70-290
Managing and Maintaining a Microsoft Windows Server 2003 Environment
Note: The answer is for reference only, you need to understand all question.
Exam A
QUESTION 1
You are a network administrator for your company. The network consists of a single Active Directory domain.
A user named Mary works in the information technology (IT) security department. Mary is a member of the ITSecurity global group.
Mary reports that no one in the ITSecurity global group can access the security log from the console of a computer named Server1.
You need to grant the ITSecurity global group the minimum rights necessary to view the security log on Server1.
How should you modify the local security policy?
A. Assign the Generate security audits user right to the ITSecurity global group.
B. Assign the Manage auditing and security logs user right to the ITSecurity global group.
C. Assign the Allow logon through Terminal Services user right to the ITSecurity global group.
D. Assign the Act as part of the operating system user right to the ITSecurity global group.
Answer: B
QUESTION 2
You are the domain administrator for your company's Active Directory domain. All client computers run Windows 2000 Professional.
You recently deployed 10 new servers that run Windows Server 2003. You placed the servers in a new organizational unit (OU) named W2K3Servers.
Anne is another network administrator.
You need to configure the appropriate permissions to allow Anne to manage the new servers by using Terminal Services from her client computer. You need to assign Anne only the permissions she needs to perform her job.
What should you do?
A. Add Anne's user account to the local Power Users group on each server that runs Windows Server 2003.
B. Add Anne's user account to the Remote Desktop Users group on each server that runs Windows Server 2003.
C. Assign Anne's user account the Allow Read and the Allow Write permissions for the W2K3Servers OU.
D. Configure the Managed By property for the W2K3Servers OU to Anne's user account.
Answer: B
QUESTION 3
You are a network administrator for your company. All servers run Windows Server 2003. You manage a server that functions as a file server.
The data volume on the server is mirrored. Each physical disk is on a separate controller. One of the hard disks that contains the data volume fails.
You discover that the failure was caused by a faulty SCSI controller. You replace the SCSI controller.
You need to restore the data volume to its previous state. You need to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Run the diskpart active command to activate the failed volume.
B. Convert both disks to basic disks, and then restore the data.
C. Break the mirror, and then re create the mirror.
D. Select a disk in the mirror, and then reactivate the volume.
Answer: D
QUESTION 4
You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003.
You install the Remote Administration tools on a server named Server1, selecting all default settings.
In Internet Explorer, you type https://server1/admin. You receive the following error message: "HTTP Error 404 File or directory not found."
You open IIS Manager and see the configuration shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can use Internet Explorer to administer Server1. What should you do?
Exhibit:
A. In Internet Explorer, type http://server1:8099.
B. In Internet Explorer, type http://server1.
C. Install the Remote Desktop Web Connection subcomponent of the World Wide Web services.
D. In Internet Explorer, type https://server1:8098.
E. In Internet Explorer, type https://server1.
Answer: E
QUESTION 5
You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all are members of the domain. All client computers run Windows XP Professional.
Five Web servers host the content for the internal network. Each one runs IIS and has Remote Desktop connections enabled.
Web developers are frequently required to update content on the Web servers.
You need to ensure that the Web developers can use Remote Desktop Connection to transfer Web documents from their client computers to the five Web servers.
What should you do?
A. Install the Terminal Server option on all five Web servers. Use Terminal Services Configuration Manager to modify the session directory setting.
B. Install the Terminal Server option on all five Web servers. Use Terminal Services Configuration Manager to
create a new Microsoft RDP 5.2 connection.
C. On each Web developer's client computer, select the Disk Drives check box in the properties of Remote Desktop Connection.
D. On each Web developer's client computer, select the Allow users to connect remotely to this computer check box in the System Properties dialog box.
Answer: C
QUESTION 6
You are the network administrator for your company. All network servers run Windows Server 2003.
The network includes a file server named File1. File1 contains a single disk for system files and two SCSI hard disks that comprise a 72 GB mirrored volume with 65 GB of read only data.
Users connect to this data by using shortcuts on their desktops. File1 is scheduled for replacement.
You have a scheduled maintenance window to complete this task. Before the maintenance window, you build a new server.
You need to bring the new server online with current data and re establish redundancy as quickly as possible. You must also ensure that the desktop shortcuts will continue to function.
What should you do?
A. Name the new server File2. Create a new mirrored volume by using two 72 GB disks. Connect File2 to the network and copy the data from File1. When copying is complete, shut down the old File1.
B. Name the new server File1. Move both disks from the old File1 to the new File1. Scan the disks for changes. Import the disks. Connect the new File1 to the network.
C. Name the new server File1. Break the mirror on the old File1. Move one of the disks from the old File1 to the new File1. Scan the disk for changes. Initialize the disk. Select the spare disk and create the mirror. Connect the new File1 to the network.
D. Name the new server File1. Remove one of the disks in the mirror from the old File1. Move the disk to the new File1. Scan the disk for changes. Import the disk. Shut down the old File1 and connect the new File1 to the network.
Answer: B
QUESTION 7
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You need to use Windows Backup to meet the following requirements: Minimize the number of scheduled backup jobs.
-Perform a scheduled normal backup to disk every Friday.
-Perform a scheduled normal backup to tape every Friday.
-Perform scheduled differential backups to tape every Monday, Tuesday, Wednesday, and Thursday.
How many scheduled jobs should you create from Windows Backup?
A. one
B. two
C. three
D. six
Answer: C
QUESTION 8
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You need to implement a backup schedule on Server1 to meet the following requirements:
-Everyday, back up all files and folders to disk.
-Every Friday, back up all files and folders to tape.
-Every Sunday, Tuesday, and Thursday, back up only the files and folders that have changed since the previous Friday's backup to tape.
Which backup jobs should you create?
A. a normal backup to disk everyday a normal backup to tape on Friday a differential backup to tape on Sunday, Tuesday, and Thursday
B. a normal backup to disk everyday a normal backup to tape on Friday an incremental backup to tape on Sunday, Tuesday, and Thursday
C. a copy backup to disk everyday a normal backup to tape on Friday a differential backup to tape on Sunday, Tuesday and, Thursday
D. a copy backup to disk everyday a normal backup to tape on Friday
an incremental backup to tape on Sunday, Tuesday and, Thursday
Answer: C
QUESTION 9
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You perform a normal backup of Server1 every Saturday.
You need to implement a backup strategy for Server1 to meet the following requirements:
Minimize the time required to restore files.
On weekdays, back up only files that have changed since the Saturday backup.
Which type of backup should you perform on weekdays?
A. copy
B. daily
C. differential
D. incremental
Answer: C
QUESTION 10
Your organization includes two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2).
Server1 and Server2 host the same Web sites.
You need to back up the server configuration on Server1 every hour and then apply the configuration to Server2.
Which command should you use?
A. IISBack.vbs /backup
B. IISBack.vbs /list
C. IISCnfg.vbs /copy
D. IISCnfg.vbs /save
Answer: C
QUESTION 11
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You use Windows Backup to back up Server1.
You need to view all the backup jobs that are scheduled to run on Server1. What should you do?
A. From Administrative Tools, run Services.
B. From Administrative Tools, run File Server Manager.
C. From Windows System Tools, run Scheduled Tasks.
D. From Windows System Tools, run System Information.
Answer: C
QUESTION 12
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to ensure that a defragmentation of the server's hard disk drive runs each night.
What should you do?
A. Create a scheduled task that runs Dfrg.msc.
B. Create a scheduled task that runs Defrag.exe.
C. From Computer Management, run Disk Management.
D. From Computer Management, run Disk Defragmenter.
Answer: B
QUESTION 13
You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server is configured as shown in the following table.
You need to create a software mirror of Disk1. What should you do first?
A. Convert Disk3 to a dynamic disk.
B. Create a new NTFS volume on Disk3.
C. Run the Extend Volume Wizard on Disk1.
D. Convert Disk3 to a GUID Partition Table (GPT) disk.
Answer: A
QUESTION 14
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 has a folder named D:\data. The folder is shared as Data.
You need to enable users to recover files that are deleted from the Data shared folder.
What should you do on Server1?
A. From the D volume properties, modify the Shadow Copies settings.
B. From the Sharing and Security settings of D:\data, modify the Caching settings.
C. From the %systemroot%\system32\clients\twclient\x86 folder, install twcli32.msi.
D. From the Services snap in, modify the startup type of the Volume Shadow Copy Service (VSS).
Answer: A
QUESTION 15
Your network contains a database server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 has the following hardware configurations:
-A single processor that supports hyper threading
-Dual processor motherboard
-Two hard disks
-2 GB of RAM
The first disk contains all the files for the operating system and applications. The second disk is empty. Hyper threading is disabled in the BIOS.
Users report a slow response when they query the database on Server1.
You monitor Server1 for one day and receive the performance statistics shown in the following table.
You need to improve database performance. What should you do?
A. Upgrade the RAM to 4 GB.
B. Install a second processor.
C. Enable hyper threading in the BIOS.
D. Move the database to the second disk.
Answer: D
QUESTION 16
Your network contains a database server named Server1.
Server1 runs the 32 bit version of Windows Server 2003 Enterprise Edition Service Pack 2 (SP2) and has 16 GB of RAM.
On Server1, you open Task Manager and discover that the total physical memory shows only 4 GB of RAM.
You need to ensure that Server1 has access to all 16 GB of RAM.
What should you do?
A. In the Boot.ini file, add the /PAE switch and then restart the server.
B. In the Boot.ini file, add the /3GB switch and then restart the server.
C. From Performance Options, set Memory Usage to Programs.
D. From Performance Options, change the initial size of the paging file to 16 GB and then restart the server.
Answer: A
QUESTION 17
Your network contains a database server that runs Windows Server 2003 Standard Edition Service Pack 2
(SP2).
The server has 1 GB of RAM and a single hard disk.
Queries against the databases on the server are very slow.
You discover that the hard disk on the server is very active.
You are evaluating whether to add RAM to the server.
You need to use System Monitor to find out whether adding RAM will decrease disk activity.
Which performance counter should you monitor?
A. LogicalDisk : % Free Space
B. Memory : Pages Faults/sec
C. Memory : Free System Page Table Entries
D. Server Work Queues : Queue Length
Answer: B
QUESTION 18
Your network contains an application server named Server1 that runs Windows Server 2003 Service Pack
(SP2).
You open the Performance tab in Task Manager as shown in the exhibit. (Click the Exhibit button.)
You need to improve the performance of Server1. What should you do?
Exhibit:
A. Install additional RAM.
B. Install a second processor.
C. Decrease the size of the paging file.
D. Add the /PAE switch to the Boot.ini file.
Answer: A
QUESTION 19
You have a print server named Server1 that runs Windows Server 2003 Service Pack (SP2).
Server1 is configured as shown in the following table.
All the hard disks are 136 GB and are connected to a SCSI controller. You need to identify which disk configuration will provide the best performance for printing.
Which disk configuration should you implement?
A. one RAID 0 volume
B. one RAID 1 volume
C. one RAID 5 volume
D. two RAID 1 volumes
Answer: A
QUESTION 20
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
The domain contains a member server named Server1. Server1 is a file server.
You accidentally delete the computer account for Server1 from the domain. You need to ensure that users can access the file shares on Server1 by using their domain user accounts.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. On Server1, run the Netdom reset command.
B. On Server1, add the computer to a workgroup and then add the computer to the domain. Restart Server1.
C. From Active Directory Users and Computers, create a new computer account named Server1 in the domain. Restart Server1.
D. On a domain controller, perform an authoritative restore in Active Directory for the Server1 computer account. Restart Server1.
Answer: B
QUESTION 21
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack 2 (SP2).
You have a computer named ACCT5 that runs Windows XP Professional Service Pack 3 (SP3).
Users report that they cannot log onto ACCT5 by using their domain credentials.
You view the properties of the computer account as shown in the exhibit. (Click the Exhibit button.)
You need to need to ensure that users can log on to ACCT5 by using their domain credentials.
What should you do?
Exhibit:
A. At the command prompt, run the Dsrm command.
B. At the command prompt, run the Netdom reset command.
C. From Active Directory Users and Computers, reset the computer account.
D. From Active Directory Users and Computers, enable the computer account.
Answer: D
QUESTION 22
Your company has a main office and a branch office.
The network consists of a single Active Directory domain. All network servers run Windows Server 2003
Service Pack 2 (SP2).
You deploy a server in the branch office that runs Windows Server 2003 SP2.
You need to enable a user in the branch office to restore files on the branch office server.
The solution must provide the minimum level of administrative permissions required for this task.
What should you do?
A. Modify the user rights assignments in the default domain security policy.
B. Modify the user rights assignments in the local security policy on the branch office server.
C. Add the branch office administrator to the domain Backup Operators group.
D. Add the branch office administrator to the local Backup Operators group on the branch office server.
Answer: B
QUESTION 23
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack 2 (SP2).
You need to use Windows Backup to restore files to a shared folder located on a file server. The restore must maintain all the file versions saved by users since the last backup.
What should you do?
A. Restore the files to their original location and select the Replace existing files option.
B. Restore the files to their original location and select the Replace existing files if they are older than the backup files option.
C. Restore the files to an alternate location. Copy the files to the shared folder and choose to overwrite the files with duplicate file names.
D. Restore the files to an alternate location. Copy the files to the shared folder and choose not to overwrite the files with duplicate file names.
Answer: B
QUESTION 24
Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 is configured as shown in the following table.
Disk2 fails. You remove Disk2 from the computer and replace it with a new disk.
You open the Disk Management snap-in and discover that the status of a disk is Missing.
You initialize the new disk and convert it to a dynamic disk.
You need to configure Server1 to meet the following requirements:
-Prevent the loss of data on drive E.
-Allow the new disk to be added to the mirror of drive E.
-Allow the missing disk to be removed from the Disk Management snap-in.
What should you do?
A. Break the mirror.
B. Remove the mirror.
C. Remove the volume.
D. Create a simple volume.
Answer: B
QUESTION 25
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
An incremental backup runs every weekday at 01:00. On Friday, you examine the Windows Backup log and discover that the last entry in the log is one week old.
You need to identify the problem that prevents the backup from running.
What should you do?
A. From Scheduled Tasks, examine the log.
B. From Event Viewer, examine the system log.
C. From Windows Backup, enable detailed logging and then perform a manual backup.
D. From Windows Explorer, examine the files in the %systemroot%\system32\LogFiles folder.
Answer: A
QUESTION 26
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Shadow Copies is enabled on all volumes and daily backups are performed by using Windows Backup.
A user named User1 has a computer named Computer1 that runs Windows XP Professional Service Pack 3 (SP3).
User1 is denied the right to log on to Server1.
You need to ensure that User1 can recover previous versions of files on Server1 without help from an administrator.
What should you do?
A. On Server1, install twcli32.msi.
B. On Server1, create an Automated System Recovery (ASR) backup.
C. On Computer1, install twcli32.msi.
D. On Computer1, create an Automated System Recovery (ASR) backup.
Answer: A
QUESTION 27
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 runs a
custom application.
Users report that the performance of Server1 has dropped significantly during the last month.
You monitor the server and obtain the data shown in the exhibit. (Click the Exhibit button.)
You need to increase the performance of Server1.
What should you do?
Exhibit:
A. Increase the server memory.
B. Install an additional processor.
C. Install a high performance disk.
D. Install an additional network adapter.
Answer:
QUESTION 28
You have a print server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 has a shared printer named Printer1.
You need to track the usage for Printer1. The tracked information must indicate the user that submitted the print job.
You enable auditing for object access on Server1.
What should you do next?
A. From the Performance console, create a counter log.
B. From the properties of Printer1, modify the Device settings.
C. From the properties of Printer1, modify the Security settings.
D. From the Print Server properties, modify the Advanced setting.
Answer: C
QUESTION 29
Your network consists of a single Active Directory domain. Remote Assistance is enabled on all computers.
You need to ensure that you can establish Remote Assistance connections to all computers without a Remote Assistance invitation.
Which group policy setting should you configure?
A. Offer Remote Assistance
B. Solicited Remote Assistance
C. Allow users to connect remotely using Terminal Services
D. Sets rules for remote control of Terminal Services user sessions
Answer: A Exam B
QUESTION 1
You are the network administrator for your company. All network servers run Windows Server 2003.
A member server named Server1 is configured to run shadow copies without a storage limit. Server1 has the disk configuration shown in the following table.
You need to create additional free space on DATA1. You also need to improve the performance of Server1and ensure that it has sufficient space for shadow copies in the future.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Delete the shadow copies on DATA1.
B. Delete Backup.bkf on DATA3.
C. In the properties of DATA1, relocate the shadow copies to DATA2.
D. In the properties of DATA1, relocate the shadow copies to DATA3.
E. Delete DATA3 and extend the DATA1 partition to include the space on DATA3.
Answer: AD
QUESTION 2
You are the network administrator for your company's Active Directory domain. The domain includes Windows Server 2003 domain controllers and Windows XP Professional client computers.
A new administrator named Paul is hired to assist you in deploying Windows XP Professional to 100 new computers.
Paul installs the operating system on a new computer named Client1. However, when Paul tries to log on to the domain from Client1, he is unsuccessful.
The logon dialog box does not allow him to view and select the domain name.
You need to ensure that Paul can log on to the domain from Client1. What should you do?
A. Enable the computer account for Client1.
B. Configure Client1 as a member of the domain.
C. Add Paul's user account to the Enterprise Admins group.
D. Add Paul's user account to the Server Operators group.
Answer: C
QUESTION 3
You are the network administrator for your company. Your network consists of a single Active Directory domain.
All network servers run Windows Server 2003.
You successfully install a new server named Server9. Immediately afterward, you perform the first backup of
the server.
The date is January 25, 2003. Next, you add a user named Anne to the local Backup Operators group.
You direct Anne to perform nightly backups of Server9.
One week later, you try to review the backup logs for Server9.
The Backup utility displays the information shown in the exhibit. (Click the Exhibit button.)
You verify that Anne is performing nightly backups. You need to be able to review the backup logs for the
previous week. What should you do?
Exhibit:
A. Add your user account to the local Backup Operators group.
B. Direct Anne to use her user account to log on and open the Backup utility.
C. In the Backup utility, select the Verify data after the backup completes check box.
D. Open %windir%\system32\LogFiles. Create a new subfolder named BackupLogs.
Answer: B
QUESTION 4
You are the network administrator for your company. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All 3,500 user accounts are located in the default Users container.
All user accounts have their Department attribute values set to the appropriate employee department.
The network engineer creates an organizational unit (OU) structure for the domain, based on the company's departments.
You need to place all user accounts that have the Department attribute set to Sales in the Sales OU.
Because of time constraints, you need to automate this process.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Run the dsmod command with the appropriate parameters.
