70 291

2/10/2015
70-291
Name:
ID:
Email:
70-291
True/False
Indicate whether the sentence or statement is true or false.
1. A DHCP server that is located on a member server and that is a member of a workgroup must be authorized before it can respond to DHCPDISCOVER messages?
2. The DHCP Server service is installed on Microsoft Windows Server 2003 by default.
3. A DHCP database is a distributed database similar to a DNS database?
4. Microsoft Windows Server 2003 DHCP Server supports both automatic and manual backups?
5. When you install Microsoft Windows Server 2003, DNS is installed automatically.
6. Host computers typically use iterative queries.
7. A Microsoft Windows Server 2003 domain that utilizes an Active Directoryintegrated DNS zone can have a secondary DNS server running on a member server.
8. When a file that has been encrypted using EFS is copied from one folder on an NTFS file system drive to another folder on an NTFS drive, the file will remain encrypted?
9. Communication partners using IPSec require identical security policies.
10. SUS can be installed only on an NTFS file system partition.
11. A remote access connection must be authorized before authentication can take place?
Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.
12. APIPA addresses come from which address range?
a.
172.16.0.0 through 172.31.255.255
b.
169.254.0.0 through 169.254.255.255
c.
10.0.0.0 through 10.255.255.255
d.
192.168.0.0 through 192.168.255.255
13. What is the default lease period for a DHCP server running on Microsoft Windows Server 2003?
a.
24 hours
b.
3 days
c.
8 days
d.
5 days
14. When a Microsoft Windows XP client that is configured to use a DHCP server initializes, what type of message will it broadcast first?
a.
DHCPREQUEST
b.
DHCPINFORM
c.
DHCPDISCOVER
d.
DHCPNACK
15. From a DHCP server, a client receives an address that has a lease period of 6 days. At what point will the client first attempt to renew the lease?
a.
1 day
file:///C:/ce/08mar/08/Quiz/aqua/examv/70-291.htm
1/34
2/10/2015
70-291
b.
c.
d.
5 days
2 days
3 days
16. When a DHCP-enabled client is unable to contact a DHCP server and begins using an APIPA address, when will the client attempt to contact a DHCP server again?
a.
Every 30 minutes
b.
Every 5 minutes
c.
Never
d.
Every 10 minutes
17. An administrator has configured a DHCP server on a computer that is running Microsoft Windows Server 2003 in an Active Directory domain. A scope has been configured that has a valid range of addresses from
192.168.1.1 through 192.168.1.254. DHCP-enabled clients begin to initialize, and all receive addresses beginning with 169.256.x.x. What is the most reasonable step that the administrator should perform to allow the
DHCP server to begin responding to DHCP requests?
a.
Publish the DHCP server in Active Directory directory service.
b.
Reboot the client computers.
c.
Start and stop DHCP service on the clients.
d.
Authorize the DHCP server in Active Directory.
18. A valid range of addresses and associated configuration options that a DHCP server is configured to assign to DHCP-enabled clients is referred to as a what?
a.
DHCP scope
b.
Client reservation
c.
Client lease
d.
Scope option
19. If a client on a routed network is not on the same segment as the DHCP server, which of the following can be configured to allow the client to obtain DHCP addressing information from the DHCP server?
a.
DHCP helper address
b.
Default gateway
c.
DHCP proxy
d.
DHCP relay agent
20. A network administrator has a single Class C address space, which is 194.10.10.0. The network consists of 150 users who are logged on to the network at all times and 150 sales users who have portable computers and
who are periodically logged on to the network for short intervals. What recommendation would you make with regard to the lease period?
a.
Extend the default lease period to 10 days.
b.
No action is required; you should have an adequate number of addresses.
c.
Decrease the default lease period to 1 day.
d.
Decrease the default lease period to 8 days.
21. You administer a network that has 75 client computers configured to dynamically receive IP address configuration. The DHCP server has been configured using a DHCP scope with a configured IP address range of
170.34.32.1 to 170.34.32.255 and a 24-bit mask. The network consists of a Microsoft Windows Server 2003 domain and Microsoft Windows XP clients configured as DHCP clients. Users of the client computers
cannot access other computers or resources on the network. Which of the following options should you use to resolve the problem?
a.
Activate the scope.
b.
Reboot the DHCP server.
c.
Increase lease duration.
d.
Change the ending IP address to 170.34.38.255.
e.
Re-create the scope using a subnet mask of 255.255.244.0.
22. While creating a DHCP scope, you create an exclusion range for the printers on your network. You also create client reservations for each printer. None of the printers receives an IP address from DHCP. How should you
resolve the problem?
a.
Remove address reservations for the printers.
b.
Remove the exclusion range for the printers.
c.
Disable address conflict detection.
2/34
2/10/2015
70-291
d.
Enable address conflict detection.
23. You configure a DHCP scope with a 15-day lease period and a 21-bit subnet mask. How can you change the lease period so that it is unlimited with the least amount of administrative effort and DHCP server downtime?
a. Delete the existing scope and use the New Scope Wizard to create a new scope. Specify an unlimited lease period.
b. Edit the properties of the scope within the DHCP console, and change the lease period to unlimited.
c. Delete the existing scope and use the Scope Wizard to create a new scope. When the wizard is complete, edit the properties of the new scope to reflect an unlimited lease period.
Activate the new scope.
d. Disable the existing scope and edit the properties of the scope within the DHCP console. Change the lease period to unlimited.
24. DHCP is based heavily on which protocol?
a.
Address Resolution Protocol (ARP)
b.
Reverse Address Resolution Protocol (RARP)
c.
Bootstrap Protocol (BOOTP)
d.
Domain Name System (DNS)
25. You add new computers to your DHCP-enabled network; soon after, you discover that users have occasional problems accessing resources on the network using TCP/IP. Which of the following solutions could solve this
problem?
a. Add additional IP addresses to the DHCP scope to include enough addresses for all computers.
b. Authorize the DHCP server in Active Directory directory service.
c. Create a new scope to include the new client computers.
d. Change the problematic client computers to use NetBIOS H mode broadcasting.
26. You are the network administrator for Wingtip Toys. Your network consists of 85 desktop client computers and 55 portable computers, all of which run on Microsoft Windows XP Professional. Only 20 of the users of the
portable computers are ever in the office at the same time. Wingtip Toys purchased a subnetted Class B address space with a 25-bit mask. All users require Internet access while in the office. How should you configure
DHCP?
a.
Create two scopes that have different lease durations.
b.
Create manual reservations for all portable computer users.
c.
Create one scope that has two user classes, each with different lease durations.
d.
Create one scope that has two vendor classes, each with different lease durations.
27. You are the administrator of a Microsoft Windows Server 2003 network. The network consists of two Windows Server 2003 computers named Toledo and Cleveland and 275 Microsoft Windows XP Professional
computers. Toledo is a DHCP server. The DHCP server provides the TCP/IP configuration for all Microsoft Windows XP computers. Toledo and Cleveland have manually configured IP addresses. Toledo frequently
hosts multicast-based video and audio conferences. You want to dynamically allocate multicast addresses. How should you configure the network?
a. On the DHCP server, create and activate a multicast scope with a range of Class D addresses.
b. On Toledo, configure routing and remote access to enable the Internet Group Membership Protocol (IGMP) routing protocol in proxy mode on the LAN interface.
c. Enable router discovery on the Windows XP Professional computers.
d. Add a route for network destination 224.0.0.0 and mask 224.0.0.0 on the Windows XP Professional computers.
28. When would a client computer receive a DHCPNACK message?
a. When a DHCP server receives a request from a client to renew a lease and is in the process of completing the renewal
b. When a DHCP server receives a request from a client to renew a lease but cannot renew the lease
c. When a DHCP client must acknowledge the receipt of a DHCPOFFER
d. When a DHCP client accepts a lease
29. You are the administrator of a Microsoft Windows Server 2003 network that consists of two subnets that are connected by a router. Active Directory directory service is implemented on the network. The DHCP server is
installed on subnet 1, and the DHCP relay agent has been enabled on subnet 2. Clients on subnet 1 receive the correct IP configuration, but clients on subnet 2 receive addresses in the 169.254.x.x range with a subnet
mask of 255.255.0.0. Of the following options, which is the most likely reason that clients on subnet 2 are not receiving the correct configuration?
a.
The DHCP relay agent is not installed on the DHCP server.
b.
c.
d.
The DHCP server is not authorized in Active Directory.

The DHCP relay agent is configured with an incorrect IP address for the DHCP server.
The DHCP relay agent has not been activated.
3/34
2/10/2015
70-291
30. As a network administrator, you are deploying DHCP on your Microsoft Windows Server 2003 network. You want to ensure that all of your print devices receive the same IP address each time they initialize. What step
should you take to ensure that DHCP assigns the same address to the print devices?
a.
Configure client reservations for each print device interface.
b.
Configure a lease that will never expire.
c.
Configure address exclusion for the print devices.
d.
Statically configure the IP address for all print devices.
31. You are a network administrator and you have statically assigned IP addresses to each of your network servers. What should you do to ensure that DHCP does not assign the addresses you have statically assigned to the
network servers?
a. Exclude the addresses of the servers from the DHCP scope.
b. Create client reservations for the network servers.
c. Set the lease to never expire.
d. No action is required. DHCP will recognize that the addresses are in use and will not assign them again.
32. You must deploy DHCP on your network. The network has three physical segments that are separated by a Microsoft Windows Server 2003 server that is configured to act as a router. You configure three subnets, or
multinets, using the following range of addresses:
Subnet 1: 172.16.1.0 through 172.16.1.254
Subnet 2: 172.16.2.0 through 172.16.2.254
Subnet 3: 172.16.3.0 through 172.16.3.254
How should you define the three address ranges on the DHCP server?
a.
Create one scope that includes all of the address ranges and use DHCP relay agents.
b.
Define a superscope that includes a separate scope for each address range.
c.
Create a scope for each subnet; no further action is required.
d.
Configure DHCP on three computers, one for each subnet.
33. You are the administrator of a Microsoft Windows Server 2003 network. The network consists of two Windows Server 2003 computers, named server 1 and server 2, and 200 Microsoft Windows XP Professional client
computers. Server 2 is a DHCP server that provides the TCP/IP configuration of all the Windows XP Professional computers. Server 1 frequently hosts multicast-based video and audio conferences. Several clients report
that they do not receive any multicast communications. You ask your assistant to troubleshoot this problem by using the Ipconfig command on one of the client computers to verify that the client is receiving a multicast
address from the DHCP server. Which of the following addresses would indicate that the client is receiving a multicast address from the DHCP server?
a.
192.168.239.4
b.
172.16.237.4
c.
237.10.10.4
d.
10.1.1.1
34. You are a network administrator and have been asked to configure a DHCP relay agent. What option in Administrative Tools would you use to complete this task?
a.
DHCP management console
b.
DHCP relay manager
c.
Routing And Remote Access
d.
DNS
35. Your Microsoft Windows Server 2003 network has 100 clients and uses DHCP with a scope that is configured to issue an internal address in the range of 192.18.1.0 through 192.168.1.254. You have been asked to set
the DCHP lease period to the longest possible setting. What should you do?
a.
Keep the DHCP lease period at the default length of 8 days.
b.
Set the DHCP lease period to 60 days.
c.
Set the DHCP lease period to unlimited.
d.
Set the DHCP lease period to 999 days.
36. A client that runs Microsoft Windows XP with default settings will rely on DHCP to update which type of records in DNS?
a.
A resource records
b.
SRV resource records
4/34
2/10/2015
70-291
c.
d.
PTR resource records

