also the setting that provides the highest level of user 													awareness regarding key usage. 

										Caution
					• 					This setting is provided to the client during certificate 														enrollment. The client should follow the configuration setting, but the setting is not enforced by the certification

Incorrect Answers:
A: Only used when critical changes have been made to a certificate template, and you want it to apply to all users immediately.
D: This would be a security risk, since users should not be allowed management permissions.

Reference:
Windows Server 2003: Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Microsoft Press, Redmond, Washington, 2004, pp. 25-14.

Question 10.
You are a network administrator for ITCertKeys. The network consists of a single Windows 2000 Active Directory forest that has four domains. All client computers run Windows XP Professional.

The company’s written security policy states that all e-mail messages must be electronically signed when sent to other employees. 

You decide to deploy Certificate Services and automatically enroll users for email authentication certificates.

You install Windows Server 2003 on two member servers and install Certificate Services. You configure one Windows Server 2003 computer as a root certification authority (CA). You configure the other Windows Server 2003 server as an enterprise subordinate CA. You open Certificate Templates on the enterprise subordinate CA, but you are unable to configure certificates templates for autoenrollment.

The Certificate Templates administration tool is shown in the exhibit.

You need to configure Active Directory to support autoenrollment of certificates.

What should you do?

A. Run the adprep /forestprep command on the schema operations master.
B. Place the enterprise subordinate CA’s computer account in the IT Publisher Domain Local group.
C. Run the adprep /domainprep command on a Windows 2000 Server domain controller that is in the same domain as the enterprise subordinate CA.
D. Install Active Directory on the Windows Server 2003 member server that is functioning as the enterprise subordinate CA. Configure this server as an additional domain controller in the Windows 2000 Active Directory domain.

Answer: A 

Explanation:
The autoenrollment feature has several infrastructure requirements. These include:

Windows Server 2003 schema and Group Policy updates
Windows 2000 or Windows Server 2003 domain controllers
Windows XP Client
Windows Server 2003, Enterprise Edition running as an Enterprise certificate authority (CA)

Reference:
http://www.microsoft.net/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/maintain/certenrl.asp?frame=true

In this question, we have a Windows 2000 domain; therefore, we have Windows 2000 domain controllers. The Enterprise CA is running on a Windows Server 2003 member server which will work ok, but only if the forest schema is a Windows Server 2003 schema. We can update the forest schema with the adprep /forestprep command.

Incorrect Answers:
B: This will happen in the domain in which the CAs are installed.
C: The adprep /domainprep command prepares a Windows 2000 domain for an upgrade to a Windows Server 2003 domain. We are not upgrading the domain, so this isn’t necessary.
D: The CA doesn’t have to be installed on a domain controller. You can’t install AD on a Windows 2003 server until you run the adprep commands.


Google
 
Web www.certsbraindumps.com


Study Guides and Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA





              Privacy Policy                   Disclaimer                    Feedback                    Term & Conditions

www.helpline4IT.com

ITCertKeys.com

Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.