B. Run the dsget command with the appropriate parameters.
C. Run the dsquery command with the appropriate parameters.
D. Run the dsmove command with the appropriate parameters.
E. Run the dsrm command with the appropriate parameters.
F. Run the find command with the appropriate parameters.
Answer: CD
QUESTION 5
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
All company data is stored in shared folders on network file servers.
The data for each department is stored in a departmental shared folder.
Users in each department are members of the departmental global group.
Each departmental global group is assigned the Allow -Full Control permission for the corresponding departmental shared folder.
Company requirements state that all access to shared folders must be configured by using global groups.
A user named Richard works in the sales department. Richard needs to be able to modify files in the Marketing shared folder.
You need to ensure that Richard has the minimum permissions for the Marketing shared folder that he needs to do his job.
You need to achieve this goal while meeting company requirements and without granting unnecessary permissions.
What should you do?
A. Add Richard's user account to the Marketing global group.
B. Assign the Sales global group the Allow -Change permission for the Marketing shared folder.
C. Create a new global group. Add Richard's user account to the group. Assign the new global group the Allow -Change permission for the Marketing shared folder.
D. Assign Richard's user account the Allow -Change permission for the Marketing shared folder.
Answer: C
QUESTION 6
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
All users in the publishing department are members of a global group named Publishing.
Interns in the publishing department are also members of a global group named PublishingInterns.
A network file server contains a shared folder named PubsSalesData.
Interns must not be able to view or modify any files in the PubsSalesData folder.
All other employees in the publishing department must be able to view and modify the files in the PubsSalesData folder.
The NTFS permissions for all folders are configured to assign the Allow -Full Control permission to members of the Domain Users global group.
You need to configure the share permissions for the PubsSalesData folder.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Assign the Allow -Read permission to the Publishing global group.
B. Assign the Allow -Change permission to the Publishing global group.
C. Assign the Deny -Change permission to the PublishingInterns global group.
D. Assign the Allow -Read permission to the PublishingInterns global group.
Answer: BC
QUESTION 7
You are a network administrator for your company. All servers run Windows Server 2003.
A server named Server2 functions as a print server on the network.
A high-speed color print device is attached to Server2.
You configure a printer named ColorPrinter on Server2.
Several other printers are also configured on Server2.
The configuration of ColorPrinter is shown in the exhibit. (Click the Exhibit button.)
Users in the marketing department report that when they print large files that contain multiple graphics, the
documents print very slowly, pausing for several seconds between each page.
You need to minimize the impact that large print jobs have on the performance of the printer.
You need to achieve this goal by using the least administrative effort. What should you do?
Exhibit:
A. Create a printer pool that includes an additional printer of the same type as ColorPrinter.
B. Add a second printer to Server2 that prints to the same print device as ColorPrinter. Instruct marketing users to submit large print jobs to one device and smaller print jobs to the other.
C. Configure ColorPrinter to start printing after the last page is spooled.
D. Increase the priority of ColorPrinter so that it is higher than all other printers.
Answer: C
QUESTION 8
You are a network administrator for your company. All servers run Windows Server 2003. A server named Server2 functions as a print server.
Users in the sales department print large reports and sales documents on several printers that are attached to Server2.
Users report that during periods of peak activity, Server2 becomes unresponsive and is slow to print documents.
You use System Monitor to view the performance of Server2 during a period of peak activity.
The results are shown in the exhibit. (Click the Exhibit button.)
You need to improve the performance of Server2 when documents are printed during periods of peak activity. What should you do?
Exhibit:
A. Configure a printer pool on Server2 by using an additional print device.
B. Install an additional hard disk in Server2. Move the spool directory to the new hard disk.
C. Increase the amount of physical RAM that is installed in Server2.
D. Upgrade the processor in Server2.
Answer: B
QUESTION 9
You are a network administrator for your company. All servers run Windows Server 2003.
You manage a file server named Server8.
You need to create a performance baseline for Server8 by using Performance Logs and Alerts.
You need to store the performance data in an existing Microsoft SQL Server database on another computer.
You create a new counter log, and you select SQL Database as the log file format.
When you attempt to save your changes, you receive an error message stating that you must select a data
source name.
You examine the configuration of the SQL Logs, as shown in the following dialog box.
You need to configure the counter log to use a SQL database. What should you do?
A. Use the relog command-line utility to configure a connection to your SQL database.
B. Use Add or Remove programs to install Connection Point Services. Configure a connection to your SQL database.
C. Use the logman command-line utility with the create switch to configure a connection to your SQL database.
D. Use Data Sources (ODBC) to configure a connection to your SQL database.
Answer: D
QUESTION 10
You are a network administrator for your company. The network contains a Windows Server 2003 computer named Server4, which functions as a file server.
Server4 contains several applications.
One application is named App1.
Another application is named App2.
Users report that App2 is performing poorly.
You examine Server4 and discover that App1 was started by using the start app1 /realtime command.
You need to ensure that no other application was started by using the /realtime switch. What should you do?
A. Use Performance Monitor to create a trace log. Trace Process creations/deletions.
B. Use Performance Monitor to create a trace log. Trace Thread creations/deletions.
C. Use Task Manager to view processes. View the Base Priority column.
D. Use Task Manager to view performance. On the View menu, select Show Kernel Times.
Answer: C
QUESTION 11
You are a network administrator for your company. All servers run Windows Server 2003.
A server named Server3 functions as an application server. The disks in Server3 are configured as shown in the following table.
You purchase four additional 20-GB hard disks for Server3. You plan to install an inventory database on Server3.
You estimate that you need a total of 60 GB of disk space to hold all the inventory data.
You need to protect the data against the failure of any disk that contains either operating system data or
inventory database data.
You need to create a new disk configuration on Server3.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Use one additional disk to create a mirror for drive C.
B. Use two additional disks to create a striped set for drive C.
C. Use three additional disks to create a RAID-5 volume for drive D.
D. Use two additional disks to create a RAID-5 volume for drive C.
E. Use one additional disk to create a mirror for drive D.
F. Use three additional disks to create a striped set for drive D.
Answer: AC
QUESTION 12
You are a network administrator for your company. All servers run Windows Server 2003.
A server named Server1 functions as an application server.
Server1 runs several applications.
Server1 is located on the company's perimeter network.
You allow communication to Server1 only over port 80.
Users report that applications on Server1 perform poorly during periods of peak activity.
You monitor Server1.
The results are shown in the exhibit. (Click the Exhibit button.)
You need to identify which process is causing Server1 to perform poorly.
Which two tools can you use to achieve this goal? (Each correct answer presents a complete solution. Choose
two.)
Exhibit:
A. Event Viewer
B. Task Manager
C. Network Monitor
D. System Monitor
Answer: BD
QUESTION 13
You are a network administrator for your company.
You manage a computer named Server6 that runs Windows Server 2003 with the default settings.
You install Terminal Services on Server6.
You attempt to connect to Server6 by using the URL http://Server6/Tsweb.
You cannot connect to Server6.
You need to be able to access Terminal Services on Server6 by using Internet Explorer 6.0.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a new Web site named Tsweb.
B. Create a new virtual directory named Tsweb.
C. Install IIS.
D. Install the Remote Administration IIS subcomponent.
E. Install the Remote Desktop Web Connection IIS subcomponent.
Answer: CE
QUESTION 14
Server1 contains a folder named D:\Salesdata, which contains important company data.
The hardware-monitoring software reports that the disk that contains volume D is in danger of imminent disk failure.
You order a replacement disk, but you must wait at least one day for the disk to be delivered.
You discover that you do not have a backup of the D:\Salesdata folder because a recent backup was configured incorrectly.
You need to back up the D:\Salesdata folder so that you can restore the data if the disk fails.
You need to achieve this goal as quickly as possible. What should you do?
A. Perform a normal backup of the D:\Salesdata folder.
B. Perform an incremental backup of the D:\Salesdata folder.
C. Perform a differential backup of the D:\Salesdata folder.
D. Perform a daily backup of the D:\Salesdata folder.
E. Enable Shadow Copies on volume D. Configure the shadow copy location as C:\.
Answer: A
QUESTION 15
You are the network administrator for your company. The network contains a Windows Server 2003 computer named Server1.
Server1 contains two NTFS volumes named Data and Userfiles. The volumes are located on separate hard disks.
The Data volume is allocated the drive letter D. The Data volume is shared as \\Server1\Data.
The Userfiles volume is mounted on the Data volume as a volume mount point.
The Userfiles volume is displayed as the D:\Userfiles folder when you view the local disk drives by using Windows Explorer on Server1.
The D:\Userfiles folder is shared as \\Server1\Userfiles.
The files on the Userfiles volume change every day.
Users frequently ask you to provide them with previous versions of files.
You enable and configure Shadow Copies on the Data volume.
You schedule shadow copies to be created once a day.
Users report that they cannot recover previous versions of files in the \\Server1\Userfiles shared folder.
You need to enable users to recover previous versions of files on the Userfiles volume. What should you do?
A. Assign drive E to Userfiles. Enable Shadow Copies on the Userfiles volume.
B. Convert the disk that contains the Data volume to a dynamic disk.
C. Convert the disk that contains the Userfiles volume to a dynamic disk.
D. Instruct users to connect to \\Server1\Data when they attempt to access previous versions of files in the D:\Userfiles folder.
E. Instruct users to connect to \\Server1\D$ when they attempt to access previous versions of files on the Data volume.
Answer: A
QUESTION 16
You are a network administrator for your company. All servers run Windows Server 2003. A network server
named Server1 functions as the main file server.
Server1 is backed up each night by using the Backup utility.
You perform a test restoration of Server1 by using the Backup utility.
You discover that files that are open during the backup process are not being backed up.
You need to ensure that open files are backed up successfully. What should you do?
A. Enable volume shadow copies on the partitions that are being backed up.
B. Disable volume shadow copies on the partitions that are being backed up.
C. Select the Verify data after backup check box in the Advanced backup options of the backup job.
D. Clear the Disable volume shadow copy check box in the Advanced backup options of the backup job.
Answer: D
QUESTION 17
You are the administrator of a Windows Server 2003 computer named Server1. User profiles are stored on Server1.
A user named Peter reports that he accidentally deleted a folder named WorkProduct from his user profile.
He needs to have his WorkProduct folder restored. Other users are accessing Server1, and you do not want to negatively affect their work.
You locate the latest backup that contains the files that you need to restore.
You need to restore Peter's WorkProduct folder.
You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
A. Restore Peter's WorkProduct folder, and clear the Restore junction points, but not the folders and the file data they reference check box.
B. Restore the Documents and Settings folder that contains the WorkProduct folder.
C. Restore Peter's WorkProduct folder, and choose an alternate location for the restoration.
D. Restore Peter's WorkProduct folder, and choose the original location for the restoration.
Answer: D
QUESTION 18
You are a network administrator for your company.
You currently automate backups of the System State data on the servers in your network by using NTBackup.
Your manager instructs you to document the procedure for restoring a server from a backup of the System State data.
You need to select the correct method for performing a restoration of a backup of the System State data.
What should you do?
A. Run the following command: ntbackup.exe backup /F {"FileName"}
B. Run the following command: ntbackup.exe backup systemstate /F {"FileName"}
C. In Control Panel, open System, and configure the Startup and Recovery settings on the Advanced tab.
D. Use NTBackup interactively.
Answer: D
QUESTION 19
You are the administrator of a Windows Server 2003 computer named Server4.
You install Terminal Services on Server4.
You add users from the technical support department to the Power Users group and to the Remote Desktop Users group on Server4.
You notice that Server4 is periodically unavailable.
You open Event Viewer on Server4 and discover that the server was restarted accidentally by users in the technical support department.
You need to ensure that users in the technical support department can establish a Terminal Service session and can manage local user accounts on Server4 without having the ability to restart Server 4.
Which action or actions should you perform? (Choose all that apply.)
A. Remove the technical support user accounts from the Power Users group.
B. Remove the technical support user accounts from the Remote Desktop Users group.
C. Remove the Power Users group from the Shut down the system user right.
D. Add the Power Users group to the Deny log on locally user right.
E. Modify the permissions on the RDP-Tcp connection by using Terminal Services Configuration. Assign the Power Users group the Deny -Full Control permission.
Answer: C
QUESTION 20
You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003. All client computers run Windows XP Professional SP2.
Server1 is a domain controller.
Server2 runs Windows Software Update Services (WSUS).
No options have been changed in the administrative console.
You configure the client computers to access the services on Server1 and Server2.
An initial synchronization and approval is successfully completed.
The client computers receive and install the approved patches successfully.
Three months later, Microsoft releases a critical security update for Windows XP Professional.
From a test client computer, you use Microsoft Update to download the update.
You test the update and receive no error messages.
Now you need to deploy the update to all client computers as quickly as possible.
You must ensure that the update is not deployed to any servers.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. On Server1, configure the Default Domain Policy Group Policy object (GPO) to distribute the security update.
B. On Server1, initiate replication.
C. On Server2, initiate synchronization.
D. On Server2, approve the security update.
Answer: CD
QUESTION 21
You are the domain administrator for your company's Active Directory domain. All servers run Windows Server 2003.
The information technology (IT) department recently installed Windows Server Update Services (WSUS) to manage security updates.
The server that runs WSUS is configured to automatically approve critical and security updates, and to synchronize automatically every day at 7:00 A.M.
New critical security updates were released today at 9:00 A.M. You need to manually update the WSUS server and make the updates available to client computers.
What should you do?
A. Log on to the WSUS server. Download and install the new security updates from Microsoft Update.
B. Download the new security updates from Microsoft Update to your local computer. Copy and paste the update files to the WSUSContent folder on the WSUS server.
C. Connect to the WSUS server home page. Click the Synchronize Now link.
D. Log on to the WSUS server. From the command line, run gpupdate /force.
Answer: C
QUESTION 22
You are the domain administrator for your company's Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional and have the latest service pack installed.
You manage a server that has Windows Server Update Services (WSUS) installed.
The latest updates were synchronized and approved for installation on the client computers.
You need to configure the client computers to download and automatically install the approved updates from the WSUS server.
What should you do?
A. On the client computers, open the System Properties dialog box. On the Automatic Updates tab, configure the client computers to update automatically every day.
B. Create a Group Policy object (GPO) that has the appropriate Automatic Updates settings configured. Apply the GPO to an organizational unit (OU) that includes the client computers.
C. In Active Directory Users and Computers, modify the settings for the client computer accounts. Configure the Managed By property to specify the WSUS server account.
D. Create a local group on the WSUS server. Assign the group the Allow -Read and the Allow -Write permissions for the WSUSContent folder on the WSUS server. Add all the users of the client computers to the local group.
Answer: B
QUESTION 23
You are the network administrator for your company. All network servers run Windows Server 2003.
A server named Server1 hosts applications for network users.
Server1 contains a motherboard that can support two CPUs.
One CPU is currently installed.
Server1 has 512 MB of RAM and a single 36-GB integrated device electronics (IDE) hard disk.
It has a 10 Mb Ethernet card connected to a 10/100 Mb switch. After Server1 is in use for five months, network users report unnacceptable response times on their applications.
You open System Monitor on Server1 and see the information shown in the following table.
You need to improve the performance of Server1. What should you do?
A. Add an additional CPU.
B. Add an additional 512 MB of RAM.
C. Replace the existing hard disk with a faster one.
D. Replace the 10-Mb Ethernet card with a 100-Mb Ethernet card.
Answer: C
QUESTION 24
You are the network administrator for your company. All network servers run Windows Server 2003. Server1 hosts highly confidential files.
The Disk Management console for Server1 is shown in the exhibit. (Click the Exhibit button.)
You need to ensure the security of all files on Server1. In the event of disk failure, you need to minimize the time required to make these files available again.
You also need to improve file system performance.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Exhibit:
A. Configure the unallocated disks in a RAID-0 configuration.
B. Configure one of the unallocated disks in a RAID-1 configuration.
C. Store a shadow copy of disk C on one of the unallocated disks.
D. Configure the unallocated disks as an extended volume.
E. Convert the disks to basic disks.
F. Convert the disks to dynamic disks.
Answer: BF
QUESTION 25
You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003.
Some client computers run Windows 2000 Professional, and the rest run Windows XP Professional.
All user accounts in the sales department are located in the Sales organizational unit (OU).
To store roaming user profiles, you create a shared folder named Profiles on a member server named File1.
You assign the Allow -Full Control permission on the Profiles folder to the Everyone group.
Now you need to create roaming user profiles for the user accounts in the Sales OU.
What should you do?
A. Select all user accounts in the Sales OU. Modify the account properties to specify \\File1\Profiles\%username% as the profile path.
B. Select all user accounts in the Sales OU. Modify the account properties to specify \\File1\Profiles as the profile path.
C. Create a Group Policy object (GPO) and link it to the Sales OU. In the User Configuration section of the GPO, configure Folder Redirection to use \\File1\Profiles.
D. Create a Group Policy object (GPO) and link it to the Domain Controllers OU. In the User Configuration section of the GPO, configure Folder Redirection to use \\File1\Profiles.
Answer: A
QUESTION 26
You are the network administrator for your company. The network consists of a single Active Directory domain. All network servers run Windows Server 2003.
Three thousand client computers run Windows 2000 Professional, and 1,500 client computers run Windows XP Professional.
A new employee named Peter is hired to assist you in installing Windows XP Professional on 150 new client computers.
You need to ensure that Peter has only the minimum permissions required to add new computer accounts to the domain and to own the accounts that he creates. Peter must not be able to delete computer accounts.
What should you do?
A. Add Peter's user account to the Server Operators group.
B. Add Peter's user account to the Account Operators group.
C. Use the Delegation of Control Wizard to permit Peter's user account to create new computer objects in the Computers container.
D. Create a Group Policy object (GPO) and link it to the domain. Configure the GPO to permit Peter's user account to add client computers to the domain.
Answer: C
QUESTION 27
You are the network administrator for your company. The network consists of a single Active Directory domain.
The functional level of the domain is Windows Server 2003. Some user accounts have expiring passwords and some do not.
You need to identify all user accounts that do not have expiring passwords.
You need to modify the password property to allow the passwords on these accounts to expire.
You must complete this task by using the minimum amount of administrative effort.
First, you create a saved query to obtain a list of all user accounts that do not have expiring passwords.
What should you do next?
A. Export the query results to a comma-delimited file. Use a CSVDE script to modify the password property of each user account.
B. From the Results pane of the query, select all user accounts and modify their password properties simultaneously.
C. Export the query results to a comma-delimited file. Use an LDIFDE script to modify the password property of each user account.
D. From the Results pane of the query, select each user account and modify the password property, one by one.
Answer: B
QUESTION 28
You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional with default settings.
Some users have portable computers, and the rest have desktop computers.