Both SRV and PTR resource records
37. Secure dynamic updates are available in which type of DNS zone?
a.
Standard primary
b.
Secondary
c.
Active Directoryintegrated
d.
Standard primary and secondary
38. Which command should you use to force a client to renew its DNS registration?
a.
Ipconfig /renew
b.
Ipconfig /renewdns
c.
Ipconfig /all
d.
Ipconfig /registerdns
39. How often will Microsoft Windows Server 2003 perform an automatic backup of the DHCP database if the default settings are not altered?
a.
Every 24 hours
b.
Every 30 minutes
c.
Every 120 minutes
d.
Every 60 minutes
40. Which DHCP management process is used to recover unused space in the DHCP database?
a.
Reconciling
b.
Compacting
c.
Restoring
d.
Removing
41. You are a network administrator of a Microsoft Windows Server 2003 network that has Microsoft Windows 2000 and Microsoft Windows XP clients. The network runs DHCP and DNS with default settings. How will
the DNS server receive updates of client A and PTR resource records?
a. Client computers will update both A and PTR records dynamically.
b. Client computers will depend on DHCP to update both A and PTR records.
c. Client computers will update the A records, and the DHCP server will update the PTR records.
d. Client computers will update the A records. The PTR records will not be updated if default settings are used.
42. Your Microsoft Windows Server 2003 domain has Microsoft Window XP and Microsoft Windows 98, Second Edition clients. Your network runs DHCP and DNS. You notice that none of the Windows 98 clients can
be contacted using their host names. What change should you make?
a. Remove the DNS server and install a WINS server.
b. Choose the DHCP option to dynamically update the DNS and PTR records only if requested by DHCP clients.
c. Choose the DHCP option to dynamically update the preWindows 2000 clients.
d. Choose the DHCP option to dynamically update DNS A and PTR records for DHCP clients that do not request updates.
43. You are a network administrator of a Microsoft Windows Server 2003 domain that is configured to use secure dynamic updates for DNS. The network clients have just been updated from Microsoft Windows NT 4 to
Microsoft Windows 2000, and the DHCP server has been set to never update DNS on behalf of clients (the DHCP servers original setting was to always update DNS). You notice that the Windows 2000 clients do not
update DNS. Which of the following could be the cause of the problem?
a.
The DNS zones are incorrectly set to Active Directoryintegrated.
b.
The DHCP server is not a member of the DnsUpdateProxy security group.
c.
The DNS server is not a member of the DnsUpdateProxy security group.
d.
The Windows 2000 clients should be upgraded to Microsoft Windows XP Professional.
44. You must perform a manual backup on a DHCP server named DHCP1. You would like the backup file to be stored on a computer named Server1. Which of the following steps must you take to complete this task?
a. In the Advanced tab of the DHCP server properties page, specify the Universal Naming Convention, or UNC, path to the correct location on the remote server.
5/34
2/10/2015
70-291
b. In the DHCP server properties page, specify a local path to initially store the back-up, and then copy the backup file to the correct location on the remote server.
c. You cannot specify a path for a manual backup. The backup file will always be stored in the %systemroot%\System32\Dhcp\Backup\New directory.
d. Set the properties on the DHCP server to always store backup files on Server1.
45. You are the network administrator of a Microsoft Windows Server 2003 network that has 1,200 DHCP clients. You notice that the Dhcp.mdb file is 35 megabytes in size. What action can you take to improve the
performance of DHCP?
a.
Perform an offline compaction of the DHCP database using the Jetpack utility.
b.
Do nothing. A 35-megabyte Dhcp.mdb file is acceptable.
c.
Manually delete some of the older entries in the DHCP database.
d.
Perform an online compaction of the DHCP database.
46. When DHCP audit logging ends at 12:00 A.M. and there is a current log file with the same name that has been modified within the last 24 hours, what action will DHCP take in regards to the current log file?
a.
The log file is overwritten.
b.
A new log file is automatically saved under a different file name.
c.
New logging activity is appended to the current log file.
d.
The new log file is not saved.
47. You have audit logging enabled on your DHCP server with the default settings.
It is 12:00 A.M., and the DHCP server has performed a disk check and has determined that DHCP audit files are currently using 50 megabytes of disk space. The current audit file is 10 megabytes, and 15 megabytes of
free space is available on the disk. How will the DHCP server handle the current file?
a. The current file is saved and an administrative alert is listed in the Event Viewer.
b. Logging ceases and the DHCP server will continue to perform disk checks until more than 20 megabytes of free space is available.
c. The file is saved with no additional action.
d. DHCP automatically compacts the file and writes it to the disk.
48. Your DHCP database has recently been restored from a manual backup. The manual backup file did not contain all of the current records. After restoring the database, you notice that no active leases are displayed in the
DHCP console. What additional step should you take?
a.
Stop and restart DHCP.
b.
Delete the manually restored database and restore from an automatic copy.
c.
Reboot the DNS server.
d.
Reconcile the DHCP database.
49. You have been asked to perform an offline compaction of the DHCP database on one of your Microsoft Windows Server 2003 DHCP servers. What command-line tool would you use to accomplish this?
a.
The Compact utility
b.
The Compress utility
c.
The Jetpack utility
d.
The Dhcpcompress utility
50. As a network administrator, you must perform a manual restore of the DHCP database. When prompted, you chose the folder that contained the automatic backup files; however, you were unsuccessful in restoring the
database. What is the most likely cause of this problem?
a. The automatic backup files were too old to restore.
b. You cannot manually restore a file that was created through the automatic backup process.
c. To restore a file that was created through the automatic backup process, you must specify an automatic restore in the DHCP console.
d. Manual restores are not permitted in DHCP.
51. When you perform a backup of the DHCP database, which of the following items are backed up?
a.
All scopes, superscopes, and multicast scopes
b.
Client reservations
c.
Leases
d.
Options
e.
All of the above
6/34
2/10/2015
70-291
52. Your Microsoft Windows Server 2003 network is set to allow only secure dynamic updates. Your network clients were running Microsoft Windows NT 4 until you upgraded them to Microsoft Windows XP two days
ago. DHCP is set to dynamically update DNS on behalf of the Window NT 4 clients. Since the update, you notice that none of the Windows XP clients will update their A resource records in DNS records. What is the
most likely cause of this?
a.
Windows XP clients cannot update DNS resource records.
b.
c.
Windows XP cannot send secure dynamic updates.
d.
The DHCP server is not set to the default configuration.
53. Your DHCP database is corrupt, and you are forced to perform a manual restore. The database restore was successful. The week after the restore, you ask one of your junior administrators to make a change to the
DHCP server. The junior administrator is not a member of the Administrators group, but has been given permissions to administer the DHCP database. Your assistant reports that she is not able to administer the DHCP
database. What is the most likely reason the assistant cannot administer the database?
a. Security credentials are not backed up by DHCP. After you perform a restore, you must reconfigure security credentials associated with the DHCP database.
b. Only members of the Administrators group can administer the DHCP server.
c. You incorrectly assigned permissions to the junior administrators user account.
d. The junior administrator must be a member of the Domain Administrator group to administer the DHCP server.
54. You are concerned about the size of your DNS database. You made changes to your DHCP server a month ago and have noticed that your DNS server database is growing. You have not added any new client computers
to the network. You investigate and determine that the database has resource records for clients that are no longer on your network. What should you do to correct this problem?
a. Compact the DNS database.
b. Reconcile the DHCP database.
c. Manually delete each of the old records from the database.
d. Configure the properties of DHCP to remove the clients resource records from DNS when the DHCP lease expires.
55. You have been asked to configure a DHCP server or your network. Your network will utilize the Secure Dynamic Update feature available in Microsoft Windows Server 2003. Your network consists of 5 domain
controllers, 2 member servers, and 100 Microsoft Windows XP Professional clients. The DHCP server should be installed on which type of computer?
a.
A domain controller
b.
A member server
c.
A Microsoft Windows 2000 Professional client
d.
Any one of the above
56. Which action must be taken if you want to configure a DHCP server to update both A resource records and PTR resource records on behalf of a Microsoft Windows NT 4 client?
a. No action is required.
b. In the DNS tab of the DHCP server properties dialog box, select c. Dynamically Update DNS A And PTR Records For DHCP Clients That Do Not Request Updates.
c. Which action must be taken if you want to configure a DHCP server to update both A resource records and PTR resource records on behalf of a Microsoft Windows NT 4 client?
d. In the DNS tab of the DHCP server properties dialog box, select Always Dynamically Update DNS A And PTR Records.
e. Register the client as a dynamic host with the DHCP server.
57. You suspect that the DHCP database has become inconsistent on one of the scopes. Which tool can you use to check database integrity and reconcile the database for that scope?
a.
The DHCP console
b.
The Netdiag command-line utility
c.
The Nbtstat command-line utility
d.
The Netstat command-line utility
58. You have not modified the default settings for DNS on the DHCP server that is running the Microsoft Windows Server 2003 operating system. Which of the following client records will be updated in DNS by the DHCP
server? (Assume that the clients are running Microsoft Windows XP.)
a.
The PTR resource record
b.
The A resource record
c.
Both the PTR and the A resource records
d.
Neither the PTR nor the A resource record
59. For a zone in which only secure dynamic updates are allowed, you have configured your DHCP server to perform dynamic updates on behalf of Microsoft Windows NT 4 clients. All other dynamic DNS settings on the
7/34
2/10/2015
70-291
DHCP server have the default settings. After you migrate the clients to Microsoft Windows XP, you find that their A resource records are no longer being updated. What is the most likely explanation for this problem?
a. Secure Dynamic Updates must be disabled when client operating systems are upgraded.
b. The DHCP server is not a member of the DnsUpdateProxy security group.
c. The Windows XP clients have not been rebooted after the upgrade from Windows NT 4.
d. The default DHCP configuration will not allow Windows XP clients to update resource records.
60. Your Microsoft Windows Server 2003 domain has three DHCP servers and is configured for secure dynamic updates. All of your DHCP servers are also domain controllers and all three are members of the
DnsUpdateProxy security group. You have recently learned that this configuration presents security risks that are unacceptable under your companys security policy. What could you do to improve security while
continuing to allow clients and DHCP servers to securely update resource records in DNS?
a.
Remove the DHCP server from the DnsUpdateProxy security group.
b.
Place all DHCP servers on member servers.
c.
Disable Secure Dynamic Updates.
d.
Configure DHCP to always dynamically update DNS A and PTR records.
61. While reviewing DHCP server logs, you notice several entries with event ID 15, which indicates that a lease was denied. You would like to determine how long this has been occurring and what is causing this error. The
DHCP server has been online for only three weeks. To begin troubleshooting this problem, you ask your assistant to provide you with the DHCP logs from the previous three weeks. Your DHCP server has logging
enabled with the default configuration. Your assistant reports that he cannot locate DHCP logs for the past three weeks. What is preventing your assistant from obtaining these logs?
a.
The assistant user account does not have adequate privileges.
b.
c.
A DHCP server with default configuration keeps logs for only seven days.
d.
DHCP logs are erased every 24 hours.
62. You are the network administrator of a Microsoft Windows Server 2003 network. The network has 1,000 clients of which 300 are running Microsoft Windows 98. You are experiencing an unusually high level of duplicate
address assignments. What could you do to eliminate this problem with the least amount of administrative effort?
a.
Upgrade all Windows 98 clients to Microsoft Windows XP.
b.
Enable server-based conflict detection on the DHCP server.
c.
Enable secure dynamic updates.
d.
Upgrade all Windows 98 clients to Microsoft Windows 2000.
63. You are a network administrator of a Microsoft Windows Server 2003 network. Your network is configured to use secure dynamic updates. Users complain that they cannot communicate with one of the Microsoft
Windows XP clients on your network using the clients host name. While troubleshooting this problem, you discover that there is not an A resource record for the client in the DNS database. All configurations appear to be
correct. What action could you take to force the Windows XP client to register with the DNS server?
a. Type ipconfig /registerdns at the command prompt on the Windows XP client computer.
b. Type ipconfig /renew at the command prompt on the Windows XP client computer.
c. Type ipconfig /registerdns at the command prompt on the DNS server.
d. Type ipconfig /renew at the command prompt on the DNS server.
64. Host name resolution on a Microsoft Windows Server 2003 network uses DNS to map which two items to one another?
a.
Host name to IP address
b.
FQDN to MAC address
c.
Host name to MAC address
d.
FQDN to IP address
65. Internet namespace has a hierarchical structure with the root domain located at the top of the structure. What is used to represent the root domain?
a.
.com
b.
.edu
c.
.net
d.
dot (.)
66. A host must communicate with a server on the same network. The host has the IP address of the server. What process will DNS use to obtain the name of the server?
a.
Standard lookup
b.
Forward lookup
8/34
2/10/2015
70-291
c.
d.
Reverse lookup
Inverse lookup
67. Your Microsoft Windows Server 2003 network is running DNS. The network has a DNS server with a standard primary zone and two DNS servers hosting standard secondary zones. You must make a manual entry in
the DNS database, and you would like this entry to replicate to all other DNS servers on the network. You must make the entry on which DNS server?
a.
You can make the entry on any of the DNS servers.
b.
You can make the entry on one of the servers that hosts a standard secondary DNS zone.
c.
You can make the entry on only the server that hosts the primary DNS zone.
d.
The update must be made on both secondary servers.
68. You are the administrator of a Microsoft Windows Server 2003 domain. Your domain has three DNS servers, which are located on domain controllers. Currently, you can create updates on only one of the DNS servers.
You would like to be able to make changes to the DNS database on any of the three DNS servers, and you want these changes to replicate to all other DNS servers in your domain. You should make which configuration
change?
a.
Convert all DNS servers to primary DNS servers.
b.
Convert all DNS server zones to Active Directoryintegrated zones.
c.
This cannot be accomplished.
d.
Create forwarding entries on the DNS servers with secondary zone files.
69. Microsoft Windows Server 2003 has three options for Active Directoryintegrated zone replication. Which of the following is not available as a replication option in Windows Server 2003?
a.
Replicate to all DNS servers in the forest.
b.
Replicate to all domain controllers in the domain.
c.
Replicate to all domain controllers that are DNS servers in the same domain.
d.
Replicate to all domain controllers that are also DNS servers in the entire forest.
70. You are the administrator at Lucerne Publishing. You administer the books.lucernepublishing.com Microsoft Windows Server 2003 Active Directory domain. Active Directoryintegrated DNS is configured on all domain
controllers in the domain. You configure a member server, ServerA, to host an internal Web site for the intranet. You want employees to access this Web site using the URL books.internal.lucernepublishing.com. What
should you do?
a. Create a CNAME resource record called books, and specify internal.lucernepublishing.com as the target host.
b. Create a new zone called internal.lucernepublishing.com. Create a CNAME resource record called books in that new zone, and specify ServerA.books.lucernepublishing.com as
the target host.
c. Create a CNAME resource record called books.internal, and specify ServerA.books.lucernepublishing.com as the target host.
d. Create a CNAME resource record called internal, and specify ServerA.books.lucernepublishing.com as the target host.
71. When a client queries a DNS server and requests the best answer that the DNS server can provide using only its own database, which type of query has been performed?
a.
Recursive
b.
Standard
c.
Iterative
d.
Secondary
72. To perform a recursive query, the DNS server must have the location of the root level DNS servers. By default, Microsoft Windows Server 2003 stores the root hints in which file?
a.
Root.dns
b.
Roothints.dns
c.
Forwarders.dns
d.
Cache.dns
73. When a DNS server that is configured to perform recursive queries cannot resolve a name or is not authoritative for the namespace, it must contact a higher-level DNS server. What will the DNS server use to locate DNS
servers that are higher in the DNS hierarchy?
a.
Root hints
b.
WINS
c.
SMTP
d.
Recursion
9/34
2/10/2015
70-291
74. Which type of DNS server contains a copy of the zone file and can respond to client queries but cannot be directly updated?
a.
Primary name server
b.
Secondary name server
c.
Master name server
d.
Caching-only name server
75. Your company uses a Microsoft Windows Server 2003 network that runs DNS. You would like to improve name resolution, but you do not want to increase replication traffic. What can you do to accomplish this?
a.
Add an additional primary name server
b.
Add an additional secondary name server
c.
Add a caching-only name server
d.
Add a WINS server
76. While viewing your DNS database, you see the following resource record:
na.contoso.com. IN NS nadcl.na.contoso.com.
What is the purpose of this resource record?
a.
To identify a name server
b.
To identify an Internet server
c.
To identify an individual host
d.
To identify an entire domain
77. For communication to exist on a TCP/IP network using DNS, each host must be identified by a resource record in the DNS database. Which type of DNS resource record is used to identify individual hosts?
a.
PTR records
b.
A records
c.
NS records
d.
SOA records
78. You must configure DNS to hide detailed information about your network but to still provide name resolution and access to your resources. What step can you take to accomplish this?
a.
Disable DNS and use WINS.
b.
Delete the DNS database and create a host file on all domain controllers.
c.
Use CNAME records in DNS to hide the identity of resources.
d.
DNS cannot hide the identity of network resources.
79. A ____ record is the A record in the parent zone for an authoritative DNS server hosting the child zone for the delegated subdomain.
a.
Glue
b.
PTR
c.
SOA
d.
Host
80. DNS servers perform iterative queries in the process of completing a recursive query. What do the DNS servers do with the information learned from the iterative queries?
a.
The information is discarded.
b.
The information is sent to the client to use with the next query.
c.
The DNS server caches the information for use with future queries.
d.
The information is used to update the Cache.dns file.
81. You are a network administrator for a Microsoft Windows Server 2003 network. To improve performance, you would like to reduce iterative queries by specifying where your DNS server forwards queries. What should
you do to accomplish this?
a. Configure standard forwarders with the address of the DNS servers to which requests should be forwarded.
b. Configure root hints pointing to the domains you want to resolve.
c. Configure conditional forwarding with the addresses of the DNS servers to which requests should be forwarded.
d. This cannot be accomplished.
10/34
2/10/2015
70-291
82. You are an administrator for a complex Microsoft Windows Server 2003 network that has several DNS servers. Your network performance has degraded, and you are concerned because most of your business is done
over the Internet. You surmise that DNS traffic is part of the problem. How can you reduce DNS traffic on your network?
a.
Create a forwarding, or forward-only, server.
b.
Upgrade all Microsoft Windows NT 4 clients to Microsoft Windows XP.
c.
Configure your DNS server to perform only recursive queries.
d.
Add a WINS server to your network.
83. You administer a private Microsoft Windows Server 2003 network that has a standard primary DNS server and a standard secondary DNS server. Both servers are used to resolve internal DNS names. Your network
has an external DNS server that is separated from the internal network by a firewall. Internal users complain that they cannot resolve names on the Internet. What should you do to resolve this problem?
a.
Edit the Cache.dns file.
b.
Configure the internal DNS servers to forward requests to the external DNS server.
c.
Remove the firewall.
d.
Configure a PTR record to the external DNS server on the internal DNS servers.
84. You are the administrator of a network that has three Microsoft Windows Server 2003 domain controllers and one Microsoft Windows NT 4 member server named Server Four. One of the Windows Server 2003
domain controllers hosts the primary DNS zone, and the Windows NT 4 member server acts as a secondary DNS server. You would like to convert your DNS structure to include only Active Directoryintegrated zones.
What step must you take to accomplish this?
a. Open the DHCP console on each server and choose Active DirectoryIntegrated for the zone type.
b. Delete the primary and secondary DNS zone files and reinstall DNS.
c. Upgrade the Windows NT 4 member server to a Windows Server 2003 domain controller.
d. The zone type cannot be changed.
85. You discover that an administrator has adjusted the default Time To Live (TTL) value for your companys primary DNS zone to 5 minutes. Which of the following is the most likely effect of this change?
a. Resource records cached on the primary DNS server expire after 5 minutes.
b. DNS clients have to query the server more frequently to resolve names for which the server is authoritative.
c. Secondary servers initiate a zone transfer every 5 minutes.
d. DNS hosts reregister their records more frequently.
86. Which DNS tool can be used from the command line to perform most DNS management functions?
a.
DNScmd
b.
Nslookup
c.
DNSLint
d.
Ipconfig
87. You are the administrator for a Microsoft Windows 2003 network. Users complain that they can access local resources but have difficulty accessing Internet resources. Which type of test should you run from the DNS
console to troubleshoot this problem?
a.
Recursive query to another DNS server
b.
Iterative query to a local DNS server
c.
Forward lookup query to the WINS server
d.
Ping your local DNS server
88. One of your Microsoft Windows XP clients issues an unsuccessful query for a remote domain. You suspect that the Cache.dns file that contains the root hints for your DNS server might contain inaccurate entries. What
could you do to test and verify that your DNS server is configured with the correct root hints?
a.
Issue an iterative query to your local DNS server.
b.
Open the folder named Root Hints and verify each IP address.
c.
Issue a recursive query to another DNS server.
d.
Query your WINS server for the address of the root server.
89. Which DNS management tool can be used to verify the consistency of a particular group of DNS resource records on multiple DNS servers?
a.
DNSLint
b.
Dnscmd
c.
Nslookup
11/34
2/10/2015
70-291
d.
Ipconfig
90. You are the network administrator for contoso.com, which uses the default settings for clients running Microsoft Windows XP and Microsoft Windows NT 4. Your Windows XP clients are configured to use DNS for
name resolution, and your Windows NT 4 clients are configured to register with a WINS server. Your Windows XP clients cannot communicate with the Windows NT 4 clients by NetBIOS name. What could you do so
that your Windows XP clients can communicate with the Windows NT 4 clients by NetBIOS name?
a. Configure your WINS server to forward name queries to the DNS server for name resolution.
b. Configure a HOSTS file on the WINS server with the NetBIOS names to IP address mapping for each Windows NT 4 client.
c. Install a secondary DNS server for the Windows NT 4 clients.
d. Configure your DNS server to forward name queries to the WINS server for name resolution.
91. Which command would you enter at the command prompt to display the contents of the DNS resolver cache?
a.
Ipconfig /all
b.
Ipconfig /dns
c.
Ipconfig /displaydns
d.
Ipconfig /show
92. Replication Monitor is a tool that monitors Active Directory replication. Which command is issued at the command prompt to start the Replication Monitor?
a.
Replmon
b.
Start
c.
Repl
d.
Replication Monitor cannot be started from the command prompt.
93. Which command can be issued at the command prompt to purge the DNS resolver cache?
a.
Ipconfig /clearcache
b.
c.
d.
Ipconfig /deletecache
Ipconfig /flushdns
Ipconfig /flushcache
94. Which of the following is not a DNS management tool?

