FACULTY OF BUSINESS AND INFORMATION TECHNOLOGY AUCKLAND CAMPUS
Bachelor of Information Technology Graduate Diploma in Information Technology
IT6218 Operating Systems Trimester 1 - 2011
Course Weighting 40%
180 minutes (3 Hours) + 10 minute reading time
Section Section Description Weight Marks A B C Multiple Choice Short Answers Scenario-based Questions Total 30% 40% 30% 100% 30 40 30 100
Questions to answer 15 10 3
Marks per question 2 4 10
Which of the following tools can be used to configure DNS server services? A. What should you do? A. WhitireiaNZ. Domain Security Policy D. D. All domain controllers run Windows Server 2008 and are configured as DNS servers. Increase the replication interval for the DEFAULTIPSITELINK object 5.Section A: Multiple Choice
Answer all questions. IT6218 T1 2011 Final exam Page 2 of 8
. WhitireiaNZ. Domain Controller Security Policy C. You have a single Active Directory domain. disable dynamic updates. Each question is worth 2 marks. You are the network administrator of your company. modify the TTL of the SOA record. You need to decrease the replication latency between the domain controllers. What should you do to achieve this task? A. Each office has one domain controller and each is configured as an Active Directory site. You install Windows Server 2008 on all servers on the network. The DNS administrative tool B. From the properties of the zone. Decrease the replication interval for the DEFAULTIPSITELINK object D. Windows Server 2008
2. You need to ensure that outdated DNS records are automatically removed from the DNS zone. C.com has a main office and ten branch offices. You prevent users from starting or stopping a particular service on domain controllers. From the properties of the zone. The domain contains one Active Directory-integrated DNS zone. and session keys. Decrease the connection replication interval for all connection objects C. Write your answer in the exam booklet. Local System Policy 4. Network Properties D. You want to be able to use Advanced Encryption Standard (AES) with Kerberos for encryption of Ticket Granting Tickets (TGTs). run ipconfig /flushdns. All client computers are configured to run Windows Vista. Computer Management C. From the properties of the zone. Windows Server 2003 D.com. Decrease the cost between the connection objects B. All sites are connected with the DEFAULTIPSITELINK object. What is the minimum domain functional level that is required to support AES encryption with Kerberos? A. You are a systems administrator at WhitireiaNZ. Active Directory Users and Computers tool B. Windows 2000 Server native C. Active Directory Users and Computers 3. From the command prompt. service tickets.com has an Active Directory forest that hosts a single domain. Which of the following tools can you use? A.
1. Windows 2000 Server mixed B. enable scavenging. B.
7. Log off and log on again to Active Directory by using an account that is a member of the Schema Administrators group. DC1 holds the Schema Master role. You need to ensure that users at the branch office are able to log on to the domain by using the RODC. Reset the computer account. Your company has a main office and a branch office. Run the nltest /remove_server: DC1 command. Decrease the replication interval for all connection objects by using the Active Directory Sites and Services console. C. IT6218 T1 2011 Final exam Page 3 of 8
. D. C. Run the Dcpromo utility. Active Directory Users and Computers snap-in B. D. You are not able to transfer the Schema Master operations role. B.
9. You need to ensure that DC2 holds the Schema Master role. Run the netsh command with the set and machine options. The company has two domain controllers named DC1 and DC2. C. You log on to Active Directory by using the administrator account. Run the Active Directory Users and Computers console to disable. On DC2. The administrator receives an error message that authentication has failed.6. Configure a new bridgehead server in the main office. All domain controllers run Windows Server 2008 R2. C. What should you do? A. Disjoin the computer from the domain. Your company has an Active Directory domain. Configure DC2 as a bridgehead server. and then enable the computer account. You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller.
8. DC1 fails. B. Dsmod
10. seize the Schema Master role. and then rejoin the computer to the domain. What tool should you use? A. You network consists of a single Active Directory domain. Run the netdom TRUST /reset command. You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do? A. D. D. Run the netdom remove DC1 command. What should you do? A. Add another RODC to the branch office. Local Users and Groups snap-in D. Configure the Password Replication Policy on the RODC. Start the Active Directory Schema snap-in. Your company has an Active Directory domain. Reset the Domain Controller computer account by using the Active Directory Users and Computers utility. What should you do? A. You need to ensure that the user is able to log on to the computer. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office. Remove the Active Directory Domain Services role. Register the Schmmgmt. ntdsutil C. B. A user attempts to log on to a computer that was turned off for twelve weeks. Start the Active Directory Schema snap-in.dll.