You need to ensure that all users are authenticated by a domain controller when they log on.
How should you modify the local security policy?
A. Require authentication by a domain controller to unlock the client computer.
B. Cache zero interactive logons.
C. Cache 50 interactive logons.
D. Grant the Log on locally user right to the Users group.
Answer: B
QUESTION 29
You are the network administrator for your company, which employs 1,500 users.
The network consists of a single Active Directory domain. All network servers run Windows Server 2003.
Most client computers run Windows XP Professional, and the rest run Windows NT 4.0 Workstation.
Two terminal servers are available to network users. You install a new application on both terminal servers.
Everyone who uses the new application to create data must save the data directly in a folder on the local hard disk.
You need to ensure that client disk drives are always available when employees connect to the terminal servers.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a client connection object with default settings and deploy the object to each terminal server.
B. Edit the RDP-Tcp properties by selecting the Connect client drives at logon option.
C. Install NetMeeting on all client computers. Configure Remote Desktop Sharing.
D. Install the default Windows 2000 Terminal Server Client software on the Windows NT 4.0 workstations.
E. Install Remote Desktop Connection on the Windows NT 4.0 workstations.
Answer: BE
QUESTION 30
You are the network administrator for your company. Your network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all client computers run Windows 2000 Professional.
You install Windows Server 2003 with default settings on a new computer named Server1.
You install and share several printers on Server1.
You instruct all users to connect to these printers by using the address http://Server1/Printers.
However, users report that they cannot connect to this address.
You need to ensure that all users can connect to the printers by using HTTP.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Publish all shared printers that are installed on Server1.
B. Create a virtual directory named Printers on Server1.
C. Install IIS with default settings on Server1.
D. Reshare all printers on Server1.
E. Install the Internet Printing component of IIS.
F. Type Net Start W3SVC at a command prompt.
Answer: CE Exam C
QUESTION 1
You have a WINS server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to schedule a backup of the WINS database whenever the WINS service stops.
What should you do?
A. Create a scheduled task that runs Wins.exe.
B. Create a scheduled task that runs Netsh.exe.
C. Modify the General options from the WINS snap-in.
D. Schedule a system state backup by using Windows Backup.
Answer: C
QUESTION 2
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
A user named User1 frequently logs on to several different computers.
You need to ensure that the documents and shortcuts User1 stores on his desktop are available on the desktop of each computer he uses.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. From Active Directory Users and Computers, modify the properties of the User1 account.
B. From Active Directory Users and Computers, modify the properties for each computer account used by User1.
C. On a file server, create a shared folder named Profiles and assign the Change share permission to Everyone group.
D. On a file server, create a shared folder named Profiles and assign the Full Control share permission to the Everyone group.
Answer: AD
QUESTION 3
You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack (SP2).
You connect a USB drive to Server1 and copy several files to the USB drive.
You connect the USB drive to Server2.
You receive a message that the drive installed successful and is ready-to-use.
You open Windows Explorer and the USB drive does not appear.
You need to ensure that you can access the files stored on the USB drive. What should you do?
A. From the command prompt, run Convert.exe.
B. From the Disk Management snap-in, change the drive letter.
C. From the Services snap-in, restart the Removable Storage service.
D. From the Device Manager snap-in, scan for a hardware change.
Answer: B
QUESTION 4
You are the network administrator for your company. All network servers run Windows Server 2003. All client computers run Windows XP Professional.
A member server named Server1 is located at a branch office that does not permit the use of Remote Desktop Protocol.
Another administrator uses the Backup utility to create a scheduled backup job on Server1. The backup job performs a normal backup of an application server.
The application server is removed from the network.
You need to use a client computer to remove the backup job from Server1.
You cannot travel to the branch office.
What should you do?
A. Use the RUNAS feature to run the at /delete command as the Server1\Administrator account.
B. Log on by using your Administrator account and run the ntbackup /D command.
C. Log on by using your Administrator account and run the schtasks /delete command.
D. Use the RUNAS feature to run the taskkill command as the Server1\Administrator account.
Answer: C QUESTION 5
You have a stand-alone server that runs Windows Server 2003 Service Pack 2 (SP2).
You attempt to log on to the server by using the Administrator account and receive the following error
message.
You need to log on to the server by using the Administrator account. What should you do first?
A. Restart the server in Safe mode.
B. Restart the server by using the Last Known Good Configuration option.
C. Log on to another stand-alone server as an Administrator.
D. Log on to the server by using an account that is a member of the Power Users group.
Answer: A
QUESTION 6
You are the network administrator for your company. All network servers run Windows Server 2003.
A member server named Server1 hosts several hundred folders, which are located on multiple volumes on the server.
A backup job on Server1 is configured to run a normal backup of the folders every Saturday at 1:00 A.M.
On Wednesday morning, you discover that you need to install a new application on Server1 before the close of business that day.
You need to back up all folders on Server1 as quickly as possible so you can install the new application.
What should you do?
A. Create a new backup job that specifies the folders and runs once only.
B. Run the existing backup job.
C. Enable Volume Shadow Copy for the volumes that contain the folders.
D. Create an Automated System Recovery (ASR) set.
Answer: B
QUESTION 7
Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003.
You install an application that requires a user account enabled for constrained delegation. You create the required user account.
When you attempt to configure constrained delegation, you discover that the Delegation tab does not appear in the user account properties.
You need to ensure that the Delegation tab appears in the user account properties.
What should you do?
A. Raise the forest functional level.
B. Add the user account to the Domain Admins group.
C. Register a service principal name (SPN) for the user account.
D. Select the Trust this computer for delegation to specified services only option on all domain controllers.
Answer: C
QUESTION 8
You have a server named Server1. You install Windows Server Update Services (WSUS) 3.0 on Server1. You configure Server1 to download all updates from Microsoft Update.
Two weeks later, you notice that Server1 has not downloaded all updates.
You need to ensure that Server1 downloads all updates.
What should you do?
A. From the command prompt, run WSUSUTIL /Reset.
B. From the command prompt, run wuauclt.exe /detectnow.
C. From IIS Manager, right-click WSUSPOOL, and then click Recycle.
D. From the Update Services console, configure Server1 to use SSL when it synchronizes update information.
Answer: QUESTION 9
You are the network administrator for your company. The network consists of a single Active Directory domain.
All network servers run Windows Server 2003.
The domain contains three domain controllers: DC1, DC2, and DC3. Each one hosts user data.
DC1 experiences hard disk failure.
You need to temporarily restore the user data to DC2.
Which type of restoration should you perform?
A. Automated System Recovery (ASR)
B. normal
C. primary
D. authoritative
Answer: B
QUESTION 10
You are the network administrator for your company. Your network consists of a single Active Directory domain.
All network servers run Windows Server 2003.
Each domain controller contains one disk that is configured with both the system partition and the boot
partition.
Every day, you use custom software to perform a full backup of user profiles and user data.
The custom backup software provides a bootable floppy disk that includes the drivers for the backup media.
Every Sunday, you run the Automated System Recovery (ASR) wizard on your domain controllers in
conjunction with removable backup media.
Data is backed up in a file named Backup1.bkf. One Monday morning, you install a new application on a
domain controller named DC1.
When you restart DC1, you receive the following error message: "NTLDR is missing. Press any key to restart."
You need to bring DC1 back online as quickly as possible. What should you do?
A. Restart DC1 by using the installation CD-ROM. Reinstall the operating system and restore the contents of the latest full backup by using the Restore wizard. Restart DC1.
B. Restart DC1 by using the installation CD-ROM. Restore the contents of Backup1.bkf by using the ASR disk. Restart DC1.
C. Restart DC1 by using the bootable floppy disk. Copy the contents of Backup1.bkf from the backup media to C:\winnt. Restart DC1.
D. Restart DC1 by using the bootable floppy disk. Copy the contents of the ASR disk to C:\. Restart DC1.
Answer: B
QUESTION 11
You have a file server named Server1 that runs Windows Server 2003 Service Pack (SP2).
Server1 has a 10-gigabit network adapter and is connected to a 100-Mb switch.
You replace the 100-Mb switch by using a 1-GB switch.
You discover that copying files to Server1 over the network is slow.
You need to reduce the amount of time it takes to copy files to Server1 over the network. Which connection type should you specify for the network adapter?
A. 1-gigabit half-duplex
B. 1-gigabit full-duplex
C. 10-gigabit half-duplex
D. 10-gigabit full-duplex
Answer: B
QUESTION 12
You have a print server named Server1 that runs Windows Server 2003 Service Pack (SP2).
Server1 is configured as shown in the following table.
All the hard disks are 136 GB and are connected to a SCSI controller.
You need to identify which disk configuration will provide the best performance for printing. Which disk configuration should you implement?
A. one RAID-0 volume
B. one RAID-1 volume
C. one RAID-5 volume
D. two RAID-1 volumes
Answer: A
QUESTION 13
You are the domain administrator for your company's Active Directory domain. All domain controllers run Windows Server 2003.
The network consists of 10 offices located across South America.
The organizational unit (OU) structure consists of one top-level OU for each branch office.
Each top-level OU contains eight or more child OUs, one for each department.
User accounts are located in the appropriate departmental OU within the appropriate office OU.
For security purposes, you routinely disable user accounts for terminated employees.
As part of an internal audit, you need to create a list of all disabled user accounts.
You need to generate the list of disabled user accounts as quickly as possible.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. In Active Directory Users and Computers, create a new saved query.
B. Run the dsget user command.
C. Run the dsquery user command.
D. Run the netsh command.
Answer: AD QUESTION 14
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
You place computer accounts for servers in organizational units (OUs) that are organized by server roles.
You apply Group Policy objects (GPOs) to these servers at the OU level.
You need to add a new server to the domain.
You need to ensure that the appropriate GPOs are applied to this server.
What should you do?
A. Prestage a domain computer account for the new server in the appropriate OU. Join the server to the domain by using the prestaged computer account.
B. On the new server, add the domain name for the Active Directory domain to the DNS suffix setting. Join the server to the domain.
C. Assign a user account the Allow -Create permission for the appropriate OU. Join the new server to the domain by using the user account.
D. Join the new server to the Active Directory domain. On the new server, run the gpupdate /force command.
Answer: A
QUESTION 15
You are the administrator of a Windows Server 2003 computer named Server1.
Server1 stops responding several times. Each time, the following stop error message is displayed:
"0x000000D1 (0x0000000c, 0x00000002, 0x00000000, 0xf27b4e8e) IRQL_NOT_LESS_OR_EQUAL."
You suspect that a hardware component is causing the problem, and you contact the vendor.
The vendor requires debugging information.
You need to configure Server1 to generate a file that contains relevant information for the vendor. What should you do?
A. Configure Server1 to perform a memory dump.
B. Add the /debug option to the Boot.ini file on Server1.
C. Enable Physical Addressing Extensions on Server1.
D. Install the Recovery Console on Server1.
Answer: A
QUESTION 16
You are the administrator of a Windows Server 2003 computer named Server1.
Newly hired employees recently started storing files on Server1.
Now users report that Server1 is responding much slower than it did before the additional users were added.
You suspect the disk subsystem needs to be upgraded to accommodate the additional user load.
You need to confirm whether the disk subsystem on Server1 needs to be upgraded.
What should you do?
A. Configure a Performance Logs and Alerts alert on the %Free Space counter.
B. Use Device Manager to populate volume settings and examine the properties of the disk drives on Server1
C. Use Event Viewer to examine the system logs and search the system logs for events generated by the disk eve source.
D. Use System Monitor to monitor counters based on the PhysicalDisk object.
Answer: D
QUESTION 17
You are the administrator of a Windows Server 2003 computer named Server1.
The hardware vendor for Server1 notifies you that a critical hotfix is available.
This hotfix is required for all models of this computer that have a certain network interface card.
You need to find out if the network interface card that requires the hotfix is installed in Server1.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Open Network Connections, and then examine the properties of each connection that is listed.
B. Open the Component Services snap-in, expand Computers, expand My Computer, and then examine the list.
C. Run the netsh interface command, and then examine the list.
D. Open Device Manager, expand Network adapters, and then examine the list.
Answer: AD
QUESTION 18
You are the network administrator for your company. The network consists of a single Active Directory domain.
All network servers run Windows Server 2003.
Half of the client computers run Windows XP Professional, and the other half run Windows NT 4.0 Workstation.
You install Terminal Server on five member servers named Server1 through Server5.
You place all five terminal servers in an organizational unit (OU) named Terminal Server.
You link a Group Policy object (GPO) to theTerminal Server OU.
Two days later, users notify you that the performance of Server4 is unacceptably slow.
You discover that Server4 has 75 disconnected Terminal Server sessions.
You need to configure all five terminal servers to end disconnected sessions after 15 minutes of inactivity.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Log on to the console of each terminal server. In the RDP-Tcp connection properties, set the End a disconnected
B. Edit the GPO to set the time limit for disconnected sessions to 15 minutes.
C. On Server1, run the tsdiscon command to disconnect all 75 users from Server4.
D. In Active Directory Users and Computers, set the End a disconnected session option for all domain user account
Answer: B
QUESTION 19
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 runs a custom application. Server1 is configured as shown in the following table.
You need to monitor disk activity related to the application only. What should you do?
A. Create a counter log to capture performance data for physical disk 1.
B. Create a counter log to capture the performance data for logical disk D:.
C. Create a trace log to capture events logged by the File details system provider.
D. Create a trace log to capture events logged by the Disk input/output system provider.
Answer: B
QUESTION 20
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
You back up the shared folders on the servers by using the following schedule:
-Full backup at 01:00 every Sunday
-Incremental backup at 01:00 every Monday to Friday
On a Wednesday afternoon, the hard disk drive that contains the shared folders fails.
You need to restore the latest version of all files in the shared folders. The solution must use as few backup tapes as possible.
What should you restore?
A. the files from the full backup
B. the files from the full backup and from the Monday, Tuesday, and Wednesday backups
C. the files from the full backup and from the Wednesday backup
D. the files from the Wednesday backup
Answer: B
QUESTION 21
Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 is configured as shown in the following table.
Disk1 fails. You remove Disk1 from the computer and install Disk4.
You open the Disk Management snap in and discover that the status of Disk1 is Missing.
You bring Disk4 online as a dynamic disk. Disk4 has no volume on it.
You need to add Disk4 to the RAID 5 volume for drive C.
What should you do from the Disk Management snap in?
A. From the Action menu, select Rescan disks.
B. Right click on Disk4 and create a spanned volume.
C. Right click on Disk2 and then click Repair Volume.
D. Right click on Disk1 and then click Reactivate Disk.
Answer: C
QUESTION 22
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 experiences a power failure and shuts down unexpectedly.
You start the server and receive the following error message; NTLDR is missing. Press Ctrl+Alt+Del to restart.
You need to ensure that you can run Windows Server 2003 on Server1.
What should you do first?
A. Start Server1 and press F8.
B. Start Server1 by using the Windows Server 2003 SP2 installation media and access the Recovery Console.
C. Create a MS DOS startup disk. Start Server1 from the MS DOS startup disk.
D. Create an Automated System Recovery (ASR) floppy disk from a different Windows Server 2003 SP2 server. Start Server1 from the ASR floppy disk.
Answer: B QUESTION 23
Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 is configured as shown in the following table.
Disk1 fails. You remove Disk1 from the computer and replace it with a 250 GB basic disk named Disk2.
You open the Disk Management snap in and remove Disk1 from the mirrored volume. You are unable to add
Disk2 to the mirrored volume.
You need to ensure that you can add Disk2 to the mirrored volume for drive C.
What should you do?
A. Convert Disk2 to a dynamic disk.
B. On Disk2, create a 160 GB simple volume.
C. From the Action menu, select Rescan disks.
D. Replace Disk2 with another disk that is the same size as Disk0.
Answer: A
QUESTION 24
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
You back up the files on the server by using the following schedule:
-Full backup every Sunday
-Differential backup at 01:00 every Monday to Friday
You want to restore the version of a file stored on the server at the start of the business day on Wednesday.
You are unsure when the file was last modified.
You need to restore the appropriate version of the file by using the minimum number of tapes.
Which backup jobs should you review to locate the correct version of the file?
A. the differential backup from Tuesday
B. the differential backup from Wednesday and then the full backup from Sunday
C. the full backup from Sunday
D. the full backup from Sunday and then all other backups
Answer: B
QUESTION 25
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2).
The domain contains two domain controllers named DC1 and DC2.
DC1 is located in Montreal and DC2 is located in Seattle.
Each domain controller has a dedicated hard disk that contains only the Active Directory database and log files.
Each night, you back up the system state on all domain controllers.
On DC2, the hard disk that contains Active Directory fails.
You replace the failed hard disk on DC2.
You need to restore domain controller functionality on DC2. The solution must minimize replication traffic
between Montreal and Seattle.
What should you do on DC2?
A. Uninstall Active Directory and then reinstall Active Directory.
B. Start by using the Last Known Good Configuration.
C. Start in Directory Services Restore Mode and restore the NTDS.dit file.
D. Start in Directory Services Restore Mode and restore the system state.
Answer: D
QUESTION 26
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
On Server1, you have the following backup schedule: Normal backups every Saturday at 01:00
Differential backups every weekday at 02:00, except on Saturday
You need to perform a complete manual backup of Server1 on Tuesday. The backup must not change which files are backed up during the next scheduled backup.
Which type of backup should you perform?
A. copy
B. daily
C. incremental
D. normal
Answer: A
QUESTION 27
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack 2 (SP2).
Your organization has a storage area network (SAN). All shared folders on file servers are stored on the SAN.
The Change permission for all shared folders is assigned to Domain Users.
Different NTFS permissions are also applied to the shared folders.
You perform a daily full backup of all the files stored in the shared folders.
A file server fails and requires several hours to repair.
You need to provide users access to the shared folders that were on the failed file server as quickly as possible. Existing permissions must be retained for all files.
What should you do?
A. Attach an existing file server to the SAN storage locations. Configure the shared folders on the server.
B. Attach an existing file server to the SAN storage locations. Configure NTFS permissions for the folders.
C. On an existing file server, restore the data from the tape backup. Configure NTFS permissions for the folders.
D. On an existing file server, restore the data from the tape backup. Configure the shared folders on the server.
Answer: A QUESTION 28
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 has a scheduled task that runs Ntbackup.exe every night.
The scheduled task is configured to run by a user named BackupUser.
BackupUser is a member of the local Backup Operators group.
You apply a custom security template that modifies the user rights on Server1.
You discover that the scheduled backup job does not work anymore.
You use the Local Security Settings console to view the current user rights assignments. The relevant output
from the console is shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the scheduled backup job executes successfully on Server1.
Which user right should you assign to BackupUser?
