Beruflich Dokumente
Kultur Dokumente
True/False
Indicate whether the statement is true or false.
____ 1. A DHCP server that is located on a member server and that is a member of a workgroup must be
authorized before it can respond to DHCPDISCOVER messages?
____ 2. The DHCP Server service is installed on Microsoft Windows Server 2003 by default.
____ 4. Microsoft Windows Server 2003 DHCP Server supports both automatic and manual backups?
____ 5. When you install Microsoft Windows Server 2003, DNS is installed automatically.
____ 7. A Microsoft Windows Server 2003 domain that utilizes an Active Directory–integrated DNS zone
can have a secondary DNS server running on a member server.
____ 8. When a file that has been encrypted using EFS is copied from one folder on an NTFS file system
drive to another folder on an NTFS drive, the file will remain encrypted?
____ 10. SUS can be installed only on an NTFS file system partition.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 11. You administer a network that has 75 client computers configured to dynamically receive IP address
configuration. The DHCP server has been configured using a DHCP scope with a configured IP
address range of 170.34.32.1 to 170.34.32.255 and a 24-bit mask. The network consists of a
Microsoft Windows Server 2003 domain and Microsoft Windows XP clients configured as DHCP
clients. Users of the client computers cannot access other computers or resources on the network.
Which of the following options should you use to resolve the problem?
a. Activate the scope.
b. Reboot the DHCP server.
c. Increase lease duration.
d. Change the ending IP address to 170.34.38.255.
e. Re-create the scope using a subnet mask of 255.255.244.0.
____ 12. You are the administrator of a Microsoft Windows Server 2003 network. The network consists of
two Windows Server 2003 computers named Toledo and Cleveland and 275 Microsoft Windows XP
Professional computers. Toledo is a DHCP server. The DHCP server provides the TCP/IP
configuration for all Microsoft Windows XP computers. Toledo and Cleveland have manually
configured IP addresses. Toledo frequently hosts multicast-based video and audio conferences. You
want to dynamically allocate multicast addresses. How should you configure the network?
a. On the DHCP server, create and activate a multicast scope with a range of Class D
addresses.
b. On Toledo, configure routing and remote access to enable the Internet Group
Membership Protocol (IGMP) routing protocol in proxy mode on the LAN
interface.
c. Enable router discovery on the Windows XP Professional computers.
d. Add a route for network destination 224.0.0.0 and mask 224.0.0.0 on the Windows
XP Professional computers.
____ 13. As a network administrator, you are deploying DHCP on your Microsoft Windows Server 2003
network. You want to ensure that all of your print devices receive the same IP address each time
they initialize. What step should you take to ensure that DHCP assigns the same address to the print
devices?
a. Configure client reservations for each print device interface.
b. Configure a lease that will never expire.
c. Configure address exclusion for the print devices.
d. Statically configure the IP address for all print devices.
____ 14. Secure dynamic updates are available in which type of DNS zone?
a. Standard primary
b. Secondary
c. Active Directory–integrated
d. Standard primary and secondary
____ 15. Which DHCP management process is used to recover unused space in the DHCP database?
a. Reconciling
b. Compacting
c. Restoring
d. Removing
____ 16. You are a network administrator of a Microsoft Windows Server 2003 domain that is configured to
use secure dynamic updates for DNS. The network clients have just been updated from Microsoft
Windows NT 4 to Microsoft Windows 2000, and the DHCP server has been set to never update DNS
on behalf of clients (the DHCP server’s original setting was to always update DNS). You notice that
the Windows 2000 clients do not update DNS. Which of the following could be the cause of the
problem?
a. The DNS zones are incorrectly set to Active Directory–integrated.
b. The DHCP server is not a member of the DnsUpdateProxy security group.
c. The DNS server is not a member of the DnsUpdateProxy security group.
d. The Windows 2000 clients should be upgraded to Microsoft Windows XP
Professional.
