|
Please upload the latest dumps thanks in advance..
|
Question 1. You work as a Microsoft licensing specialist at ITCertKeys.com. ITCertKeys.com consists of a Sales department and a Marketing department. The Sales department has 500 Windows XP Professional client computers while the Marketing department has 200 Windows 2000 Professional client computers. The licenses for the client computers in the Sales department have Software Assurance and were obtained under a Select License agreement. ITCertKeys.com wants to standardize all client computers on the latest version of Windows. However, the Marketing department uses an in-house accounting application that is not compatible with Windows XP Professional. What should you suggest is a cost-effective license solution for the Marketing department? A. Use ITCertKeys.com's Select License agreement and obtain a Virtual PC 2004 licenses. B. Acquire licenses and Software Assurance for Windows 2000 Professional in Sales department. C. Acquire only Software Assurance for the Sales department, which are licensed for Windows XP Professional. D. Use the Independent Software Vendor (ISV) Royalty Licensing Program for the custom software solutions and obtain a Services Provider Licensing Agreement (SPLA) for Windows 2000 Professional. Answer: A Question 2. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. ITCertKeys.com consists of two department named Research and Finance. ITCertKeys.com has hired a new technician named Mia Hamm. Mia Hamm wants to know which offers downgrade rights. A. All agreements on Select License, Open License and also Software Assurance. B. Original Equipment Manufacturer (OEM) licenses. C. Small Business Server Client Access Licenses. D. User client access licenses Answer: A Question 3. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. A ITCertKeys.com customer named Rory Allen as contact you. Their company named AB Motors Software Assurance is expiring today. Currently AB Motors has and an Enterprise 5.x Agreement, a Select 5.x License agreement with Software Assurance. Rory Allen wants to know the time-window in which to renew the Software Assurance. What should you tell him? A. 1 month and 30 days. B. 2 month. C. 90 days. D. 1 month. Answer: C Question 4. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. A ITCertKeys.com customer named Andy Booth as contact you. You need to calculate the cost per year of Software Assurance for Systems, Applications, and Servers licenses. What should you do? A. Calculate 29% of the Systems license price and Applications license price, and 25% of the Servers license price. B. Calculate 14% of the Systems license price, Applications license price, and of the Servers license price. C. Calculate 20% of the Systems license price, 25% of the Applications license price, and 30% of the Servers license price. D. Calculate 10% of the Systems license price, 12% of the Applications license price, and 12% of the Servers license price. Answer: A Question 5. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows 2000 Professional. ITCertKeys.com wants to replace the client computers and standardize it to run Microsoft Windows XP Professional and Microsoft Office Professional 2003 without activating the client computers. Which of the following is the best licensing solution? A. Obtain licenses and Software Assurance for the Windows XP Professional upgrade and Office 2003 Professional. B. Use Original Equipment Manufacturer (OEM) to obtain licenses and add Software Assurance. C. Obtain only Software Assurance for the client computers. D. Obtain a Services Provider Licensing Agreement (SPLA) to run Windows XP Professional upgrade and Office 2003 Professional. Answer: B Question 6. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. A ITCertKeys.com customer named Dean Austin as contact you. Dean Austin wants to know more about the Enterprise Agreement. With regards to Enterprise Agreement, what is the least amount number of qualified desktops to qualify for it? A. 25 desktops. B. 50 desktops. C. 100 desktops. D. 250 desktops. Answer: D Question 7. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003. ITCertKeys.com consists of a Sales department. The laptop of ITCertKeys.com is used by the sales representatives that has Office XP Professional preinstalled and is running Microsoft Windows 2000 Professional. ITCertKeys.com is using a Select License agreement, which is in use for 24 months. A few weeks ago, ITCertKeys.com acquired 150 desktops with Windows XP Professional and Office 2003 Professional OEM licenses. The CIO of ITCertKeys.com wants to know which are eligible to be enrolled in Software Assurance. What should you tell him? A. The laptop computers with the Select License agreement. B. The Microsoft Windows 2000 Professional laptops. C. The laptops and the new desktops. D. The 150 desktops with Windows XP Professional and Office 2003 Professional OEM licenses. Answer: D Question 8. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. A ITCertKeys.com customer named Clive Wilson as contact you. Clive Wilson has acquired 50 new client computers that have Microsoft Windows XP Professional preinstalled. The licences of Clive Wilson's company needs to be enroll in Software Assurance. What is the time limit to enroll these licenses in Software Assurance? A. 2 months. B. 1 month. C. 90 days. D. 3 months. Answer: C Question 9. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. ITCertKeys.com contains 20,000 desktop computers that run Microsoft Office Professional 2003. ITCertKeys.com has quite a few branch offices in Columbia, Germany, Japan and USA. The ITCertKeys.com users need to adjust the user interface languages often. You need to assign an Enterprise Agreement. Which of the following language licensing solution should you choose? A. On the Enterprise Agreement enrolment you should use the All Languages option. B. Choose the Listed Languages option on the Enterprise Agreement enrolment and the Cross Language use rights. C. Use the Cross Language use rights in the Enterprise Agreement and the All Languages option. D. Use the Platform Independent use rights in the Enterprise Agreement and the All Languages option. Answer: A Question 10. You work as a Microsoft licensing specialist at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. A year ago, ITCertKeys.com has signed a Select License agreement. Because of the abundance of the license acquisitions, ITCertKeys.com had qualified for Select Level B in the Server pool. Last week ITCertKeys.com only purchased only 780 points in the Server pool. How will the licensing agreement be affected? A. ITCertKeys.com need to assign a new enrollment under the name. B. ITCertKeys.com will be re-leveled to Select Level A. C. ITCertKeys.com needs to purchase software under its current agreement until the agreement expires. D. ITCertKeys.com must re-negotiate the Select License agreement and must forecast Select Level A. Answer: B
|
Question 1. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory forest. The functional level of the forest is set at Windows Server 2003. The ITCertKeys.com network contains a file server named ITCertKeys-SR07 that hosts a shared folder in a child domain in ITCertKeys.com's forest. ITCertKeys.com has a sister company that has its own Active Directory forest. You need to ensure that users, who belong to a child domain in the sister company's Active Directory forest, are provided with access to the shared folder in the child domain in ITCertKeys.com's Active Directory forest. You also need to ensure that these users are unable to access any other resources in ITCertKeys.com's forest. What should you do? A. You have to create an external trust, and configure it with the selective authentication option. B. You have to create a forest trust, and configure it with the domain-wide authentication option. C. You have to create an external trust, and configure it with the domain-wide authentication option. D. You have to create a forest trust, and configure it with the selective authentication option. Answer: A Explanation: An external trust is always nontransitive, and can be either one-way or two-way. This type of trust is used to create a relationship between a Windows Server 2003 domain and one running Windows NT 4.0. It can also be used to connect two domains that are in different forests, and don't have a forest trust connecting them. In this scenario, you have to create outgoing external trust from the domain where the file server is located to the sister company's domain where the users require access to a resource in ITCertKeys.com's forest. This will allow users from the sister company's domain to authenticate directly to ITCertKeys.com's resource domain. Selective authentication allows users from a trusted domain to authenticate only to those resources to which they are explicitly allowed to authenticate. Incorrect Answers: B, D: A forest trust is appropriate when users from multiple domains in one forest require access to resources in multiple domains in another forest. C: Configuring Domain-wide authentication would provide users from trusted domains the same level of access to local resources that local users have. Question 2. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. A new ITCertKeys.com security policy requires that all user passwords expire every 45 days. You configure a password policy that meets this requirement in a new Group Policy object (GPO) linked to the ITCertKeys.com domain. Users are now prompted to change their passwords on a regular basis. While performing a maintenance procedure on a domain controller three months later, you restart the domain controller in Directory Services Restore Mode (DSRM) and discover that the old administrative password still works. You need to ensure that DSRM password is changed on this domain controller. What should you do? A. You have to configure the password policy in the Default Domain Controllers Policy GPO in normal mode. B. You should reset the password for the local Administrator account in normal mode using Computer Management. C. You have to configure the password policy in the Default Domain Policy GPO in normal mode. D. You should reset the DSRM password in normal mode using the Ntdsutil utility. Answer: D Explanation: When you restart a domain controller in DSRM, the Active Directory service is not activated and the domain controller will act as a stand alone server. To log on to a computer in DSRM and to comply with the security policy, you need to set a password by using the Ntdsutil utility when the domain controller is operating in DSRM. Incorrect Answers: A, C: If the password policies were configured in the GPOs, it will not affect DSRM passwords on domain controllers. B: You will not find any local user accounts on a domain controller. Question 3. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory network named itcertkeys.com. ITCertKeys.com has headquarters in London and branch office in Paris. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. ITCertKeys.com contains a Sales department. The headquarters in London contains a Windows Server 2003 computer named ITCERTKEYS-SR03 that hosts the ITCertKeys.com public Web site. The public Web site consists of the goods that are advertised by the Sales department. ITCERTKEYS-SR03 is running IIS 6.0. Due to the demand on the public Web site, you installed a new ASP.NET-based application on the public Web site. A ITCertKeys.com manager named Andy Reid is responsible for updating the public Web site on a regular basis. After the installation of the new ASP.NET-based application, Andy Reid access the public Web site, however, he received an error message stating that the page cannot be found. Andy Reid needs to access the public Web site to update the data. You need to ensure that the new ASP.NET-based application works. What should you do? A. You need to select support for Active Server Pages. B. You should assign the proper permissions to the Authenticated Users group for the new ASP.NET-based application. C. You need to acquire a server certificate from your corporate certification authority and install the certificate. D. You need to select only the required Web service extensions. Answer: D Explanation: By default, in Windows Server 2003, the Internet Information Services (IIS) has only static HTML content. You will only receive an HTTP error 404 if dynamic content is requested. You need to enable the support for the appropriate Web service extensions in IIS Manager to provide dynamic content. Incorrect Answers: A: Since ASP and ASP.NET are different, there is no need to support ASP. B: It is unlikely that the Authenticated Users group needs to be assigned any permission to access. public Web site allow anonymous access. C: The scenario does not state that the new application requires a certificate for SSL encryption or for another purpose, and even if it did, a certificate issued would not be trusted by the general public. Question 4. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named itcertkeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. ITCertKeys.com contains a Finance department. ITCertKeys.com contains a domain controller named ITCERTKEYS-DC01 which resides in the Finance department. Due to the confidential information of the data that reside on the domain controller, you need to make sure that the security is established at all time on ITCERTKEYS-DC01. You then access the Security Configuration and Analysis (SCA) MMC snap-in, and receive the following database log file as seen in the exhibit. Exhibit: You need to ensure that security is established on the ITCertKeys.com network around the clock. What should you do? A. Reconfigure the "Minimum Password Length" security policy. B. Reconfigure the "Lockout Duration" security policy. C. Reconfigure the "Password Must Meet Complexity Requirements" security policy. D. Reconfigure the "Minimum Password Age" security policy. Answer: A Explanation: The Security Configuration and Analysis (SCA) Microsoft Management Console (MMC) snap-in is used to evaluate a computer's security settings with a predefined security template. The exhibit shows that disparity exists between the value of the " Minimum Password Length" setting on ITCERTKEYS-DC01 and the setting's value that is configured in the currently loaded security template. Incorrect Answers: B, C, D: The Lockout Duration, Password Must Meet Complexity Requirements, and Minimum Password Age settings are marked as Not Configured. Reconfiguring these would result in inconsistent security on the ITCertKeys.com network as only ITCERTKEYS-DC01 will be configured with these settings. Question 5. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named itcertkeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. ITCertKeys.com is a relatively new company and at present has to share premises with other companies. Consequently there are added security risks and as a precautionary measure all the itcertkeys.com servers are located and maintained in a strong room and kept under lock and key. As a further precautionary measure you also applied the securedc.inf and the securews.inf security templates to the relative computers. There is however still the threat that unauthorized physical access could still be possible in lieu of the shared premises and unauthorized attempts at guessing the itcertkeys.com user's passwords. You received instructions from the CIO to ensure that added security measures are implemented to minimize the possibility of user passwords being at risk. What should you do? A. On all the domain controllers, you need to apply the hisecdc.inf predefined security template. B. You need to generate a system key with the Syskey utility, and then specify that this system key be stored locally. C. On all the member servers, you need to apply the hisecws.inf predefined security template. D. You need to generate a system key with the Syskey utility, and then specify that this system key be stored on a floppy disk. Answer: D Explanation: To provide protection to user passwords, you need to use the Syskey utility. This will allow you to generate a system key that is used to encrypt passwords. The three levels of protection that is offered by the Syskey utility are as follows: 1. Store the system key locally on a computer, which is not secure. 