Exhibit:
A. Allow log on locally.
B. Log on as a service.
C. Log on as a batch job.
D. Act as part of the operating system.
Answer: C
QUESTION 29
You have a DNS server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 is a stand alone server.
You perform a full backup of Server1 every day.
A DNS zone on Server1 is deleted by using the DNS snap in.
You need to restore the DNS zone on Server1.
What should you do?
A. Restore the system state data.
B. Restore all files in the %systemroot%\DNS folder.
C. Restore all files in the %systemroot%\System32\drivers\etc folder.
D. Copy all files from the %systemroot%\DNS\Backup folder to the %systemroot%\DNS folder.
Answer: A
QUESTION 30
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack 2 (SP2).
A server hard disk drive fails. You replace and configure the hard disk drive and use Windows Backup to start a data restore.
When you start the restore, you receive the following error message.
You need to restore the data on the server. The solution must create the same directory structure that existed before the disk failure.
What should you do?
A. Catalog the backup file.
B. Restore the backup to a single folder.
C. Restore the files to the original location.
D. Restore the backup to an alternate location.
Answer: D Exam D
QUESTION 1
You have a server named Server1 that runs Windows Server 2003 Web Edition Service Pack 2 (SP2).
You create a new virtual directory named App1. App1 contains a Web application.
Users report that when they enter http://app1 in their Web browsers, they are unable to connect to the Web application.
You need to ensure that users can access the Web application when they connect to http://app1.
What should you do?
A. Move the content of the Web application to C:\App1. Change the home directory for App1.
B. Move the content of the Web application to C:\App1. Change the application pool for App1.
C. Remove the App1 virtual directory. Create a new Web site, and then configure the Web site to use port 8080. In DNS, create a Host record for App1.
D. Remove the App1 virtual directory. Create a new Web site, and then configure the Web site to use a host header of App1. In DNS, create a Host record for App1.
Answer: D
QUESTION 2
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 runs a custom application.
Users report that the performance of Server1 has decreased significantly during the last 30 minutes.
You need to identify the current processor and memory usage for each process running on Server1. Which tool should you use?
A. Event Viewer
B. Task Manager
C. Query Process
D. System Configuration Utility
Answer: B
QUESTION 3
You have a standalone server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You install the FTP Server Windows component on Server1.
You create several folders under the Ftproot folder as shown in the exhibit. (Click the Exhibit button.)
A user named User1 connects to ftp://server1 and reports that he can view the Localuser folder and all of its subfolders.
A user named User2 reports the same problem.
You need to ensure that when users connect to ftp://server1, they can only view the content located under their
user folder.
What should you do?
Exhibit:
A. From the properties of the Default FTP Site, change the directory listing style to Unix.
B. From the properties of the Default FTP Site, change the FTP site directory to c:\inetpub\ftproot\localuser.
C. From the properties of each user account, modify the home folder. Remove the Users group from the access control list of c:\inetpub\ftproot.
D. Delete the Default FTP Site. Create a new FTP site. Select the option to isolate users and specify the FTP site directory of c:\inetpub\ftproot.
Answer: D QUESTION 4
Your network consists of a single Active Directory domain.
You install a new backup program. The backup program requires a service account.
You create a service account in the domain.
You need to ensure that the service account can back up all member servers and client computers in the domain.
You must ensure that the service account cannot be used to restore files and folders.
What should you do?
A. Add the service account to the domain Backup Operators group.
B. Add the service account to the Backup Operators group on every server and every client computer.
C. Assign the Back up files and directories user right by using a Group Policy object (GPO).
D. Assign the Impersonate a client after authentication user right by using a Group Policy object (GPO).
Answer: C
QUESTION 5
You have a Web server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You replace the network adapter.
Users report that they are unable to access Server1.
You need to ensure that users can access Server1. What should you do?
A. From Network Connections, configure the Provider Order settings.
B. From Network Connections, configure the Adapters and Bindings settings.
C. From the Local Area Connection properties, configure the Internet Protocol (TCP/IP) settings.
D. From the Local Area Connection properties, configure the File and Printer Sharing for Microsoft Networks settings.
Answer: C
QUESTION 6
Your network contains two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2
(SP2).
Server1 has a folder named Home. Home has a home folder for each user.
Permissions for each home folder allow users to access only their own home folders.
You need to copy the Home folder from Server1 to Server2.
All file and folder permissions configured on Server1 must be retained.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A.On Server2, use Xcopy to copy the Home folder from Server1.
B.On Server2, use Windows Explorer to copy the Home folder from Server1.
C.On Server1, run Xcacls. On Server1, use Copy to copy the Home folder to Server2 and then run Xcacls.
D.On Server1, use Windows Backup to back up the Home folder. On Server2, use Windows Backup to restore
the Home folder.
Answer: D
QUESTION 7
You are a network administrator for your company. The network contains a Windows Server 2003 file server named Server1.
There are eight SCSI hard disk drives installed on Server1.
Disk 0 hosts the volume that contains the operating system.
You must review the disk configurations of Server1 and identify which of the disks can fail at the same time but leaving the server fully operational after a restart.
Click the Active Exhibit button to view a simulation of Server1. After viewing the exhibit, click the Close Simulation button to return to this screen to answer the question.
Which of the disks can fail at the same time but leave the server fully operational after a restart?
A. Disks 0, 1, and 2 can fail at the same time.
B. Disks 0, 1, and 4 can fail at the same time.
C. Disks 0 and 5 can fail at the same time.
D. Disks 6 and 7 can fail at the same time.
Answer: D
QUESTION 8
You have a Web server named Server1 that runs Windows Server 2003 Web Edition Service Pack 2 (SP2).
Server1 contains a Web site named Intranet.
You notice that you can open the Intranet Web site as a Web folder.
You need prevent all users from opening the Intranet Web site as a Web folder. What should you do?
A. Disable the Index this resource option.
B. Disable the Directory browsing option.
C. Disable the Enable HTTP Keep Alives option.
D. Disable the Enable default content page option.
Answer: B
QUESTION 9
You have a server named Server1 that runs Windows Server 2003 Standard Edition Service Pack 2 (SP2).
Server1 contains 4 GB of RAM and four processors.
Users report that Server1 is slow.
You run a performance report. The report displays the results shown in the following table.
You need to improve the performance of Server1. What should you do?
A. Add 2 GB of RAM and enable hyper threading.
B. Add 2 GB of RAM and upgrade to Windows Server 2003 Enterprise Edition.
C. Add two processors and enable hyper threading.
D. Add two processors and upgrade to Windows Server 2003 Enterprise Edition.
Answer: D
QUESTION 10
You have a VPN server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to monitor the performance of the VPN server for one day.
What should you do?
A. From the Performance console, create a trace log.
B. From the Performance console, create a counter log.
C. Install Network Monitor Tools. From Network Monitor create a new capture.
D. Install Network Monitor Tools. From Network Monitor create a new parser file.
Answer: B
QUESTION 11
You have a print server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to receive a notification each time a document fails to print.
What should you do?
A. From the Performance console, create an alert.
B. From the Event Viewer console, create a new filter.
C. From the Printer Server properties, modify the Advanced settings.
D. From the Services console, enable and configure the Messenger service.
Answer: A
QUESTION 12
You have a file server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to track the amount of disk space used by each user on the server.
What should you do?
A. From Performance console, create a counter log.
B. From the properties of each volume, enable quotas.
C. From the Event Viewer console, create a new log view.
D. From the Local Security Policy, enable auditing for object access.
Answer: B
QUESTION 13
You have a Web server named Server1 that runs Windows Server 2003 Web Edition Service Pack 2 (SP2).
Server1 has 2 GB of RAM, two processors, and two physical disks.
Volume C: is located on the first disk and has a total capacity of 80 GB.
Volume D: is located on the second disk and has a total capacity of 500 GB.
Server1 hosts a single Web site.
Volume C: contains all Web site content.
The Web site is configured to use the DefaultAppPool application pool.
Users report that the Web site is slow to load.
You run a performance report on Server1 and receive the results shown in the following table.
You need to improve the performance of the Web site. What should you do?
A. Install more RAM.
B. Install an additional processor.
C. Move the Web site content.
D. Create a new application pool.
Answer: C
QUESTION 14
You have a Web server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 hosts two Web sites named App1 and App2.
Each Web site is configured to use a unique IP address.
You notice that when App1 fails, App2 also fails.
You need to ensure that if App1 fails, App2 continues to be available.
What should you do?
A. Add another worker process to the DefaultAppPool.
B. In the DefaultAppPool, enable CPU monitoring.
C. In the DefaultAppPool, configure the identity to use the IWAM_Server1 account.
D. Create a new application pool, and then configure App2 to use the new application pool.
Answer: D
QUESTION 15
You have a Web server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 hosts one Web site.
You create a second Web site that hosts a third party Web application named App1.
The vendor of the third party application states that the application does not support host headers.
You need to ensure that users can access both Web sites. What should you do?
A. Enable WebDAV.
B. Enable Server Side Includes.
C. Configure both Web sites to use different IP addresses.
D. Configure both Web sites to use different application pools.
Answer: C
QUESTION 16
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
You create an Automated System Recovery (ASR) backup of the server.
You restart the server and receive a critical error.
You need to restore the server by using ASR.
What should you do first?
A. Start the computer by using Safe mode.
B. Start the server by using the ASR floppy disk.
C. Start the computer by using the Last Known Good Configuration option.
D. Start the server by using the Windows Server 2003 SP2 installation media.
Answer: D
QUESTION 17
You have a domain controller named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You start Server1 in Directory Services Restore Mode and attempt to log on by using the username administrator and a password of Pa$$w0rd.
The logon attempt fails. You restart Server1 normally and successfully log on to the server by using the username administrator and a password of Pa$$w0rd.
You need to ensure that you can log on to Server1 in Directory Services Restore Mode. What should you do?
A. From ntdsutil.exe, run Set DSRM Password.
B. From ntdsutil.exe, run Security account management.
C. From Active Directory Users and Computers, select the Account is trusted for delegation option for the Administrator account.
D. From Active Directory Users and Computers, select the Store password using reversible encryption option for the Administrator account.
Answer: A
QUESTION 18
You have a Web server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 hosts 100 Web sites. Each Web site uses a different application pool.
You need to limit the network bandwidth for one of the Web sites. What should you do?
A. From Internet Information Services (IIS) Manager, modify the properties of the Web site.
B. From the Properties of the Local Area Connection, install QoS Packet Scheduler. From the Local Security Policy, configure the QoS Packet Scheduler settings.
C. From the Local Security Policy, enable auditing for Object Access. From the System Properties, modify the Performance settings.
D. From the Properties of the Local Area Connection, enable and configure Network Load Balancing.
Answer: A
QUESTION 19
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Shadow Copies is enabled for all volumes by using the default settings.
Server1 is configured as shown in the following table.
You need to provide at least 10 GB of free space on volume D. You must achieve this goal without moving the contents of the shared folders.
What should you do?
A. Modify the Disk Quota settings.
B. Modify the virtual memory setting.
C. Modify the Shadow Copies settings.
D. Modify the Caching settings for all shared folders.
Answer: C
QUESTION 20
You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server is configured as shown in the following table.
You need to ensure that you can restore the server and all its data in the event of a complete system failure.
You perform an Automated System Recovery (ASR) backup.
What else should you backup?
A. volume C
B. volume D
C. volume E
D. the system state
Answer: C
QUESTION 21
Your network consists of a single Active Directory domain.
You have two file servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2).
Both servers have a shared folder named Data.
You have a computer named Computer1 that runs Windows XP Professional Service Pack 3 (SP3).
From Computer1, you view the properties of \\server1\data and discover a Previous Versions tab.
From Computer1, you view the properties of \\server2\data and discover that the Previous Versions tab is
missing.
You need to ensure that you can access previous versions of files from \\server2\data.
What should you do?
A. On Server2, enable Shadow Copies for all volumes.
B. On Server2, create an Automated System Recovery (ASR) backup.
C. Assign your user account the Full Control share permission to \\server2\data.
D. On the Customize tab in the \\server2\data properties, click Restore Default.
Answer: A
QUESTION 22
You have a server named Server1 that is located in a remote office. Server1 runs Windows Server 2003 Service Pack 2 (SP2).
You need to view the current processor activity on Server1 remotely. What should you do?
A. From Event Viewer, connect to Server1.
B. From the System Monitor snap in, add a counter.
C. From the Performance Logs and Alerts snap in, create a new trace log.
D. Install Network Monitor Tools and create a new capture.
Answer: B
QUESTION 23
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
The server contains one volume.
You install Certificate Services.
You need to back up the Certificates Services database by using the minimum amount of storage space.
Which tool should you use?
A. Certification Authority snap in
B. Certificates snap in
C. Certificate Templates snap in
D. Windows Backup
Answer: A QUESTION 24
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
The server contains one volume that has 60 GB of used space.
You create an Automated System Recovery (ASR) backup.
You lose the ASR floppy disk. You need to create an ASR floppy disk for the server.
You must achieve this goal in the minimum amount of time.
You insert a formatted floppy disk into the server. What should you do next?
A. From Windows Backup, run the ASR Wizard.
B. From Windows Backup, back up the system state to floppy disk.
C. From the %systemroot%\repair folder, copy asr.sif, asrpnp.sif, and setup.log to the floppy disk.
D. From the %systemroot%\inf folder, copy windows.adm, asroc.inf, and asroc.pnf to the floppy disk.
Answer: C
QUESTION 25
Your network consists of an Active Directory domain named contoso.com.
You have a domain controller named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
From Windows Backup, you run the Backup Wizard and select the All information on this computer option.
You need to restore the data contained in the Netlogon share on Server1.
You must achieve this goal by incurring the minimum amount of downtime.
What should you restore?
A. system state
B. %programfiles%\common files\microsoft shared folder
C. %systemroot%\ntds folder
D. %systemroot%\sysvol\sysvol\contoso.com\scripts folder
Answer: D QUESTION 26
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You enable Shadow Copies on all drives by using the default options.
You run a full backup every Monday at 02:00.
You run an incremental backup every day at 02:00, except on Monday.
On Thursday at 14:00, a user reports that he accidentally deleted a file named File1.doc in a shared folder
named \\Server1\Data\.
The user reports that the file was last updated at 09:00 on Thursday.
You need to restore the latest version of File1.doc. What should you restore?
A. the file by using the Previous Versions Client
B. the file from the full backup performed on Monday
C. the file from the incremental backup performed on Thursday
D. the user's computer by using Automated System Recovery (ASR)
Answer: A
QUESTION 27
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2).
You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA).
You perform a complete backup of Server1 that includes the system state. Server1 fails.
You install a new server named Server1.
You need to recover the enterprise root CA.
What should you do?
A. Restore the system state backup.
B. Restore the %systemroot%\system32\certsrv folder.
C. From the Certificates snap in, import the enterprise root CA certificate.
D. From the Certificates snap in, import the enterprise root CA certificate revocation list (CRL).
Answer: A
QUESTION 28
You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2).
Server1 is configured as a DHCP server.
You plan to decommission the DHCP service on Server1.
You need to move the DHCP server configuration to Server2.
The configuration must include all configured scopes, leases, and DHCP options.
What should you do first?
A. From the DHCP snap in, export list.
B. From the DHCP snap in, back up the server.
C. From Windows Explorer, copy the %systemroot%\System32\Dhcp\DHCP.mdb file.
D. From Windows Explorer, copy the %systemroot%\System32\Dhcp\backup\dhcpcfg file.
Answer: B
QUESTION 29
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 is configured as an enterprise root certification authority (CA).
You need to back up the CA's database and log files.
You must achieve this goal by using the minimum amount of disk space.
What should you run?
A. Certreq.exe by using the -new parameter
B. Certutil.exe by using the -backup parameter
C. Cipher.exe by using the /k parameter
D. Ntbackup.exe by using the systemstate parameter
Answer: B QUESTION 30
You have a print server that runs Windows Server 2003 Service Pack 2 (SP2).
Users report that print jobs are not printing. Users also report that they do not receive any error messages.
You notice a large number of jobs in the print queue. You attempt to delete some jobs from the queue and notice that the jobs remain in the queue.
You need to ensure that users can print successfully. What should you do?
A. Restart the Print Spooler service.
B. Pause the printer, and then restart the printer.
C. Take ownership of the printer, and then delete the print jobs.
D. Assign the Manage Documents permission to the users connected to the printer.
Answer: A Exam E
QUESTION 1
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
All client computers run Windows XP Professional Service Pack 3 (SP3). You have a user account named User1.
You need to identify which permissions User1 has on a file. What should you do?
A. At a command prompt, run Net file.
B. At a command prompt, run Attrib.exe.
C. From the file properties, view the Summary settings.
D. From the file properties, view the Advanced Security settings.
Answer: D
QUESTION 2
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2).
The primary group for all users is Domain Users.
You share a folder named Data.
The shared folder is located on a server named Server1.
A user in the Research group named User1 reports that she cannot access files in the Data shared folder.
You verify that User1 is not listed in the access control list of the shared folder.
You examine the properties of the User1 account.
The properties are shown in the exhibit. (Click the Exhibit button.)
Other members of the Research group can add and modify files in the Data shared folder. You need to ensure
that User1 can access files in the Data shared folder.
What should you do?
Exhibit:
A. Remove User1 from the IT group.
B. Assign the Change permission to User1.
C. Remove User1 from the Domain Users group.
D. Add User1 to the Server Operators group on Server1.
Answer: A
QUESTION 3
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
You assign NTFS permissions to a folder on a file server as shown in the following table.
You share the folder and assign the Change permission to the Everyone group.
A user named User1 is a member of Group1, Group2, and Group3.
You need to identify the least restrictive NTFS permission that User1 has when he accesses the folder over the network.
Which permission should you identify?
A. Full Control
B. Modify
C. Read
D. Write
Answer: B
QUESTION 4
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003
Service Pack 2 (SP2).
The domain includes two global groups named ResearchManagers and ResearchUsers.
You create a share named ResearchData.
On the ResearchData share, you assign the Change permission to ResearchUsers and ResearchManagers.
The ResearchData folder contains a file named ResearchConfidential.rtf.
The permissions for ResearchConfidential.rtf are configured as shown in the exhibit. (Click the Exhibit button.) Members of ResearchUsers report that when they try to open ResearchConfidential.rtf, they receive an access denied message.
Users report that they can add and modify other files in ResearchData.
You need to ensure that ResearchUsers members can open ResearchConfidential.rtf.
The solution must prevent ResearchUsers members from modifying the file.
What should you do?
Exhibit:
A. On ResearchData, enable permission inheritance.
B. On ResearchConfidential.rtf, enable permission inheritance.
C. On ResearchData, assign the Read permission to ResearchUsers.
D. On ResearchConfidential.rtf, assign the Read permission to ResearchUsers.
Answer: D
QUESTION 5
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack 2 (SP2).