a.
Nslookup
b.
Dnscmd
c.
DNSLint
d.
DNSmgt
95. As a system administrator, you perform a manual test on your DNS server. The results indicate that the iterative query was successful, but the recursive query failed. Which of the following is most likely the problem?
a.
Invalid root hints.
b.
The DNS server service is stopped.
c.
All root hints are valid.
d.
DNS monitoring is disabled.
96. You are a network administrator and you have been asked to determine the FQDN associated with 207.1.1.19. Which command will provide the requested information?
a.
Nslookup FQDN 207.1.1.19.
b.
Nslookup domain.
c.
Nslookup 207.1.1.19.
d.
Nslookup cannot perform this function.
97. You are a network administrator of a Microsoft Windows Server 2003 network. Your primary DNS server runs on a Windows Server 2003 server named DNS1. To allow fault tolerance, you have a secondary DNS
server that runs on a UNIX server named DNS2. To perform maintenance, you take the primary DNS server offline. While the primary DNS server is offline, users complain that they cannot access resources on your
network. What should you do to correct this problem?
a. Enable round robin on DNS1.
b. Enable netmask ordering on DNS2.
12/34
2/10/2015
70-291
c. Select the BIND Secondaries option on the DNS Advanced Server Properties page on DNS1.
d. Select the BIND Secondaries option on the DNS Advanced Server Properties page on DNS2.
98. You are the network administrator for Wingtip Toys. Your internal DNS server runs on a Microsoft Windows Server 2003 server. Your company maintains three Web servers that handle catalog sales. All three Web
servers maintain identical content and respond to the host name www.wingtiptoys.com. You would like to ensure that load balancing occurs among the three Web servers. Which action should you take to accomplish this?
a.
Enable round robin on the three Web servers.
b.
Enable round robin on the Advanced DNS Server Properties page of the DNS server.
c.
Configure each of the three Web servers with unique host names.
d.
Windows Server 2003 does not contain a load-balancing feature.
99. Your network consists of only Microsoft Windows Server 2003 servers and Microsoft Windows XP clients. To provide fault tolerance, your network has a primary DNS server and a secondary DNS server, both of
which use default configurations. While loading a zone file, your primary DNS server detects errors in the file. The DNS server will take which action?
a. The zone file will be loaded, but the DNS Server service will not start.
b. The zone file will be loaded. The errors will be logged and ignored.
c. The zone file will not be loaded. The DNS server will answer queries using cached information only.
d. The DNS server will not load the zone file, but will continue to attempt to load the file at five-minute intervals.
100. Your network consists of only Microsoft Windows Server 2003 servers and Microsoft Windows XP clients. To provide fault tolerance, your network has a primary DNS server and a secondary DNS server, both of
which use default configurations. Which action can you take to prevent your DNS server from loading a zone file that contains errors?
a. On the Advanced DNS Server Properties page, select the Fail To Load If Bad Zone Data option.
b. No action is required. The DNS server will not, by default, load a file containing errors.
c. Install all DNS servers as secondary DNS servers.
d. On the Advanced DNS Server Properties page, select the Do Not Load Zone File With Errors option.
101. When clients query your DNS server, instead of receiving a definitive answer, they receive referrals to other DNS servers. You would like your DNS server to return a definitive answer to client queries. Which action
should you take to accomplish this?
a. This cannot be accomplished; DNS servers always return referrals to other DNS servers to clients.
b. Update the Cache.dns file.
c. Select the option to disable iterative queries on the Advanced DNS Server Properties page.
d. Clear the Disable Recursion option on the Advanced DNS Server Properties page.
102. A DNS server running on a Microsoft Windows Server 2003 network is, by default, configured to load zone data on startup from which locations?
a.
File and registry
b.
Disk and registry
c.
Active Directory directory service and registry
d.
Registry only
103. Your Microsoft Windows Server 2003 network has Microsoft Windows 2000 Professional and Microsoft Windows XP Professional clients. Your DNS server is configured to allow dynamic updates. Your DNS
database appears to have many outdated records, and you suspect that they are a result of mobile users not properly shutting down their client computers. Which process should you use to automatically cleanse your DNS
database of stale resource records?
a.
Run the Ipconfig /flushdns command.
b.
Enable aging and scavenging of DNS resource records.
c.
Run DNSclean from the command prompt.
d.
Run the Jetpack utility.
104. Which of the following is not a typical DNS security threat?
a.
Foot printing
b.
Denial of Service (DoS) attack
c.
Data modification
d.
Redirection
e.
Redistribution
13/34
2/10/2015
70-291
105. Your Microsoft Windows Server 2003 network has three DNS servers running on Windows Server 2003 member servers. All DNS servers are configured to use forwarders to resolve external names and to allow zone
transfers only to servers listed in the NS resource records in their zone. Which level of DNS security is in use on this network?
a.
Low-level security
b.
Medium-level security
c.
High-level security
d.
Active Directoryintegrated security
106. You are the network administrator of contoso.com. Your network has a connection to the Internet, and all of the DNS servers run on domain controllers. Your DNS zones are all Active Directoryintegrated zones. Which
level of DNS security is in use on this network?
a.
Low-level security
b.
Medium-level security
c.
High-level security
d.
Active Directoryintegrated security
107. You are the network administrator for a large network consisting of eight domains. You have a primary DNS server named DNS1, which runs on a Microsoft Windows Server 2003 server and it hosts your standard
primary zone. You also have a UNIX server named DNS2, which hosts a secondary zone. The UNIX server runs BIND 8.2.1. What could you do to decrease zone transfer traffic between DNS1 and DNS2?
a.
Select the BIND Secondaries option on DNS1.
b.
Convert the UNIX server to BIND 4.9.4.
c.
Clear the BIND Secondaries option on DNS1.
d.
Convert the UNIX DNS server to an Active Directoryintegrated zone.
108. Which of the following is a recommended method for increasing DNS security?
a.
Run DNS only on member servers.
b.
Have all DNS servers perform recursive queries to Internet name servers.
c.
Use the same DNS server to resolve internal and external name queries.
d.
Enable forwarding to deal with requests for resources outside of the internal network.
109. Which steps should you take to enhance security when you have a multihomed DNS server?
a. Ensure that the DNS server listens and responds to name queries on all IP addresses.
b. Limit the DNS server to listen for queries on only the IP address that the clients list as their preferred DNS server.
c. No action is required. By default, DNS will listen for queries on only the first network adapter.
d. Disable the network adapters except for the adapter that DNS is configuredto use.
110. You are a network administrator for a Microsoft Windows Server 2003 network. Your network consists of four branch offices, each of which is configured with a different IP subnet. You have enabled round robin and
netmask ordering. Each branch office has an identical intranet server named intranet.contoso.com, and all branch offices are connected through a VPN connection. All four Web servers have a unique IP address as listed
here:
Web server 1
192.168.15.1/20
Web server 2
192.168.30.2/20
Web server 3
192.168.42.40/20
Web server 4
192.168.50.100/20
A DNS client with the IP address 192.168.33.5 submits a query to a DNS server for the name internet.contoso.com. Which IP address will be returned to the client?
a.
192.168.15.1
b.
192.168.30.2
c.
192.168.42.40
d.
192.168.50.100
111. Which command should you execute at the Nslookup prompt to view a list of the SRV resource records in the domain contoso.com?
a.
Nslookup srv
b.
Set debug
c.
Ls -t srv contoso.com
14/34
2/10/2015
70-291
d.
Nslookup www.contoso.com
112. You use Nslookup to troubleshoot a name resolution problem. Which command should you enter at the Nslookup prompt to display the DNS response messages communicated from the DNS server?
a.
Ipconfig /displaydns.
b.
Nslookup displaydns.
c.
Set debug.
d.
None. DHCP response messages are displayed by default.
113. You would like to capture and examine packet traffic that your local DNS servers send. Ideally, this information would be stored in a text file that could be opened and viewed using Microsoft WordPad. How can this be
accomplished with the least amount of administrative effort?
a. Configure Event Viewer to capture all outgoing DNS packets.
b. Microsoft Windows Server 2003 cannot accomplish this without the use of third-party software.
c. No action is required; by default, the DNS Events Log captures this information.
d. Use the DNS debug log to capture the packets. In the packet options, choose Outgoing as the specified value.
114. Which item is not managed and/or secured by network security protocols?
a.
Authentication
b.
Authorization
c.
Confidentiality
d.
Activation
e.
Nonrepudiation
115. Which statement is true about the Enterprise Admins group?
a.
Each domain has an Enterprise Admins group.
b.
The Enterprise Admins group is located on the root domain server for each domain.
c.
The Enterprise Admins group is created only in the forest root domain.
d.
The Enterprise Admins group is a local group on member servers.
116. You are the network administrator for the contoso.com domain. You want to assign rights to add workstations to the domain to two assistants. However, you do not want the assistants to have any other rights that are not
assigned to all other domain users. What is the recommended method of accomplishing this task?
a. Assign the right to add workstations to the domain to the user accounts of both assistants.
b. Create a security group named Assistants. Add the user accounts of both assistants to the Assistants group, then grant the right to add workstations to the domain to the Assistants
group.
c. Place the user accounts of both assistants in the Administrators group.
d. Give the users the Administrator account password and have them use the Run As function to add workstations to the domain.
117. As the network administrator for the contoso.com domain, you established a security baseline and created a template with the baseline settings; this template has been applied to all computers in the domain. You now want
to verify the effectiveness of your security settings. What should you do to help determine whether your security settings are effective?
a.
Enable auditing
b.
Run Gpupdate
c.
Enable the Security Baseline tool
d.
Run Secedit
118. Which of the following accurately explains the principle of least privilege?
a. Give all users at least one level of permission above what they currently require to perform their job.
b. Create two user accounts for each user. Assign the first user account the least amount of privileges possible. Assign the second user account full administrative privileges.
c. Group objects that require the least privilege.
d. A user or object should not have privileges or access to information and resources unless it is absolutely necessary.
119. How should the principle of least privilege be applied to members of the Administrator group?
a. The network administrator should perform routine tasks using an account with the principle of least privilege applied. When performing administrative tasks that require elevated
permissions, the Run As feature should be utilized.
15/34
2/10/2015
70-291
b. The principle of least privilege does not apply to network administrators.