12. All of the above
15. an OU for Groups. application installation. Traffic filters B.com is Windows Server 2008.com is Windows Server 2003 Native mode. Raise the forest functional level of Auckland. You have discovered that Subnet-A is sending ICMP traffic to Subnet-C. You need to enable the Kerberos AES encryption option. The Sales OU contains an OU for Computers. D. What should you do? A. You want to stop the ICMP traffic from being sent to the other subnet. Configure Your Server C. Perform a non-authoritative restore of the Groups OU.11.com to Windows Server 2008. Your company has two Active Directory forests named Auckland. You are the network administrator for organization. C. C. and an OU for Users. Traffic rules C. You have installed Windows Server 2008 on a computer. Server Manager
14. Raise the forest functional level of NorthShore. Administrators have control over centralized configuration of user settings. You want to configure the server as a Certificate Authority (CA). The domain functional level of Auckland. Manage Your Server B. D. B. B. B. You perform nightly backups. You need to restore the Groups OU without affecting users and computers in the Sales OU. Your company has an Active Directory domain that runs Windows Server 2008 R2. Traffic denials D. Which of the following is an administrative benefit of using Group Policy? A.com and NorthShore.com and NorthShore. Traffic relays IT6218 T1 2011 Final exam Page 4 of 8
.com to Windows Server 2008. What do you need to set up? A. Problems due to missing application files and other minor application errors often can be alleviated by the automation of application repairs. You work as a Network Administrator for Tech Perfect Inc. Raise the domain functional level of NorthShore. You configure an external trust between Auckland. D. An administrator deletes the Groups OU. Centralized backup of user files eliminates the need and cost of trying to recover files from a damaged drive. Create a new forest trust and enable forest-wide authentication. Perform an authoritative restore of the Sales OU.
13. What should you do? A. Your organization has three subnets controlled by two multi-homed Windows Server 2008 servers. Perform an authoritative restore of the Groups OU.com to Windows Server 2008. C.com. The company has an Active Directory based network. Security Configuration Wizard D. Both forests run only domain controllers that run Windows Server 2008.com. Perform a non-authoritative restore of the Sales OU. The domain functional level of Northshore. and desktop configuration. Which of the following utilities will you use to accomplish the task? A.
You must ensure that if a DNS client queries Server01 for external name resolution. Each question is worth 4 marks. Server01 will not attempt to contact DNS servers outside the corporate network.
1. 10 Windows Server 2008 member servers. The network is not connected to the Internet.com. and 100 Windows 7 client computers. You administer your company network. The Auckland.com network run Windows Server 2008 and all client computers run Windows 7. which permission level should be granted to the Engineers group?
IT6218 T1 2011 Final exam
Page 5 of 8
. You work as the network administrator at WhitireiaNZ.Section B: Short answers Answer all questions.com network has a domain named WhitireiaNZ. In order to perform the task. What should you do?
3. which consists of a single Active Directory domain. The network contains two Windows Server 2008 domain controllers. A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired. What action should you perform? In other word. Your manager asks you to move a user from the Auckland OU to the Wellington OU. All servers on the WhitireiaNZ. All servers on the Auckland.com network contains a file server named AKL-SR007 used by all Auckland. The WhitireiaNZ. Ask your administrator to reactivate the account. You install the File Server role on a Windows Server 2008 member server named RES01 You create a shared folder named CAD_docs that will be accessible to members of the Engineers domain global group. What action should you take to display the quota usage of all users?
2. What should you do?
4." You need to ensure that the user is able to log on to the domain.com.com network has a domain named Auckland.com network run Windows Server 2008 and all client computers run Windows 7.com. which command can you use?
5. You work as the network administrator at Auckland.com users to store their information. The Auckland.com. In order to manage the server space you decide to configure quotas on AKL-SR007. Your company has an Active Directory domain. Members of Engineers need to be able to read and write files in the folder but must not be granted too much privilege to the folder. Server01 hosts a standard primary DNS zone for the Active Directory domain.
What action should you take to be notified whenever a user exceeds the storage limit in the shared folder?
7. Which of the following options would you choose to prevent the AKLDHCP1 from responding to DHCP client requests on LAN2 while allowing it to continue to respond to non-DHCP-client requests on LAN2?
IT6218 T1 2011 Final exam
Page 6 of 8
.com. What must you do first?
10. Users are not able to logon to domain after the upgrade of DNS servers.com network run Windows Server 2008 and all client computers run Windows Vista.6. You also added two new domain controllers to the domain. All the servers on the corporate network run Windows Server 2008. The Homer. each of which includes two domain controllers running Windows Server 2003. You work as the network administrator at Homer. You are an Enterprise administrator for AUCKLAND.com network contains file server named HOMER-SR007. You want to upgrade one of the domain controllers to Windows Server 2008. you do not want to deny users the ability to store data on the shared folder when it surpasses the 1 GB data storage limit. All servers on the Homer.com. All computers are members of the Active Directory domain. The Homer. Your organization consists of an Active Directory domain in which all servers run Windows Server 2008 and all client computers are laptops that run Windows Vista with Service Pack 1. All client computers use DHCP. and their own home networks. You need to configure TCP/IP on the laptops such that users are able to seamlessly connect to both the corporate network. What action should you perform?
8. Due to the critical nature of the data. The WhitireiaNZ Research forest consists of three domains. HOMER-SR007 contains a shared folder that is used by all users to store data.com network has a domain named homer. The corporate network of the company consists of a single Active Directory domain. What should you do to ensure that users are able to log on to the domain?
9.com. which use dynamic IP addressing. called AKLDHCP1 that has two network connections named LAN1 and LAN2. You are an administrator at WhitireiaNZ Research. which uses static IP addressing. The network consists of a DHCP server. You have upgraded the hardware of DNS servers in your Windows Server 2008 network.
Case Scenario: Working with IPv4 Address Blocks You work as a network administrator for a company with 500 employees. Your DNS servers are all currently running as primary DNS zones.com and AucklandCampus. What type of DNS strategy should you implement?
(B) Your network consists of an Active Directory forest that contains one domain named WhitireiaNZ. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.com has five Windows Server 2008 servers all are operating as domain controllers.com.com zone.com. or DMZ. The highest 3 will be considered.
1. and screened subnet) is a small network that is setup separately from an organization’s private network and the Internet. The perimeter network allows external user’s access to the specific servers located in the perimeter network while preventing access to the internal corporate network. also known as demilitarised zone. You need to ensure a user is able to modify records in the WhitireiaNZ. (C) What is the maximum number of servers or routers you could deploy in this new address block? Note: A perimeter network. You must prevent the user from modifying the SOA record in the AucklandCampus. Each question is worth 10 marks. Your company currently uses a total of 11 public IP addresses for its public servers and routers. (A) What is the smallest size address block that can support the servers and routers in your perimeter network? (Express the network size in slash notation and dotted-decimal notation.) (B) You have decided to deploy 5 new servers in the perimeter network and assign them each a public IP address. A DNS strategy which allows all DNS servers to hold the same database will need to be set up and your company necessitates that you use secure DNS dynamic updates for every client. all of which are hosted on the perimeter network on the company premises. what size block should you request to enable you to host all your public servers on a single subnet? Express the size of the network with a subnet mask in both slash and dotted-decimal notation.com zone.com. Case Scenario: Deploying a Windows Server (A) You work as a system administrator for a company named WhitireiaNZ. What should you do?
IT6218 T1 2011 Final exam
Page 7 of 8
. If your provider sells addresses in blocks only. You have two Active Directory-integrated zones: WhitireiaNZ.Section C: Scenario-based Questions
Attempt all four questions. WhitireiaNZ.
What actions should you take to track access to the SalesDocs folder?
4.com has a domain controller that runs Windows Server 2008 R2. What should you configure in the DNS Manager Console?
3.com network has organizational units (OU's) named Sales.com network run Windows Server 2008. Case Scenario: Creating User Accounts & Delegating Administrative Task (A) You work as a network administrator for a company with 500 employees. The Sales OU contains a file server named Henderson-SR007 that hosts a shared folder named SalesDocs that contains sensitive customer information. There are 10 people in the Marketing Department. The Henderson. It is configured as a DNS server.com network has a domain named henderson. All servers on the Henderson. What should you do in order to make one member of the users in this department as a password reset administrator?
(B) Your organization has one Active Directory domain in the Active Directory forest.com. and you are required to create their new user accounts without using a third-party tool. Case Scenario: Implementing a Group Policy Object You work as a network administrator at Henderson.com. Marketing and Admin. You need to record all inbound DNS queries to the server. The Henderson. The people from Marketing Department want to designate one of them to be able to reset passwords. Which command should be used to achieve this?
IT6218 T1 2011 Final exam
Page 8 of 8
. Your company just bought another company with 5000 user accounts.(C) ABC. You are responsible for creating accounts for all users in your domain.