You share a folder named Research. A user named User1 reports that he cannot access files in the Research share.
You confirm that the Domain Users group is granted the Change permission for the Research share.
You run the Cacls command as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that User1 can modify files in the Research share. You must prevent User1 from modifying
permissions for the Research folder.
To which group should you add User1?
Exhibit:
A. Administrators
B. IT
C. Research
D. ResearchManagers
Answer: D
QUESTION 6
Your network consists of a single Active Directory domain. You have 10 Web servers run Windows Server 2003 Service Pack 2 (SP2).
You need to archive all of the application event logs for all the Web servers.
The archived logs must contain all information from the original logs. What should you do?
A. Connect to each Web Server by using Event Viewer. Save the Application logs as the CSV file type.
B. Connect to each Web Server by using Event Viewer. Save the Application logs as the Event Log file type.
C. On each Web server, open the Security Configuration and Analysis snap in, analyze the computer, and then export the settings.
D. Run Security Configuration Wizard for each Web Server. Save the data to an .inf file.
Answer: B QUESTION 7
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
You enable auditing for failed logon attempts on all domain controllers. You need to ensure that a record of failed logon attempts is retained for 90 days on all domain controllers.
What should you do?
A. From the Security Templates snap in, open the hisecdc template. Modify the Retain System Log setting.
B. From the Security Templates snap in, open the securedc template. Modify the Retain Security Log setting.
C. Open the Default Domain Policy. Modify the Retain System Log setting.
D. Open the Default Domain Controller Policy. Modify the Retain Security Log setting.
Answer: D
QUESTION 8
You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server has one hard disk that contains one volume.
You need to receive a notification when the volume has less than 15 percent free disk space.
What should you do?
A. Configure a Trace Log by using the File details system provider.
B. Configure a Trace Log by using the Disk input/output system provider.
C. Configure an Alert by using a counter from the Logical Disk performance object.
D. Configure an Alert by using a counter from the Physical Disk performance object.
Answer: C
QUESTION 9
You manage a software update infrastructure by using Windows Server Update Services (WSUS) 3.0.
All client computers run Windows XP Professional Service Pack 3 (SP3).
The client computers receive Automatic Updates from the WSUS server, and they are configured to install Automatic Updates immediately.
From the Update Services console, you approve a required security update for all client computers.
You need to force a client computer to apply the required security update as soon as possible.
Which tool should you use?
A. Secedit
B. Wuauclt
C. Wsusutil
D. Gpupdate
Answer: B
QUESTION 10
Your network consists of a single Active Directory domain. The domain includes a group named SalesUsers.
You have a file server that runs Windows Server 2003 Service Pack 2 (SP2).
The server has a folder named CorpData. You share the CorpData folder and assign the Domain Users group the Full Control share permission.
In the CorpData folder, you create a folder named Sales.
You need to configure security for the Sales folder to meet the following requirements:
��Members of the SalesUsers group must be able to read, create, and modify all files and folders.
All other users must be able to view items in the folder.
What should you do?
A. On the Sales folder, block permission inheritance and remove permissions. Assign the Allow Modify permission to the SalesUsers group.
B. On the Sales folder, block permission inheritance and copy permissions. On the Sales folder, assign the Allow Modify permission to the SalesUsers group.
C. On the CorpData share, change the share permission for Domain Users to Read. On the Sales folder, assign the Allow Modify permissions to the SalesUsers group.
D. On the CorpData folder, block permission inheritance and remove permissions. In the Sales folder, assign the Allow Modify permissions to the SalesUsers group.
Answer: B
QUESTION 11
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2). All client computers run Windows XP Service Pack 3 (SP3).
You install and configure Microsoft Windows Server Update Services (WSUS) 3.0 on a member server named Server1.
You create a new Group Policy Object named GPO1 that enables automatic updating.
You link GPO1 to the domain.
You need to ensure that each client computer obtains software updates from Server1.
What should you do?
A. On each client computer, run Gpupdate /Force.
B. On each client computer, run wuauclt /detectnow.
C. From GPO1, configure the Enable client side targeting setting.
D. From GPO1, configure the Specify intranet Microsoft update service location setting.
Answer: D
QUESTION 12
Your company has a main office and a branch office. In the main office, you have a server named Server1 that
runs Windows Server Update Services (WSUS) 3.0.
Server1 is the only WSUS server in the company.
You plan to deploy WSUS 3.0 on a server named Server2 in the branch office.
You need to configure WSUS on Server2 to meet the following requirements:
-Receive update approvals from Server1.
-Prevent the modification of update approvals on Server2.
-Allow administrators to monitor updates, monitor computer status, and configure a synchronization schedule
on Server2.
How should you configure Server2?
A. to use a proxy server
B. as a replica of Server1
C. as a stand alone WSUS 3.0 server
D. as an autonomous downstream server
Answer: B
QUESTION 13
Your network consists of a single Active Directory domain.
You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2).
Server1 is the site license server for the Default First Site Name site.
You need to configure Server2 to be the site license server.
What should you do?
A. From the Licensing console on Server1, modify the Products View configuration.
B. From the Licensing Control Panel applet on Server2, modify the Replication configuration.
C. From the Active Directory Sites and Services console, modify the Licensing Site Settings.
D. From the Active Directory Users and Computers console, modify the AdminSDHolder object.
Answer: C
QUESTION 14
You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2).
Both servers have Remote Desktop enabled.
You log on to the console of Server1 and begin to defragment the C: volume.
You log on to Server2.
From Server2, you need to view the status of the defragment job on Server1.
What should you do?
A. Run defrag.exe \\server1\c$ a.
B. Run mstsc.exe /server:Server1.
C. Run compmgmt.msc, and then connect to Server1.
D. Run mstsc.exe /console, and then connect to Server1.
Answer: D
QUESTION 15
You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2).
Both servers have Remote Desktop disabled. A user named User1 logs on to Server1 locally.
You log on to Server2 locally.
You need to log User1 off Server1 remotely. You must achieve this goal without restarting Server1.
Which tool should you use on Server2?
A. net.exe
B. logoff.exe
C. taskmgr.exe
D. compmgmt.msc
Answer: D
QUESTION 16
Your network consists of a single Active Directory domain.
The domain contains 13 member servers.
The member servers run Windows Server 2003 Service Pack 2 (SP2).
The computer accounts for all member servers are located in an organizational unit (OU) named Servers.
You need to prevent remote desktop connections to the member servers.
What should you do?
A. On each server, remove all users from the Remote Desktop Users group.
B. On each server, run the Terminal Services Configuration console. From the RDP TCP connection permissions properties, set the Full Control permission for the Remote Desktop Users group to deny.
C. Use a Group Policy Object (GPO) to disable the Allow users to connect remotely using Terminal Services setting.
D. Use a Group Policy Object (GPO) to configure the Sets rules for remote control of Terminal Services user sessions setting to No Remote Control.
Answer: C
QUESTION 17
Your network consists of a single Active Directory domain that contains two domain controllers.
Both domain controllers run Windows Server 2003 Service Pack 2 (SP2).
Auditing of successful account logon events is enabled on all computers in the domain.
You need to identify the last time a specific user logged on to the domain.
What should you do?
A. Examine the System Event Log on the user's computer.
B. Examine the System Event Log on both domain controllers.
C. Examine the Security Event Log on both domain controllers.
D. Examine the Application Event Log on the user's computer.
Answer: C
QUESTION 18
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 hosts an ordering application that connects to a database cluster.
A number of client computers are shared between employees.
You need to implement a licensing solution that meets the following requirements:
-Server1 must allow unlimited concurrent connections.
-Client access license requirements must be minimized.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure a license group for each shared computer.
B. Configure a local security group for each shared computer.
C. Configure Server1 to support Per Server licensing mode.
D. Configure Server1 to support either Per Device or Per User licensing mode.
Answer: AD QUESTION 19
Your network contains a single Active Directory domain.
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Users store all of their files in their My Documents folders.
You need to move each user's My Document folder to Server1.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Configure Folder Redirection by using a Group Policy object (GPO).
B. Configure the shared folder settings by using a Group Policy object (GPO).
C. From the properties of each user account, assign a home folder.
D. From the properties of each user's My Documents folder, modify the target folder location.
Answer: A
QUESTION 20
Your network contains a single Active Directory domain. You share a printer on a server that runs Windows Server 2003 Service Pack 2 (SP2).
Your domain contains two groups named Sales and Marketing. Members of the Marketing group print very large documents.
Members of the Sales group report that they are unable to print documents because the printer is in use.
You need to ensure that members of the Sales group can interrupt the print jobs sent by members of the Marketing group. You must prevent the members of the Sales group from modifying the priority of the printer.
What should you do?
A. Assign the Manage Printers permission to the Sales group.
B. Assign the Manage Documents permission to the Sales group.
C. Deny the Take Ownership permission to the Marketing group.
D. Remove the Creator Owner group from the printer's access control list.
Answer: B QUESTION 21
Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
An administrator named Admin1 logs on to Server1. Admin1 sends you a Remote Assistance invitation.
You successfully establish a Remote Assistance session to Server1 by using the invitation.
You request control of Server1 and you receive the following error message.
You need to ensure that you can control Server1 by using Remote Assistance.
What should you instruct Admin1 to do?
A. Add your user account to the HelpServicesGroup group.
B. Add your user account to the Remote Desktop Users group.
C. Send a Remote Assistance request by using Windows Messenger.
D. Open the System properties, and then modify the Remote settings.
Answer: D
QUESTION 22
Your network consists of a single Active Directory domain. You have a member server that runs Windows Server 2003 Service Pack 2 (SP2).
Your need to manage domain user accounts from the member server. What should you do?
A. Install Windows Support Tools, and then run lusrmgr.msc.
B. Run control userpasswords2. Use the advanced user management option.
C. Run mmc.exe and then add the Active Directory Users and Computers snap in.
D. Install the Management and Monitoring Tools components, and then run compmgmt.msc.
Answer: C
QUESTION 23
Your network consists of a single Active Directory domain. You have a domain controller named Server1 that
runs Windows Server 2003 Service Pack 2 (SP2).
You have a user account named BackupAdmin.
BackupAdmin is a member of only the Backup Operators group.
You log on to Server1 by using the BackupAdmin account.
From Windows Backup, you attempt to restore a file from a backup file named D:\backup.bkf and receive the
following message.
You need to ensure that you can restore files from the backup file. What should you do?
A. Log on to Server1 by using the Administrator account.
B. Assign BackupAdmin ownership of D:\backup.bkf.
C. Assign BackupAdmin the Restore files and directories user right.
D. Assign BackupAdmin the Full Control NTFS permission for D:\backup.bkf.
Answer: A
QUESTION 24
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Users report that it takes a long time to open shared files on Server1.
Users do not report this performance problem when they open files on other servers.
You notice the following performance statistics on Server1:
You need to optimize the performance of Server1. What should you do?
A. Add more RAM.
B. Upgrade the processor.
C. Increase the size of the PageFile.
D. Disable Data Execution Prevention (DEP).
Answer: A
QUESTION 25
Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 has a shared printer named Printer1.
Users report that when they attempt to connect to Printer1 they receive the following error message:
"The Server for Color Laser 1000' printer does not have the correct printer driver installed. If you want to search
for the proper driver click OK. Otherwise, click Cancel and contact your network administrator or original
equipment manufacturer for the correct printer driver."
On Server1, you can print a test page on Printer1. You need to ensure that when users connect to Printer1, the
correct printer driver is installed.
What should you do?
A. Configure the printer to use the LPT1 local port.
B. Configure Advanced settings in Printing Preferences.
C. Add an additional driver from the properties of Printer1.
D. Add the Allow Manage Printers permission to CREATOR OWNER.
Answer: C
QUESTION 26
You have a print server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to create a report of all the printers that are on the server and the drivers that they use.
What should you do?
A. Open The Printers and Faxes control panel applet and select the details view. Take a screen capture of the Printers and Faxes window.
B. Run the command %systemroot%\system32\net.exe share > printers.txt.
C. Run the command cscript %systemroot%\system32\prnmngr.vbs l > printers.txt.
D. Run the command cscript %systemroot%\system32\prnport.vbs l > printers.txt.
Answer: C
QUESTION 27
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2).
You have two global groups named Research and ResearchManagers.
The Research group contains all users in a department named Research.
The ResearchManagers group contains all managers in the Research department.
All members of the ResearchManagers group are members of the Research group.
You create a shared folder named Research.
The permissions for the Research share are shown in the exhibit. (Click the Exhibit button.)
You need to modify the share permissions to ensure that only members of the ResearchManagers group can
add and modify files over the network.
What should you do?
Exhibit:
A. Remove the Domain Users group.
B. Change the permission assigned to the Research group to Allow Read.
C. Remove the Research group. Change the Domain Users permission to Allow Change.
D. Remove the Research group. Add the ResearchManagers group and assign the group Allow Change permission.
Answer: D
QUESTION 28
Your network consists of a single Active Directory domain.
You have a server named Server1. Server1 has only one hard disk drive.
You run a full backup at 02:00 every Monday.
You run an incremental backup at 02:00 every Tuesday to Sunday.
You run an Automated System Recovery (ASR) backup every day at 13:00.
Server1's hard disk drive fails on Wednesday at 15:00.
You need to recover Server1 to its latest configuration by using the minimum amount of administrative effort.
What should you restore?
A. Monday's full backup, then Tuesday's incremental backup, and then Wednesday's incremental backup
B. Monday's full backup and then Wednesday's ASR backup
C. Monday's full backup and then Wednesday's incremental backup
D. Wednesday's ASR backup Answer: D
QUESTION 29
You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack 2 (SP2).
From Server2, you connect to Server1 by using Remote Desktop Connection. When you attempt to log on, you receive the following error message.
You need to successfully log on to Server1 from Server2 by using Remote Desktop Connection.
What should you do?
A. At the command prompt, run mstsc /console.
B. At the command prompt run mstsc /v:server1.
C. Open Remote Desktop Connection by using the Run As option.
D. Open Remote Desktop Connection by using Windows XP SP2 Compatibility mode.
Answer: A
QUESTION 30
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
On a file server, you have a shared folder named Data. The Data folder has the permissions shown in the following table.
You need to ensure that members of a group named Sales can modify content in the Data share.
Sales group members must only be allowed to delete files that they create.
Which additional permission should you assign to the Sales group?
A. On the Data folder, allow the Write permission.
B. On the Data folder, allow the Modify permission.
C. On the Data share, allow the Change permission.
D. On the Data share, allow the Full Control permission.
Answer: A Exam F
QUESTION 1
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
A domain user named User1 attempts to log on to a computer named Computer1.
After several failed logon attempts, User1 receives the following error message.
You reset the password for User1 and provide the new password to User1.
You need to ensure that User1 can log on immediately.
What should you do?
A. Modify the Account settings for User1.
B. Modify the Session settings for User1.
C. Disable User1 and then enable User1.
D. Disable Computer1 and then enable Computer1.
Answer: A
QUESTION 2
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
You have an organizational unit (OU) named Accounting. You create a Group Policy object (GPO) and link it to
the Accounting OU.
You join a new client computer to the domain.
You discover that the new client computer fails to receive the settings from the new GPO.
You need to ensure that the new GPO is applied to the new computer.
What should you do?
A. Move the computer account to the Accounting OU.
B. Modify the Location attribute of the computer account.
C. Modify the Managed By attribute of the computer account.
D. Enable the Trust computer for delegation option on the computer account.
Answer: A
QUESTION 3
Your network consists of a single Active Directory domain.
You have a terminal server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to prevent users from establishing multiple Remote Desktop connections to the server. What should you do?
A. Install and configure Terminal Server Licensing.
B. From Terminal Services Manager, modify the user sessions.
C. From Terminal Services Configuration, modify the server settings.
D. From Active Directory Users and Computers, modify the Sessions settings for each user account.
Answer: C
QUESTION 4
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
You have a file server that contains two volumes named C and D. Volume C contains a folder named User1data.
User1 is the owner of all files in the User1data folder.
You copy the User1data folder to volume D. You examine the ownership of the User1data folder on volume D and discover that your user account is listed as the owner.
You need to ensure that User1 is the owner of the User1data folder on volume D.
What should you do?
A. Modify the Advanced Security settings for the User1data folder.
B. Modify the Advanced Attributes settings for the User1data folder.
C. Delete the User1data folder on volume D. From Windows Explorer, move the User1data folder from volume C to volume D.
D. Delete the User1data folder on volume D. At the command prompt, use the Move command to move the User1data folder from volume C to volume D.
Answer: A
QUESTION 5
Your network consists of a single Active Directory domain. All network servers run Windows Server 2003 Service Pack 2 (SP2).
You create a folder named CorporateData. You share the folder as CorpData and assign the Change permission to the Domain Users group.
In the CorporateData folder, you create a folder named HumanResources.
On the HumanResources folder, you assign the Modify permission to a global group named HRUsers.
You share the HumanResources folder as HRData.
You confirm that all users in the domain can view the files in the HRData share.
You need to ensure that only HRUsers and administrators can access files in the HRData share.
The solution must maintain user access to the CorpData share.
What should you do?
A. On the CorpData share, assign the Read permission to Domain Users.
B. On the CorpData share, remove Domain Users and assign the Change permission to HRUsers.
C. On the CorporateData folder, disable permission inheritance and remove the inherited permissions.
D. On the HumanResources folder, disable permission inheritance and remove the inherited permissions.
Answer: D
QUESTION 6
Your organization has 20 servers that run Windows Server 2003 Service Pack 2 (SP2).
You need to monitor all 20 servers for a period of 24 hours by using the same performance counters.
You must achieve this goal by using the least amount of administrative effort.
What should you do first?
A. In System Monitor, add counters.
B. In System Monitor, create a Taskpad.
C. In Performance Logs and Alerts, create a trace log.
D. In Performance Logs and Alerts, create a counter log.
Answer: D
QUESTION 7
Your network consists of a single Active Directory domain named contoso.com. All servers run WindowsServer 2003 Service Pack 2 (SP2).
The domain contains a domain Distributed File System (DFS) root named DFSroot.
The network contains the offices shown in the following table.
Server1 and Server2 currently each host a share named Applications.
You need to implement a solution to meet the following requirements:
-Automatically redirect users to the Applications folder in their local site.
��Ensure that the contents of the Applications shares on Server1 and Server2 are automatically synchronized.
What should you do?
A. In the DFS root, create one link named Applications that has \\server1\applications and \\server2\applications as targets.
B. In the DFS root, create a root target that points to \\server1\applications. Create a second root target that points to \\server2\applications.
C. In the DFS root, create one link named Applications1 that has \\server1\applications as its target. Create a second link named Applications2 that has \\server2\applications as its target.