c. Network administrators should perform all functions using the account with the highest level of privileges.
d. Members of the Administrator group should have minimum privileges. All functions that require elevated privileges should be performed by the enterprise administrator.
120. The MMC Security Templates snap-in lists all of the built-in security templates. It has a heading labeled Setup Security. The Setup Security heading contains seven configurable areas. Which of the following items is not a
configurable area contained in the Security Templates snap-in?
a.
Account Policies
b.
Restricted Groups
c.
File System
d.
Applications
121. You are the network administrator for a Microsoft Windows Server 2003 network that has a single domain named contoso.com. You would like to create a password policy that requires all passwords to have a minimum
of eight characters. Which of the seven configurable areas in the Security Templates snap-in contains the settings that affect password policies?
a.
Account Policies
b.
Local Policies
c.
Restricted Groups
d.
File System
122. You are network administrator of a Microsoft Windows Server 2003 network that must run a legacy payroll application, which is not certified by Microsoft. You install the application on a member server and apply the
Compatws security template. A user named Maria, who is a member of the Local Users group, logs on to the server and attempts unsuccessfully to run the payroll application. What could you do to allow Maria to run this
application successfully?
a. Make Marias user account a member of the Power Users group.
b. Make Marias user account a member of the Domain Users group.
c. Install the application on a domain controller, and apply the Compatws security template to the domain controller.
d. Give Marias user account the right to log on locally to the member server.
123. Data on your network must be encrypted while it is stored on the network drives and while it is in transit across the network. You encrypted a file using EFS, but that is all you have done. Which of the following objectives
have you met?
a. The data will be encrypted only when it is stored on the disk.
b. The data will be encrypted when it is stored on the disk and when it is in transit across the network.
c. The data will be encrypted only when it is in transit across the network.
d. The data will not be encrypted when it is stored on a disk or when it is in transit across the network.
124. You are a help desk administrator, and you just received a call from a user who complains that he is unable to encrypt a file that he just created. What is a possible reason the file cannot be encrypted?
a.
The file is stored on an NTFS file system partition.
b.
The file is located inside an unencrypted folder on an NTFS partition.
c.
Only the administrator can encrypt the file.
d.
The file is stored on a FAT32 partition.
125. What is the result of copying a file encrypted using EFS to a folder located on a disk that is formatted using the FAT32 file system?
a. The EFS encryption is lost.
b. The file remains encrypted.
c. An encrypted file cannot be copied from an NTFS file system partition to a FAT32 partition.
d. The file remains encrypted; however, the owner is no longer able to access the file.
126. You create an unencrypted file named Test on an NTFS file system volume. Later you move the file Test into a folder that is encrypted. What effect will this move have on the file?
a.
The Test file will inherit the encryption attribute of the destination folder.
b.
The Test file will not inherit the encryption attribute of the destination folder.
c.
You will be unable to move an unencrypted file into an encrypted folder.
d.
You will be prompted to choose whether the file will be encrypted after it is moved.
16/34
2/10/2015
70-291
127. You create a file in an encrypted folder. You later decide that multiple users must have access to this file and that encryption is no longer necessary. You move the file to an unencrypted folder and assign Read permission to
the Domain Users group. Members of the Domain Users group complain that they still cannot access the file. Which action should you take to allow the Domain Users group to access this file?
a.
Re-create the file in an unencrypted form.
b.
Restore a copy of the file from a tape backup.
c.
Assign the Domain Users group Read and Modify permissions for the file.
d.
Clear the encryption attribute for the file.
128. What command-line tool included with Microsoft Windows Server 2003 can be used to encrypt and decrypt a file or folder?
a.
Cipher utility
b.
Secedit utility
c.
Gpupdate utility
d.
Encrypt utility
129. You have just been hired as the network administrator for Blue Yonder Airlines. The previous administrator left suddenly and did not provide information about the security configuration on your network. How can you
easily determine the current security settings for computers on your network with minimal administrative effort?
a.
Use the Microsoft Baseline Security Analyzer (MBSA).
b.
c.
d.
Use the Security Configuration And Analysis snap-in.

Run Secedit at the command line.
Use the Security Templates snap-in.
130. You are the network administrator for a Microsoft Windows Server 2003 domain. All of your client computers run Microsoft Windows XP. While assisting a user, you notice that the user does not have to press
CTRL+ALT+DELETE to log on. You ask other users and learn that many of them do not have to use the CTRL+ALT+DELETE key sequence. To resolve this problem, you configure a Group Policy Object (GPO) with
the appropriate security settings on one of your Windows Server 2003 domain controllers. To test the new settings, you log on to the domain from one of the Windows XP client computers only to find that users are still
not required to enter the CTRL+ALT+DELETE key sequence. What can you do to enforce the security settings immediately?
a.
Run the Refresh policy from the command line.
b.
Run Gpupdate /force from the command line.
c.
Run Secedit.
d.
Reboot the client computers.
131. You are the network administrator for a Microsoft Windows Server 2003 domain. You update several client computers from Microsoft Windows 98 to Microsoft Windows XP. After the update, the users report that they
can no longer run some of the applications they could use before the update. Which action can you take to allow the users to run all applications available before the update?
a. Place the affected user accounts in the Administrator group.
b. Apply the Securews security template to the upgraded computers, and place the affected user accounts in the Power Users group.
c. Apply the Compatws security template to the upgraded computers, and place the affected user accounts in the Power Users group.
d. Apply the Hisecws security template to the upgraded computers. No action is required for the user accounts.
132. The accounting manager of your company works with a file named Payroll, which contains very sensitive information. You must secure this file so that only the accounting manager can gain access to the data. Which feature
of Microsoft Windows Server 2003 should you implement?
a.
NTFS file system permissions
b.
Share permissions
c.
EFS
d.
Compression
133. You have sensitive data in a network folder that is currently encrypted using EFS. The drive that the folder is stored on is low on space, and you would like to compress the contents of the folder. You compress the folder
and all subfolders, but later you notice that the folder is not encrypted. How can you encrypt a folder using EFS and compress the contents to conserve disk space?
a.
This cannot be accomplished. Encryption and compression are mutually exclusive.
b.
You must compress the folder first, and then encrypt it.
c.
Compress the folder, and then encrypt each file in the folder individually.
d.
Move the folder to an NTFS file system partition.
134. Which of the following best describes the purpose of authorization?
a. Authorization is used to prove you are who you say you are.
17/34
2/10/2015
70-291
b. Authorization is used to determine what you can do on the network after you are authenticated.
c. Authorization is used to keep data secret.
d. Authorization is used to ensure that the data received is the same as the data sent.
135. You must encrypt data while it is stored on a disk and while it is in transit across the network. You have implemented EFS to encrypt the data while it is stored on the disk. Which additional technology should you
implement to encrypt the data while it is in transit across the network?
a.
IPSec
b.
Secedit utility
c.
Cipher utility
d.
Compress utility
136. Security configuration tools includes three snap-ins. Which of the following is not a security configuration tool?
a.
Security Configuration And Analysis snap-in
b.
c.
d.
Security Templates snap-in