2. Use an administrative-assign password or 3. Store the system key on a floppy disk, which is required at startup. Incorrect Answers: A, C: Hisecdc.inf and hisecws.inf are more secure than securedc.inf and securews.inf, however, it will not stop the unauthorized user to guess passwords. B: Storing the system key locally on the computer is the least secure option. Question 6. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named itcertkeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. ITCertKeys.com contains a Sales department. The ITCertKeys.com network contains a file server named ITCERTKEYS-SR13. ITCERTKEYS-SR13 hosts a shared folder which keeps the latest goods which the users needs to access. A ITCertKeys.com employee named Andy Booth works in the Sales department. One morning Andy Booth complains that the performance of ITCERTKEYS-SR13 is very slow. To avoid that employees contact you regarding the performance of the file server, you are going to set counters to alarm you if any bottlenecks occur on ITCERTKEYS-SR13. . You then create a counter, and choose the following monitoring counters. 1. PhysicalDisk: %Disk Time 2. Processor: % Processor Time 3. Network Interface: Bytes Total/sec. What should your next step be? A. You should specify the threshold values for performance counters, which will produce a message to your workstation when reached. B. Navigate to the System performance object, and select a ProcessorQueue Length counter. C. Use the CSV format and configure a trace log that runs always, export the performance data to a spreadsheet manually. D. Use the CSV format and configure a counter log that record performance data on a constant basis. Answer: A Explanation: Alerts can be configured when thresholds are reached. This will allow you to receive a message when the threshold values are reached. Incorrect Answers: B: To find a bottleneck in a subsystem, the ProcessorQueue Length counter is used. This will not help you in defining an alert. C: If you want to record selected system application events, you should use the Trace logs. D: Although using this option will gather the required performance data for bottleneck detection, it would not enable you to configure an alert. Question 7. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named itcertkeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. ITCertKeys.com consists of a Research department. The ITCertKeys.com network contains a domain controller named ITCERTKEYS-DC03. ITCERTKEYS-DC03 is used to communicate with other companies which form part of the alliances. You do not want ITCERTKEYS-DC03 to slack in performance, because it will influence the tasks of the employees in ITCertKeys.com. You want to forward a network message to your client computer in your office when CPU utilization goes beyond 80 percent. You thus need to configure ITCERTKEYS-DC03 to forward a network message to your client computer when CPU utilization goes beyond 80 percent. What should you do? A. On ITCERTKEYS-DC03 configure a network message to be sent to your client computer, by using the Services MMC snap-in. B. On ITCERTKEYS-DC03 configure a network message to be sent to your client computer, by using the Performance Logs and Alerts MMC snap-in. C. On ITCERTKEYS-DC03 configure a network message to be sent to your client computer, by using the Network Monitor. D. On ITCERTKEYS-DC03 configure a network message to be sent to your client computer, by using the System Monitor. Answer: B Explanation: The Performance Logs and Alerts Microsoft Management Console (MMC) snap-in can be used to configure alerts that trigger an action. Incorrect Answers: A: The Services MMC snap-in can be used to view and modify system and network services that are installed on a Windows Server 2003 computer. You need to set alerts. C: Network Monitor is not the tool to be used in this case as it is usually used to capture and decode incoming an outgoing network packets. D: System Monitor is used to view real-time hardware and software performance data, but in this case you require the Performance Logs and Alerts Microsoft Management Console.. Question 8. You work as a network administrator for ITCertKeys.com. The network consists of a single Active Directory domain named ITCertKeys.com. ITCertKeys.com contains six domain controllers of which two each is configured to run Windows Server 2003, Windows 2000 Server, and Windows NT Server 4.0 The ITCertKeys.com departments are organized into organizational units (OUs). As such the Administration OU is named ITK_ADMIN, and the OU is named the ITK_SALES. All file servers for all departments are located in their respective OUs. The ITK_SALES OU is a child OU of the ITK_ADMIN OU. A new ITCertKeys.com written security policy states that the Administration department servers must be configured with security settings that are enhanced from the default settings. The ITCertKeys.com written security policy further also states that the Sales department servers must be configured with security settings that are enhanced from the default settings, and auditing should be enables for file and folder deletion. Your instructions are to plan the security policy settings of the Administration and Sales departments to ensure compliance with the written security policy. To this end you decide to make use of a Group Policy Objects (GPO) for each of these departments. What should you do next? A. One GPO must apply the Compatws.inf security template to computer objects. Link this GPO to the ITK_ADMIN OU. The second GPO must enable the Audit object access audit policy on computer objects. Link this GPO to the ITK_SALES OU. B. One GPO must apply the Securews.inf security template to computer objects. Link this GPO to the ITK_ADMIN OU. The second GPO must enable the Audit object access audit policy on computer objects. Link this GPO to the ITK_SALES OU. C. One GPO must apply to the Compatws.inf security template to computer objects. Link this GPO to the ITK_ADMIN OU. The second GPO must apply the Hisecws.inf security template to computer objects. Link this GPO to the ITK_SALES OU. D. One GPO must apply the Securews.inf security template to computer objects. Link this GPO to both the ITK_ADMIN and the ITK_SALES OUs. The second GPO must enable the Audit object access audit policy on computer objects. Link this GPO to the ITK_SALES OU. Answer: B Explanation: The Securews.inf template contains policy settings that increase the security on a workstation or member server to a level that remains compatible with most functions and applications. The template includes many of the same account and local policy settings as Securedc.inf, and implements digitally signed communications and greater anonymous user restrictions. Audit Object Access A user accesses an operating system element such as a file, folder, or registry key. To audit elements like these, you must enable this policy and you must enable auditing on the resource that you want to monitor. For example, to audit user accesses of a particular file or folder, you display its Properties dialog box with the Security tab active, navigate to the Auditing tab in the Advanced Security Settings dialog box for that file or folder, and then add the users or groups whose access to that file or folder you want to audit. Incorrect Answers: A, C: The Compatws.inf security template is designed for Windows NT compatible applications that require lower security settings in order to run. These settings are lower than the default settings. D: The ITK_SALES OU is a child OU of the ITK_ADMIN OU. GPO settings applied to parent OUs are inherited by child OUs; therefore we do not need to link the GPO to both the ITK_ADMIN OU and the ITK_SALES OU. Reference: Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapters 9 and 10 Question 9. You work as the network administrator for ITCertKeys.com. The ITCertKeys.com network contains 50 application servers that are configured with Windows Server 2003. At present the security configuration of the ITCertKeys.com is not uniformly applied. Local administrators, based on their different knowledge and skill levels, were responsible for the configuration of the security settings on each of the application servers. This resulted in a wide variety of authentication methods, audit settings and account policy settings. ITCertKeys.com thus appointed a security team to complete a new network security design. Included in the design is a baseline configuration for the security settings on all servers. The baseline security settings use the hisecws.inf predefined security template. The design also requires modified settings for servers in an application server role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named application.inf that contains the required settings. You received instruction to plan the deployment of the new security design. Your plan must ensure that all application servers' security settings are standardized, and that after the security settings on all application servers comply with the design requirements. What should you do? A. First apply the setup security.inf template, and then apply the hisecws.inf template, and then the application.inf template. B. First apply the Application.inf template and then the Hisecws.inf template. C. First apply the Application.inf template, and then apply the setup.inf template, and then the hisecws.inf template. D. First apply the Setup.inf template and then the application.inf template Answer: A. Explanation: The servers currently have different security settings. Before applying our modified settings, we should reconfigure the servers with their default settings. This is what the security.inf template does. Now that our servers have the default settings, we can apply our baseline settings specified in the hisecws.inf template. Now we can apply our custom settings using the application.inf template. Incorrect Answers: B: The hisecws.inf template would overwrite the custom application.inf template. C: The setup.inf security template doesn't exist. To return a system to its default security settings, we use the security.inf template. D: The setup.inf security template doesn't exist. To return a system to its default security settings, we use the security.inf template. Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 13:62 David Watts & Will Willis, Windows Server 2003 Active Directory Infrastructure Exam Cram 2 (Exam 70-294): Que Publishing, Indianapolis, 2004, Chapter 8 Question 10. You work as a network administrator for ITCertKeys.com. The ITCertKeys.com network contains Terminal servers that host legacy applications. Only ITCertKeys.com users that have Power Users group membership can run these legacy applications. A new ITCertKeys.com security policy states that the Power Users Group must be empty on all servers. You are thus required to ensure that the legacy applications will be available to users on the servers when the new security requirement is enabled. What should you do? A. In the domain, the Domain Users Global group should be added to the Remote Desktop Users built-in group in the domain. B. On each terminal server, the Domain Users Global group should be added to the Remote Desktop Users local group. C. Allow the Local Users group to run the legacy applications my modifying the compatws.inf security template settings. Import the security settings into the default Domain Controllers Group Policy Object. D. Allow the Local Users group to run the legacy applications by modifying the compatws.inf security template settings. Apply the modified template to each terminal server. Answer: D Explanation: The default Windows 2000 security configuration gives members of the local Users group strict security settings, while members of the local Power Users group have security settings that are compatible with Windows NT 4.0 user assignments. This default configuration enables certified Windows 2000 applications to run in the standard Windows environment for Users, while still allowing applications that are not certified for Windows 2000 to run successfully under the less secure Power Users configuration. However, if Windows 2000 users are members of the Power Users group in order to run applications not certified for Windows 2000, this may be too insecure for some environments. Some organizations may find it preferable to assign users, by default, only as members of the Users group and then decrease the security privileges for the Users group to the level where applications not certified for Windows 2000 run successfully. The compatible template (compatws.inf) is designed for such organizations. By lowering the security levels on specific files, folders, and registry keys that are commonly accessed by applications, the compatible template allows most applications to run successfully under a User context. In addition, since it is assumed that the administrator applying the compatible template does not want users to be Power Users, all members of the Power Users group are removed. Incorrect Answers: A, B: Global group is a group that is available domain-wide in any domain functional level, so why would you add to another group. C: The Compatws.inf template is not intended for domain controllers, so you should not link it to a site, to the domain, or to the Domain Controllers OU Reference: Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 8:5 Dan Holme, and Orin Thomas, MCSA/MCSE Self-Paced Training Kit: Upgrading Your Certification to Microsoft Windows Server 2003: Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Chapter 9
|