D. In the Main office computers OU, publish the \\server1\applications share. In the Branch office computers OU, publish the \\server2\applications share.
Answer: A
QUESTION 8
Your network contains a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server 1 is configured as shown in the following table.
You need to configure security to meet the following requirements:
��Enable members of the Sales group to create, modify, and delete files and folders in the Sales folder.
��Enable members of the Marketing group to create, modify, and delete files and folders in the Marketing folder.
��Prevent users from modifying permissions when they access the shared files.
What should you do?
A. Change the share permission on Userdata to Authenticated Users: Change.
B. Change the NTFS permission on Userdata to Authenticated Users: Modify.
C. Change the NTFS permission on Marketing to Marketing group: Write. Change the NTFS permission on Sales to Sales group: Write.
D. Remove the Userdata share. Share Sales and assign the Sales Group group Full Control share permission. Share Marketing and assign the Marketing Group group Full Control share permission.
Answer: A
QUESTION 9
Your company has a main office and a branch office. Your network consists of a single Active Directory domain.
All domain controllers are in the main office. The offices connect to one another by using a wide area network (WAN) link.
The branch office has a computer named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
A domain user named User1 reports that he cannot log on to Server1 when the WAN link is unavailable.
He reports that he can log on to Server1 when the WAN link is available.
You need to ensure that User1 can log on to Server1 by using his domain account when the WAN link is unavailable.
What should you do?
A. Modify the Default Domain Policy.
B. Modify the Default Domain Controller Policy.
C. Add User1 to the Domain Admins group in the domain.
D. Add User1 to the local Administrators group on Server1.
Answer: A
QUESTION 10
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
All client computers run Windows XP Professional Service Pack 3 (SP3).
You need to ensure that locked out user accounts remain locked out until an administrator unlocks the accounts.
What should you do?
A. In the Default Domain Policy, set the Account lockout duration to 0.
B. In the Default Domain Policy, set the Account lockout duration to 99999.
C. From Active Directory Users and Computers, select the Account is trusted for delegation option for all user accounts.
D. From Active Directory Users and Computers, select the Account is sensitive and cannot be delegated option for all user accounts.
Answer: A
QUESTION 11
You have a stand alone server that runs Windows Server 2003 Service Pack 2 (SP2).
You attempt to log on to the server by using the Administrator account and receive the following error message.
You need to log on to the server by using the Administrator account. What should you do first?
A. Restart the server in Safe mode.
B. Restart the server by using the Last Known Good Configuration option.
C. Log on to another stand alone server as an Administrator.
D. Log on to the server by using an account that is a member of the Power Users group.
Answer: A
QUESTION 12
Your network consists of a single Active Directory Domain.
You have a VPN server that runs Windows Server 2003 Service Pack 2 (SP2).
On the VPN server, you create several remote access policies.
You view the properties of an account as shown in the exhibit. (Click the Exhibit button.)
You need to select the Control access through Remote Access Policy remote access permission for User1.
What should you do?
Exhibit:
A. Add User1 to the Remote Desktop Users group.
B. Enable RADIUS authentication on the VPN server.
C. Raise the functional level of the domain to Windows 2000 native.
D. Select the Store password using reversible encryption option for User1.
Answer: C
QUESTION 13
Your network contains a single Active Directory domain. All servers on the network are members of the domain.
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 has two NTFS partitions.
You create and share a folder named Data in the root of a partition on Server1. You log on to your computer by using the domain Administrator account and discover that you cannot modify files in the Data share.
You need to ensure that the Administrator can modify files in the Data share. The solution must use the minimum amount of permissions.
What should you do?
A. Modify the NTFS permissions on the Data folder.
B. Modify the share permissions on the Data share.
C. Add the domain administrator to the local Administrator's group on Server1.
D. Move the Data folder to a new file allocation table (FAT) partition. Share the folder by using the default permissions.
Answer: B
QUESTION 14
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
All client computers run Windows XP Professional Service Pack 3 (SP3).
You deploy a server named Server1 and install Terminal Server.
After four months, users report that they can connect to Server1 by using Remote Desktop Connection, but are unable to log on.
You verify that the user permissions have not changed.
You need to ensure that users can log on to Server1 by using Remote Desktop Connection.
What should you do?
A. Restart Server1.
B. Restore the system state of Server1.
C. Install and configure Terminal Server Licensing.
D. Modify the Terminal Services service account on Server1.
Answer: C
QUESTION 15
You have a terminal server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Occasionally, users report that they cannot connect to the terminal server.
You need identify user accounts that have multiple Terminal Services connections to Server1.
Which tool should you use?
A. Remote Desktop
B. Terminal Server Licensing
C. Terminal Services Configuration
D. Terminal Services Manager
Answer: D
QUESTION 16
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
A user named User1 attempts to log on to a computer named Computer1 and receives the following error message.
You need to ensure that User1 can log on to Computer1. What should you do?
A. From the properties of the User1 account, modify the Log On To setting.
B. From the properties of the User1 account, modify the Logon Hours setting.
C. From the properties of the Computer1 account, modify the Managed By setting.
D. From the local security policy of Computer1, modify the Deny log on locally setting.
Answer: A
QUESTION 17
Your network consists of a single Active Directory domain.
You have a member server namedServer1 that runs Windows Server 2003 Service Pack 2 (SP2).
You need to track all authentication attempts on Server1. What should you do?
A. Enable auditing of logon event events in Server1's local policy.
B. Enable auditing of logon event events in the Default Domain Controller Policy.
C. Enable auditing of account logon event events in Server1's local policy.
D. Enable auditing of account logon event events in the Default Domain Controller Policy.
Answer: A
QUESTION 18
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
All client computers run Windows XP Professional Service Pack 3 (SP3).
You enable and configure Terminal Server on a server named Server1. A firewall separates Server1 from the internal network.
Internal users report that they cannot connect to Server1 by using Remote Desktop Connection.
You need to ensure that the users can connect to Server1 by using Remote Desktop Connection.
Which port should you open on the firewall?
A. 389
B. 3268
C. 3389
D. 5900
Answer: C
QUESTION 19
Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003.
All servers run Windows Server 2003 Service Pack 2 (SP2).
The network contains 10 file servers. Each file server hosts a share named Apps.
On each file server, a local group named App install local has permissions to the Apps share.
A global group named App install global belongs to the App install local group on each file server. App install global is used only to control permissions for the Apps share.
You create a global group named Helpdesk.
You need to provide the Helpdesk group access to the Apps share on each file server.
The Helpdesk group must have the same permissions as the App install global group.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. Add the Helpdesk group to the App install global group.
B. Add the Helpdesk group to the App install local group on each file server.
C. Convert the App install global group to a universal group. Add the App install global group to the Helpdesk group.
D. Convert the Helpdesk group to a universal group. Add the Helpdesk group to the App install local group on each file server.
Answer: A
QUESTION 20
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3).
You have a terminal server named Server1.
A user reports that when he connects to Server1 by using Remote Desktop Connection, he cannot print.
Other users report that they can print when they connect to Server1 by using Remote Desktop Connection.
You examine the user's account properties as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the user can print when he connects to Server1 by using Remote Desktop Connection.
What should you do?
Exhibit:
A. On Server1, modify the RDP TCP settings.
B. On Server1, modify the local security policy.
C. On the user's computer, modify the Windows Firewall settings.
D. On the user's computer, modify the Remote Desktop Connection settings.
Answer: D
QUESTION 21
Your network contains a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 is configured as shown in the following table.
A user named User1 belongs to the Helpdesk group and the Support group.
You need to configure security to meet the following requirements:
-Prevent User1 from changing files and folders in the Apps share. -Allow User1 to open and run applications in the Apps share.
What should you do?
A. On the Apps share, assign User1 the Read share permission.
B. On the Apps folder, deny User1 the Write NTFS permission.
C. On the Apps folder, deny User1 the Modify NTFS permission.
D. On the Apps folder, assign User1 the Read & Execute NTFS permission.
Answer: B
QUESTION 22
You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server has Terminal Server installed.
You have a new multi user application that you plan to install on the server.
The setup program for the application is named setup.exe.
You need to install the application on the server. You must ensure that the application can be used by all users.
What should you do?
A. From the command prompt, run setup.exe.
B. From Add or Remove Programs, add a new program.
C. In Windows Explorer, use the Run As option to run setup.exe.
D. In Windows Explorer, use Compatibility mode to run setup.exe.
Answer: B
QUESTION 23
You have a terminal server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Windows Firewall is disabled on Server1. Server1 has two network adapters named NIC1 and NIC2.
Both network adapters are connected to the same network segment.
The IP address for NIC1 is 192.168.1.11.
The IP address for NIC2 is 192.168.1.12.
You regularly connect to Server1 by using Remote Desktop Connection.
The NIC1 network adapter fails.
You attempt to establish a Remote Desktop connection to 192.168.1.12, but the connection fails.
You successfully connect to 192.168.1.12 by using Windows Explorer. You verify that IP filtering is disabled
and that no IPSec policies are assigned.
You need to ensure that you can establish Remote Desktop connections to Server1. What should you do?
A. From Windows Firewall, enable the Remote Desktop exception.
B. From Terminal Services Manager, modify the RDP TCP settings.
C. From the properties of NIC1, modify Internet Protocol (TCP/IP) settings.
D. From Windows Explorer, modify the %systemroot%\system32\drivers\etc\services file.
Answer: B
QUESTION 24
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack
2 (SP2).
You create a new domain user account named User1 and assign the account a password of P@ssw0rd.
On the new account, you enable the User must change password at next logon option.
A week later, you discover that User1 is still using the password P@ssw0rd to log on to the domain.
You need to ensure that User1 is forced to use a different password the next time she changes her password.
What should you do first?
A. In the Default Domain Policy, select Enforce password history.
B. In the Default Domain Policy, select Passwords must meet complexity requirements.
C. From the User's account properties, select Account is sensitive and cannot be delegated.
D. From the User's account properties, select Store password using reversible encryption.
Answer: A
QUESTION 25
Your network consists of a single Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Your company's security policy states that domain users must be prevented from logging on to Server1 if a
domain controller is unavailable.
You disconnect Server1 from the network and discover that you can log on to Server1.
You need to configure Server1 to comply with the company's security policy.
What should you do on Server1?
A. From the local security policy, modify the Security Options.
B. From the local security policy, modify the User Rights Assignment.
C. From Active Directory Users and Computers, modify the properties of the Server1 account.
D. From Active Directory Users and Computers, modify the properties of the Domain Computers group.
Answer: A
QUESTION 26
You have a terminal server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
From the Terminal Services Configuration console, you enable remote control of user sessions.
You log on to Server1 as Administrator and attempt to take remote control of the admin1 user session as
shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can take remote control of the admin1 user session from the Terminal Services
Manager console. What should you do?
Exhibit:
A. Modify the Session settings of the admin1 account.
B. Modify the Session settings of the Administrator account.
C. Connect to Server1 by using Remote Desktop Connection.
D. Add the Administrator account to the HelpServicesGroup group.
Answer: C
QUESTION 27
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
All client computers run Windows XP Professional Service Pack 3 (SP3).
A user named User1 has a computer named Computer1.
You need to prevent changes made to User1's desktop from being saved when User1 logs off of Computer1.
What should you do?
A. Log on to Computer1 as an administrator. Rename User1's user profile folder to User1.man.
B. Log on to Computer1 as an administrator. In User1's user profile, rename ntuser.ini to ntuser.man.
C. Implement a roaming user profile for User1. In User1's roaming user profile, rename ntuser.dat to ntuser.man.
D. Implement a roaming user profile for User1. In User1's roaming user profile, deny User1 the Read permission for ntuser.ini.
Answer: C
QUESTION 28
You have a domain controller that runs Windows Server 2003 Service Pack 2 (SP2).
You need to prestage 1,000 computer accounts.
Which tool should you use?
A. Compmgmt.msc
B. Dsadd.exe
C. Dsmove.exe
D. Sysdm.cpl
Answer: B
QUESTION 29
Your network consists of one Active Directory forest that contains two domains named Domain1.contoso.com and Domain2.contoso.com.
The functional level of the forest is Windows Server 2003.
The domains contain the global security groups shown in the following table.
Each domain has three servers. Each server has a group named Sales Applications Local.
The Sales Applications Local groups are used to grant permissions to resources on the servers.
You need to implement a solution to meet the following requirements:
-Allow Sales department employees from any domain to access the Sales department resources in any
domain.
-Minimize administrative effort when membership of the Sales department changes, additional domains are
added, or additional servers are added.
What should you do?
A. On each of the servers, add Domain1 Sales Global and Domain2 Sales Global to Sales Applications Local. In Domain1, create a universal security group named Sales Department Universal. Add Domain1 Sales Global and Domain2 Sales Global to Sales Department Universal.
B. On each of the servers, add Sales Department Universal group to Sales Applications Local. In each domain, create a domain local security group named Sales Applications Domain Local. In each domain, add Domain1 Sales Global and Domain2 Sales Global to Sales Applications Domain Local.
C. On each of the servers, assign permissions to Sales Applications Domain Local from the local domain. Create two universal security groups named Domain1\Sales Department Universal and Domain2\Sales Department Universal. Add Domain1\Domain1 Sales Global to Domain1\Sales Department Universal. Add Domain2\Domain2 Sales Global to Domain2\Sales Department Universal.
D. On each of the servers, add Domain1\Sales Department Universal and Domain2\Sales Department Universal to Sales Applications Local.
Answer: B
QUESTION 30
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
The server has a backup tape drive installed.
You need to schedule a backup to tape. The tape must be ejected when the backup job is complete.
Which commands should you include in the scheduled task?
A. Devcon.exe and Poolmon.exe
B. Ntbackup.exe and Devcon.exe
C. Ntbackup.exe and Rsm.exe
D. Rsm.exe and Poolmon.exe
Answer: C Exam G
QUESTION 1
You have a stand-alone file server that runs Windows Server 2003 Service Pack 2 (SP2).
You create an account named Admin1 and add it to the Power Users group.
You attempt to log on to the server by using the Admin1 account and receive the following message: "The local
policy of this system does not permit you to log on interactively."
You review the security settings as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the Admin1 account can log on to the console of the server.
What should you do?
Exhibit:
A. Add the Admin1 account to the Administrators group.
B. Add the Admin1 account to the Allow log on locally policy.
C. Remove the Admin1 account from the Users group.
D. Remove the Users group from the Deny log on locally policy.
Answer: D
QUESTION 2
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
You need to identify all the unsigned drivers that are installed on the server.
What should you do?
A. Run Chkdsk.exe.
B. Run Sigverif.exe.
C. Review %systemroot%\repair\setup.log.
D. Open Device Manager and review all the devices that contain a warning.
Answer: B
QUESTION 3
You have two servers named Server1 and Server2 that run Windows Server 2003 Service Pack (SP2).
You connect a USB drive to Server1 and copy several files to the USB drive.
You connect the USB drive to Server2. You receive a message that the drive installed successful and is ready to use.
You open Windows Explorer and the USB drive does not appear.
You need to ensure that you can access the files stored on the USB drive.
What should you do?
A. From the command prompt, run Convert.exe.
B. From the Disk Management snap in, change the drive letter.
C. From the Services snap in, restart the Removable Storage service.
D. From the Device Manager snap in, scan for a hardware change.
Answer: B QUESTION 4
You have a server that runs Windows Server 2003 Service Pack 2 (SP2).
You have a third party hardware device installed. The device uses a third party driver. The device works properly.
The driver's hardware manufacturer provides a new device driver. You update the device driver, but the device fails to work.
You need to ensure that you can use the new hardware device.
What should you do?
A. Connect to Windows Update and install all driver updates.
B. From the properties of the device, select Roll Back Driver.
C. From Device Manager, uninstall the device and then restart the server.
D. From Device Manager, disable the device and then click Scan for hardware changes.
Answer: B
QUESTION 5
You have a file server named Server1 that runs Windows Server 2003 Service Pack (SP2).
Server1 has a 10 gigabit network adapter and is connected to a 100 Mb switch.
You replace the 100 Mb switch by using a 1 GB switch. You discover that copying files to Server1 over the network is slow.
You need to reduce the amount of time it takes to copy files to Server1 over the network.
Which connection type should you specify for the network adapter?
A. 1 gigabit half duplex
B. 1 gigabit full duplex
C. 10 gigabit half duplex
D. 10 gigabit full duplex
Answer: B
QUESTION 6
You have a server that runs Windows Server 2003 Service Pack 2 (SP2) and is configured as a domain controller.
You run Windows Update and install a number of device drivers. You restart the server. During the startup process, the server stops.
You receive the following stop error message: "0x000000D1 (0x0000000c, 0x00000002, 0x00000000, 0xf27b4e8e) IRQL_NOT_LESS_OR_EQUAL"
You need to identify which device or service is causing the error.
What should you do?
A. Restart the server by using the Safe Mode option. Review the contents of the ntbtlog.txt file.
B. Restart the server by using the Last Known Good Configuration option. Review the spupdsvc.log file.
C. Restart the server by using the Directory Services Restore Mode option. Review the contents of the ntdtcsetup.log file.
D. Restart the server by using the Safe Mode with Networking option. Review the contents of the WindowsUpdate.log file.
Answer: A
QUESTION 7
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 is used for testing.
You need to ensure that Server1 administrators can install any driver on Server1 without receiving a warning message.
What should you do?
A. Run Driverquery.exe.
B. Modify the Driver Signing option.
C. Modify the Load and unload device drivers user right.
D. Modify the permissions for the %systemroot%\system32\drivers folder.
Answer: B
QUESTION 8
Your network consists of a single domain. All domain controllers run Windows Server 2003 Service Pack 2 (SP2).
All client computers run Windows XP Professional Service Pack 3 (SP3).
You need to ensure that users' personal settings are the same when they log on to different client computers in the domain.
What should you do?
A. From the properties of each user account, configure a profile path.
B. From the properties of each user account, configure a home folder path.
C. From the Default Domain Policy, configure a logon script that runs Loadstate.exe.
D. From the Default Domain Policy, configure a logon script that runs Scanstate.exe.
Answer: A
QUESTION 9
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1has one basic disk that contains one partition.
You monitor the PhysicalDisk : Avg. Disk Bytes/Read counter for one year and discover that the value has decreased by 25 percent.
You need to increase the disk performance of Server1. What should you do?
A. Compress the volume.
B. Defragment the volume.
C. Convert the disk to a dynamic disk.
D. Enable Shadow Copies on the volume.
Answer: B
QUESTION 10
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
You have a server named Server1. You try to log on to Server1 and receive the following error message:
"Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance."
You verify that you can contact a domain controller from Server1.
You need to ensure that you can log on to Server1 by using a domain account.
What should you do?