Group Policy snap-in
Security Analyzer snap-in
137. The Secedit command-line tool provides an administrator with the ability to perform functions similar to those that can be performed using the Security Configuration And Analysis snap-in. Which function cannot be
performed using Secedit?
a.
Configure
b.
Authenticate
c.
Analyze
d.
Generate rollback
138. You are the administrator of the contoso.com domain, and you would like to apply the principle of least privilege on your network by performing your day-to-day tasks logged on to the network using an account that does
not have administrative privileges. Certain functions that you perform daily, however, require administrative privileges, and you would like to be able to accomplish these tasks without having to provide additional
credentials. How could you accomplish specific administrative tasks without having to provide additional user credentials?
a. Create a shortcut that performs the Run As function for the particular task that you would like to perform.
b. Create a shortcut that logs you off the network and back on as the domain administrator.
c. Right-click the task you would like to perform, and then choose Run As. When prompted to provide credentials, press ESC.
d. This cannot be accomplished.
139. An employee named Maria encrypted a folder that was stored locally on her computer and that contained several important files. Maria recently left the company without unencrypting the folder or providing anyone with
her private key. What is the recommended method for recovering the encrypted data?
a. Have the recovery agent install his private key on Marias computer, and then remove the encryption attributes from the folder.
b. Send the file to the recovery agents computer, and then remove the encryption attributes from the folder.
c. Copy the file to a FAT32 partition.
d. The encrypted folder cannot be recovered.
140. Which type of security attack is designed to prevent the normal use of computers or network resources?
a.
Packet sniffing
b.
DoS attack
c.
Man-in-the-middle attack
d.
Identity spoofing
141. Which of the following best describes the function of IKE?
a.
A standard that defines the mechanism for establishing SAs
b.
A standard that defines the mechanism for logging on to the Internet
c.
Public and private key exchange for EFS encryption
d.
None of the above
142. IPSec requires that communication partners authenticate before transmitting data. What can be used to establish mutual authentication between two hosts when neither host uses Kerberos for authentication?
18/34
2/10/2015
70-291
a.
b.
c.
d.
NAT
EFS
Public key certificates
E-mail
143. Which of the following is a command-line tool that is included in Microsoft Windows Server 2003 and can be used to monitor and manage IPSec?
a.
Ping
b.
Netsh
c.
Oakley log
d.
Event Viewer
144. You are the network administrator for a Microsoft Windows Server 2003 network that has clients running Microsoft Windows XP and Microsoft Windows 2000. You configure IPSec policies on all of the computers so
network traffic will be encrypted. You later discover that some, but not all, traffic is encrypted. Which of the following is the most likely reason that IPSec does not encrypt some of the traffic?
a. Client computers are configured to use the Client (Respond Only) policy, not the Server (Request Security) policy.
b. Servers are configured to use the Server (Request Security) policy, but not the Secure Server policy.
c. Client computers are configured to use the Secure Server policy.
d. Clients are configured to use the Server policy, not the Client policy.
145. Your domain consists of servers running Microsoft Windows Server 2003, clients running Microsoft Windows XP Professional, and clients running Microsoft Windows 98. Your company recently started a confidential
research project and all network communication related to this project must be encrypted using IPSec. All of the client computers for employees working on this project run Windows 98. After installing the server for the
project, you configure the Secure Server (Require Security) policy and apply the policy to the server using the local security policies. You then apply the Client (Respond Only) policy to the OU that contains all of the client
computers that are involved in this project. You discover that none of the Windows 98 clients are able to communicate with the server. What additional step must you take to allow the clients running Windows 98 to
communicate with the server?
a.
Apply the Server (Request Security) policy to the client computers.
b.
Download the legacy IPSec client for Windows 98 from the Microsoft Web site.
c.
Start the IPSec Policy Agent.
d.
Install Network Monitor on the client computers running Windows 98.
146. You are the network administrator for a mixed-mode domain. Your network has four servers running Microsoft Windows Server 2003 and three servers running Microsoft Windows 2000. Your client computers run
Microsoft Windows 2000 Professional. Which of these computers can use Netsh to configure IPSec policies?
a.
The servers running Windows Server 2003 and Windows 2000
b.
The client computers running Windows 2000
c.
The servers running Windows Server 2003 only
d.
The servers running Windows 2000 only
147. You want to analyze the main mode IPSec statistics on a member server that runs Microsoft Windows Server 2003 in your domain. The server is accessed frequently by a large number of clients, and you know there will
be a lot of statistical information. Which utility can you use to log this information for future analysis?
a.
Use the Netsh command-line utility.
b.
Use the Netdiag command-line utility.
c.
Use IP Security Monitor.
d.
Use RSoP.
148. Your network consists of a single Active Directory domain and three stand-alone servers that run Microsoft Windows 2000 Advanced Server. You configure IPSec policy to require that all communication is encrypted,
and you apply the policy using Group Policy at the domain level. You discover that client computers in the domain cannot communicate with the stand-alone servers. What can you do to allow computers on the network to
communicate with the stand-alone servers using IPSec?
a. Upgrade the stand-alone servers to Microsoft Windows Server 2003.
b. Implement local security policy on the stand-alone computers that require encryption for communication.
c. Use Group Policy to apply Secure Server policy to the stand-alone servers.
d. Create a separate domain and make the three stand-alone servers domain controllers.
149. You are the network administrator for a Microsoft Windows Server 2003 domain. You configured local security on all client and server computers with the Server (Request Security) policy. You later discover that all
19/34
2/10/2015
70-291
communication is unencrypted. What is the reason that encryption is not being used?
a. A security policy has been applied using Group Policy at the domain level that does not require the use of IPSec encryption.
b. Local security policies do not affect computers that are members of a domain.
c. The local security policies should have been configured to use the Client (Respond Only) default security policy.
d. Local security policies cannot require IPSec encryption.
150. Your Microsoft Windows Server 2003 network consists of one domain, contoso.com, and three OUs named Atlanta, New York, and Los Angeles. The Secure Server (Require Security) policy using the default
authentication has been applied at the domain level for contoso.com. Users in the Atlanta OU can no longer communicate with clients or servers in the New York or Los Angeles OUs. Which of the following is preventing
the communication?
a. The administrator for the Atlanta domain has applied the Client (Respond Only) IPSec policy; this policy has been configured to require the use of certificates for authentication to
the Atlanta OU.
b. Security policy has been applied at the domain level when it should be applied at the OU level.
c. The administrator for the Atlanta domain has applied the Server (Request Security) IPSec policy using Kerberos for authentication to the Atlanta OU.
d. The administrator for the Atlanta domain has applied the Secure Server (Require Security) IPSec policy using Kerberos for authentication to the Atlanta OU.
151. You recently upgraded your server running Microsoft Windows 2000 to Microsoft Windows Server 2003. Your network utilizes IPSec for encryption. You would like to view the details of your IPSec policies. At the
command line, you type ipsecmon and receive an error. You know that this worked before you upgraded the operating system. What can you do to view information about the IPSec policies that are active on your
network?
a.
Download the Ipsecmon utility from the Microsoft Web site.
b.
Run IPSec Policy Agent from the command line.
c.
Add the IP Security Monitor MMC snap-in.
d.
Add the RSoP MMC snap-in.
152. Which tool included in Microsoft Windows Server 2003 can be used to view IPSec policies that are assigned but not applied to IPSec clients?
a.
Ipsecmon
b.
RSoP
c.
IP Security Monitor
d.
Ipconfig
153. Which tool included in Microsoft Windows Server 2003 can be used to view information related to IKE events?
a.
Event Viewer security log
b.
Performance Logs And Alerts
c.
Replmon
d.
Event Viewer audit log
154. To encrypt network traffic, you implement IPSec on your network. You would like to record and view events related to SA establishment. Which steps can you take to record and view SA establishment events?
a.
Enable the Oakley log in the Microsoft Windows Server 2003 registry.
b.
Configure IPSec to log SA events to the Event Viewer audit log.
c.
Configure IPSec to log SA events to a Microsoft Excel spreadsheet.
d.
Enable the Oakley log in Windows Server 2003 Administrative Tools.
155. You are the network administrator for the contoso.com domain. IPSec policy has been defined and implemented on your network to ensure that all communication is encrypted. You have not installed the IP Security
Monitor snap-in, but you need to display the active state of IPSec policies on your network. How can this be accomplished without installing additional snap-ins?
a.
Run Ipsecmon from the command line.
b.
Use Netsh in dynamic mode to view the active state of IPSec policies.
c.
Use Netsh in static mode to view the active state of IPSec policies.
d.
This cannot be accomplished without adding the IP Security Monitor snap-in.
156. You are the network administrator for Litware, Inc., and you are responsible for the IPSec policies for the corporate network. After making several changes to your IPSec policy, you notice that all communication on your
network immediately ceases. For the policy change to have taken place immediately, which tool must you have used to implement the changes to the IPSec policy?
a.
Netsh in dynamic mode
20/34
2/10/2015
70-291
b.
c.
d.
Netsh in static mode

IP Security Monitor snap-in
Group Policy
157. You are the network administrator for the contoso.com domain. Your network consists of a Microsoft Windows Server 2003 domain. Your corporate security policy requires that all communication be encrypted using
IPSec. Your company has a partnership with Litware, Inc. Litware users must communicate with Contoso users; however, the Litware users are not members of the Contoso domain, and you are not certain about which
operating system the Litware computers run. How should you configure authentication so that all communication is encrypted?
a. Configure both Contoso and Litware policies to use X.509 certificates for authentication.
b. Configure both Contoso and Litware policies to use NTLM for authentication.
c. Configure Contoso to use Kerberos for authentication, and configure Litware to use X.509 certificates for authentication.
d. Use the default authentication settings for both Litware and Contoso.
158. Your Microsoft Windows Server 2003 network uses IPSec to encrypt data communications. Client computers run either Microsoft Window XP Professional or Microsoft Windows 2000 Professional. You determine that
some, but not all, communication is encrypted using IPSec. You would like to view the active IPSec policies that are in effect on each computer. Which tool included in Windows Server 2003 will allow you to view the
active IPSec policies applied to each type of computer?
a.
Ipsecmon
b.
Netdiag
c.
IP Security Monitor
d.
RSoP
159. Your corporate network contains 10 servers running Microsoft Windows Server 2003. Client computers run either Microsoft Windows XP Professional or Microsoft Windows NT 4. You applied the Secure Server
(Require Security) IPSec policy to the OU that contains the servers, and you applied the Client (Respond Only) IPSec policy to the OU that contains the client computers. Some, but not all, users of client computers report
that they can no longer access the network. What should you do to resolve this problem?
a. Upgrade the client computers running Windows NT 4 to run Windows XP Professional.
b. Apply the Server (Request Security) IPSec policy to the OU that contains the client computers.
c. Apply the Secure Server (Require Security) IPSec policy to the OU that contains the client computers.
d. Apply the Server (Request Security) IPSec policy to the OU that contains all of the network servers.
160. Which feature of IPSec is responsible for negotiating a mutual set of security requirements between communication partners?
a.
ISAKMP
b.
IKE
c.
IPSec policy agent
d.
IPSec SA
161. Which protocol does IPSec use to provide authentication, integrity, and anti-replay for both the IP header and the data payload?
a.
ESP
b.
IKE
c.
AH protocol
d.
Kerberos
162. You are responsible for securing communication between your corporate office in Atlanta and a branch office in Orlando. Both offices utilize internal IP addressing and NAT. How must you configure IPSec to successfully
secure traffic between these two sites?
a.
Configure IPSec to operate in tunnel mode.
b.
Configure IPSec to operate in transport mode.
c.
NAT cannot be used in conjunction with IPSec.
d.
Configure IPSec to operate in NAT mode.
163. You are the security administrator of contoso.com, and you have been asked to secure all network communication, including communication with the Active Directory directory service during the computer startup process.
You have applied the Secure Server (Require Security) security policy. Which additional step should you take to ensure that communication is encrypted using IPSec?
a. Configure an IPSec policy that encrypts all Active Directory traffic, and use Group Policy to apply the policy.
b. Configure a persistent policy that requires traffic to Active Directory to always be secured by IPSec.
c. Configure the local security policy on all client and server computers to require encryption for all Active Directory traffic.
21/34
2/10/2015
70-291
d. IPSec cannot be used to secure Active Directory traffic.