____ 17. Your DHCP database is corrupt, and you are forced to perform a manual restore. The database
restore was successful. The week after the restore, you ask one of your junior administrators to make
a change to the DHCP server. The junior administrator is not a member of the Administrators group,
but has been given permissions to administer the DHCP database. Your assistant reports that she is
not able to administer the DHCP database. What is the most likely reason the assistant cannot
administer the database?
a. Security credentials are not backed up by DHCP. After you perform a restore, you
must reconfigure security credentials associated with the DHCP database.
b. Only members of the Administrators group can administer the DHCP server.
c. You incorrectly assigned permissions to the junior administrator’s user account.
d. The junior administrator must be a member of the Domain Administrator group to
administer the DHCP server.
____ 18. While reviewing DHCP server logs, you notice several entries with event ID 15, which indicates that
a lease was denied. You would like to determine how long this has been occurring and what is
causing this error. The DHCP server has been online for only three weeks. To begin troubleshooting
this problem, you ask your assistant to provide you with the DHCP logs from the previous three
weeks. Your DHCP server has logging enabled with the default configuration. Your assistant reports
that he cannot locate DHCP logs for the past three weeks. What is preventing your assistant from
obtaining these logs?
a. The assistant user account does not have adequate privileges.
b. The DHCP server is not a member of the DnsUpdateProxy security group.
c. A DHCP server with default configuration keeps logs for only seven days.
d. DHCP logs are erased every 24 hours.
____ 19. You are the administrator of a Microsoft Windows Server 2003 domain. Your domain has three
DNS servers, which are located on domain controllers. Currently, you can create updates on only
one of the DNS servers. You would like to be able to make changes to the DNS database on any of
the three DNS servers, and you want these changes to replicate to all other DNS servers in your
domain. You should make which configuration change?
a. Convert all DNS servers to primary DNS servers.
b. Convert all DNS server zones to Active Directory–integrated zones.
c. This cannot be accomplished.
d. Create forwarding entries on the DNS servers with secondary zone files.
____ 20. Microsoft Windows Server 2003 has three options for Active Directory–integrated zone replication.
Which of the following is not available as a replication option in Windows Server 2003?
a. Replicate to all DNS servers in the forest.
b. Replicate to all domain controllers in the domain.
c. Replicate to all domain controllers that are DNS servers in the same domain.
d. Replicate to all domain controllers that are also DNS servers in the entire forest.
____ 21. Your Microsoft Windows Server 2003 network has one primary DNS server and two secondary
DNS servers. Several changes are made to the zone database on the primary server. How will the
secondary DNS servers learn about the changes to the primary server’s zone database?
a. The master server will notify the secondary servers of zone changes.
b. The update will occur only when the zone refresh interval expires.
c. The DNS Server service is restarted on a secondary server.
d. A zone transfer is manually initiated on the secondary servers.
e. A zone transfer is automatically initiated every 60 minutes.
____ 22. You administer a private Microsoft Windows Server 2003 network that has a standard primary DNS
server and a standard secondary DNS server. Both servers are used to resolve internal DNS names.
Your network has an external DNS server that is separated from the internal network by a firewall.
Internal users complain that they cannot resolve names on the Internet. What should you do to
resolve this problem?
a. Edit the Cache.dns file.
b. Configure the internal DNS servers to forward requests to the external DNS server.
c. Remove the firewall.
d. Configure a PTR record to the external DNS server on the internal DNS servers.
____ 23. Which DNS management tool can be used to verify the consistency of a particular group of DNS
resource records on multiple DNS servers?
a. DNSLint
b. Dnscmd
c. Nslookup
d. Ipconfig
____ 24. Which command-line tool can be used to configure and analyze system security by comparing
current settings against at least one template?
a. Secedit utility
b. Gpupdate utility
c. Analyze utility
d. Ipconfig utility
____ 25. The Secedit command-line tool provides an administrator with the ability to perform functions
similar to those that can be performed using the Security Configuration And Analysis snap-in.
Which function cannot be performed using Secedit?
a. Configure
b. Authenticate
c. Analyze
d. Generate rollback
____ 26. Your domain consists of servers running Microsoft Windows Server 2003, clients running Microsoft
Windows XP Professional, and clients running Microsoft Windows 98. Your company recently
started a confidential research project and all network communication related to this project must be
encrypted using IPSec. All of the client computers for employees working on this project run
Windows 98. After installing the server for the project, you configure the Secure Server (Require
Security) policy and apply the policy to the server using the local security policies. You then apply
the Client (Respond Only) policy to the OU that contains all of the client computers that are
involved in this project. You discover that none of the Windows 98 clients are able to communicate
with the server. What additional step must you take to allow the clients running Windows 98 to
communicate with the server?
a. Apply the Server (Request Security) policy to the client computers.
b. Download the legacy IPSec client for Windows 98 from the Microsoft Web site.
c. Start the IPSec Policy Agent.
d. Install Network Monitor on the client computers running Windows 98.
____ 27. You are the network administrator for the contoso.com domain. Your network consists of a
Microsoft Windows Server 2003 domain. Your corporate security policy requires that all
communication be encrypted using IPSec. Your company has a partnership with Litware, Inc.
Litware users must communicate with Contoso users; however, the Litware users are not members
of the Contoso domain, and you are not certain about which operating system the Litware computers
run. How should you configure authentication so that all communication is encrypted?
a. Configure both Contoso and Litware policies to use X.509 certificates for
authentication.
b. Configure both Contoso and Litware policies to use NTLM for authentication.
c. Configure Contoso to use Kerberos for authentication, and configure Litware to
use X.509 certificates for authentication.
d. Use the default authentication settings for both Litware and Contoso.
____ 28. You configured all of your clients running Microsoft Windows XP Professional and servers running
Microsoft Windows Server 2003 to automatically interact with the Windows Update Web site. You
notice that all of the client computers have an informative message stating, “Updates for your
computer have been downloaded from Windows Update. Click here to review these updates and to
install them.” It was not your intention to allow users to decide which updates to install or when the
updates will be installed. How can you configure your client computers to maintain the latest service
packs and security patches without user interaction?
a. Use Group Policy to enable the No Auto-Restart option for all domain computers.
b. Configure the Automatic Updates settings on the clients running Windows XP
Professional and the servers running Windows Server 2003 to Automatically
Download The Updates And Install Them On The Schedule That I Specify.
c. Configure the Automatic Updates settings only on the servers that run Windows
Server 2003 to Automatically Download The Updates, And Install Them On The
Schedule That I Specify. The servers will then update the clients when they restart.
d. Have the users log on as local administrators, and the updates will be automatically
installed.
____ 29. What is the recommended minimum level of RAM for a SUS server?
a. 512 MB
b. 256 MB
c. 1 GB
d. 128 MB per SUS client
____ 30. You configured a SUS server to synchronize with the Windows Update site daily at 7:00 A.M., and
you configured the server to store the updates locally. Your client computers are scheduled to run
Automatic Updates at 12:00 P.M. daily while employees are at lunch. When you arrive at work at
8:00 A.M., one of your coworkers informs you that the contents of one of the SUS\Contents
directories were accidentally deleted and that a critical security update was released this morning.
The client computers must receive the security update as soon as possible. With the least amount of
administrative effort, which steps could you take to allow the client computers to download the
critical update from the SUS server at the scheduled 12:00 P.M. time?
a. Open the Software Update Services Administration Web page, and choose
Schedule Synchronization from the Synchronize Server options. Schedule the SUS
server to synchronize at 12:00 P.M.
b. Open the Software Update Services Administration Web page, and choose
Synchronize Now from the Synchronize Server options.
c. Copy the SUS\Contents file from one of the SUS clients that successfully
synchronized with the SUS server prior to the deletion of the Contents folder.
d. Manually configure all client computers to contact the Windows Update site for
Automatic Updates.
Server 2003 FINAL
Answer Section
TRUE/FALSE
1. ANS: F
EXPLANATION: Dynamic Host Configuration Protocol (DHCP) servers that are part of an Active
Directory domain must be authorized. There is no authorization process for DHCP servers that are
members of a workgroup. (Discussion starts on page 13.)
MULTIPLE CHOICE
11. ANS: A
EXPLANATION: A scope must be activated before it can be used to assign addresses, and a
Dynamic Host Configuration Protocol (DHCP) server must be authorized if it is part of an Active
Directory domain. Increasing the lease duration or re-creating the scope does not affect this situation.
(Discussion starts on page 16.)