A. Reset the Server1 computer account. Restart Server1.
B. Delete the Server1 computer account. Restart Server1.
C. Join Server1 to a workgroup and then join Server1 to the domain. Restart Server1.
D. Delete the Server1 computer account. Create a new computer account named Server1. Restart Server1.
Answer: C
QUESTION 11
Your network consists of a single Active Directory domain. All computers on the network are joined to the domain.
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You install a network management application named App1 on Server1.
A user named Admin1 logs on to Server1 and reports that the shortcut to App1 does not exist.
You log on to Server1 as a local administrator and verify that the shortcut to App1 exists.
You need to ensure that a shortcut to App1 is available for Admin1 on Server1 only. What should you do?
A. Log on to Server1 as a local administrator. Create a shortcut to App1 in the Default User profile.
B. Log on to Server1 as a local administrator. Create a shortcut to App1 in the All Users profile.
C. In the Netlogon share on a domain controller, create a folder named Default User. Create a shortcut for App1 in the new folder.
D. In the Netlogon share on a domain controller, create a folder named All Users. Create a shortcut for App1 in the new folder.
Answer: B
QUESTION 12
Your network consists of an Active Directory forest that contains two domains named contoso.com and Region1.contoso.com. All servers in the network run Windows Server 2003 Service Pack 2 (SP2).
You attempt to create a universal security group and obtain the result shown in the exhibit.
(Click the Exhibit button.)
You need to ensure that you can create universal security groups in the contoso.com domain.
What should you do in the contoso.com domain?
Exhibit:
A. Modify the Default Domain Policy.
B. Modify the Default Domain Controllers Policy.
C. Raise the domain functional level of the contoso.com domain.
D. Add your user account to the Enterprise Administrators group.
Answer: C
QUESTION 13
Your network contains a server named Server1 that runs Windows Server 2003 Service Pack (SP2).
You install a new network adapter on Server1.
You need to view the media access control (MAC) address for the new network adapter.
What should you do?
A. At the command prompt, run Ipconfig /all.
B. At the command prompt, run Net view \\server1.
C. From the Device Manager snap in, view the properties of the network adapter.
D. From the Services snap in, view the properties on the Network Connections service.
Answer: A
QUESTION 14
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
Server1 runs a custom database application.
The database files are stored on drive D.
Server1 experiences a power failure. Upon restart, the database engine reports that the log files fail to replay because a log file is corrupt.
You need to minimize the risk of a log file becoming corrupt if the power fails.
What should you do?
A. Enable hibernation.
B. Enable volume shadow copies.
C. Disable read caching on drive D.
D. Disable write caching on drive D.
Answer: D
QUESTION 15
Your network consists of a single Active Directory forest that contains the domains shown in the following table.
You create a universal security group named Contoso All in the Contoso domain. You plan to use Contoso All to assign permissions only on servers in the contoso.com domain.
You add a group named Region1 All in the Region1 domain to Contoso\Contoso All and receive the error
message shown in the exhibit. (Click the Exhibit button.)
You need to ensure that members of Region1\Region1 All can access resources that have been assigned to Contoso\Contoso All.
What should you change?
Exhibit:
A. Contoso\Contoso All to a domain local security group
B. Contoso\Contoso All to a global security group
C. Region1\Region1 All to a domain local security group
D. Region1\Region All to a universal distribution group
Answer: A
QUESTION 16
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003 Service Pack 2 (SP2).
You have an organizational unit (OU) that contains 1,000 computer accounts.
You need to move the computer accounts to a new OU.
Which tool should you use?
A. Active Directory Domains and Trusts
B. Active Directory Users and Computers
C. Csvde.exe
D. Dsmod.exe
Answer: B QUESTION 17
Your network consists of a single Active Directory domain.
The domain contains more than 300 group objects.
The group objects are divided between several regional organizational units (OUs).
You need to create a list of all groups that have names that begin with the word Sales. Which command should you use?
A. Dsget group
B. Dsquery group
C. Netdom query
D. Net group
Answer: B
QUESTION 18
Your network consists of a single Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2003.
Contoso contains two global groups named Users Global and Managers Global.
Contoso contains 10 servers that run Windows Server 2003 Service Pack 2 (SP2).
Each server has two local groups as shown in the following table.
Each Users Resources local group has access to the local resources on the server. You need to implement a security solution that meets the following requirements:
-Managers Global members must have access to all the resources that are accessible to Users Global members.
The solution must minimize administrative effort.
What should you do?
A. Add the Managers Global group to the Users Global group.
B. Add the Managers Global group to the Users Resources local group on each server.
C. Create two universal groups named Users Universal and Managers Universal. Assign the two universal groups permissions to the resources.
D. Create two domain local groups named Users Domain Local and Managers Domain Local. Assign the two domain local groups permissions to the resources.
Answer: A
QUESTION 19
Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003.
You need to assign the same street address to all user accounts located in the Users container.
You must to achieve this goal by using the minimum amount of administrative effort.
Which tool should you use?
A. Active Directory Users and Computers
B. Adsiedit.msc
C. Csvde.exe
D. Ldifde.exe
Answer: A
QUESTION 20
Your network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003.
You extend the Active Directory Schema to support a custom user attribute.
You need to assign the same value to the custom attribute for 1,500 users.
You must achieve this goal by using the minimum amount of administrative effort.
Which tool should you use?
A. Adsiedit.msc
B. Csvde.exe
C. Dsmod.exe
D. Ldifde.exe
Answer: D
QUESTION 21
Your network contains one Active Directory domain. All domain controllers run Windows Server 2003 Service Pack 2 (SP2).
You have a comma delimited file that contains information for 2,000 new employees.
You need to create 2,000 new user accounts by using the information in the file.
You must achieve this goal by using the minimum amount of administrative effort. Which tool should you use?
A. Csvde.exe
B. Dsmod.exe
C. ldifde.exe
D. Ntdsutil.exe
Answer: A
QUESTION 22
Your network consists of a single Active Directory domain named contoso.com. The functional level of the domain is Windows Server 2003.
You need to schedule a task to find all user accounts whose passwords have remained unchanged during the past 60 days.
Which tool should the scheduled task run?
A. Dsget.exe
B. Dsquery.exe
C. Active Directory Users and Computers
D. Find.exe
Answer: B
QUESTION 23
Your network consists of a single Active Directory domain named contoso.com.
The functional level of the domain is Windows Server 2003.
You have a file server named Server1 that is used to store users' home folders and profiles.
On Server1, you create a folder named D:\data\ and share the folder as UserData. You create a new user account named TemplateUser in Active Directory.
You need to ensure that each user account you create by copying TemplateUser is configured to have a unique home folder stored in the UserData share.
Which home folder path should you specify?
A. D:\data\%homedrive%
B. D:\data\%username%
C. \\server1\userdata\%homedrive%
D. \\server1\userdata\%username%
Answer: D
QUESTION 24
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
You restore the system state on a member server.
You attempt to log on to the server and receive the following error message: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect."
You need to ensure that you can successfully log on to the domain from the server.
What should you do on the server?
A. Modify the password policy.
B. Run the Dsrm.exe command.
C. Restart the Netlogon service.
D. Run the Netdom.exe reset command.
Answer: D QUESTION 25
You are the network administrator for your company. The network consists of a single Active Directory domain.
All network servers run Windows Server 2003, and all client computers run Windows XP Professional.
A user named Peter uses a client computer named Client1. This computer has a locally attached tape device.
You grant Peter the necessary permissions to perform backups of a member server named Server1.
Peter runs the Backup utility on Client1 to back up the files located on Server1.
You need use your client computer to view the most recent backup logs for Server1.
What should you do?
A. Use Notepad to view the contents of the backup report located on Server1.
B. Use Notepad to view the contents of the backup report located on Client1.
C. Use Event Viewer to view the contents of the application log located on Server1.
D. Use Event Viewer to view the contents of the application log located on Client1.
Answer: B
QUESTION 26
You have a file server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You run a full backup of Server1, update the device driver for the network adapter, and then restart Server1.
You log on to Server1 and receive an error message that the network adapter driver failed to load.
You need to ensure that the network adapter driver starts. You must achieve this goal in the minimum amount of time.
What should you do?
A. Use the Roll Back Driver option.
B. Use Windows Backup to restore the system state.
C. Restart the server and select the Safe Mode option.
D. Restart the server and select the Last Known Good Configuration option.
Answer: A QUESTION 27
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2).
All client computers run Windows XP Professional Service Pack 3 (SP3).
Three client computers are public kiosks. All kiosks are configured to automatically log on as a domain user named KioskUser.
KioskUser has a roaming profile. Users frequently change the desktop backgrounds on the kiosks.
You need to prevent changes to the desktop backgrounds from persisting when the kiosks restart.
What should you do?
A. In the roaming user profile, rename the ntuser.dat file to ntuser.man.
B. In the roaming user profile, remove all permissions on the Desktop folder and assign KioskUser the Read permission for the Desktop folder.
C. On each kiosk, rename the ntuser.ini file to ntuser.man.
D. On each kiosk, remove all permissions on the Documents and Settings folder and assign KioskUser the Read permission for the Documents and Settings folder.
Answer: A
QUESTION 28
You are the network administrator for your company. The network originally consists of a single Windows NT
4.0 domain.
You upgrade the domain to a single Active Directory domain. All network servers now run Windows Server 2003, and all client computers run Windows XP Professional.
Your staff provides technical support to the network. They frequently establish Remote Desktop connections with a domain controller named DC1.
You hire 25 new support specialists for your staff. You use Csvde.exe to create Active Directory user accounts for all 25.
A new support specialist named Paul reports that he cannot establish a Remote Desktop connection with DC1.
He receives the message shown in the Logon Message exhibit. (Click the Exhibit button.)
You open Gpedit.msc on DC1. You see the display shown in the Security Policy exhibit. (Click the Exhibit
button.)
You need to ensure that Paul can establish Remote Desktop connections with DC1. What should you do?
2 (exhibit):
74 (exhibit):
A. Direct Paul to establish a VPN connection with DC1 before he starts Remote Desktop Connection.
B. Direct Paul to set a password for his user account before he starts Remote Desktop Connection.
C. In the local security policy of DC1, disable the Require strong (Windows 2000 or later) session key setting.
D. In the local security policy of DC1, enable the Disable machine account password changes setting.
Answer: B QUESTION 29
You are the network administrator for your company. All network servers run Windows Server 2003.
One of your servers contains a RAID 5 volume. Routine monitoring reveals a failed disk in the set.
The server is running and users are connecting to shared folders on the RAID 5 volume.
You shut down the server and replace the failed disk. Now you need to ensure that the RAID 5 volume is
redundant.
What should you do?
A. Initialize the new disk. Select the failed region and then select the Repair Volume option.
B. Import the foreign disk. Select the failed region and then select the Repair Volume option.
C. Initialize the new disk. Select the failed region and then select the Reactivate Disk option.
D. Import the foreign disk. Select the failed region and then select the Reactivate Disk option.
Answer: A
QUESTION 30
You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2).
You perform a normal backup of Server1 every Saturday.
You need to implement a backup strategy for Server1 to meet the following requirements:
Minimize the time required to back up files.
On weekdays, back up files that have changed since the last backup.
Which type of backup should you perform on weekdays?
A. copy
B. daily
C. differential
D. incremental
Answer: D Exam H QUESTION 1
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the
Certidea.com network run Windows Server 2003.
Half the client computers run Windows XP Professional and the rest run Windows 2000 Professional.
You create and share a folder named UserDocs on a member server.
The current state of permissions for the folder is illustrated in the dialog box.
Certidea.com users have been contacting the Help desk reporting that they receive an 'Access is denied' error
message when attempting to add or create files and folders in UserDocs.
You have received instruction from the CIO to configure the permissions on UserDocs to fulfill the following requirements:
1.
Domain users must be able to create or add files and folder.
2.
Domain users must NOT be able to change NTFS permissions on the files or folders that they create or add.
3.
Domain users must receive the minimum level of required permissions. How will you accomplish the task? To answer, configure the appropriate option or options in the dialog box.
Answer:
QUESTION 2
The Certidea.com network consists of a single Active Directory domain named Certidea.com.
All servers on the Certidea.com Server 2003.
You open Event Viewer on a server named Certidea-SV3. You see the view illustrated in the exhibit.
You have received instruction from the CIO to configure a server named Certidea-SV3 to fulfilll the following
requirements:
1.
Configure the security log to display only the events that are illustrated in the exhibit.
2.
Ensure that only user intervention will successfully delete security information.
How will you accomplish the task? To answer, configure the appropriate option or options in the dialog boxes.
Answer:
QUESTION 3
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
Part of your duties includes managing Certidea-SV34, a member server. Certidea-SV34 is also managed by other Certidea.com network administrators.
You open Computer Management on your client computer and connect to Certidea-SV34.
You then encounter the following error message as illustrated inthe exhibit:
You have received instruction from the CIO to solve this problem.
You log on locally to Certidea-SV34 and open the Services snap-in as illustrated in the work area.
Which service should you modify? To answer, select the appropriate service in the work area.
Explanations Windows Server 2003 relies on a number of services to work in concert for a computer to be managed remotely using Computer Management, such as the Server service and Windows Management Instrumentation (WMI) services. Of the services displayed in the work area, the Remote Registry service is not started and must be running on the remote computer for the computer to be managed remotely. Objective: Managing and Maintaining a Server Environment Sub-Objective: Manage servers remotely
Answer:
QUESTION 4
The Certidea.com network consists of a single Active Directory domain named Certidea.
The Certidea.com network contains a server that runs Windows Server 2003, named Certidea-SV1.
Access to Certidea.corn's internal Web site is provided to users by Certidea-SV1.
Certidea-SV1 hosts a folder named D:\Webfolders\Sales Docs that contains Certidea.corn's sales reports.
The table below displays settings of the NTFS permissions for the Sales Docs Folder.
GroupName Permissions Administrators Full Control
Sales Modify
Users Read
You have received instruction from the CIO to create a new virtual directory for the sales department on Certidea-SV1.
He informs you that the new virtual directory should be accessible as a Web folder, that members of the Sales group should be able to upload Microsoft Word documents and HTML files, and that no dynamic content is
allowed to be run from the virtual directory.
Configure the correct option or options in the dialog box, to satisfy the CIO's requirements completely.
Explanations Select the access permissions from the Virtual Directory Access Permissions window. The default is Read and Run Scripts. The options are very similar to Web site creation options. These options will allow members of the Sales Group to upload Microsoft Word documents and HTML files as well as not allowing any dynamic content to be run from the virtual directory.
Answer: QUESTION 5
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
All users are required to log on to the domain to access resources. All files and folders are stored on a member server named Certidea-SV3.
You have received instruction from the CIO to configure permissions for the ResearchDocs folder, whilst ensuring that authenticated users are not permitted to create new files directly in ResearchDocs.
However, this restriction should not affect any other permission set on ResearchDocs, on the contents of its subfolders, or on its existing files, making it possible for users to modify files in ResearchDocs.
How will you accomplish the task? To answer, configure the appropriate option or options in the dialog box.
Answer:
QUESTION 6
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
The Certidea.com network contains a file server named Certidea-SV42. Another administrator named Rory Allen shares a folder named UserData on Certidea-SV42.
Rory Allen wants all Certidea.com users to be able to create, modify, and delete files in the UserData folder.
However, when users try to create a document in the UserData folder, they receive an error message.
You have received instruction from the CIO to configure the permissions for the UserData folder so that users can create, modify, and delete documents in the folder.
You must not grant any unnecessary NTFS or share permissions. What should you do? To answer, configure the appropriate option in the work area.
Explanations The "Change" share permission allows users to Read, Write, Execute (program files), and Delete files or folders. "Modify" NTFS permission also allows the users to Read, Write, Execute (program files), and Delete
files or folders. These settings do not allow users to change the permissions or change the ownership of files.
Answer:
QUESTION 7
You are network administrator for your company.AII netwrok servers run Windows Server 2003.
The company's written security policy states that a complete backup of all files must be performed every
Saturday.
You also perform backups on the other six days of hte week.AII backups are performed over the network.
You need to minimize the size of the backups that occur on days other than Saturday.
What should you do?
To answer,configure the appropriate option or optios in the dialog box.
Answer:
QUESTION 8
The Certidea.com network consists of a single Active Directory forest that contains five domains. A total of ten domain controllers are distributed across five Certidea.com sites.
All domain controllers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
Active Directory hosts several application partitions.
The configuration of disk subsystem on a domain controller named Certidea-DC3 is illustrated in the table
below.
Volume Drive File format Disk configuration Capacity Free Space Contents SYSTEM C: NTFS RAID-18 GB 10% Operating system files and logs DATA D: NTFS RAID1+0 36 GB 15% Ntds.dit CD-RW E: CDFS N/A N/A N/A N/A FLOPPY A: N/A N/A N/A N/A N/A SHARE Z: NTFS RAID-5 60 GB 80% Shared Folders Certidea.com instructs you to create an Automated System Recovery (ASR) backup set for Certidea-DC3. You first insert a blank CD-ROM into Certidea-DC3's CD-RW drive, and a blank floppy disk into the floppy
drive.
You then start the Automated System Recovery Preparation wizard, and now need to indicate where the backup data will be stored. Configure the appropriate option in the provided dialog box complete the media backup portion of the ASR
backup procedure.
Answer:
The NTbackup utility does not support backing up to a CDRW. Therefore, we will need to select a local hard disk as the location for the backup file.
QUESTION 9
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the
Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
All Certidea.com executive's user accounts are members of a global group named Execs.
The Chief Executive Officer named Rory Allen creates a folder named ExecData on a server named
Certidea-SV2.
ExecData is to be a shared folder with all executives granted the ability to review employee documents.
Other executives must be able to browse and read the documents in ExecData, but they are not to have any
other permissions to the shared folder.
You have received instruction from the CIO to add the Execs global group to the Access Control List (ACL) on
the Security tab for the ExecData and configure permissions for the shared folder while making sure not to
grant any unnecessary permissions.
How will you accomplish the task? To answer, configure the appropriate option or options in the dialog box in
the work area.
Explanations
For managers to be able to browse and read, documents that are in the shared folder, you should assign the
allow Read .Execute, List Folder Contents and Read permissions.
NTFS Folder Permissions are as follows:
1.
Read -Enables objects to read the contents of a folder, including file attributes and permissions.
2.
Write -Enables objects to create new files and folders within a folder, write attributes and extended attributes on files and folders, and can read permissions and attributes on files and folders.
3.
List Folder -Gives objects the same rights as the Read permission, but also Contents enables the object to traverse the folder path beneath the folder where this permission is applied.
4.
Read .Execute -Gives objects the same rights as the List Folder Contents permission, but also enables the object to execute program files stored in the folder.
5.