164. What is the function of ESP?
a. ESP provides certificate-based security for communicating hosts.
b. ESP provides confidentiality, authentication, integrity, and anti-replay for the IP payload only.
c. ESP provides confidentiality, authentication, integrity, and anti-replay for the IP payload and the packet header.
d. ESP is responsible for encrypting the packet header only.
165. Which service works with Automatic Updates to provide timely critical and noncritical system updates that can include security patches, updated drivers, and other recommended files?
a.
Software Updates
b.
Microsoft Updates
c.
Windows Update
d.
System Updates
166. SUS maintains several logs for monitoring purposes. Which log tracks approved and unapproved content?
a.
Content log
b.
Download log
c.
Synchronization log
d.
Approval log
167. Which protocol do client computers use to connect to the SUS server?
a.
RPC
b.
HTTP
c.
SUS
d.
RDP
168. Which feature available through Windows Update can you use to determine whether a particular hardware device is designed for use with your server that runs Microsoft Windows Server 2003?
a.
Windows Update
b.
Automatic Updates
c.
Windows Update Catalog
d.
Hardware Update
169. Which step must you take to install SUS on a server running Microsoft Windows Server 2003?
a. Add the Software Update Services snap-in from the Microsoft Management Console.
b. Add SUS installation files from Windows Support Tools, which is located on the Windows Server 2003 installation CR-ROM.
c. Download the software installation files from the Microsoft Web site.
d. No additional steps are necessary; SUS installs by default.
170. You configured all of your clients running Microsoft Windows XP Professional and servers running Microsoft Windows Server 2003 to automatically interact with the Windows Update Web site. You notice that all of the
client computers have an informative message stating, Updates for your computer have been downloaded from Windows Update. Click here to review these updates and to install them. It was not your intention to allow
users to decide which updates to install or when the updates will be installed. How can you configure your client computers to maintain the latest service packs and security patches without user interaction?
a. Use Group Policy to enable the No Auto-Restart option for all domain computers.
b. Configure the Automatic Updates settings on the clients running Windows XP Professional and the servers running Windows Server 2003 to Automatically Download The Updates
And Install Them On The Schedule That I Specify.
c. Configure the Automatic Updates settings only on the servers that run Windows Server 2003 to Automatically Download The Updates, And Install Them On The Schedule That I
Specify. The servers will then update the clients when they restart.
d. Have the users log on as local administrators, and the updates will be automatically installed.
171. You are the network administrator for Contoso, Ltd. You would like to configure one of your servers to automatically download updates from the Windows Update site. You log on to the server as the local administrator
and open the Automatic Updates option in Control Panel, but all of the options appear dimmed. What could be the reason the Automatic Updates options are unavailable?
a. You must be logged on as the domain administrator to set Automatic Updates option.
b. You must open the Automatic Updates page in Administrative Tools rather than in Control Panel to configure Automatic Updates settings.
22/34
2/10/2015
70-291
c. Automatic Updates settings have been configured and assigned at the domain level using Group Policy.
d. The server you are attempting to configure does not support Automatic Updates.
172. What is the recommended minimum level of RAM for a SUS server?
a.
512 MB
b.
256 MB
c.
1 GB
d.
128 MB per SUS client
173. You are asked to install SUS on one of your Microsoft Windows 2000 domain controllers. Using a default Windows 2000 Advanced Server install and a CD that contains the SUS 1 Service Pack 1 installation files, you
attempt unsuccessfully to set up the domain controller as a SUS server. Which step should you take to accomplish this task?
a. SUS cannot be installed on a server running Windows 2000. The server must be upgraded to Microsoft Windows Server 2003.
b. Reboot the server, and log on as the domain administrator.
c. Install Service Pack 2 or higher on the server that runs Windows 2000.
d. Upgrade the Windows 2000 Advanced Server to Microsoft Windows 2000 Datacenter.
174. A server that runs Microsoft Windows Server 2003 is configured as a SUS server. One of your coworkers needs to make configuration changes to SUS, but is unsure how to access the configuration options for it. What
instruction could you give to help your coworker make the configuration changes to the SUS server?
a.
Open the SUS page in Control Panel.
b.
Open the SUS page in My Computer.
c.
Open a Web browser, and enter http://susadmin in the Address box.
d.
Open a Web browser, and enter http://localhost/susadmin in the Address box.
175. You configured two SUS servers. Server A is configured to synchronize with the Windows Update site, and Server B is configured to synchronize with Server A. Client computers that are correctly configured to receive
updates from Server B are not receiving any updates. While troubleshooting this problem, you realize that even though Server B is configured correctly, it does not receive updates from Server A. Which of the following is
a likely cause of this problem?
a.
Server A is not configured to store updates locally.
b.
Server B is configured to store updates locally.
c.
Updates are not marked as approved on Server B.
d.
Server B is configured with Server A as its synchronization server.
176. You configured a server running Microsoft Windows Server 2003 as a SUS server that will synchronize with the Windows Update site. The Automatic Updates process functions properly, but you are surprised to notice
that the SUS\Content directory is empty. What is the most likely reason that the SUS\Content directory is empty?
a.
The SUS server is configured to maintain updates locally.
b.
The Windows Update site does not contain any update files.
c.
The SUS server is configured to maintain the updated content on microsoft.com.
d.
Client computers have already downloaded and deleted the update files.
177. You configured a SUS server to synchronize with the Windows Update site daily at 7:00 A.M., and you configured the server to store the updates locally. Your client computers are scheduled to run Automatic Updates at
12:00 P.M. daily while employees are at lunch. When you arrive at work at 8:00 A.M., one of your coworkers informs you that the contents of one of the SUS\Contents directories were accidentally deleted and that a
critical security update was released this morning. The client computers must receive the security update as soon as possible. With the least amount of administrative effort, which steps could you take to allow the client
computers to download the critical update from the SUS server at the scheduled 12:00 P.M. time?
a. Open the Software Update Services Administration Web page, and choose Schedule Synchronization from the Synchronize Server options. Schedule the SUS server to
synchronize at 12:00 P.M.
b. Open the Software Update Services Administration Web page, and choose Synchronize Now from the Synchronize Server options.
c. Copy the SUS\Contents file from one of the SUS clients that successfully synchronized with the SUS server prior to the deletion of the Contents folder.
d. Manually configure all client computers to contact the Windows Update site for Automatic Updates.
178. Your client computers are configured to automatically download and install updates from a SUS server located on your local network. Client computers contact the SUS server, but they do not find available updates. You
are certain that the SUS server downloaded new, critical updates this morning. What could be the reason the client computers do not receive the new critical updates?
a.
Updates have not been marked as approved on the SUS clients.
b.
The Windows Update site was not available when clients contacted the SUS server.
23/34
2/10/2015
70-291
c.
d.
The client computers run Microsoft Windows XP Professional with Service Pack 1.
Updates have not been marked as approved on the SUS server.
179. You are the network administrator for the litware.com domain. SUS has been deployed on your network so that all client computers receive critical updates from a SUS server named Server 1, which runs Microsoft
Windows 2000. For disaster recovery purposes, you back up your SUS server every Friday. Because the number of client computers on your network has increased, you must install a new, more powerful SUS server.
After purchasing and installing the Windows 2000 operating system and SUS on the new server, named Server 2, you attempt unsuccessfully to restore the SUS backup file that was created the previous Friday. What is
the most likely reason you are unable to restore the SUS backup?
a. A SUS restore can be performed only on a server with the same name as the server that was used to create the backup file.
b. A SUS backup file can be restored only on the same computer that was used to create the backup file.
c. A SUS restore can be performed only on a server running Microsoft Windows Server 2003.
d. SUS does not support the restore process.
180. You are the network administrator for a Microsoft Windows Server 2003 domain with 1500 client computers. You would like all client computers and servers to automatically download updates from a SUS server named
SUS1, which is located on your local domain. With the least amount of administrative effort, how would you configure all computers in your domain to automatically contact SUS1 for updates?
a. Configure Group Policy at the domain level so that all client computers contact SUS1 for Automatic Updates.
b. Configure Group Policy at the OU level so that all client computers contact SUS1 for Automatic Updates.
c. Configure each client computer to contact the Windows Update site using the Automatic Updates settings in Control Panel.
d. Configure each client computer to contact SUS1 using the Automatic Updates settings in Control Panel.
181. You configured Group Policy at the domain level to force client computers to automatically contact a local SUS server daily to download any new update files that are available. To avoid interrupting employees, you do not
want client computers to automatically restart, even when restarting is required to complete the installation of the new updates. How can you prevent client computers from restarting after downloading new updates?
a. Configure the client computers not to restart after downloading updates using the Automatic Updates settings in Control Panel.
b. Set the No Auto-Restart For Scheduled Automatic Updates Installation option to disable in Group Policy.
c. Set the No Auto-Restart For Scheduled Automatic Updates Installation option to enable in Group Policy.
d. Client computers cannot be configured not to restart when a restart is required to complete the installation of an Automatic Updates update.
182. You are responsible for a Microsoft Windows Server 2003 network that consists of 25 client computers running Microsoft Windows XP Professional and 3 servers running Windows Server 2003. All are configured as
members of a workgroup named Contoso. You are very concerned about keeping all network computers updated with the latest service packs and critical updates. To prevent all client computers from having to access the
Internet to download updates, you would like to deploy updates locally using a SUS server. You already configured client computers to perform Automatic Updates. How can you configure computers in the workgroup to
contact a SUS server rather than going directly to the Windows Update site to automatically download updates?
a. Edit the registry for each client computer to set the UseWUServervalue to 1.
b. Configure Group Policy at the workgroup level to configure all client computers to contact the local SUS server for updates.
c. Edit the registry for the SUS server to set the UseWUServer value to 1.
d. Workgroup computers cannot be configured to contact a SUS server.
183. All of the Microsoft Windows XP Professional client computers on your network are configured to contact a SUS server for Automatic Updates. You suspect that some of the client computers are not successfully
completing the Automatic Updates process. How could you verify the status of the Automatic Updates process on the client computers?
a.
View the entries in the System log in Event Viewer.
b.
View the entries in the Security log in Event Viewer.
c.
View the entries in the Application log in Event Viewer.
d.
View the entries in the SUS error log.
184. Which feature does SUS automatically install on Microsoft Windows Server 2000 to secure the IIS service?
a.
IIS Shutdown
b.
Proxy 2
c.
IIS Lockdown 2
d.
IPSec
185. At which layer of the Open Systems Interconnection (OSI) model do routers function?
a.
OSI layer 2
b.
OSI layer 3
24/34
2/10/2015
70-291
c.
d.
OSI layer 1
OSI layer 7
186. Which type of networking device sends packets between two or more networking segments?
a.
Router
b.
Hub
c.
Switch
d.
Gateway
187. Which type of network connection uses a tunneling protocol to encapsulate data while it crosses a public network?
a.
Dial-up connection
b.
Internet service provider (ISP) connection
c.
Virtual private network (VPN) connection
d.
Wireless connection
188. Which protocol translates an internal private address to an external public address?
a.
Transmission Control Protocol/Internet Protocol (TCP/IP)
b.
Network Address Translation (NAT)
c.
Internet Protocol Security (IPSec)
d.
Point-to-Point Tunneling Protocol (PPTP)
189. Which command can be entered at the command prompt to display the contents of a Microsoft Windows Server 2003 routing table?
a.
Route print
b.
Print route
c.
Ipconfig /all
d.
Show route
190. Which routing table value indicates the cost of using a specific route?
a.
Cost
b.
Metric
c.
Gateway
d.
Netmask
191. Your company has a very large network with two segments. Segment 1 has 500 Microsoft clients, all with TCP/IP configured as their addressing protocol. Segment 2 has 500 hosts configured as Netware clients that use
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) as their addressing protocol. A host on segment 1 can communicate only with another host on segment 1. A host on segment 2 can communicate
only with another host on segment 2. How could you configure your network so that all host computers could communicate, regardless of the segment on which they are located?
a. Configure a router between segments 1 and 2.
b. Configure a gateway between segments 1 and 2.
c. Configure a layer 2 switch between segments 1 and 2.
d. A host on segment 1 cannot communicate with a host on segment 2 unless all client computers run a Microsoft client operating system.
192. You are the network administrator for a small network that has 400 host computers that run Microsoft Windows XP Professional and five servers that run Microsoft Windows Server 2003. Your network is divided into
three segments, and two of your servers are configured as routers. You would like to implement dynamic routing on your network so that the network can easily adapt to topology changes. Which routing protocol should
be implemented in this network scenario?
a.
Open Shortest Path First (OSPF)
b.
Dynamic Host Configuration Protocol (DHCP) Relay Agent
c.
Routing Information Protocol (RIP)
d.
Border Gateway Protocol (BGP)
193. You have installed Routing and Remote Access on one of your servers that runs Microsoft Windows Server 2003, and you configured the server to accept a dial-up connection through a modem that is attached to the
server. One of your network users successfully establishes a dial-up connection with the Routing and Remote Access server, but the user is denied access after entering the correct username and password. What could be
the reason the user cannot access the network?
25/34
2/10/2015
70-291
a.
b.
c.
d.
The user has not been granted permission to dial in to the network in the Dial-In tab on the user account properties page.
The modem on the server is not configured with the dial-in users username and password.
The Routing and Remote Access server is configured to allow anonymous access.
The user account is configured with Allow Access in the Remote Access Permissions area in the Dial-In tab on the user account properties page.
194. Your network consists of 150 client computers that are configured in a single Microsoft Windows Server 2003 domain. A DHCP server, which is configured to assign addresses in the 172.16.0.0 network, handles
addressing on your network. Internet access is currently available only through two of your computers that have analog modems installed. You are interested in establishing an Internet connection for the entire network, but
are concerned about protecting your internal resources. You have a multihomed server running Windows Server 2003 that connects to the Internet and to your internal network. What step could you take to hide the
addresses of your internal resources, while still allowing the client computers to access the Internet?
a. Configure the router running Windows Server 2003 as a DHCP relay agent.
b. Configure Routing Information Protocol (RIP) as the routing protocol on your router running Windows Server 2003.
c. Do not configure client computers with an address for the default gateway.
d. Configure the server running Windows Server 2003 to perform Network Address Translation (NAT).
195. You are the network administrator of a routed Microsoft network. For fault tolerance, you have configured redundant links among all of your network segments. The following routes to one of your network segments are in
your routing table.
Network Destination
192.168.1.0
192.168.1.0
Netmask
255.255.255.0
255.255.255.0
Gateway
10.1.1.200
10.2.1.200
Interface
10.1.1.200
10.2.1.200
Metric
20
40
Which of the following is a true statement about how traffic will be routed to and from the 192.168.1.0 network?
a. All traffic destined for the 192.168.1.0 network will be routed through interface 10.1.1.200.
b. All traffic destined for the 192.168.1.0 network will be routed through interface 10.2.1.200.
c. All traffic destined for the 10.1.1.0 network will be routed through 192.168.1.1.
d. All traffic destined for the 10.1.1.0 network will be routed through 192.168.1.2.
196. Your routing table has a route with a destination network address of 0.0.0.0 and a network mask of 0.0.0.0. What type of route is this?
a.
A directly attached network route
b.
A default route
c.
A host route
d.
A remote network route
197. Your routing table contains the following entry. What does this route represent?
Network Destination
10.1.1.200
a.
b.
c.
A route to the host 127.0.0.1

A route to any host on the 10.0.0.0 network
A route to the host 10.1.1.200
d.
A route to any host on the 127.0.0.0 network
Netmask
255.255.255.255
Gateway
127.0.0.1
Interface
127.0.0.1
Metric
20
198. You are the network administrator for a Microsoft Windows Server 2003 network. One of your servers that runs Windows Server 2003 is configured as a router and is connected to a digital subscriber line (DSL) link that
provides Internet access to your network. You would like to ensure that no one is allowed to Telnet to devices on your network. How could you prevent Telnet traffic from entering your network without blocking other IP
traffic?
a. On the routers internal interface, configure an outbound packet filter that will pass all IP traffic except Telnet traffic on destination port 23.
b. Configure your router running Windows Server 2003 to accept only data that is encrypted using IPSec.
c. On the routers external interface, configure an inbound packet filter that will pass all IP traffic except Telnet traffic on destination port 23.
d. Configure Network Address Translation (NAT) on your router that runs Windows Server 2003.
199. You are the network administrator for Wingtip Toys. You configured demand-dial routing (DDR) on your network so users at the main office can communicate with users at the branch office across a point-to-point link.
26/34
2/10/2015
70-291
Your main office uses the TCP/IP addresses in the 10.0.0.0 network range, and your branch office uses TCP/IP addresses in the 192.168.1.0 network range. You would like to make sure that the demand-dial connection
is established only when the router in the main office receives IP traffic that is addressed to the branch office network. How can you prevent all other traffic from initiating the demand-dial connection?
a. Create a demand-dial filter on the main office router that allows only traffic with a destination network of 10.0.0.0 to initiate a demand-dial connection.
b. Create a demand-dial filter on the main office router that allows only traffic addressed to the destination network 192.168.1.0 to initiate demand-dial connections.
c. Configure the router in the branch office to allow a connection only when the router receives traffic with a source network address of 10.0.0.0.
d. Configure an outbound packet filter on the main office router that allows only traffic that is addressed to the 192.168.1.0 network to pass through the interface.
200. You have configured demand-dial routing (DDR) so that IP traffic addressed to the 150.10.0.0 network is allowed to establish a demand-dial connection. How can you verify that your demand-dial configuration is working
properly?
a. From outside your network, issue the command Ping 150.10.0.x at the command prompt, where x represents one of the host addresses on the 150.10.0.0 network.
b. Issue the Ipconfig /150.10.0.0 command at the command prompt.
c. From a regular telephone, dial the phone number of the modem at either end of the connection.
d. From inside of your network, issue the command Ping 150.10.0.x at the command prompt, where x represents one of the host addresses on the 150.10.0.0 network.
201. You have configured demand-dial routing (DDR) on your network so that users in the main office can communicate with servers in the branch office. While working late on a project, a main office user named Maria
attempts to communicate with the branch office server, but is unable to establish a demand-dial connection. Earlier that day, Maria could communicate with the same server in the branch office. Which of the following could
be preventing Maria from communicating with the branch office server?
a. Marias logon hours are incorrectly configured.
b. The dial-in hours on the remote office router are configured to allow a connection only during normal working hours.
c. Marias password on her user account has expired.
d. Maria does not have adequate permissions on her user account to access the branch office server.
202. You are configuring Routing and Remote Access on a Microsoft Windows Server 2003 network, and you would like connections to be controlled through remote access policies. On the properties page of one of your
domain user accounts, you attempt to enable the Control Access Through Remote Access Policy option, but the option appears dimmed. What is most likely the reason that the Control Access Through Remote Access
Policy option is unavailable for your domain user accounts?
a.
No remote access policies have been configured on the remote access server.
b.
The domain functional level is set to Microsoft Windows 2000 Mixed.
c.
The domain functional level is set to Microsoft Windows 2000.
d.
The domain functional level is set to Microsoft Windows Server 2003.
203. You are the network administrator of a Microsoft Windows Server 2003 domain with Routing and Remote Access configured. To control remote access to your network, you have configured remote access policies for
your domain that deny access to the Sales Users group. Maria, who is a member of the Sales Users group, can successfully establish a remote access connection to your network. Which of the following could be the
reason that Maria can establish a connection to your network even though the remote access policy expressly denies access to the Sales Users group?
a. Marias user account has been granted Deny Access permission in the Dial-In tab of the user account properties page.
b. Maria is also a member of the Marketing group for which the remote access policy allows access.
c. Marias user account has been granted Allow Access permission in the Dial-In tab of the user account properties page.
d. The remote access policy has not been applied using Group Policy.
204. You are the network administrator for a Microsoft Windows Server 2003 domain that has Routing and Remote Access configured. You have changed the configuration on all your domain user accounts from Allow Access
to Control Access Through Remote Access Policy. Before this change, members of the Marketing, Sales, and Accounting groups could establish remote connections to the network. Members of the Marketing group, who
have always been able to remotely connect to the corporate network, report that they can no longer establish a connection. Which of the following could be the reason the Marketing users cannot successfully establish a
remote connection to the network?
a.
The Marketing users do not have appropriate permission on their domain user accounts.
b.
No remote access policies have been configured on the remote access server.
c.
The domain functional level is set to Microsoft Windows 2000 Mixed.
d.
Group Policy has been applied at the OU level instead of the domain level.
205. Members of your promotions department travel extensively, spending at least four nights a week each in different hotels. These employees must establish a remote connection to the network each night so they can check
and respond to e-mail. To minimize long-distance telephone charges, you would like the remote access server to always call back the user to establish a remote connection. How should you configure the callback options in
the remote access policies?
a. Set the callback feature to the Set By Caller (Routing And Remote Access Service Only) option.
27/34
2/10/2015
70-291
b. Set the callback feature to the Always Call Back To option.

c. Configure the remote access server to use the Verify Caller ID option.
d. Set the callback option to No Callback.
206. You have configured Routing and Remote Access on your Microsoft Windows Server 2003 network. Because of the sensitive nature of your business, you require all remote connections to use Microsoft Point-to-Point
Encryption (MPPE) 128-bit encryption. What configuration changes must you make to require that all connections use MPPE 128-bit encryption?
a. Clear the check boxes for all other encryption types in the Encryption tab on the properties page of the remote access policy.
b. No configuration change is necessary; the default settings for a remote access policy allow MPPE 128-bit encryption.
c. Specify MPPE 128-bit encryption in the local security policy of the remote access server.
d. Windows Server 2003 does not support MPPE 128-bit encryption.
207. Which authentication protocol must you use to support the use of smart cards?
a.
Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)
b.
Shiva Password Authentication Protocol (SPAP)
c.
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
d.
Challenge Handshake Authentication Protocol (CHAP)
208. You are the network administrator for Litware, Inc. Fifty of the companys employees work from home and must establish remote connections to the corporate network each day. Management has requested that you
secure against unauthorized dial-up access to the corporate network and that you do so without purchasing any new hardware. How can you meet these requirements?
a. Enable the callback feature on the user accounts, and choose the Set By Caller option.
b. Enable the callback feature on the user accounts, and choose the Always Call Back To option. Specify each users home phone number as the callback number.
c. Configure the Routing and Remote Access service to always call back the user.
d. Require the use of smart cards for remote access connections.
209. You are the administrator of a Microsoft Windows Server 2003 network. Your company has employees that work from home. All of the employees live within your local calling area. To control access to your network,
you have configured the dial-in setting on the user accounts to verify the caller ID of the connection attempt. Before this change was implemented, all authorized users could successfully dial in to the corporate network.
Since implementing this new policy, nearly half of the remote users can no longer connect to the network. What is most likely the reason?
a. The remote access server does not support caller ID.
b. The home telephone service for some users does not support caller ID.
c. The remote users who cannot connect to the network are running Microsoft Windows 2000 Professional.
d. The domain functional level of the corporate domain is set to Microsoft Windows 2000 Mixed.
210. Your network contains a server running Microsoft Windows Server 2003 using the default configuration of Routing and Remote Access. Your client computers all run Microsoft Windows 2000 Professional and are
configured to use Challenge Handshake Authentication Protocol (CHAP) for authentication. All of your dial-up clients report that they are unable to establish a remote connection to the network. Which configuration
changes should you make so that remote users can dial in to the network?
a. Upgrade all client computers to Microsoft Windows XP Professional.
b. Configure your clients that run Windows 2000 to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) for authentication.
c. Configure your clients that run Windows 2000 to use Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) for authentication.
d. Configure your clients that run Windows 2000 to use Password Authentication Protocol (PAP) for authentication.
211. Your network consists of five servers that run Microsoft Windows Server 2003 and 600 client computers. Fifty users connect to the network remotely. Thirty of the users have new portable computers that run Microsoft
Windows XP Professional, and the other 20 have older portable computers that run Microsoft Windows 98. You want to use only one remote access authentication protocol on your network. Which authentication
protocol should you use?
a.
b.
Password Authentication Protocol (PAP)
c.
Challenge Handshake Authentication Protocol (CHAP)
d.
212. Which tool could be used to determine which application or applications are utilizing the processor the most?
a.
Network Monitor
b.
Task Manager
28/34
2/10/2015
70-291
c.
d.
Performance console
System Monitor
213. Which tool included in Microsoft Windows Server 2003 can be used to quickly assess the amount of bandwidth used by each network connection?
a.
Task Manager
b.
Performance console
c.
Network Monitor
d.
Packet Monitor
214. Which command could be entered at the command line to determine which application is using a particular port?
a.
Nbtstat -a
b.
Ipconfig
c.
Netstat -o
d.
Netstat -a
215. Microsoft Windows Server 2003 includes which version of Network Monitor?
a.
Network Monitor Standard
b.
Network Monitor Premium
c.
Network Monitor Deluxe
d.
Network Monitor Lite
216. Which command can be issued at the command line to determine the IP configuration of a particular computer?
a.
Netstat -a
b.
NetDiag
c.
Ipconfig /all
d.
Ipconfig /view
217. Which command-line tool displays each route between a client computer and a destination IP address?
a.
Ping
b.
PathPing
c.
Netstat -R
d.
Route Ping
218. Which command-line tool issues a series of tests that is designed to help isolate networking and connectivity problems?
a.
Netstat -a
b.
Traceroute
c.
PathPing
d.
Netdiag
219. One of your servers that runs Microsoft Windows Server 2003 is very slow to respond when clients attempt to access information stored on it. Which process could you use to examine statistics related only to read
attempts?
a.
Configure Task Manager to not display the Bytes Received counter information.
b.
Configure Task Manager to not display the Bytes Sent counter.
c.
Configure an alert that captures only read attempts by using the Performance console.
d.
You cannot view statistics related only to read attempts.
220. You are the network administrator for the Contoso domain. Your branch office employees connect to the corporate network through a VPN connection to a Microsoft Windows Server 2003 Routing and Remote Access
server. How could you monitor the overall performance of the Routing and Remote Access services on your network?
a. Configure Network Monitor to capture packets coming from the Routing and Remote Access server.
b. Use Task Manager to monitor the Routing and Remote Access server.
c. Configure System Monitor to monitor the RAS Total performance object.
d. Configure System Monitor to monitor the RAS Port performance object.
29/34
2/10/2015
70-291
221. Your network users are working on a project that utilizes audio and video files that require an enormous amount of disk space for storage. You must ensure adequate disk space is always available and that free disk space
never drops below 30 percent. What action could you take so that you are notified if free disk space drops below 30 percent?
a. Use the Performance Logs And Alerts snap-in in the Performance console to configure an alert that notifies you when free disk space is less than 30 percent.
b. Use Disk Manager in Administrative Tools to create an alert that notifies you when free disk space is less than 30 percent.
c. Use Task Manager to send an alert when free disk space drops below 30 percent.
d. You cannot configure Microsoft Windows Server 2003 to send notification when free disk space reaches a specified amount.
222. You have created an alert using the Performance Logs And Alerts snap-in that tracks the percent usage for the Paging File performance object. It is your intention that when the percent usage exceeds the specified limit,
you will receive a network message. Several days after configuring the alert, you notice that the Application log in Event Viewer contains several entries indicating that the percent usage for the paging file exceeded the
defined threshold, but you did not receive any network messages. Which of the following could be the reason you did not receive a network message when the threshold for the percent usage counter was exceeded?
a.
The alert was configured with the default setting in the Action tab.
b.
Your e-mail system is not working.
c.
The Alerter service is not running on the target computer.
d.
You configured the alert but have not started it.
223. You have configured Performance Logs And Alerts to send a message to a computer named Computer 2 to notify the operator when the network usage on a computer named Computer 1 gets too high. However,
Computer 2 never receives the message sent from Computer 1. What must you do to enable messages sent by Computer 1 to be received by Computer 2?
a.
Start the Messenger service on Computer 1.
b.
Configure a performance alert on Computer 2.
c.
Start the Messenger service on Computer 2.
d.
Configure Computer 1 to ping Computer 2 before sending a message.
224. Which service must be started on a computer for the computer to send a message triggered by a performance alert?
a.
The Messenger service
b.
The Alerter service
c.
The Net Send service
d.
The Mail service
225. You install a new application, which reports that it is installing a service on the computer. However, when you run the application for the first time, it is unable to start. You inspect the service dependencies of the new
service and notice that a required service that the application is dependent on is not started. However, your security policy states that services must remain stopped unless another application requires them to be started. In
which state should you configure the dependent service to be?
a.
Automatic
b.
Automatic, but pause the service
c.
Manual
d.
Disabled
226. You install a new application on a member server. The application reports that it is installing a service on the computer. The installation of the service requests a username and password for which to run the service. You
provide a username and password, but, when you attempt to run the application the first time, the application is unable to start. You suspect that the account has not been given sufficient privileges to run the service. What
should you do to resolve this problem?
a.
On the member server, grant the user account the Log On As A Service right.
b.
In the domain, grant the user account the Log On As A Service right.
c.
On the member server, grant the user account the Log On As A Batch Job right.
d.
In the domain, grant the user account the Log On As A Batch Job right.
227. You have a server on your network that has experienced a reduction in performance. Using the Performance console, you determine that the server has an unusually high Pages/Sec counter. What should be done to resolve
this issue?
a.
Increase the amount of hard disk space on the server.
b.
Increase the amount of RAM in the server.
c.
Decrease the size of the paging file on the server.
d.
Install a 100-MB network interface card in the server.
30/34
2/10/2015
70-291
228. Which performance object should you monitor if you would like to capture information related to TCPv4 connections?
a.
Network Interface object
b.
TCPv4 object
c.
TCP/IP object
d.
NBT Connections object
229. You have configured a performance alert to monitor network usage. You want to be notified if network usage exceeds the specified threshold only during peak work hours, which are 8:00 A.M. until 6:00 P.M. How
should you configure the performance alert so that it will alert you only if the counter is exceeded during specific hours?
a. Use the Schedule tab to configure the alert to start at 8:00 A.M. and stop at 6:00 P.M.
b. Use Interval settings to configure the alert to run every 8 hours.
c. Manually start the Alerter service each day at 8:00 A.M., and manually stop the service each evening at 6:00 P.M.
d. Manually start the Messenger service each day at 8:00 A.M., and manually stop the service each evening at 6:00 P.M.
230. As a network administrator, you are concerned about which ports on your servers are listening for connections. How can you determine which ports on a computer are listening for a connection?
a.
Enter netstat -o at the command prompt.
b.
Use Network Monitor to capture all of the packets sent and received by the server.
c.
Use the Performance console to capture statistics about listening ports.
d.
Enter netstat -a at the command prompt.
231. You are concerned about the performance of your network and would like to gather information about the amount and types of traffic that are present on the network. To view the traffic, you install Network Monitor
through Add And Remove Programs on your server that runs Microsoft Windows Server 2003. However, you are able to view only traffic that is sent and received by the server. What could you do so that you could view
100 percent of the network traffic available to the network interface?
a. Install the standard version of Network Monitor available in Microsoft System Management Server.
b. Set the server to run Network Monitor in promiscuous mode.
c. Use Task Manager to view the traffic.
d. Set the server to run Network Monitor in verbose mode.
232. You are the network administrator for Contoso, Ltd. Your network has a single subnet. One user is unable to reach the Internet. However, you can successfully access the Internet, and no other users have indicated that
they are experiencing problems with Internet connectivity. Which type of approach should you use when troubleshooting this users problem?
a.
Outside in
b.
Inside out
c.
Trial and error
d.
Divide and conquer
233. What step could you take to determine whether your Internet connectivity problem is related to your DNS server not having the correct IP address for a specific host computer?
a.
Issue the Nslookup command for the FQDN of the host computer.
b.
Ping the IP address of the host computer.
c.
Issue the Traceroute command, and specify the IP address of the host computer.
d.
Issue the Traceroute command, and specify the FQDN of the host computer.
234. Your clients can access internal resources by FQDN. However, they are experiencing difficulty accessing Internet Web sites by FQDN; they can access Web sites by IP address. Which of the following is a possible cause
of this problem?
a.
Your DNS server does not have a forward lookup zone configured.
b.
Your DNS server does not have a reverse lookup zone configured.
c.
Your DNS server is not configured to forward queries that it cannot resolve.
d.
Your DNS Server service is not started.
235. This morning, your network users began to report having problems connecting to Internet sites. When you left work yesterday evening, no users were experiencing problems on the network. You are certain that your DNS
server is functioning properly. However, you would like to verify whether the DNS server to which your DNS server forwards queries it cannot resolve locally is working properly. What could you do to determine whether
the Internet connectivity problem is related to the remote DNS server?
31/34
2/10/2015
70-291
a.
b.
c.
d.
Ping the remote DNS server.

Perform an iterative query test on your DNS server.
Ping a remote Web site.
Perform a recursive query test from your DNS server.
236. One of the clients running Microsoft Windows XP on your network is experiencing a network connection problem. To repair the connection, you would like to issue several commands at the command line. With the least
amount of administrative effort, how can you automate the process so that several commands are issued automatically on the network connection?
a.
Write a batch file that would perform each of the tests.
b.
Click the Repair button in the Support tab on the network interface.
c.
Issue each of the commands at the command line.
d.
Issue each of the commands at the run line.
237. Which command issued by the Repair feature clears the DNS cache on the computer?
a.
Netstat -c
b.
Ipconfig /clearcache
c.
Ipconfig /flushdns
d.
Ipconfig /registerdns
238. Which of the following would not prevent DHCP information from being delivered to client computers?
a. The DHCP relay agent does not exist on segments without a DHCP server.
b. Addresses are not available in the DHCP scope.
c. The DHCP server is not running.
d. The router is 1542-compliant and is configured to allow DHCP broadcasts to pass through.
239. Your network consists of one Ethernet segment and one Token Ring segment. Both segments must use a single WAP for Internet access. What steps must you take to allow both the Ethernet and Token Ring segments to
share a single WAP?
a. Install the Ethernet relay agent on the Token Ring segment.
b. Create a bridged network connection on a server that connects to the wireless network, the Ethernet network, and the Token Ring network.
c. Install two WAPs, one for the Ethernet segment and one for the Token Ring segment. Then create a bridged connection between the two wireless points.
d. No additional action is required. The WAP will recognize both segments by default.
240. Most services that are installed by Microsoft Windows Server 2003 run under which account?
a.
The local administrator account
b.
The Local System account
c.
The Domain System account
d.
The Local Service Operator account
241. You are the network administrator for Contoso, Ltd. One of the applications that runs on a member server on your network requires that the Messenger service be started. Periodically, the application generates an error
that stops the Messenger service. Your server is configured with the default settings. Which step could you take to allow the server to attempt to correct this problem when it occurs?
a. Configure the server to automatically reboot any time the application generates an error stating that the service had stopped.
b. In the properties of the Messenger service, configure the Recovery option to restart the service when it fails.
c. Manually restart the service whenever an error occurs that stops the service.
d. Write a batch file that will restart all services every 5 minutes.
Short Answer
242. Microsoft Windows Server 2003 supports two types of zone transfers: IXFR and AXFR. Which statements best describe each of these transfers? Choose two answers.
a. IXFR is an incremental zone transfer.
b. IXFR is a full zone transfer.
c. AXFR is an incremental zone transfer.
d. AXFR is a full zone transfer.
32/34
2/10/2015
70-291
243. You have been asked to design and implement DNS for your Microsoft Windows Server 2003 network. Securing access to and protecting the identity of internal resources is critical. Which two steps should you
implement?
a. Install all DNS servers on domain controllers and create all DNS zones as Active Directoryintegrated zones.
b. Configure all DNS servers to forward queries they cannot resolve to a specific internal address.
c. Configure all DNS servers to listen on all IP addresses.
d. Disable cache pollution prevention.
244. Microsoft Windows Server 2003 has predefined security templates that can be applied as is or modified to meet network needs. Which two of the following are predefined templates?
a. Securews
b. Hisecdc
c. Secureserver
d. Secureworkstation
245. Which two tools included in Microsoft Windows Server 2003 allow an administrator to verify and configure current computer settings against one or more security templates stored in a database?
a. Security Configuration And Analysis snap-in
b. Compress utility
c. Security Templates snap-in
d. Secedit utility
246. Microsoft Windows Server 2003 supports which two tunneling protocols?
a. Point-to-Point Protocol (PPP)
b. Point-to-Point Tunneling Protocol (PPTP)
c. Layer Two Tunneling Protocol (L2TP)
d. Integrated Services Digital Network (ISDN)
Essay
33/34
2/10/2015
70-291
247. Outline one of the possible processes that are required to authorize a DHCP server in Active Directory directory service.
248. Describe the process that is necessary for determining whether your DHCP server has been authorized in Active Directory directory service.
249. Describe four functions you might need to perform while managing a Microsoft Windows Server 2003 DHCP database.
250. Describe the advantages of using Active Directoryintegrated DNS zones.
34/34

70 291

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

70 291

Uploaded by

Copyright:

Available Formats

2/10/2015

Disable address conflict detection.

Enable address conflict detection.

The DHCP server is not authorized in Active Directory.

PTR resource records

94. Which of the following is not a DNS management tool?

b. The principle of least privilege does not apply to network administrators.

Use the Security Configuration And Analysis snap-in.

Security Templates snap-in

Netsh in static mode

d. IPSec cannot be used to secure Active Directory traffic.

A route to the host 127.0.0.1

A route to any host on the 127.0.0.0 network

b. Set the callback feature to the Always Call Back To option.

Ping the remote DNS server.

250. Describe the advantages of using Active Directoryintegrated DNS zones.

You might also like