Question 1. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The new ITCertKeys.com directive states that all departments in ITCertKeys.com should install Microsoft Windows Vista Business Edition on their respective workstations. You have been assigned to the Research department. To this end you are thus tasked with the responsibility to install Microsoft Windows Vista Business Edition on the Research Department's workstations. Following is a list of the workstation specifications as at present in the research department: 1. 1.2 GHz processor. 2. 256 MB of RAM. 3. 10 GB hard drive. 4. SVGA video card. 5. Integrated sound card. 6. 10/100 integrated network adapter. These computers are not ready to have Microsoft Windows Vista Business Edition installed. They lack certain minimum hardware requirements. You now need to identify these and upgrade the workstations accordingly so as to comply with the new ITCertKeys.com directive. What should you do? (Each correct answer presents part of the solution. Choose TWO.) A. You should upgrade the processor. B. You should upgrade the RAM. C. You should upgrade the video card. D. You should upgrade the hard drive. E. You should upgrade the network adapter. Answer: B, D Explanation: You must have at least 512 MB of RAM and a minimum 20 GB hard drive with 15 GB of free space to successfully install Windows Vista. Incorrect Answers: A: Windows Vista requires an 800 MHz CPU, so the current 1.2 GHz processor will be adequate and will thus not need to be upgraded. C: Windows Vista will function with an SVGA video card, although improvements in the user experience with Aero would require a Windows Display Driver Model (WDDM) capable video card. E: Windows Vista does not have a minimum network adapter requirement, making this option irrelevant in the circumstances. Question 2. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The new ITCertKeys.com directive states that all departments in ITCertKeys.com should install Microsoft Windows Vista Business Edition on their respective workstations. You have been assigned to the Research department. However, there is another company policy that states that all new installations and upgrades should be done on test computers prior to mass deployment. The Research department has a test computer named ITCertKeys-WS620. Following are the ITCertKeys-WS620 specifications: 1. Drive C (system drive) has 10 gigabytes (GB) of free space. 2. Drive D (programs drive) has 40 GB of free space. 3. Two memory slots exist, but only one is occupied with a 512 megabyte (MB) memory stick. 4. One 1.5 gigahertz (GHz) 32-bit processor is installed. To comply with the company policy and follow the new directive you thus plan to install Microsoft Windows Vista Business on ITCertKeys-WS620. Now you need to change the hardware configuration so that the computer can run Windows Vista Business. What should you do? A. You should install Windows Vista on Drive D. B. You need to free up space on Drive C. C. You should add more memory to the computer. D. You should add a faster processor to the computer. Answer: B Explanation: Operating systems must be installed on the system drive. In this scenario, the system drive on ITCertKeys-WS620 has only 10 GB of free space. Thus you should free up space on Drive C because Windows Vista requires 15 GB of free space for installation purposes. Incorrect Answers: A: You must install operating systems on the system drive. In this scenario, Drive C is the system drive. Thus you should not install Windows Vista on Drive D. C: The minimum memory capacity for a computer running Windows Vista is 512 MB and ITCertKeys-WS620 has 512 MB RAM. Thus you do not need to add more memory to the computer. D: There is no need to add a faster processor to the computer. The minimum processor speed for a computer running Windows Vista is 800 megahertz (MHz). Question 3. You work as the Desktop support technician at ITCertKeys.com. You have been instructed to deploy Microsoft Windows Vista operating system on all the ITCertKeys.com client computers. ITCertKeys.com is planning to deploy two sites: a primary and a secondary site. You want to carry out your duty be using the System Management Server (SMS) 2003 operating system deployment (OSD) Feature Pack. Consequently you need to install the SMS 2003 OSD Feature Pack and thus you need to take you first action. What should you do? A. SMS 2003 should be installed on the primary site server. B. SMS 2003 should be installed on the secondary site server. C. Windows Deployment Service (WDS) should be installed on the primary site server. D. Business Desktop Deployment (BDD) 2007 should be installed on the primary site server. Answer: A Explanation: Installing SMS 2003 on the primary site server will enable you to install SMS 2003 OSD Feature Pack. The System Management Server (SMS) 2003 operating system deployment (OSD) Feature Pack can be used to create a custom image to deploy Windows Vista operating system on the target computers. Incorrect Answers: B: SMS 2003 must be installed on the Primary site server and not on the secondary site server. You are however able to install SMS 2003 on all the site servers to support SMS 2003 OSD Feature Pack. C: WDS is used to deploy Windows Operation System on target computers using PXE network boot. It is in essence an enhanced version of Remote Installation Services (RIS) as it was used in previous versions of the Windows operating systems. You should not first install WDS on the primary site server. D: BDD 2007 is installed on the deployment server after SMS 2003 OSD Feature Pack is installed. Question 4. You work as the Desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have been instructed to deploy Microsoft Windows Vista operating system on all the ITCertKeys.com client computers. You plan to make use of System Management Server (SMS) 2003 on a primary site server. You then use System Management Server (SMS) 2003 operating system deployment (OSD) Feature Pack to create a custom Windows Vista image. You need to deploy the Windows Vista image on the ITCertKeys.com client computers. The ITCertKeys.com client computers are currently using a mix of 32- and 64-bit processors. This means that you will need to take certain steps prior to deploying the image to the client computers. What should you do? (Each correct answer presents part of the solution. Choose TWO.) A. Check the size of the deployment logs. B. Identify the differences in 32- and 64-bit deployment. C. Verify that SMS 2003 OSD Feature Pack is installed on the client computer. D. Verify that the ITCertKeys.com computers have the appropriate system resources. E. Verify that the Windows Deployment Service (WDS) is installed on the ITCertKeys.com client computer. Answer: B, D Explanation: The ZTIvalidate.wsf file is used to determine that the target computer has the available resources required to deploy Windows operating system. Prior to deploying an SMS 2003 OSD Feature Pack on a target computer, you should verify that the computer has the appropriate system resources. You should also identify the differences in 64-bit and 32-bit deployment. BDD 2007 only supports only EM64T-enabled processors and the AMD 64 type processors. Incorrect Answers: A: Deployment logs are used to store information regarding the image installation process on each client computer. You should determine the storage capacity required for storing the deployment logs during the image installation process. One does not first determine the size of the deployment logs. C: The SMS 2003 OSD Feature Pack is installed on the primary site server and is used to create custom Windows image for Windows deployment on the target/client computers. You should thus not install it on the client computer. E: WDS is used to deploy Windows Operation System on target computers using PXE network boot. It is in essence an enhanced version of Remote Installation Services (RIS) as it was used in previous versions of the Windows operating systems. WDS is not installed on the client computer. Question 5. You are employed as an administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All client computers on the ITCertKeys.com network run Microsoft Windows Vista. A ITCertKeys.com policy states that all client computers should be configured to obtain all of the latest operating system updates. A new computer named ITCertKeys-WS624 was recently purchased. You received instructions to verify whether ITCertKeys-WS624 can obtain all of the latest operating system updates. What should you do? A. You need to confirm that ITCertKeys-WS624 has a Microsoft Windows Experience Index base score above 3.0. B. You need to configure Windows Defender to detect updates before scanning. C. You need to validate your Windows installation from the Microsoft Windows Genuine Advantage Web page. D. You need to run Microsoft Windows Vista Upgrade Advisor. Answer: C Question 6. You are employed as a network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The ITCertKeys.com network is divided into several departments of which the Sales department is one. The Sales department was assigned a client computer named ITCertKeys-WS622. Certkiller-WS622 has the following hardware configuration: 1. 512 MB of RAM 2. 10-GB hard disk 3. 933-MHz processor 4. 64-MB video adapter. You have received instructions from the manager to install Microsoft Windows Vista on ITCertKeys-WS622. Which hardware component fails the minimum hardware requirements? A. Memory. B. Hard disk. C. Processor. D. Video adapter. Answer: B Question 7. ITCertKeys.com has employed you as a desktop technician. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The ITCertKeys.com network is divided into several departments of which the Marketing department is one. The Marketing department was assigned a client computer named ITCertKeys-WS625. ITCertKeys-WS625 is currently running Microsoft Windows XP Professional. All the applications that are used in the Marketing department are third- party applications which are used daily in the department. You have received instructions from the CIO to upgrade ITCertKeys-WS625 to Microsoft Windows Vista. The CIO wants all the applications in used to be operational after the upgrade. You must comply with the CIO's request and thus need to determine whether the hardware and software on ITCertKeys-WS625 will support the upgrade and still leave all the applications operational. What should you do? A. You need to run the winnt32.exe /checkupgradeonly command. B. You need to run the mbsacli.exe command. C. You need to run the Microsoft Windows Vista Upgrade Advisor application. D. You need to compare ITCertKeys-WS625 system's hardware against the Microsoft Windows Vista Hardware Compatibility List (HCL). Answer: C Question 8. DRAG DROP You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. ITCertKeys.com has a client computer named ITCertKeys-WS626. ITCertKeys-WS626 has a hard disk that has been partitioned in two equal parts of 50 Gigabytes (GB) each. Microsoft Windows XP Home has been installed in the primary partition. The second partition is yet to be formatted. You have been instructed ensure that ITCertKeys-WS626 has dual booting abilities. You need to accomplish this task with the least amount of administrative effort. What should you do? (Choose the correct options in the column on the left and place them in the correct order of execution in the work area on the right.) Answer: Explanation: The correct method would be to first format the second partition with NTFS, then boot the computer with the Windows Vista DVD and then installing Windows Vista on the second partition. This order of procedure would result in the least administrative effort since one should first install the oldest version of the Windows operating system first, then install each newer version in order because every new Windows version preserves backward compatibility for starting earlier Windows versions. Incorrect Answers: Do not change the file system on the second partition: If one does not change the file system then one will not be able to install Windows Vista on the computer. You need to either convert the file system to NTFS or format the partition with NTFS to accommodate the installation of Windows Vista. Create two partitions in the extended partition: This would be superfluous since there are already two partitions and you would not require more partitioning. First install Windows Vista on the primary partition: This will not work since you need to install the older version of the Windows operating system first and then install the newer version. First install Windows XP Home on the second partition: This is not the correct method to dual booting the computer. You should begin with installing the Windows XP Home on the primary partition first. Question 9. DRAG DROP You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. There is currently only one workstation that has been installed with Microsoft Windows Vista Business Edition. This workstation is named ITCertKeys-WS622. You have received instructions from the ITCertKeys.com manager to install Microsoft Windows Vista Business Edition on all the new workstations that has just been purchased. These new workstations must have the same build of Microsoft Windows Vista Business Edition as that deployed on ITCertKeys-WS622. You want to complete your task with the least amount of administrative effort. To this end you need to create an image of ITCertKeys-WS622 to deploy to the new workstations. Thus you take the bootable Windows PE CD that includes all the required deployment tools. What should you do next? (Choose the correct options in the column on the left and place them in the correct order of execution in the work area on the right.) Answer: Explanation: the correct plan of action would be as follows: 1. Use Sysprep to seal the master. Sysprep prepares an installed OS to be created into a deployable image by removing some computer specific information such as the workstation's Security Identifier (SID), which must be unique. 2. Boot the master with the Windows PE CD. Windows PE is a bootable OS that has many tools that can be used for creating and deploying images. Tools such as ImageX and Diskpart are run from Windows PE. 3. Use ImageX on the master to create the image file. ImageX is the Windows PE tool that is used to capture (and apply) OS images. 4. Boot the target with the Windows PE CD. 5. Use Diskpart to format the drive. Diskpart is a PE tool that is used to configure the hard drive on a PC. 6. Use ImageX to apply the image to the target. Question 10. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All the ITCertKeys.com workstations run Microsoft Windows 2000 Professional. You are responsible for the installation of operating systems on the ITCertKeys.com computers. You want to make use of the Microsoft Windows Vista DVD to perform a clean installation on the ITCertKeys.com workstations. To this end you place the DVD into the drive and start the first workstation only to find that it boots straight to Windows 2000 without starting the install of Microsoft Windows Vista. You have run checks on the BIOS of the workstations and to boot from DVD-ROM is not allowed, though you need to perform a clean install. What should you do? A. You should install new hard drives on these workstations. B. The BIOS settings of these workstations should be changed to boot from the local hard drive. C. You should update all the workstations' BIOS. D. You should use the Windows Vista floppy boot disk. Answer: C Explanation: If you attempt to boot from the DVD ROM drive and it does not work, the first place to check is the computer BIOS. Alternatively, (though not mentioned as an option to choose from) you can also start the computer with a network boot floppy disk or PXE and connect to the installation files on the DVD or over the network. Incorrect options: A: You should not install a new hard drive. Installing a new hard drive will not solve this problem because the Windows Vista setup files on the DVD still needs to be accessed to allow for this install. B: You should not change the BIOS settings to boot from the local hard drive. Changing the BIOS settings to boot from the local hard drive will only boot to the installed operating system. D: You cannot use the Windows Vista Setup floppy boot disk. Windows Vista does not come with a Setup floppy boot disk. Question 11. You work as the Desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have been instructed to deploy Microsoft Windows Vista operating system on all the ITCertKeys.com client computers. You are required to automate the deployment of Windows Vista on the client computers. To this end you installed Windows Automated Installation Kit (WAIK) on your computer. You then created an answer file for a Windows Vista unattended installation on client computers. You now need to validate the answer file before deploying Windows Vista to the ITCertKeys.com client computers and thus need to make use of the appropriate tool. What should you do? A. Use the Setup Manager B. Use the System Preparation tool. C. Use the Office Customization Tool (OCT). D. Use the Windows System Image Manager (SIM) tool. Answer: D Explanation: The SIM tool is used to create an answer file, as well as to validate the answer file to ensure that the file is working. This you should make use of the SIM tool in this scenario. Incorrect Answers: A: The Setup Manager too is used to create an answer file in Windows 2000, Windows XP and Windows Server 2003 operating systems. It is not used in Microsoft Windows Vista. B: The SYSPREP.EXE tool is use to prepare a reference computer before capturing an image of the reference computer. It is not used to validate answer files prior to deployment. C: OCT is used to customize an Office 2007 installation and to create a Setup Customization file and to automate an Office 2007 installation and modify user settings, NOT to validate an answer file prior to deployment.
|
Question 1. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have been assigned to the ITCertKeys.com help desk to aid all the ITCertKeys.com users who experience problems with their workstations. There are both desktop and laptop workstations in operation at ITCertKeys.com. Amy Wilson works as the Marketing manager at ITCertKeys.com. You have received instruction from the CIO to verify whether the workstation of Amy Wilson can obtain the most recent operating system updates. What should you do? A. To check whether your operating system can obtain the latest updates you need to run Microsoft Windows Vista Upgrade Advisor. B. To check you need to validate your Windows installation from the Microsoft Windows Genuine Advantage Web page. C. You have to make sure that your workstation has a Microsoft Windows Experience Index base score above 3.0. D. Windows Defender should be configured to detect updates before scanning. Answer: B Question 2. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have been assigned to the ITCertKeys.com help desk to aid all the ITCertKeys.com users who experience problems with their workstations. The administrator instructs you to execute a clean installation of Microsoft Windows Vista on the first partition. Thereafter, you need to install Microsoft Windows XP Professional on the second partition of the same machine. A senior support technician informs you that he is able to log on to Windows XP Professional. However, he does not have the option to boot to Windows Vista. You need to ensure that you are able to dual boot the computer. What should you do? A. To achieve this you should edit the boot.ini file. Then you should the subsequent line: Multi(0)Disk(O)Rdisk(0)Partition(1)\Microsoft Windows B. You need to run the bootcfg.exe application with the /fastdetect option in order to dual boot computer. C. To ensure that you are able to dual boot the computer you should perform a clean installation of Windows Vista on the first partition. D. The msconfig.exe application should be run and the order of the operating systems in the boot.ini file should be changed. Answer: C Question 3. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have been assigned to the ITCertKeys.com help desk to aid all the ITCertKeys.com users who experience trouble with their computers. A ITCertKeys.com employee named Andy Booth works as the accountant in the Finance department. Andy Booth uses a client computer named ITCertKeys-WS621. ITCertKeys-WS621 has the following hardware configuration: 1. 512 MB of RAM 2. 10-GB hard disk 3. 933-MHz processor 4. 64-MB video adapter. You have received instruction from the CIO to install Microsoft Windows Vista on ITCertKeys-WS621. The CIO also requests that you determine which hardware component fails to meet the minimum hardware requirements. Identify the hardware component you should choose? A. The processor will fail to meet the minimum hardware requirements. B. You should choose the hard disk since it will fail to meet the minimum hardware requirements. C. The video adapter will fail to meet the minimum hardware requirements. D. You need to choose the memory since it will fail to meet the minimum hardware requirements Answer: B Question 4. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have been assigned to the ITCertKeys.com help desk to aid all the ITCertKeys.com users who experience problems with their workstations. ITCertKeys-WS622 is configured to run Microsoft Windows XP Professional. ITCertKeys-WS622 also runs 20 third-party applications. You receive a memo from management informing you of their plans to upgrade ITCertKeys-WS622 to Microsoft Windows Vista. The functionality of the existing 20 applications must be maintained after you upgrade your computer. The administrator asks you to determine whether the hardware and software on ITCertKeys-WS622 will support the upgrade. What should you do? A. You need to run the Microsoft Windows Vista Upgrade Advisor application in order to check whether the hardware and software will support the upgrade. B. To check whether the hardware and software will support the upgrade you need to run the mbsacli.exe command. C. The Microsoft Windows XP Professional system hardware needs to be compared to the Microsoft Windows Vista Hardware Compatibility List (HCL). D. To check if the hardware and software will support the upgrade you need to run the winnt32.exe /checkupgradeonly command. Answer: A Question 5. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The ITCertKeys.com network contains two workstations named ITCertKeys-WS620 and ITCertKeys-WS622. ITCertKeys-WS620 is configured to run Microsoft Windows XP Media Center Edition. ITCertKeys-WS622 is joined to a domain and is configured to run Microsoft Windows XP Professional. You have received instruction from the CIO to upgrade both computers to Microsoft Windows Vista. You need to accomplish this goal while keeping the existing information, functionality and applications. What actions should you perform? (Choose all that apply) A. To achieve this goal you need to upgrade ITCertKeys-WS622 to Microsoft Windows Vista Business Edition. B. This goal can be accomplished if you upgrade ITCertKeys-WS620 to Microsoft Windows Vista Business Edition. C. In order to keep the existing data, functionality and applications you should upgrade ITCertKeys-WS622 to Microsoft Windows Vista Home Premium Edition. D. In order to keep the existing data, functionality and applications ITCertKeys-WS620 should be upgraded to Microsoft Windows Vista Home Premium Edition. Answer: A, D Question 6. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The workstations on the ITCertKeys.com network are all configured to run Windows XP. You receive a memo to upgrade the workstations to Windows Vista. You make use of Windows Update Agent to download the new updates. You notice that the update files are corrupted. You receive instruction from the CIO to force Windows Update Agent to download the entire update again. What actions should you take? A. The first step should be to stop the Windows Update service and rename the C:\Program Files\WindowsUpdate folder. Thereafter you can restart the Windows Update service. B. To accomplish this you should run the wuauclt.exe /detectnow command. C. To download the entire update again you should stop the Windows Update service. You then rename the %systemroot%\SoftwareDistribution folder. Thereafter you can restart the Windows Update service. D. To download the entire update again you run the wuauclt.exe /resetauthorization /detectnow command. Answer: C Question 7. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have received instruction from the CIO to deploy Windows Vista on a computer by making use of a DVD. The DVD contains Windows Preinstallation Environment (WinPE) stored in winpe.wim, Imagex.exe. The DVD also contains a custom Windows Vista image stored in vista.wim. You need to apply the custom Windows Vista image to the computer. Identify the command you should use? A. You should make use of the imagex /append c: D:\vista.wim "Drive D" command. B. You should make use of the imagex /apply D:\vista.wim 1 C:\ command C. You should make use of the imagex /export D:\winpe.wim 1 C:\vista.wim "Image" command. D. You should make use of the imagex /apply D:\winpe.wim 1 C:\ command. Answer: B Question 8. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. Your duties include administering the ITCertKeys.com network. The client computers of ITCertKeys.com are all configured to run Microsoft Windows Vista. A ITCertKeys.com employee named Andy Reid reports that he is unable to install an application. You have received instruction from the CIO to install the application. What should you do? A. To be able to install the application you need to copy the contents of the CD-ROM to the local hard disk. Thereafter you will be able to run the application installation from the local hard disk. B. While Andy Reid is logged on you need to click Continue and install the application at the consent prompt. C. While Andy Reid is logged on at the credential prompt you have to provide him with administrative credentials. D. A .pwl file should be created that will store administrative credentials. Thereafter you can double-click the installation file. Answer: C Question 9. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. You have been assigned to the ITCertKeys.com help desk to aid all the ITCertKeys.com users who experience problems with their workstations. The workstations of ITCertKeys.com are all configured to run Windows Vista. A ITCertKeys.com user named Andy Booth contacted the Help desk to report some problems that prevent him from carrying out his duties. He informs you that an error message is received when he attempts to start Windows. You discover that his workstation automatically downloads and installs a critical patch for the vulnerability in a system DLL file. You have received instruction from the CIO to restore the workstation of Andy Booth to a bootable state without installing the earlier update files. You need to accomplish this by using the least amount of administrative effort. How can you restore the workstation to a bootable state? A. The first step will be to execute a system restore from the Windows Vista installation DVD. B. You have to access the recovery console. Thereafter you should run fixmbr c: C. This can be accomplished by accessing the recovery console from the Windows Vista installation DVD and extracting the original system DLL file. Thereafter you can overwrite the faulty file. D. You should restart the workstation in safe mode. Thereafter you can restore the original system DLL file. Answer: A Question 10. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All the computers on the ITCertKeys.com network are configured to run Windows XP. These computers are all upgraded to Windows Vista. New updates are downloaded by making use of the Windows Update Agent. You discover that the update files are corrupted. You have received instruction from the CIO to force Windows Update Agent to download the entire update again. What should you do? A. You need to run the wuauclt.exe /resetauthorization /detectnow command. B. The wuauclt.exe /detectnow command should be run to accomplish this. C. You need to stop the Windows Update service and rename the %systemroot%\SoftwareDistribution folder. Thereafter you need to restart the Windows Update service. D. The Windows Update service should be stopped. Then you rename the C:\Program Files\WindowsUpdate folder. Thereafter you restart the Windows Update service. Answer: C Question 11. You work as the desktop support technician at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. Your duties include administering the ITCertKeys.com network. The ITCertKeys.com help desk requested that you help them address the problems that the users are reporting to them. All the user workstations on the ITCertKeys.com network are configured to run Microsoft Windows Vista. A ITCertKeys.com user named Amy Walsh contacted the Help desk to report some problems that prevent her from carrying out her duties. Amy Walsh informs you that she is unable to install an application. You have received instruction from the CIO to install the application. What should you do? A. To accomplish this you need to create a .pwl file that holds administrative credentials. Thereafter you double-click the installation file. B. The contents of the CD-ROM should be copied to the local hard disk. Then you will be able to run the application installation from the local hard disk. C. To install the application you need to click Continue and install the application while the standard user is logged on, at the consent prompt. D. To install the application you need to provide administrative credentials while the standard user is logged on, at the credential prompt. Answer: D
|
Question 1. ITCertKeys.com has an Active Directory forest that contains a single domain named ad. ITCertKeys.com. All domain controllers are configures as DNS servers and have Windows Server 2008 installed. The network has two Active directory-integrated zones: ITCertKeyses.com and ITCertKeysws.com. The company has instructed you to make sure that a user is able to modify records in ITCertKeyses.com while preventing the user to modify the SOA record in ITCertKeysws.com zone. What should you do to achieve this task? A. Modify the permissions of ITCertKeyses.com zone by accessing the DNS Manager Console B. Configure the user permissions on ITCertKeyses.com to include all the users and configure the user permissions on ITCertKeysws.com to allow only the administrators group to modify the records C. Modify the permission of ITCertKeysws.com zone by accessing the DNS Manager Console D. Modify the Domain Controllers organizational unit by accessing the Active Directory Users and Computers console. E. None of the above. Answer: A Explanation: To allow the user to modify records in ITCertKeyses.com and prevent him/her to modify the SOA record in ITCertKeysws.com zone, you should set the permissions of ITCertKeyses.com through DNS Manager Console. You set the permissions for the users to modify the records in ITCertKeyses.com. Since setting permission on one Active directory-integrated zone, you will be preventing the users to modify anything else on the other zones. Question 2. ITCertKeys.com has an Active Directory Domain Controller. All domain controllers nare configured as DNS servers and have Windows Server 2008 installed. Only one Active-Directory integrated DNS zone is configured on the domain. You have to make sure that outdated DNS records are removed from the DNS zone automatically. What should you do to achieve this task? A. Modify the TTL of the SOA record by accessing the zone properties B. Disable updates from the zone properties C. Execute netsh/Reset DNS command from the Command prompt D. Enable Scavenging by accessing the zone properties E. None of the above Answer: D Explanation: To remove the outdated DNS records from the DNS zone automatically, you should enable Scavenging through Zone properties. Scavenging will help you clean up old unused records in DNS. Since "clean up" really means "delete stuff" a good understanding of what you are doing and a healthy respect for "delete stuff" will keep you out of the hot grease. Because deletion is involved there are quite a few safety valves built into scavenging that take a long time to pop. When enabling scavenging, patience is required. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088-a6bbce0a4304&ID=211 Question 3. ITCertKeys.com has a single Active Directory domain. You have configured all domain controllers in the network as DNS servers and they run Windows Server 2008. A domain controller named ITK1 has a standard Primary zone for ITCertKeys.com and a domain controller named ITK2 has a standard secondary zone for ITCertKeys.com. You have to make sure that the replication of the ITCertKeys.com zone is encrypted so you might not loose any zone data. What should you do to achieve this task? A. Create a stub zone and delete the secondary zone B. Convert the primary zone into an active directory zone and delete the secondary zone C. Change the interface where DNS server listens on both servers D. On the standard primary zone, configure zone transfer settings. After that modify the master servers lists on the secondary zone E. None of the above Answer: B Explanation: To make sure that the replication of the ITCertKeys.com zone is encrypted to prevent data loss. You should convert the primary zone into an active directory zone and delete the secondary zone Question 4. ITCertKeys.com has a main office and a branch office. All servers in both offices run Windows Server 2008. The offices are connected through a MAN link. ITCertKeys.com has an Active Directory domain that hosts a single domain called maks.ITCertKeys.com. There is a domain controller in the maks. ITCertKeys.com domain called ITK1. It is located in the main office. You have configured ITK1 as a DNS server for maks. ITCertKeys.com DNS zone. It is configured as a standard primary zone. You are instructed to install a new domain controller called ITK2 in the branch office. After installing the domain controller, you install DNS on ITK2. You want to ensure that the DNS service on ITK2 can update records and resolve DNS queries in the event of a MAN link failure. What should you do to achieve this objective? A. Configure the DNS on ITK1 to forward requests to ITK2 B. Add a secondary zone named raks. ITCertKeys.com on ITK2 C. Convert maks. ITCertKeys.com on ITK1 to an Active Directory-integrated zone D. Configure a new stub zone on ITK1 and set the forwarding option to ITK2 Answer: C Explanation: To make sure that the DNS service on ITK2 can update records and resolve DNS queries in the event of a MAN link failure, you should convert maks. ITCertKeys.com on ITK1 to an Active Directory-integrated zone. Active Directory-integrated DNS, offers two pluses over traditional zones. For one, the fault tolerance built into Active Directory eliminates the need for primary and secondary nameservers. Effectively, all nameservers using Active Directory-integrated zones are primary nameservers. This has a huge advantage for the use of dynamic DNS as well: namely, the wide availability of nameservers that can accept registrations. Recall that domain controllers and workstations register their locations and availability to the DNS zone using dynamic DNS. In a traditional DNS setup, only one type of nameserver can accept these registrations-the primary server, because it has the only read/write copy of a zone. By creating an Active Directory-integrated zone, all Windows Server 2008 nameservers that store their zone data in Active Directory can accept a dynamic registration, and the change will be propagated using Active Directory multimaster replication. Reference: http://safari.adobepress.com/9780596514112/active_directory-integrated_zones Question 5. ITCertKeys.com has a DNS server with 10 Active Directory Integrated Zones. For auditing purposes, you have to provide copies of the zone files of the DNS server to the security audit group. What should you do to achieve this task? A. Execute ntdsutil > Partition Management > Display commands B. execute ipconfig/registerdns command C. execute the dnscmd/ZoneExport command D. Execute dnscmd/Zoneoutput command Answer: C Question 6. ITCertKeys.com has a domain controller named EDC11 that runs Windows Server 2008. It is configured as a DNS server for ITCertKeys.com. You install the DNS server role on a member server named S1 and after this; you create a standard secondary zone for ITCertKeys.com. You configured EDC11 as the master server for the zone. What should you do to make sure that S1 receives zone updates from EDC11? A. On Server1, add a conditional forwarder. B. On DC1, modify the zone transfer settings for the contoso.com zone. C. Add the Server1 computer account to the DNSUpdateProxy group. D. On DC1, modify the permissions of contoso.com zone. Answer: B Question 7. ITCertKeys.com has a network consisting of an Active Directory forest named ebd.com. All servers have Windows Server 2008. All domain controllers are configured as DNS servers. The ebd.com DNS zone is stored in ForestDnsZones Active directory partition. A member server contains a standard primary DNS zone for eb.ebd.com. You need to make sure that all domain controllers can resolve names for eb.ebd.com. What should you do to achieve this task? A. Create a delegation in the ebd.com zone B. Change the properties of SOA record in the eb.ebd.com zone C. Add NS record in the ebd.com zone D. Create a secondary zone on a Global catalog server Answer: A Question 8. ITCertKeys.com has a main office and single branch office in another state. With a single Active-Directory domain forest, ITCertKeys.com has two domain controllers named ITK1 and ITK2 . Both of the domain controllers run Windows Server 2008. The branch office has a Read-only domain controller (RODC) named ITK3. While all domain controllers have DNS server role installed, they are configured as Active-Directory-integrated zones. All DNS zones are configured to allow secure updates only. You want to enable dynamic DNS updates on ITK3. What should you do to achieve this task? A. On DC1, create an active partition and configure the partition to store Active Directory- integrated zones B. Un-install the Active Directory Domain services on ITK3 and reinstall it as a writeable domain controller C. Reconfigure RODC on ITK3 to allow dynamic updates D. Execute dnscmd/ZoneResetType command on ITK3 Answer: B Explanation: To enable the dynamic DNS updates on ITK3, you should uninstall the Active Directory Domain services on ITK3 and reinstall it as a writeable domain controller. A writeable domain controller performs originating updates and outbound replication. Reference: http://msdn.microsoft.com/en-us/library/cc207937.aspx Question 9. ITCertKeys.com has a huge network that consists of an Active Directory Forest containing a single domain. Windows Server 2008 is installed on all domain controllers. They are configured as DNS servers. ITCertKeys.com has an active directory-integrated zone with two Active Directory sites. Each site contains five domain controllers. You added a new NS record to the zone. You have to make sure that all domain controllers immediately receive the new NS record. What should you do to achieve this task? A. Execute repadmin/syncall from the command prompt B. Reload the zone from the DNS Manager console C. Create an SOA record from the DNS Manager console D. Shutdown and then, restart the DNS server service from services snap-in Answer: A Explanation: Question 10 ITCertKeys.com has an Active Directory domain named comm. ITCertKeys.com. The domain contains two domain controllers named ITK1 and ITK2 . Both have the DNS server role installed. You install a new DNS server named ns. ITCertKeys.com on the perimeter network. You configure ITK1 to forward all unresolved name requests to ns. ITCertKeys.com. But you discover that the DNS forward option is unavailable on ITK2. You have to configure DNS forwarding on ITK2 server to forward unresolved name requests to ns. ITCertKeys.com server. Which of the following two actions should you perform to achieve this task? A. Clean the DNS cache on ITK2 B. configure conditional forwarding on ITK2 C. Delete the Root zone on ITK2 D. Add zone forwarding on ITK2 Answer: B, C
|
Question 1. ITCertKeys.com has an IPv6 network which has 25 segments. As an administrator, you deploy a server on IPv6 network. What should you do to make sure that the server can communicate with systems on all segments of the IPv6 network? A. Configure the IPv6 address on the server as 0000::2c0:d11f:fec8:3124/64 B. Configure the IPv6 address on the server as ff80::2c0:d11f:fec8:3124/64 C. Configure the IPv6 address on the server as fe80::2c0:d11f:fec8:3124/64 D. Configure the IPv6 address on the server as fd00:: 2c0:d11f:fec8:3124/8. Answer: D Question 2. You are a network administrator at ITCertKeys.com. You have upgraded all servers in the company to Windows Server 2008. ITCertKeys.com wants you to configure IPv6 addresses on all computers in the network. A global address prefix is assigned to you. The prefix is 3FFA:FF2B:4D:B000::/41. ITCertKeys.com has four departments. You have to assign a subnet to each department. In this way, which subnetted address prefix will you assign to the fourth department? A. 3FFA:FF2B:4D:C800::/43 B. 3FFA:FF2B:4D:B400::/43 C. 3FFA:FF2B:4D:C000::/43 D. 3FFA:FF2B:4D:F000::/45 E. None of the above Answer: A Explanation The option 3FFA:FF2B:4D: C800::/43 is correct. The subnetting in IPv6 is performed by determining the number of bits used for subnetting and the itemization of the new subnetted address prefixes. Usually the number of bits for subnetting is s, where 2^s = number of subnets to be created. In this scenario 2^s = 4 and therefore s=2. Then the itemizations of the new subnetted address prefixes are done. In this scenario, the correct subnetted address prefix is 3FFA:FF2B:4D:C800::/43. So option A is the correct answer. Question 3. Exhibit: ITCertKeys has decided to re-design its public network. The network will employ an IPv4 addressing. The range would be 129.108.10.0/21. The network must be configured in segments as shown in the exhibit. You have to configure the subnets for each segment in the network. You need to ensure that your solution must support all computers in each segment. Which network addresses should you assign to achieve this task? A. Segment A: 129.108.10.109/22, Segment B: 129.108.10.0/23, Segment C: 129.108.10.0/24, Segment D: 129.108.10.109/25 B. Segment A: 129.108.10.0/22, Segment B: 129.108.10.0/23, Segment C: 129.108.10.0/24, Segment D: 129.108.10.128/26 C. Segment A: 129.108.10.0/22, Segment B: 129.108.10.128/23, Segment C: 129.108.10.0/192, Segment D: 129.108.10.224/25 D. Segment A: 129.108.10.128/22, Segment B: 129.108.10.192/23, Segment C: 129.108.10.224/24, Segment D: 129.108.10.0/26 E. None of the above Answer: B Question 4. ITCertKeys network is configured to use Internet Protocol version (Ipv6). You installed a Dynamic Host Configuration Protocol (DHCP) server on a server named ITCertKeysDHCP1 running Windows 2008 server. You want to ensure that neither IP address nor other configuration settings are automatically allocated to DHCP clients on a subnet that does not use DHCPv6 from ITCertKeysDHCP1. How should you configure the Managed Address Configuration flag, and the other Stateful Configuration flag in the route advertisements? A. Set both Managed Address Configuration and Other Stateful Configuration flag to 0 B. Set both Managed Address Configuration and Other Stateful Configuration flag to 1 C. Set both Managed Address Configuration to 0 and Other Stateful Configuration flag to 1 D. Set both Managed Address Configuration to 1 and Other Stateful Configuration flag to Answer: A Explanation: This setting will ensure host will receive neither an IP address nor additional configuration information. Question 5. You have upgraded hardware of DNS servers in your network. You also added two new domain controllers to the domain. All client computers use DHCP. Users are not able to logon to domain after the upgrade of DNS servers. What should you do to ensure that users are able to log on to the domain? A. Restart the Netlogon service on the new DNS servers B. Run ipconfig/registerdns at the command prompt of new DNS servers C. Reconfigure the DHCP scope option 006 DNS name Servers with the new DNS servers IP addresses D. Configure the network settings for workstations to Disable NetBIOS over TCP/IP E. None of the above Answer: C Explanation: To ensure that the users are able to log on to the domain, you should reconfigure the DHCP scope option 006 DNS name Server with the new DNS servers IP addresses. Question 6. Exhibit: ITCertKeys company network consists of Windows 2008 server computers and Windows Vista client computers. You have the following eight Internet Protocol version 6 (Ipv6) sub netted address prefixes. Please refer to the exhibit. What would be the original prefix length for the global address prefix 3FFE:FFFF:0:C000:: ? A. 51 B. 52 C. 53 D. 54 E. None of the above Answer: A Explanation: The original prefix length for the globe address prefix 3FFE:FFFF:0:C000:: is 51. The eight Ipv6 subnetted address prefixes are the result of 3 bit subnetting of the global address prefix 3FFE:FFFF:0:C000::/51. To perform 3-bit subnetting of the global address prefix 3FFE:FFFF:0:C000::/51 we use the following calculations: Hexadecimal value of the subnet ID being subnetted, F = oxC000 Subnetting bits, s = 3 Question 7. ITCertKeys Company has IPV6 network. The IPV6 network has 25 segments. You deployed a new Windows 2008 server on the IPV6 network. What should you do to ensure that the server could communicate with systems on all segments of the IPV6 network? A. Configure the IPV6 address as fd00::2b0:d0ff:fee9:4143/8 B. Configure the IPV6 address as fe80::2b0: d0ff:fee9:4143/64 C. Configure the IPV6 address as ff80::2b0: d0ff:fee9:4143/64 D. Configure the IPV6 address as 0000::2b0: d0ff:fee9:4143/64 E. None of the above Answer: A Explanation: To ensure that the server communicates with systems on all segments of the IPV6 network, you need to configure the IPV6 address as fd00::2b0:d0ff:fee9:4143 /8 because this address is the local unicast address type and is not routed on the Internet. It is generally filtered inbound. Reference: IPv6 Unicast Address Information http://www.netcraftsmen.net/welcher/papers/ipv6part02.html Question 8. You are an administrator at ITCertKeys.com. ITCertKeys.com has opened a new Branch office at a new location. Windows Server 2008 is implemented on the servers. The initial network has 20 computers. You are asked to configure an appropriate IP addressing scheme in the network. Which network address should you use to accomplish this task? A. 192.10.100.0/26 B. 192.10.100.0/30 C. 192.10.100.0/29 D. 192.10.100.0./31 E. None of the above Answer: A Explanation To configure an appropriate IP addressing scheme in the network, you should use 192.10.100.0/57. In this scenario, 50 computers have to be configured in a network. Network address is calculated as follows: 1. Class A networks has a default subnet mask of 255.0.0.0 and use 0-127 as their first octet 2. Class B networks has a default subnet mask of 255.255.0.0 and it can use 128-191 as their first octet 3. Class C networks has a default subnet mask of 255.255.255.0 and it can 192-223 as their first octet You need to configure the network address to accommodate at least 50 hosts per subnet. To calculate the number of host bits, use the formula: 2^n-2 where n=32 bits. To configure 50 hosts, you need 192.10.100/26 network address which has maximum 62 hosts per subnet. The formula to calculate the hosts per subnet is: 32-26= 6 2^6-2= 62 So according to this calculation, network address 192.10.100/26 will be able to accommodate 50 hosts per subnet. We have deducted 6 bits from the total of 32 bits. Question 9. You are an enterprise administrator for ITCertKeys. The corporate network of the company consists of servers that run Windows Server 2008 and client computers that run Windows XP Service Pack 2 (SP2), Windows 2000 Professional, or Windows Vista. The company has decided to use IPv6 protocol on its network. Which of the following options would you choose to ensure that all client computers can use the IPv6 protocol? A. Run the IPv6.exe tool on all the client computers. B. Upgrade the Windows 2000 Professional computers to Windows XP SP2. C. Upgrade all Windows 2000 Professional computers with Service Pack 4. D. Install the Active Directory Client extension (DSClient.exe) on all the client computers. Answer: B Explanation: To ensure that all computers can use the IPv6 protocol, you need to upgrade the Windows 2000 Professional computers to Windows XP SP2. IPv6 protocol is far superior to IPv4 protocol in terms of security, complexity, and quality of service (QoS). Therefore, all the new operating systems started using IPv6 protocol. The older operating systems such as Windows 2000 professional does not support Ipv6 therefore this needs to be upgraded to either Windows XP or Windows Vista. You can now get versions of Windows that fully support most aspects of IPv6 (namely Windows XP and Windows Server 2003) and you will soon be able to get versions of Windows that not only fully support IPv6 but also provide enhanced performance for IPv6 networking. Reference: IPv6 Support in Microsoft Windows/ Windows 2000 http://www.windowsnetworking.com/articles_tutorials/IPv6-Support-Microsoft-Windows.html Question 10. You are an enterprise administrator for ITCertKeys. The company consists of a head office and two Branch offices. The corporate network of ITCertKeys consists of a single Active Directory domain called ITCertKeys.com. The computers in the Branch office locations use IPv4 and IPv6 protocols. Each Branch office is protected by a firewall that performs symmetric NAT. Which of the following options would you choose to allow peer-to-peer communication between all Branch offices? A. Configure the use of Teredo in the firewall. B. Configure the external interface of the firewall with a global IPv6 address. C. Configure the internal interface of the firewall with a link local IPv6 address. D. Configure dynamic NAT on the firewall. Answer: A Explanation: To allow peer-to-peer communication between all Branch offices where each location is protected by a firewall that performs symmetric NAT, you need to configure the firewall to allow the use of Teredo. Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). Teredo in Windows Vista and Windows Server "Longhorn" will work if one of the peers is behind a symmetric NAT and the other is behind a cone or restricted NAT. Reference: Teredo Overview http://technet.microsoft.com/en-us/liBRary/bb457011(TechNet.10).aspx
|
Question 1. ITCertKeys.com has a domain with Active Directory running on it. Windows Server 2008 is installed on all the servers. You plan to deploy an image to 50 computers with no operating system installed. For this you install Microsoft Windows Deployment Services on the network. When you install the image on a test computer, a driver error shows up on the screen. What would you do to change the image to include the correct driver? A. Configure and map the image file to the installation folder which hosts the correct driver B. Take the image file and mount it. Using the System Image Manager (SIM) utility, change the image file C. Open WDS server and update the driver through Device Manager D. Take the image file and mount it. Run the sysprep utility to get the correct driver E. None of the above Answer: B Explanation: To include the correct driver, you should mount the image file and change it using System Image Manager (SIM). You need to include the correct driver in the image file so it will install with all the correct drivers. You should not configure and map the image file to the installation folder hosting the correct driver because the image file is deployed in full. Windows Server 200 will not consider the contents of the folder where image file resides. It will deploy the image file only with all its content You cannot update the driver through Device Manager on WDS server. It has nothing to do with the image file. You cannot mount the image file and run sysprep utility. Sysprep utility cannot get the correct driver for you and change the image file. Sysprep utility is related to WDS server and the deployment of images to the client computers. Question 2. ITCertKeys.com has a server that runs Windows Server 2008. As an administrator at ITCertKeys.com, you install Microsoft Windows Deployment Service (WDS). While testing an image, you find out that the image is outdated. What should you do to remove the image from the server? A. Open the command prompt at WDS server and execute WDSUTIL/Remove-Image and /ImageType:install options B. Open the command prompt at WDS server and execute theWDSUTIL command with/Export- Image and /ImageType: install options C. Open the command prompt at WDS server and execute theWDSUTIL with /Export-Image and /ImageType: boot options D. Open the command promt at WDS server and execute theWDSUTIL command with /Remove- Image and /ImageType:boot options E. All of the above Answer: A Explanation: To remove the image from the server, you should execute WDSUTIL/remove-image on the command prompt at WDS server. Then execute WDSUTIL/image-type:install command and install the new image. The WDSUTIL is a command specific to modify and view the images at WDS server. You need to remove the image and then install the updated one using these commands. You cannot use the export-image parameter with WDSUTIL in this scenario. You have to remove the image not to export it to a folder. You should not use the /image-type:boot parameter because you need to install a fresh image. You don't need to boot the service for this. Question 3. ITCertKeys.com has four branch offices. To deploy the images, you install Microsoft Windows Deployment Services (WDS) on the network. ITCertKeys.com creates 4 images for each branch office. There are a total of 16 images for ITCertKeys.com. You deploy these images through WDS. A problem occurs in one branch office where the administrator reports that when he boots the WDS client computer, some of the images for his regional office does not show up in the boot menu. What should you do to ensure that every administrator can view all the images for his branch office? A. Create separate image group for each branch office on the WDS server B. Create unique organizational unit for each branch office and create profiles for each computer in the branch office C. Organize a global group for each branch office and create profiles of each computer in a branch office D. Create a Global Unique Identifier for each computer to recognize its branch office and connect it to the WDS server E. None of the above Answer: A Explanation: To ensure that every administrator can view all the images for his branch office, you should create separate image group for each branch office on WDS server. A separate image will enable all the administrators to view each image from their machine in the branch office. You should not create an OU for each branch office. There is no logic in creating an OU for each branch office and profiles for each computer in the branch office. You should not organize a global group for each branch office. A global group can host all the branch offices of ITCertKeys.com Question 4. Microsoft Windows Deployment Services (WDS) is running on a Windows 2008 server. When you try to upload spanned image files onto WDS server, you received an error message. What should you do to ensure that image files could be uploaded? A. Combine the spanned image files into a single WIM file B. Grant the Authenticated Users group Full Control on the \REMINST directory C. Run the WDSutil/Convert command from command line on the WDS server D. Run the WDSutil/add-image/imagefile:\\server\share\sources\install.wim/image type: install command for each component file individually at the command line on WDS server E. None of the above Answer: A Explanation: When you try to upload spanned image files onto WDS server, you received an error message because you can only mount a single WIM file once for read/write access and therefore you need to combine the spanned image files into a single WIM file to correct the problem. Reference: The Desktop Files The Power User's Guide to WIM and ImageX / Using /mount, /mountrw, and /delete http://technet.microsoft.com/en-us/magazine/cc137794.aspx Question 5. ITCertKeys.com has upgraded all servers in its network to Windows Server 2008. ITCertKeys.com also directed you to install Windows Vista on all client machines. You install Windows Vista on client machines and Windows Server 2008 on the servers. You use Multiple Activation Key (MAK) to activate the new operating systems on the network. You use proxy activation over the internet using Volume Activation Management Tool (VAMT). The Windows Vista on client computers were successfully activated using this method but the Windows Server 2008 failed to activate using VAMT. What should you do to ensure that the Windows Server 2008 is activated on all the servers? A. Contact Microsoft Support Center and activate the Windows server 2008 over the phone B. Upgrade VAMT using Windows Server 2008 RTM for VAMT to function with Windows Server 2008 Volume Licensing C. Upgrade VAMT using Key Management Service (KMS) for Windows Server 2008 RTM to function with Windows Server 2008 Volume Licensing D. Contact Microsoft Support Center and activate Windows Server 2008 over the internet using MAK only E. All of the above Answer: B Explanation: To ensure that the Windows Server 2008 is activated on all the servers, you should upgrade VAMT using Windows Server 2008 RTM for VAMT. You have to update VAMT at Windows Server 2008 RTM for VAMT to function with Windows Server 2008 volume licensing. VAMT (Volume Activation Management Tool) is a volume licensing tool for all flavors of Windows Vista. There are various activation methods available for volume licensing. These methods use two types of customer specific keys: Multiple Activation Key (MAK) and Key Management Service (KMS). The VAMT tool is used to activate the license through proxy over internet. VAMT is a tool for Windows Vista and to use it for Windows Server 2008, it needs an update. Question 6. ITCertKeys.com has added 5 servers to its network. As an administrator at ITCertKeys.com, you install Windows Server 2008 Enterprise edition on two servers and Windows Server 2008 storage server enterprise on other two servers. You want to automatically activate both editions of Windows Server 2008 without any administrator or Microsoft intervention. You also want the activation to occur every 6months. Which volume activation service should you use to automatically activate both editions of Windows Server 2008? A. Multiple Activation Key(MAK) B. Volume Activation Management Tool (VAMT) C. Volume Activation 1.0 (VA 1.0) D. Key Management Service (KMS) E. None of the above Answer: D Explanation: You should use KMS to activate both editions of Windows Server 2008. KMS automatically activates Windows Vista and Windows Server 2008. Computers that are been activated by KMS are required to reactivate by connecting to a KMS host at least once every six months. The VL editions of Windows Serve 2008 and Windows Vista are installed as KMS clients by default. The clients can automatically discover the KMS hosts on the network with a properly configured KMS infrastructure. The clients can also activate using KMS infrastructure without administrative or user intervention. Question 7. ITCertKeys has main office and a Branch office. Main office is running 20 Windows Server 2008 computers and 125 computers running Microsoft Windows XP Professional. Branch office is running 3 Windows Server 2008 computers and 50 Windows XP Professional computers running on its network. Computers in the main office have access to Internet. All servers are having the same security configuration and there are no plans in near future to add new servers or systems in the network. You installed Volume Activation Management Tool (VAMT) on a server named ITCertKeys_DC1 in the main office and added all servers to VMAT server and configured the servers for Multiple Activation Key (MAK) independent activation. Servers at Branch office are unable to activate Windows Server 2008. What should you do to activate Windows server 2008 on all servers? A. Install a Management Activation Key (MAK) server on the network B. Configure MAK Proxy activation on all servers in the Branch office C. Configure Windows Management Instrumentation (WMI) Firewall Exception on all servers in the Branch office D. Open VAMT on ITCertKeys_DC1 and export the Computer Information List (CIL). Send this file to Microsoft Technical support for activation E. None of the above Answer: B Explanation: To activate Windows server 2008 on all servers, you need to configure MAK Proxy activation on all servers in the BRanch office. The MAK can be activated by using two methods, MAK Independent Activation and MAK Proxy Activation. MAK Independent Activation is used when each computer is activated individually by connecting to Microsoft servers over the Internet or by telephone and MAK Proxy Activation is used when Volume Activation Management Tool (VAMT) is installed on a server and you need to activate multiple computers at the same time through a single connection to Microsoft servers over the Internet or phone. Therefore, instead of MAK Independent Activation you need to use MAK Proxy activation on all servers in the BRanch office. Reference: Frequently Asked Questions About Volume License Keys for Windows Vista and Windows Server 2008 http://www.microsoft.com/licensing/resources/vol/ActivationFAQ/default.mspx Question 8. You are network administrator for ITCertKeys network. You configured a Windows server 2008 server named ITCertKeys_KM1 as Key Management Service (KMS) host. This server is also configured as Windows Sharepoint Services server. This location has currently 18 computers having Windows Vista KMS client and you have added 10 more Windows Vista KMS client systems in the network recently. These 10 additional client computers are installed using Windows Vista image file. The KMS host is unable to activate any of the KMS client computers in the network. What should you do? A. Install KMS on a dedicated Windows Sever 2008 B. Run Sysprep /generalize on the Vista reference computer used to create image C. Run slmgr.vbs/rearm Vista reference computer used to create image D. Run slmgr.vbs/dli on the KMS host computer E. Run slmgr.vbs/cpri on the KMS host computer F. None of the above Answer: B Explanation: To activate the KMS client computers in the network, you need to run the Sysprep /generalize on the Vista reference computer used to create image. sysprep/generalize is used to reset activation and other system-specific information as the last step before storing or capturing the VM image. If sysprep /generalize is not used, the activation timer will run down while the product is in storage and the KMS host will be unable to activate any of the KMS client computers in the network. Reference: KMS host is unable to activate any of the KMS client computers in the network http://blog.windowsvirtualization.com/virtualization/faq-virtalization-and-volume-activation-20 Question 9. ITCertKeys.com has a server with single Active Directory domain. For security, ITCertKeys.com has an ISA 2006 server functioning as a firewall. You configure user access through virtual private network service by deploying the PPTP (Point-to-Point Tunneling Protocol). When a user connects to the VPN service, an error occurs. The error message says "Error 721: The remote computer is not responding." What should you do to ensure that the users connect to the VPN service? A. Open the port 2200 on the firewall B. Open the port 1423 on the firewall C. Open the port 1723 on the firewall D. Open the port 721 on the firewall E. All of the above Answer: C Explanation: To ensure that users connect to VPN service, you should open the port 1723 on the firewall. The port 1723 is a TCP port for PPTP tunnel maintenance traffic. For VPN connections, you need to open this port for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address. You cannot open port 721. The port 721 on the firewall is a printer port so it is not related to VPN connection Question 10. DRAG DROP ITCertKeys has a server named ITK1 that runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. You want to create eight virtual servers that run Windows Server 2008 and configure the virtual servers as an Active Directory forest for testing purposes in the ITCertKeys Lab. You discover that ITK1 has only 30 GB of hard disk space that is free. You need to install the eight new virtual servers on ITK1 . From the steps shown, what steps need to be completed in a specific order? Answer: Explanation: To install the eight new servers on ITK1, you need to create a virtual server with a 10 GB fixed-size virtual hard disk and then install Windows Server 2008. After that, you should create eight differencing virtual hard disks and then create eight virtual servers with a differencing virtual hard disk attached. The virtual hard disk should be created first because you need space for eight virtual servers. The fixed-size virtual hard disk can be created through a virtual server. Then you install Windows Server 2008 on it. After that you have to allocate the space for eight virtual servers. To do that, you create differencing virtual hard disk to solve the space problem. Then you create the eight virtual servers with differencing virtual hard disk attached.
|
Question 1. You are an enterprise administrator for ITCertKeys. The company has a head office in San Diego and a branch office in New York. The corporate network of ITCertKeys consists of an Active Directory forest having two domains, ITCertKeys.com and Branch. ITCertKeys.com for the head office and the branch office respectively. All the servers on the corporate network run Windows Server 2008 and both the offices hold their respective domain controllers on their physical office locations. The two domain controllers at ITCertKeys.com are called ITCertKeysServer1 and ITCertKeysServer2 and the two domain controllers at Branch. ITCertKeys.com are called ITCertKeysServer3 and ITCertKeysServer4. All domain controllers host Active Directory-integrated DNS zones for their respective domains. As an enterprise administrator of the company, you have been assigned the task to ensure that users from each office can resolve computer names for both domains from a local DNS server. Which of the following options would you choose to accomplish this task? A. Add the ITCertKeys.com and the Branch. ITCertKeys.com DNS zones to the ForestDNSZones partition. B. Create a stub DNS zone for ITCertKeys.com on ITCertKeysServer3 and a stub DNS zone for Branch. ITCertKeys.com on ITCertKeysServer1. C. Create a standard primary DNS zone named ITCertKeys.com on ITCertKeysServer3 and a standard primary DNS zone named Branch. ITCertKeys.com on ITCertKeysServer1. D. Configure conditional forwarders on ITCertKeysServer1 to point to ITCertKeysServer3 conditional forwarders on ITCertKeysServer3 to point to ITCertKeysServer1. E. None of the above. Answer: A Explanation: To ensure that users from each office can resolve computer names for both domains from a local DNS server, you need to add the ITCertKeys.com and the Branch. ITCertKeys.com DNS zones to the ForestDNSZones partition because the ForestDNSZones directory partition can be replicated among all domain controllers (DCs) located in both the domains ITCertKeys.com and Branch. ITCertKeys.com in the forest of the company. This is because all the domain controllers have the DNS service installed. Once the DNS Zones data is replicated the users from each office can resolve computer names for both domains from their local DNS server A stub zone cannot be used because it is used to resolve names between separate DNS namespaces a Standard Primary DNS zone cannot be used because the DNS Server in this type of zone contains the only writable copy of the DNS zone database files. There can be only one Standard Primary DNS Server for a particular zone. A conditional forwarder cannot be used because it handles name resolution only for a specific domain. Reference: What causes the error I receive in the event log when I attempt to replicate the ForestDNSZones directory partition? http://windowsitpro.com/article/articleid/43165/q-what-causes-the-error-i-receive-in-the-event-log-when-iattem Reference: Understanding stub zones http://207.46.196.114/windowsserver/en/library/648f2efd-0ad4-4788-80c8 75f8491f660e1033.mspx?mfr=true Reference: DNS Conditional Forwarding in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_200 Question 2. You are an enterprise administrator for ITCertKeys. The company has a head and a three branch offices. Each office has a Windows Server 2008 server running with a DNS role installed on it. All the branch offices consist of Windows 2000 Professional client computers installed on their networks. As an enterprise administrator of the company, you have been assigned the task to deploy Active Directory Domain Services (AD DS) on the corporate network of the company. You also need to plan the implementation of a name resolution solution for the deployment of AD DS that supports secure dynamic updates and minimize the response times for users connecting to resources anywhere on the network. Which of the following options would you include in your plan to accomplish this task? A. Implement GlobalNames zone (GNZ) for the forest. B. Implement a single Active Directory-integrated (ADI) DNS zone. C. Create a stub zone on the DNS server in each branch office. D. Create a standard primary zone in the head office and the secondary zones in branch offices. E. None of the above. Answer: B Explanation: To deploy Active Directory Domain Services (AD DS) on the corporate network of the company with given requirements, you need to implement a single Active Directory-integrated (ADI) DNS zone. Active Directory integrated (ADI) primary DNS zone enables built-in recovery, scalability, and performance. An ADI zone is a writeable copy of a forward lookup zone that is hosted on a domain controller. It can therefore reduce the response times for users connecting to resources anywhere on the network and because it uses directory-integrated storage it also simplifies dynamic updates for DNS clients that are running Windows 2000. None of the other options can be used to meet the desired objectives. Reference: From the Windows 2000 Resource Kit http://windowsitpro.com/article/articleid/76616/jsi-tip-5312-when-you-change-your-dns-active-directoryintegra Reference: ACTIVE DIRECTORY ADMINISTRATION TIPS http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1115858,00.html Question 3. You are an enterprise administrator for ITCertKeys. The company has a head office and a branch office located at different physical locations. The corporate network of the company consists of a single Active Directory domain. Both the offices of the company run Windows Server 2008 servers and have 2,000 client computers configured as DHCP clients without having DHCP relay supported on the network routers. As an enterprise administrator of the company, you have been assigned the task to configure a DHCP addressing solution for both the offices that would minimize the traffic between the offices and is available in case any one of the DHCP server fails. Which of the following options would you choose to accomplish this task? A. Install two DHCP servers, one in the head office and the other in branch office and make sure that both the DHCP servers have two scopes. B. Install a DHCP instance on a two node failover cluster in each office, the head office and the branch office. C. In the head office, install a DHCP server and in the branch office, install a DHCP Relay Agent. D. In the head office, install a DHCP instance on a two node failover cluster and in the branch office, install a DHCP Relay Agent. E. None of the above. Answer: B Explanation: To configure a DHCP addressing solution for both the offices that would minimize the traffic between the offices and is available in case any one of the DHCP server fails, you need to install a DHCP instance on a two node failover cluster in each office, the head office and the branch office. The two node failover cluster in each office will ensure that the DHCP server is always available even if one of the DHCP servers fails. Because DHCP relay is not supported on the network, both the offices need to have a separate DHCP failover clustering solution. Having two scopes of DHCP servers will not help because DHCP relay is not supported on the network. Installing a DHCP server and DHCP Relay Agent in the branch office and installing a DHCP instance on a two node failover cluster and in the branch office and a DHCP Relay Agent will not help because this solution would increase the traffic between the offices in case any one of the DHCP server fails. Reference: Step-by-Step Guide for Configuring Two-Node File Server Failover Cluster in Windows Server 2008 http://209.85.175.104/search?q=cache:9u-snEWIUtgJ:download.microsoft.com/download/b/1/0/b106fc39-936c- Reference: DHCP Relay Agent Overview http://www.tech-faq.com/dhcp-relay-agent.shtml Question 4. You are an enterprise administrator for ITCertKeys. The corporate network of the company consists of a single Active Directory forest that contains 25 domains. All the DNS servers on the corporate network run Windows Server 2008. The users on the corporate network use NetBIOS name to connect to the network applications in all the domains. Currently the network is configured with IPv4 addressing. As an enterprise administrator of the company, you have been assigned the task to migrate the network to an IPv6-enabled only network without affecting any client computer. Which of the following options would you choose to accomplish this task? A. Configure GlobalNames zones on the DNS servers running Windows Server 2008. B. Add all domain zones to the ForestDNSZones partition on the DNS servers running Windows Server 2008. C. Create a new running Windows Server 2008 server and configure WINS server on it. D. Create a new running Windows Server 2003 server and configure WINS server on it. E. None of the above. Answer: A Explanation: To migrate the network from IPv4-enabled to an IPv6-enabled only network without affecting any client computer, you need to configure GlobalNames zones on the DNS servers running Windows Server 2008. To help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. The client and server name resolution depends on DNS. A DNS Client is able to resolve single-label names by appending an appropriate list of suffixes to the name. The correct DNS suffix depends on the domain membership of the client but can also be manually configured in the advanced TCP/IP properties for the computer. The problem occurs managing a suffix search list when there are many domains. For environments that require both many domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution. GNZ is designed to enable the resolution of the single-label, static, global names for servers using DNS. WINS cannot be used because it does not support IPv6 protocols and both are entering legacy mode for Windows Server 2008. ForestDNSZones partition cannot help to migrate a IPv4-enabled network to an IPv6-enabled only network Reference: Understanding GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/windows-DNS-globalnames-zone.htm Reference: Using GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/using-globalnames-zone-window-server-2008.htm Question 5. You are an enterprise administrator for ITCertKeys. The company has a head office and two branch offices. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain called ITCertKeys.com. The DNS Service is installed on the member servers of the ITCertKeys.com domain and all the domain controllers and DNS servers for the ITCertKeys.com domain are located in the head office. As an enterprise administrator of the company, you have been assigned the task to deploy two new Active Directory domains named branch1. ITCertKeys.com and branch2. ITCertKeys.com in the branch offices. To accomplish this task, you installed a DNS server in each branch office. Which of the following actions would you perform next to prepare the environment for the installation of the new domains? (Select three. Each selected option will form a part of the answer.) A. Configure a delegation subdomain DNS record on the main office DNS server for each new domain. B. Create a new standard primary zone on each branch office DNS server for the new domains. C. Create a new stub zone on each branch office DNS server for the new domains D. Configure forwarders on the main office DNS servers to point to the branch office servers. E. Configure conditional forwarders on the main office DNS servers to point to the branch office DNS servers. F. Configure zone transfer for the ITCertKeys.com zone to the branch office DNS servers. Answer: A, B, F Explanation: To deploy two new Active Directory domains in the branch offices, you need to first configure a delegation subdomain DNS record on the main office DNS server for each new domain then create a new standard primary zone on each branch office DNS server for the new domains and then configure zone transfer for the ITCertKeys.com zone to the branch office DNS servers after installing DNS server in each branch office. In DNS, a subdomain is a portion of a domain that you've delegated to another DNS zone. A subdomain is configured when you need to create domains in existing domain. A company might use subdomains for its various divisions. Because, to migrate your DNS zone data for the ITCertKeys.com zone to the branch office DNS servers, you will need to have a functioning standard primary server, you will need to create a new standard primary zone on each branch office DNS server for the new domains. Reference: Delegate subdomains in DNS in Windows 2000 Server http://articles.techrepublic.com.com/5100-10878_11-5846057.html Reference: Step-By-Step: How to migrate DNS information to Windows Server 2003 http://www.lockergnome.com/it/2005/01/14/step-by-step-how-to-migrate-dns-information-to-windows-server-20 Reference: DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html Question 6. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Active Directory forest that is made up of a single root domain and 15 child domains. The Administrators of the child domains need to frequently modify the records for authoritative DNS servers for the child domain DNS zones. The administrators take a long time in modifying these records. As an enterprise administrator of the company, you have been assigned the task to implement a solution that would minimize the effort required to maintain name resolution on the network. Which of the following options would you choose to accomplish this task? A. Create stub zones for the root domain zone on the child domain DNS servers. B. Configure conditional forwarders for the parent domain on the child domain DNS servers. C. Create stub zones for the child domain zones on the root domain DNS servers. D. Configure delegation subdomain records for the child domains on the root domain DNS servers. E. None of the above. Answer: C Explanation: To implement a solution that would minimize the effort required to maintain name resolution on the network, you need to create stub zones for the child domain zones on the root domain DNS servers. Stub zones can help reduce the amount of DNS traffic on your network by streamlining name resolution and zone replication. The Stub zone should be configured for the child domain zones on the root domain DNS servers and not vice versa because a stub zone is like a secondary zone that obtains its resource records from other name servers (one or more master name servers). Reference: DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html Question 7. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain and one IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista. On one of the Windows Server 2008 member servers, ITCertKeysServer1, Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services are configured. On another Windows Server 2008 member server, ITCertKeysServer2, Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA) services are configured. Some client computers that do not have the latest Microsoft updates installed connect to the local area network (LAN) from client computers that are joined to a workgroup. Besides all network switches used for client connections are unmanaged. As an enterprise administrator of the company, you have been assigned the task to implement a Network Access Protection (NAP) solution to protect the network. You need to ensure that only the computers that have the latest Microsoft updates installed must be able to connect to servers in the domain and only the computers that are joined to the domain must be able to connect to servers in the domain. Which of the following NAP enforcement method should you use to accomplish this task? A. 802.1x B. DHCP C. IPsec D. VPN E. None of the above. Answer: C Explanation: To ensure that only the computers that have the latest Microsoft updates installed must be able to connect to servers in the domain and only the computers that are joined to the domain must be able to connect to servers in the domain, you need to use IPSec NAP enforcement method. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec. Reference: Protecting a Network from Unmanaged Clients / Solutions http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclients.mspx Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deployment-planning.aspx Question 8. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain and one IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista, Windows XP Professional, and Windows 2000 Professional. On one of the Windows Server 2008 member servers, ITCertKeysServer1, Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services are configured. On another Windows Server 2008 member server, ITCertKeysServer2, Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA) services are configured. The NAP is configured by using IPsec, DHCP, and 802.1x enforcement methods. Currently the computers that are not joined to the domain can easily connect to the domain and access network resources. As a network administrator, you want to stop this security lapse and want to ensure that only computers that are joined to the domain can access network resources on the domain. Which of the following options would you choose to accomplish this task? A. Configure all DHCP scopes on ITCertKeysServer1 to enable NAP. B. Configure all network switches to require 802.1x authentication. C. Create a GPO, link it to the domain. Enable a secure server IPsec policy on all member servers in the domain in the GPO. D. Create a GPO, link it to the domain. Enable a NAP enforcement client for IPsec communications on all client computers in the domain in the GPO. E. None of the above. Answer: C Explanation: To ensure that only computers that are joined to the domain can access network resources on the domain, you need to create a GPO, link it to the domain and enable a secure server IPsec policy on all member servers in the domain in the GPO. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec. Configuring DHCP scope cannot stop unmanaged computers that are not joined to the domain from accessing the network. NAP is not required in this scenario because you just want the member computers to access network resources. Therefore, you need not create a GPO, link it to the domain. Enable a NAP enforcement client for IPsec communications on all client computers in the domain in the GPO. Reference: Protecting a Network from Unmanaged Clients / Solutions http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclients.mspx Question 9. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista. The network contains three Windows Server 2008 servers configured as follows: 1. ITCertKeysServer1 - Configured with Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services. 1. ITCertKeysServer2 - Configured with Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA), and Microsoft System Center Configuration Manager (SCCM) 2007 services 1. ITCertKeysServer3 - Configured with File Services and Microsoft Windows SharePoint Services (WSS). As an enterprise administrator of the company, you have been assigned the task to configure the NAP environment that would only allow computers that have required Microsoft updates installed to access the internal network resources. Besides, you need to ensure that when the client computers connect to the network, the network switches would only allow them to communicate with only ITCertKeysServer1 and ITCertKeysServer2 initially. . Which of the following NAP enforcement method should you use to accomplish this task? A. 802.1x B. DHCP C. IPsec communications D. VPN E. None of the above. Answer: A Explanation: To configure the NAP environment that would only allow computers that have required Microsoft updates installed to access the internal network resources and to ensure that when the client computers connect to the network, the network switches would only allow them to communicate with only ITCertKeysServer1 and ITCertKeysServer2 initially, you need to use 802.1x NAP enforcement method because this method enforces health policies when a client computer attempts to access a network using EAP through an 802.1X wireless connection or an authenticating switch connection. Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deployment-planning.asp Question 10. You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all the client computers run Windows Vista with Service Pack 1. The network contains three Windows Server 2008 servers configured as follows: 1. ITCertKeysServer1- Configured with Network Policy and Access Services (NPAS). 2. ITCertKeysServer2 - Configured with Microsoft Windows SharePoint Services (WSS). 3. ITCertKeysServer3 - Configured with File Services. The company has many remote users (domain members) that need to access the domain resources from their remote locations. Some of the remote users informed you that they can access ITCertKeysServer2 by using the URL https://portal. ITCertKeys.com from their remote locations through Internet but the firewall used at their remote location site prevents all other outbound connections. As an enterprise administrator of the company, you have been assigned the task to plan a solution that would allow the remote users to access files on ITCertKeysServer3 through a VPN connection Which of the following types of connections should you enable on ITCertKeysServer1? A. Configure IPsec tunnel mode connection B. Configure a L2TP VPN connection C. Configure a PPTP VPN connection D. Configure Secure Socket Tunneling Protocol (SSTP) connection E. None of the above. Answer: D Explanation: To plan a solution that would allow the remote users using firewall on their remote locations to access files on ITCertKeysServer3 through a VPN connection, you need to configure Secure Socket Tunneling Protocol (SSTP) connection. Before Windows Server 2008, all kinds of VPN connections such as PPTP L2TP, and IPSec had problems with firewalls, NATs, and Web proxies. To prevent problems, firewalls must be configured to allow connections. If your VPN client computer is behind a NAT, both the VPN client and the VPN server must support IPsec NAT-Traversal (NAT-T). Besides, VPN server can't be located behind a NAT, and that L2TP/IPsec traffic can't flow through a Web proxy. With the advent of SSTP in Windows Server 2008 all the VPN connectivity problems such as firewalls, NATs, and Web proxies are solved. The SSTP connection allows the use of HTTP over secure sockets layer (SSL). SSTP uses an HTTP-over-SSL session between VPN clients and servers to exchange encapsulated IPv4 or IPv6 packets. Reference: The Cable Guy: The Secure Socket Tunneling Protocol / The New VPN Solution http://technet.microsoft.com/en-us/magazine/cc162322.aspx
|
Question 1. ITCertKeys has opened a new branch office where 10 standalone servers run Windows Server 2008. To keep the servers updated with latest updates, you install WSUS on a server named ITCertKeys 3. Which of the following actions would you perform next to configure all of the servers to receive updates from ITCertKeys 3? A. Use Control Panel to configure the Windows Update Settings on each server. B. Run the wuauclt.exe /reauthorization command on each server. C. Use the local group policy to configure the Windows Update Settings on each server. D. Run the wuauclt.exe /detectnow command on each server. E. None of the above Answer: C Explanation: To configure all of the servers to receive updates from ITCertKeys 3, you need to configure the Windows Update Settings on each server by using the local group policy. Microsoft suggests the use of Group Policy for setting up computers and WSUS in clients. Configuring the Windows Update Settings on each server would be quite time consuming Configure the Windows Update Settings on each server by using the local group policy. wuauclt.exe /detectnow and wuauclt.exe / reauthorization force the update detection and reauthorization respectively and therefore cannot be used for configuration. Reference: What does wuauclt.exe /detectnow do http://www.wsus.info/forums/lofiversion/index.php?t6505.html Reference: Adding Computers to WSUS 3.0 SP1 (Windows Server 2008) http://www.geekzone.co.nz/chakkaradeep/4564 Question 2. The corporate network of ITCertKeys consists of 100 servers that run Windows Server 2008. A file server ITCertKeys 4 is connected to a SAN and has 12 logical drives. As a system administrator of your company, you have been assigned the task to archive the data when the free space on file server is about to be finished. To accomplish this task, you decided to run a data archiving script automatically when the free space on any of the logical drives goes below 30 percent. To implement the solution, you created a new Data Collector Set and the data archiving script. Now which of the following actions would you perform to automate the execution of the script that you have created. A. Add the System configuration data collector. B. Add the Event trace data collector. C. Add the Performance counter alert. D. Add the Performance counter data collector. E. None of the above Answer: C Explanation: To implement the solution, you now need to add the Performance counter alert. The Performance counter alert creates an alert if a performance counter reaches a threshold that you specify Reference: Creating a Snapshot of a Computer's Configuration with Data Collector Sets in Vista / How to Create Custom Data Collector Sets http://www.biztechmagazine.com/article.asp?item_id=241 Question 3. The corporate network of ITCertKeys consists of two servers, ITCertKeys 2 and ITCertKeys 3 that run Windows Server 2008. You installed WSUS on both servers to create a hierarchy of WSUS servers. You now need to configure WSUS on ITCertKeys 2 so that it can receive updates from ITCertKeys 3. Which of the following configuration would you perform on ITCertKeys 2 to accomplish this task? A. Create a new computer group for the server. B. Configure it as a proxy server. C. Configure it as an upstream server. D. Configure it in replica mode E. None of the above Answer: D Explanation: To configure WSUS on ITCertKeys 2 so that it can receive updates from ITCertKeys 3, you need to first link the servers by configuring ITCertKeys 2 as downstream server and ITCertKeys 3 as upstream server. When you link WSUS servers together, there is an upstream WSUS server and a downstream WSUS server. Because an upstream WSUS server shares updates, you need to configure and ITCertKeys 3 as upstream server. There are two ways to link WSUS servers together, Autonomous mode and Replica mode. So you can configure ITCertKeys 2 in Replica mode. Reference: Choose a Type of WSUS Deployment/ WSUS server hierarchies http://technet2.microsoft.com/windowsserver/en/library/12b665bc-07fa-4a4e-aed8- f970efe80c4c1033.mspx?mfr Question 4. The corporate network of ITCertKeys consists of a Windows Server 2008 single Active Directory domain that contains two domain controllers named ITCertKeys 4 and ITCertKeys 5. All servers in the domain run Windows Server 2008. You wanted to configure Event forwarding and subscription in the domain server. To accomplish this task you created a default subscription on ITCertKeys 4 for ITCertKeys 5. Which of the following event logs would you select, to review the system events for ITCertKeys 5? A. Forwarded Events log on ITCertKeys 5. B. Forwarded Events log on ITCertKeys 4. C. System log on ITCertKeys 4. D. Application log on ITCertKeys 5. E. None of the above Answer: B Explanation: To review the system events for ITCertKeys 5, you need to view theForwarded Events log on ITCertKeys 4, which is configured to centrally manage events. The Event Collector service can automatically forward event logs to other remote systems, running Windows Vista or Windows Server 2008 on a configurable schedule. Event logs can also be remotely viewed from other computers or multiple event logs can be centrally logged and monitored agentlessly and managed from a single computer. Reference: Event Viewer http://en.wikipedia.org/wiki/Event_Viewer Question 5. You are an enterprise administrator for ITCertKeys .com. The company runs Windows Server 2008 on all the servers on the network. One of the servers, ITCertKeys Server1 has the Web Server (IIS) role installed on it. A public website has recently been hosted on ITCertKeys Server1. After a few days, you noticed an unusual high traffic volume on the website. Which of the following options would you choose to identify the source of the traffic? A. Run the netstat -an command on ITCertKeys Server1. B. Using IIS Server Manager, first enable the website logging and then filter the logs for the source IP address. C. Enable Web scripting on ITCertKeys Server1. D. Using Event Viewer, filter information from the security log by creating a custom view in it. E. None of the above Answer: B Explanation: To identify the source of the traffic, you need to first enable the website logging using IIS Server Manager and then filter the logs for the source IP address so that the source of high traffic can be found out. The Internet Services Manager, available within the Administrative Tools folder on your Start menu, is the primary tool you'll use to administer your Web server. It allows you to enable logging on your web site. The IIS log files then can be used to identify performance issues in performance testing. The Client IP address filtering allows you to filter the IP address of the machine that accessed your web site. Although IP addresses aren't necessarily unique to any one visitor (as most visitors surf the web via a dynamic IP address provided by their ISP and not their own dedicated static IP and pipe), the IP address can still be useful in partitioning the log file into visitor sessions. The netstat -an command cannot be used because it is used to check various TCP/IP connections. The web scripting is used to enhance your browsing experience. Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error. Therefore all these options cannot be used to detect the source of high traffic. Reference: How To Use IIS Log Files In Performance Testing http://www.codeplex.com/PerfTesting/Wiki/Print.aspx?title=How%20To%3A%20Use%20IIS%20Log%20Files Reference: Web Wizardry: Putting the Internet to Work on Windows 2000 http://mcpmag.com/features/print.asp?EditorialsID=94 Reference: Dissecting Log Files http://www.clicktracks.com/insidetrack/articles/dissecting_log_files.php Question 6. You are an Enterprise administrator for ITCertKeys.com. The company consists of a single Active Directory domain where all the servers on the corporate network run Windows Server 2008. One of the web servers called ITCertKeys Server1 hosts shared documents. You have recently installed a few applications on the server. However, after these installations, users report extremely slow response times when they try to open the shared documents on Server1. To diagnose the problem, you used real time monitoring on the server and found that the processor is operating at 100 percent of capacity. Which of the following options would you choose to gather additional data to diagnose the cause of the problem? A. Create a counter log to track processor usage in the Performance console. B. Open and review the application log for Performance events in the Event Viewer. C. Use the Resource View to see the percentage of processor capacity used by each application in Windows Reliability and Performance Monitor. D. Create an alert that will be triggered when processor usage exceeds 80 percent for more than five minutes on ITCertKeys Server1 in Windows Reliability and Performance Monitor. E. None of the above Answer: C Explanation: To gather additional data to diagnose the cause of the problem, you need to use the Resource View in Windows Reliability and Performance Monitor to see the percentage of processor capacity used by each application. The Resource View window of Windows Reliability and Performance Monitor provides a real-time graphical overview of CPU, disk, network, and memory usage. By expanding each of these monitored elements, system administrators can identify which processes are using which resources. In previous versions of Windows, this real-time process-specific data was only available in limited form in Task Manager Reference: Windows Reliability and Performance Monitor http://technet.microsoft.com/en-us/library/cc755081.aspx Question 7. You are an Enterprise administrator for ITCertKeys.com. All the 100 servers on the corporate network run Windows Server 2008. A server called ITCertKeys Server1 is configured on the network with following configuration: 1. Connected to a SAN 2. Consists of 15 logical drives. 3. A new Data Collector Set is recently created Which of the following option would you choose to automatically run a data archiving script on ITCertKeys Server1 if the free space on any of the logical drives on the server is below 30 percent? A. Add the Event trace data collector B. Add the Performance counter alert C. Add the Performance counter data collector D. Add the System configuration data collector Answer: B Explanation: To automatically run a data archiving script if the free space on any of the logical drives is below 30 percent and to automate the script execution by creating a new Data Collector Set, you need to add the Performance counter alert. The Performance counter alert creates an alert if a performance counter reaches a threshold that you specify. You can configure your data collector set to automatically run at a scheduled time, to stop running after a number of minutes, or to launch a task after running. You can also configure your data collector set to automatically run on a scheduled basis. This is useful for proactively monitoring computers. Reference: Creating a Snapshot of a Computer's Configuration with Data Collector Sets in Vista / How to Create Custom Data Collector Sets http://www.biztechmagazine.com/article.asp?item_id=241 Question 8. You are an enterprise administrator for ITCertKeys . The corporate network of the company consists of servers that run Windows Server 2008 in an Active Directory domain. The domain consists of two servers named ITCertKeys Server1 and ITCertKeys Server2. You need to configure event subscription on the servers so that events from ITCertKeys Server2 can be collected and transferred to ITCertKeys Server1. You configure the required subscriptions by selecting the normal option for the event delivery optimization setting and using the HTTP protocol. However, you noticed that none of the subscriptions work. Which of the following three options would you choose to ensure that the servers support event collectors? (Each correct answer presents part of the solution) A. Run the wecutil qc command on ITCertKeys Server1 B. Run the wecutil qc command on ITCertKeys Server2 C. Run the winrm quickconfig command on ITCertKeys Server1 D. Run the winrm quickconfig command on ITCertKeys Server2 E. Add the ITCertKeys Server2account to the administrators group on ITCertKeys Server1 F. Add the ITCertKeys Server1account to the administrators group on ITCertKeys Server2 Answer: A, D, F Explanation: To collect events from ITCertKeys Server2 and transfer them to ITCertKeys Server1, you need to first run the wecutil qc command on ITCertKeys Server1. This command enables you to create and manage subscriptions to events that are forwarded from remote computers. Then you need to run the winrm quickconfig command on ITCertKeys Server2. WinRM is required by Windows Event Forwarding as WS-Man is the protocol used by WS-Eventing. Group Policy can be used to enable and configure Windows Remote Management (WinRM or WS-Man) on the Source Computers. With WinRM, Group Policy can be used to configure Source Computers (Clients) to forward events to a collector (or set of collectors). Finally, you need to add the ITCertKeys Server1 account to the administrators group on ITCertKeys Server2 so that access rights can be granted to the collector system on f the forwarding computer. Reference: Quick and Dirty Large Scale Eventing for Windows http://blogs.technet.com/otto/archive/2008/07/08/quick-and-dirty-enterprise-eventing-for-windows.aspx Reference: Collect Vista Events http://www.prismmicrosys.com/newsletters_june2007.php Question 9. You are an enterprise administrator for ITCertKeys . The corporate network of the company consists of servers that run Windows Server 2008 in an Active Directory domain. To find out the security lapse in the corporate network, you decided to build a list of all DNS requests that are initiated by a network server called CRM ITCertKeys 1. To perform this, you installed the Microsoft Network Monitor 3.0 application on CRM ITCertKeys 1 and configured the server to perform a security audit. You captured all local traffic on CRM ITCertKeys 1 for 24hours and saved the capture file as data.cap. You however realized that the size of data.cap file is more than 1GB, so you decided to create a file named CRM1DNSdata.cap from the existing capture file that contains only DNS -related data. Which of the following options would you choose to accomplish this task? A. Apply the display filter !DNS and save the displayed frames as CRM1DNSdata.cap file B. Apply the capture filter DNS and save the displayed frames as a CRM1DNSdata.cap file C. Add a new alias named DNS to the aliases table and save the file as CRM1DNSdata.cap D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file CRM1DNSdata.cap command. E. None of the above Answer: D Explanation: NMCap also allows you to accept a capture file as input. This can be useful for cleansing your traces before you use them. Or you could also parse traffic by different ports or by IP addresses. The below given command allows you to create a file named CRM1DNSdata.cap to store only the DNS-related data after filtering it from data.cap file, which is a capture file. The command nmcap.exe /inputcapture data.cap /capture DNS /file CRM1DNSdata.cap file Reference: Network Monitor / Cool NMCap trick, using another capture file as the input source http://blogs.technet.com/netmon/Default.aspx?p=2 Question 10. You are an enterprise administrator for ITCertKeys . The corporate network of the company consists of 100 servers that run Windows Server 2008 in an Active Directory domain. You have recently installed Windows Server 2008 on a new server and named it ITCertKeys Server1. You installed Web Server (IIS) role on it. The ITCertKeys Server1 has no Reliability Monitor data currently, and the system stability share has never been updated. Which of the following options would you choose to configure the ITCertKeys Server1 to collect the reliability monitor data? A. On the ITCertKeys Server1, run the perfmon.exe /sys command. B. On the ITCertKeys Server1Configure the Task scheduler service to start automatically. C. On the ITCertKeys Server1, configure the Remote Registry service to start automatically. D. On the ITCertKeys Server1, configure the Secondary Login service to start automatically. Answer: B Explanation: To configure the ITCertKeys Server1 to collect the reliability monitor data, you need to configure the Task scheduler service to start automatically. Reliability Monitor uses data provided by the RACAgent scheduled task, a pre-defined task that runs by default on a new installation of Windows Vista. The seamless integration between the Task Scheduler user interface and the Event Viewer allows an event-triggered task to be created with just five clicks. In addition to events, the Task Scheduler in Windows Vista / Server 2008 supports a number of other new types of triggers, including triggers that launch tasks at machine idle, startup, or logon. Because you need Task Scheduler to collect reliability monitor data, you need to you need to configure the Task scheduler service to start automatically. Reference: Network Monitor 3.1 OneClick ... now what? / Task Scheduler Changes in Windows Vista and Windows Server 2008 - Part One http://blogs.technet.com/askperf/ Reference: What allows the Reliability Monitor to display data? http://www.petri.co.il/reliability_monitor_windows_vista.htm
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.