Modify -Gives the object the same permissions as the Read, Write, List Folder Contents, and Read .Execute permissions, but also enables the object to delete files and folders within the designated folder.
6.
Full Control -Gives objects full access to the entire contents, including the capability to take ownership of files and change permissions on files and folders.
Answer:
QUESTION 10
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the
Certidea. com network run Windows Server 2003 and all client computers run Windows XP Professional.
The Certidea.com network contains a file server named Certidea-SV42.
Another administrator named Rory Allen shares a folder named UserData on Certidea-SV42.
Rory Allen wants all Certidea.com users to be able to create, modify, and delete files in the UserData folder.
However, when users try to create a document in the UserData folder, they receive an error message.
You have received instruction from the CIO to configure the permissions for the UserData folder so that users
can create, modify, and delete documents in the folder.
You must not grant any unnecessary NTFS or share permissions.
What should you do?
To answer, configure the appropriate option or options in the dialog boxes in the work area.
Explanations The "Change" share permission allows users to Read, Write, Execute (program files), and Delete files or folders. "Modify" NTFS permission also allows the users to Read, Write, Execute (program files), and Delete files or folders. These settings do not allow users to change the permissions or change the ownership of files.
Answer: QUESTION 11
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
Resources for the Certidea.com Research and Development department resides on a network share named ResearchDocs.
Members of a group named Research are allowed to run applications from the network share.
You have received instruction from the CIO to configure permissions on ResearchDocs for Research Managers group members.
Research Managers group members must be granted access to the same applications that are run by members of Research.
However, member of Research Managers must be assigned only the minimum level of required permissions.
Which permissions should you granted to Research group members? To answer, configure the appropriate options in the dialog box.
Explanations Read permissions are your most basic rights. They allow you to view the contents, permissions, and attributes associated with an object. If that object is a file, you can view the file, which happens to include the ability to launch the file, should it be an executable program file. If the object in question is a folder, Read permissions let you view the contents of the folder.
Answer:
QUESTION 12
You are the network administrator for Coho Winery. The network consists of a single Active Directory domain.
All servers run Windows Server 2003. All client computers run Windows XP Professional.
The user accounts for all Managers are in a global group named Managers. A manager named Roger shares
a folder as ManagerData on a computer named Server1.
Roger wants other managers to be able to add files to the shared folder.
Roger does not want other managers to have any additional permissions for the folder.
You add the Managers group to the ACL on the SECURITY tab of the folder.
How should you configure the ACL for ManagerData?
To answer, configure the appropriate option or options in the dialog box in the work area.
Answer:
QUESTION 13
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
Terminal Services is installed on Certidea-SV34, a member server. After a couple of days the Certidea.com help desk is inundated with calls from users reporting unacceptably slow response from the server.
Upon investigation you find that Certidea-SV34 has 75 disconnected sessions and 25 sessions that have been idle for at least three hours.
You have received instruction from the CIO to configure Certidea-SV34 to fulfill the following requirements:
1.
Disconnected sessions remain on the server for a maximum of 1 minute.
2.
Idle sessions remain on the server for a maximum of 30 minutes.
3.
Sessions idle for more than 30 minutes should automatically reset.
4.
Active sessions should NOT be affected. How will you accomplish the task? To answer, configure the appropriate option or options in the dialog box.
Explanations By default, most of the settings in the sessions tab are configured to use the user account property settings and several settings are grayed out. This can be overridden by selecting the check box next to Override user settings. When user settings are overridden, several settings are no longer grayed out; these include:
1.
End a disconnected session Used to specify the amount of time a disconnected session can remain running on the Terminal Services computer.
2.
Active session limit Used to specify the amount of time an actively used session can remain connected and in use.
3.
Idle session limit Used to specify the amount of time an idle session can remain connected to the Terminal Services computer. The first 'Override user settings' checkbox specifies that a session is ended when the session limit is reached or the connection is broken. That will ensure that disconnected sessions remain on the server for a maximum of one minute. You can specify the maximum time limit for a disconnected session to remain on the server by configuring the End a disconnected session' option; the maximum time limit that a user session can remain active on the server by configuring the 'Active session limit' option; and the maximum time limit for a session to remain idle by configuring the 'Idle session limit' option. This should keep idle sessions on the server for a maximum of 30 minutes and reset them automatically. The second 'Override user settings' checkbox specifies the type of action to be taken when the session limit is reached.
Answer:
QUESTION 14
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
The Research department has a server named Certidea-SV.
Certidea-SV hosts a secured application that is shared among several users in the Research department. All users of the application must log on locally to Certidea-SV.
You have received instruction from the CIO to create desktop shortcuts that must be available only to new users of Certidea-SV, pointing to the application.
Which folder or folders should be modified? (Choose all that app!y)
To answer, select the appropriate folder or folders in the work area.
Explanations When a new user logs on to a machine for the first time, a new profile is created for that user. The "Default User" profile is copied and given the same name as the username. Any settings in the Default User profile will be applied to any new users. Incorrect Answers:
All Users: Settings in this profile apply to all users of the machine, including current users. This is contrary to
the requirements set out in the question. Administrator, CWilson, MHamm, User:
These are all user profiles, i.e. Profiles belonging to users who have logged in to the computer.
Answer:
QUESTION 15
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
Certidea.com issues a new security policy that requires that driver signing is required on all network computers before hardware drivers can be installed
The manager of the IT department instructs you to configure a Group Policy Object (GPO) to enforce the new security requirement.
You open the Group Policy Object Editor, as shown in the work area. On which node in the treeview pane should you configure Driver Signing?
To answer, select the appropriate node in the Group Policy Object Editor.
Explanations Every device that is attached to a computer requires software, known as a device driver, is to be installed on the computer to enable it to function properly. Every device requires a device driver to communicate with the operating system. Device drivers that are used with the Microsoft Windows operating systems are typically provided by Microsoft and the device manufacturer. Each device driver and operating system file that is included with Windows has a digital signature. This setting can be located in the LOCAL POLICIES section.
Answer: QUESTION 16
The Certidea.com network consists of a single Active Directory forest that contains two domains named us.Certidea.com and uk.Certidea.com.
The functional level of both us.Certidea.com and uk.Certidea.com is set at Windows 2000 mixed.
You are the network administrator of the us.Certidea.com domain.
The us.Certidea.com domain contains five domain controllers.
Three of these domain controllers run Windows 2000 Server while the other two run Windows Server 2003.
Explanations Distribution groups can be used only with e-mail applications (such as Exchange) to send e-mail to collections of users. Distribution groups are not security-enabled, which means that they cannot be listed in discretionary access control lists (DACLs) discretionary access control lists (DACLs) The part of an object's security descriptor that grants or denies specific users and groups permission to access the object. Only the owner of an object can change permissions granted or denied in a DACL; thus, access to the object is at the owner's discretion. If you need a group for controlling access to shared resources, create a security group. Security groups are used with care; security groups provide an efficient way to assign access to resources on your network. Using security groups, you can:
1.
Assign user rights to security groups in Active Directory.
2.
Assign permissions to security groups on resources. A group can be converted from a security group to a distribution group, and vice versa, at anytime, but only if the domain functional level is set to Windows 2000 native or higher. No groups can be converted while the domain functional level is set to Windows 2000 mixed. Domain local groups can contain other domain local groups in the same domain, global groups from any
domain, universal groups from any domain, user accounts from any domain, and computer accounts from any domain.
Answer:
QUESTION 17
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the
Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
Resources for the Certidea.com Research and Development department resides on a network share named ResearchDocs. Members of a group named Research are allowed to run applications from the network share.
You have received instruction from the CIO to configure permissions on ResearchDocs for Research Managers group members.
Research Managers group members must be granted access to the same applications that are run by members of Research.
However, member of Research Managers must be assigned only the minimum level of required permissions.
Which permissions should you granted to Research group members? To answer, configure the appropriate options in the dialog box.
Explanations Read permissions are your most basic rights. They allow you to view the contents, permissions, and attributes associated with an object. If that object is a file, you can view the file, which happens to include the ability to launch the file, should it be an executable program file. If the object in question is a folder, Read permissions let you view the contents of the folder.
Answer: QUESTION 18
Your company network is composed of Active Directory domain. This domain has a domain controller named Certidea-DCl.
The security policy setting on Certidea-DC1 is shown in the exhibit.
You network issues a new security policy that requires that only hardware that is listed on the Windows Server Catalog may be installed on network servers.
You need to change the policy settings for Certidea-DClso that it complies with the new security policy requirement.
Which policy setting should you modify? To answer, select the appropriate policy in the exhibit.
Explanations Driver signing is a method for marking or identifying driver files that meet certain specifications
or standards. Windows Server 2003 uses a driver-signing process to make sure drivers are certified to work correctly with the Windows Driver Model (WDM) in Windows Server 2003. By modifying the Unsigned Driver installation behavior, you will be able to comply with company regulations regarding security policy.
Answer:
QUESTION 19
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
The Certidea.com network contains a member server named Certidea-SV5.
On May 30, 2003 you enable shadow copies, as well as install the Previous Versions client software on Certidea-SV5.
You also create a Microsoft Access database and import data into it on the same day.
The database is saved as sales.mdb in a shared folder on Certidea-SV5.
You open sales.mdb on June 3, and make substantial additions and deletions.
But on June 4, you find that you have to access and edit data that you deleted from sales.mdb the previous day. What should you do?
Select the correct options in the dialog box below to make sure that your additions of the previous day are not lost.
Explanations Since the data was significantly changed on June 03, it stands to reason that before you opened the file on June 03, there were no changes to the file that was loaded then. Thus you need to load the June 03 file. One however has to be careful when rolling back: If you want to replace the current version of a file with an older version, you can use the Restore button on the Previous Versions tab. When this button is clicked, a warning message appears, asking if you're sure you want to roll back the current version to the previous version of the file. If you click Yes, the current file is overwritten with the older one. Sometimes, when using the Previous Versions tab, you might find that no previous versions of files are listed, or the Previous Versions tab itself doesn't appear. When no previous versions are listed, it means that no changes have been made to the file.
Answer:
QUESTION 20
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the
Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
The Certidea.com network contains a member server named PAS54SURE-SV8.
You run differential backups of Certidea-SV8 every Monday, Tuesday, Wednesday, and Thursday nights.
You also run a normal backup every Friday night.
Prior to installing a new application on Wednesday, you first perform a copy backup of Certidea-SV8.
After restarting Certidea-SV8 you immediately realize that the new application has corrupted files located on
the server, so you uninstall the application.
You now want to restore the corrupted files on Certidea-SV8 to their original state as quickly as possible.
Place the action or actions that you should perform to accomplish this in the correct order by dragging the
appropriate action to its corresponding box?
Explanations A 'copy' backup is a full backup. It backs up all the files. The difference between a copy backup and a full backup is that the full backup clears the archive bits. The Backup utility supports five methods of backing up data on your computer or network. Copy backup, Daily backup, Differential backup, Incremental backup as well as normal backup. The Differential backup only backs up files that have their archive bits set (turned on) to indicate that they have been modified since the last normal or incremental backup. Each backed-up file's archive bit is not changed; in this way, you can perform other types of backups on these files at a later time.
In addition, a Normal backup is where all files that are selected for backup are backed up and each backed-up file's archive bit is cleared.
Answer:
QUESTION 21
You work as the network administrator at Certidea.com. As part of you duties you installed a new Windows Server 2003 computer in an existing subnet for server computers.
The switch that manages this subnet uses full duplex Fast Ethernet connections.
The Windows Server 2003 computers functions as a file server.
Users have only intermittent network access to the file server.
You have received instruction from the CIO to ensure that users maintain a consistent connection to the file server.
How will you accomplish the task? To answer, drag the appropriate setting or settings to the correct location in the work area.
Answer: QUESTION 22
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the
Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
Certidea.com has given you the responsibility of backing up all Certidea.com's servers.
Each server is configured to back up to a centrally located tape device.
The tapes that are created on this device are collected on a daily basis and stored off-site.
When a backup tape has to be retrieved from off-site storage, a charge is incurred.
A new Certidea.com server, which hosts the share that will be the repository for confidential legal and financial
files, is currently being assembled.
You must make sure that all modified files on the new share will be backed up, and that the entire share can be restored quickly.
The restoration of the entire share must be accomplished using the least amount of backup tapes.
Design the backup schedule that would satisfy these requirements by dragging the appropriate backup type to
a day of the week in the work area.
Explanations Normal Backup backs up all files and sets the archive bit as marked for each file that is backed up. Requires only one tape set for the restore process. To ensure that all modified files on the new share will be backed up as well as that the entire share can be restored quickly, requiring only the minimum number of tapes to be retrieved from off-site storage, you should make use of normal backups under the circumstances as described in the question.
Answer:
QUESTION 23
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the
Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
You join a new server named Certidea-SV3 to the domain.
Certidea-SV3 will host critical business applications and confidential data.
You create several local accounts on Certidea-SV3. These accounts will be used to manage the applications.
The applications are configured to use a local account. Some Certidea.com users complain that they are having difficulty accessing an application on Certidea-SV3.
You need to gather more information. You want to enable auditing of all access attempts through a local account on Certidea-SV3.
You only want to track the data that is necessary. What should you do?
To answer, drag the appropriate setting or settings to the correct policy or policies in the work area.
Explanations Success Audit -Indicates the occurrence of an event that has been audited for success. For example, a Success Audit event is a successful logon when system logons are being audited. Failure Audit -Indicates the occurrence of an event that has been audited for failure. For example, a Failure Audit event is a failed logon due to an invalid username and/or password when system logons are being audited. These would be the only necessary information in this case.
Answer: QUESTION 24
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
The Certidea.com manager creates a new folder on the server. Users should be able to create, edit, and delete documents in the folder.
You have received instruction from the CIO to configure the appropriate permissions.
You add the Authenticated Users group to the ACL on the Sharing tab and the ACL on the Security tab for the new folder. How will you accomplish the task?
To answer, drag the appropriate share permissions and NTFS permissions to the correct location or locations in the work area.
Explanations
Share permission: Change NTFS permission: Modify One has to keep in mind that
(1)
Both NTFS and share permissions are cumulative. If a user belongs to more than one group, and two or more of these groups are assigned permissions on a file or folder, the user's effective permissions (NTFS or share) on the file or folder is the sum of all the groups' permissions.
(2)
When determining the effective permissions on a file or folder access through a share, the more restrictive permissions (that is, the cumulative effective NTFS permissions or the cumulative effective share permissions) are the ones applied. And
(3)
Assign user rights to groups whenever possible, assigning user rights to individual user accounts is difficult to manage.
Answer:
QUESTION 25
The Certidea.com network consists of a single Active Directory domain named Certidea.com. All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP Professional.
You are currently running a normal backup every Monday night and incremental backups every Tuesday, Wednesday, Thursday, and Friday nights of a Certidea.com member server.
All of these backups are stored on magnetic tape.
You receive a report from a user on Thursday morning, who says that a folder containing several files is missing from a shared folder on the server.
The user also reports that the folder was there on Tuesday afternoon.
After examining the backup logs for the most recent Monday, Tuesday, and Wednesday backups, you find that the folder and the files that are now missing is included in each backup log.
You have received instruction from the CIO to restore the latest version of the missing folder and files by using the least amount of administrative effort.
Place the action or actions that you should perform to accomplish this in the correct order by dragging the appropriate action to its corresponding box?
Explanations An incremental backup is a backup type that backs up only the files that have changed since the last normal or incremental backup. It sets the archive attribute (indicating that the file has been backed up) on the files that are backed up. Thus you should restore the folder from the incremental backup performed on the Wednesday since the folder that was present on the Tuesday still was missing on the Thursday morning. This option represents the least effort and tapes to use when restoring that particular folder.
Answer: QUESTION 26
The Certidea.com network consists of a single Active Directory domain named Certidea.com.
All servers on the Certidea.com network run Windows Server 2003.
Certidea.com has branch offices in Paris, Berlin, Milan, Madrid, Stockholm, Warsaw, Minsk, and Athens.
One branch office contains four servers, whose roles and applications are shown in the work area.
All servers except Certidea-DC01 are member servers. The same branch office contains 250 client computers.
All of them run Windows XP Professional and Microsoft Office XP. The Microsoft Windows Update Web issues
two updates.
Update 1 is an MSI file that applies to Office XP.
Update 2 is a critical security update that applies to Windows XP Professional.
You have received instruction from the CIO to configure the appropriate servers to deploy these updates. How
will you accomplish the task?
To answer, drag the appropriate updates to the correct servers in the work area.
Explanations
Update 2 for Windows XP will be deployed with SUS services. Update 1 for Office will be deployed using a group policy from a domain controller. Since all clients run on Windows XP and Update 1 is an MSI file that applies to Office XP, the domain controller should be configured with Update 1. In accordance the Software Update Services should be configured with Update 2 that has a critical security update applicable to Windows XP Professional.
Answer:
QUESTION 27
Arrange, in order, the steps that reflect the creation of a preconfigured roaming user profile. Use all steps provided. Drag the steps on the left to the proper locations on the right.
Answer:
QUESTION 28
The CertideaDept.com network consists of a single Active Directory domain named CertideaDept.com. All servers on the CertideaDept.com network run Windows Server 2003 and all client computers run Windows XP Professional.
CertideaDept.com establishes a new Finance department. The new department is located at the current office.
You need to create new user accounts for users in the Finance department.
You decide to use an existing script written in Microsoft Visual Basic, Scripting Edition (VBScript) to create new user accounts.
You need to modify the script and enable all new user accounts created from the script.
What should you do?
To answer, drag the appropriate line or lines of code to the correct location or locations in the work area.
Answer: QUESTION 29
The Certidea.com network consists of a single Active Directory domain named Certidea.com.
All servers on the Certidea.com network run Windows Server 2003 and all client computers run Windows XP
Professional.
The Certidea.com manager creates a new folder on the server.
Users should be able to create, edit, and delete documents in the folder.
You have received instruction from the CIO to configure the appropriate permissions.
You add the Authenticated Users group to the ACL on the Sharing tab and the ACL on the Security tab for the
new folder.
How will you accomplish the task?
To answer, drag the appropriate share permissions and NTFS permissions to the correct location or locations
in the work area.
Explanations
Share permission: Change NTFS permission:
Modify One has to keep in mind that
(1)
Both NTFS and share permissions are cumulative. If a user belongs to more than one group, and two or
more of these groups are assigned permissions on a file or folder, the user's effective permissions (NTFS or share) on the file or folder is the sum of all the groups' permissions.
(2)
When determining the effective permissions on a file or folder access through a share, the more restrictive permissions (that is, the cumulative effective NTFS permissions or the cumulative effective share permissions) are the ones applied. And (3) Assign user rights to groups whenever possible, assigning user rights to individual user accounts is difficult to manage.
Answer: