|
Windows 2000 EXAM - 70-217
.........
Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure
1) You are the admin of a win2k Network. Your network's organizational unit (OU) structure is shown in the exhibit you grant Create Users Objects permission to Anita for the Executive OU, but
she is unable to create users objects in the Users OU. Anita is able to create users objects in the Workstation OU. What should you do to enable Anita to create users objects in the Users OU?
A) Clear the Allow inheritable permissions from parent to propagate to this object
check box in the Executive OU properties.
B) Select the Allow inheritable permissions from parent to propagate to this object
check box in the Users OU properties.
C) Add Anita to the Server Operators group. D. Move the Users OU to the same level as
the Executive OU
Answer : B
2) You add a new domain controller named GC01 to your network to take the place of the existing global catalog server. You also enable GC01 as a global catalog. You want to use GC00, the
original server, as a domain controller, but not as a GC server for the domain. You want to increase disk space on GC00. What should you do? (Choose all that apply)
A) Use the Active Directory Sites and Services. Select the NTDS settings object for the GC00 Server to clear the Global Catalog check box.
B) On the GC00 server, run the Ntdsutil utility to defragment Active Directory.
C) On the GC00 server, reinstall Win2k
D) On the GC01 server, run the Ntdsutil utility to enable the global catalog server option.
Answer : A, B
3) You add three new SCSI hard disk drives to your company's domain controller. The SCSI disks are configured in a hardware RAID-5 array. You have two other physical disks in this domain
controller. You want to optimize the speed of the Active Directory database. What can you do? (Choose Two)
A) Move the Ntds.dit file to the RAID-5 array.
B) Move the log files to a separate physical disk from the OS
C) Move the log files and the Ntds.dit file to the RAID-5 array.
D) Move the netlogon share to the RAID-5 array.
E) Create a mirror volume and place the log files on the mirror.
Answer : A.B
4) You are the administrator of the Arbor Shoes company network. There is one domain named arborshoes.com. The domain contains three sites named Geneva, Milwaukee, and Portland. Each site has
two domain controllers from the arborshoes.com domain. Geneva and Portland each have 1,000 users. Milwaukee has 500 users. There are two IP site links: Geneva Portland and Milwaukee Portland.
You want to add another domain controller in each site to handle all replication from each site. What should you do?
A) Configure each new domain controller to be the IP preferred bridgehead server for its site.
B) Create a connection object from each domain controller in each site to the new domain controller in each site.
C) Create a new site link that has a lower cost that the existing site links.
D) Delete the existing connection objects
Answer :A
5) You are the LAN admin for Arbor Shoes. You hire Sophie to be a LAN administrator for the Dublin office. Arbor Shoes has one domain named arborshoes.com. Each office has its own OU. Sophie
needs to be able to create child OUs under only ou-Dublin, dc=arborshoes, dc=com and verify the existence of the created OUs. Which permissions should you assign to Sophie on the Dublin OU?
(Choose THREE)
A) FC
B) List Contents
C) Create OU objects
D) Create All Child Objects
E) Write
F) Read
Answer : B, C, F
6) You are the administrator for Trey Research and A. Datum Corporation. You manage a multi domain wind2k network of 5,000 users for the two companies. The network is configured as shown in the
exhibit: The two companies have a total of six departments.
Each department is an OU in AD. Each Domain and OU has specific Group Policy settings that must applied to all of its members. Your company is reorganizing all six departments. Some, but not
all, of the users in each OU have moved. Many users have changed departments, and some have changed domains. You want to accomplish the following goals in the least possible amount of time.
Place the users account in the appropriate domains. Apply the existing policies for each domain or OU to the moved accounts. Do not disrupt user access to shared resources. What should you do?
A) For all users, create new user accounts in the appropriate OUs. Assign permissions to the accounts to apply the group policy settings, and the delete the old accounts.
B) For the users moving between domains create new user accounts in the appropriate Ous. Assign permissions to the accounts to apply the Group Policy settings, and then delete the old accounts.
For the users moving between Ous in the same domain, select the accounts. Then choose MOVE from the Action menu, targeting the new OU.
C) For the users moving between domains, use the Movetree utility, specifying the source and target domains and Ous. For the users moving between Ous in the same domain select the accounts. Then
choose MOVE from the ACTION menu, targeting the new OU.
D) For the users moving between domains, create new user accounts in the appropriate
Ous. Assign permissions to the account to apply the Group Policy settings, and then delete the old accounts. For the users moving between Ous in the same domain, select the accounts. Then choose
Copy from the Action menu, entering the appropriate account information for the new users accounts. Then delete the old accounts.
Answer : C
7) You are the administrator of a win2k network. Your win2k domain controller has been in operation for one year. During that year, you have deleted numerous objects. However, the Ntds.dit file
is the same size it was before you deleted any objects. You want to reduce the size of the Ntds.dit file. What should you do? (Choose Two)
A) Delete all the log files from the NTDS folder and restart the server.
B) Use the Ntdsutil utility to perform an authoritive restore.
C) Run the Esentutl utility by using the /d switch.
D. the server in directory services restore mode.
E) Use the Ntdsutil utility to compress the database to another drive.
Answer : C, D
8) You are the administrator of the company network for Arbor Shoes. Arbor Shoes has three domains: arborshoes.com, na.arborshoes.com, and sa.arborshoes.com. All the domains are in native mode.
You are going to remove the na.arborshoes.com domain in an effort to consolidate domains. There are 300 users in na.arborshoes.com. You want to move all 300 users at the same time to
arborshoes.com. What should you do?
A) At the command prompt, type the following command: Cscropt sidhist.vbs /srcdc:dc1 /srcdom:na.arborshoes.com /dstdc:dc1/dstdom:arborshoes.com
B) At the command prompt, type the following command: Movetree /start /s dc1.na.arborshoes.com/ddc1.arborshoes.com/sdncn=users,dc=na,dc=arborshoes,dc=com /ddn cn=users, dc=arborshoes, dc=com C)
In MMC, use the copy command in Active Directory Users and Computers
D) In MMC, use the move command in Active Directory Users and Computers
answer : B
9) You are the enterprise administrator of a windows 2000 domain tree that has five domains. All domains are in native mode. Each domain has one or more users who are help desk staff. Each
domain has a global group named Help Desk members that contains the help desk staff from each domain. There is an OU named Interns in the root domain. You want all help desk staff to be able to
reset passwords of the users in the Inters OU. What should you do?
A) Create a new global security group named Help Desk Staff in the root domain. Place the five help desk members groups in the Help Desk staff group. Place the Help desk staff group in the Reset
Interns group. On the reset Interns group, assign the Reset password permission to the Help Desk Staff group. B) Create a new global security group named Help Desk Staff in the root domain.
Place
the five help desk staff in the Help Desk Staff group. Create a new local security group named Reset Interns in the root domain. Place all users from the Interns OU in the Reset Inters group. On
thee Interns OU, assign the reset Password permission to the Reset Interns group.
C) Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk members groups in the Help Desk Staff group. Create a new local security group named
reset Interns in the root domain. Place the Help Desk Staff group in the Reset Interns group. On the Interns OU, assign the reset password permission to the Reset Interns group.
D) Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk Members groups in the Help Desk Staff group. Create a new local security group named
reset Interns in the root domain. Place all users from the Interns OU in the Reset Interns group. On the reset Interns group, assign the Reset Password permission to the Help Desk staff group.
Answer : C
10) Your company's Win2k network consists of a single domain. You are the enterprise
admin of the domain. Two administrators named Ann and Bill make changes to Active
directory at approximately the same time at two different domain controllers named
ServerA and ServerB. Ann deletes an empty OU named Branch1 from ServerA. Before this deletion is replicated to ServerB, Bill move five existing users from the Brach2 OU to
the Branch1 OU at ServerB. Ten minutes later, Bill discovers that the Branch1 OU is
deleted from Active Directory. You want to reinstate the configuration that Bill
attempted to accomplish. What should you do?
A) Perform an authoritive restore of the Brach1 OU at ServerA
B) Perform a nonauthoritive restore of the Branch1 OU at ServerA.
C) Perform an authoritive restore of the five users at ServerB
D) At ServerB, move the Branch1 OU from the LostAndFound container to its original
location.
E) At ServerA, create a new Branch OU. Move the five users from the Branch2 OU to the new Branch1 OU.
F) At ServerB, create a new Branch1 OU. Move the five users from the LostAndFound
container to the new Branch1 OU.
Answer : A
11) You are the admin of your company's network. Your company has two domains in six
sites as shown in the exhibit. Each site has one or more domain controllers. For
fault-tolerance and load-balancing purposes, on domain controller in each site is
configured as a GC. Users report that, several times a day, network performance and
data transfer for an application located in SiteA are extremely poor. You want to
improve network performance. What should you do?
A) Configure at least two domain controllers in each site as GC servers.
B) Configure the domain controllers in only one site as GC servers.
C) Create site links between all sites and use the default replication schedulers
D) Create site links between all sites and set the less frequent replication
schedules.
E) Create connection object between each domain controller. Use RPC as the transport
protocol.
F) Create connection objects between each domain controller. Use SMTP as the
transport protocol.
Answer : D
12) You are the enterprise administrator of a win2k domain named fabrikam.com. The
domain contains three domain controllers named DCA, DCB, and DCC. DCA does not hold any operations master roles. You backed up the System state data of DCA two weeks ago. Without warning the DCA
hard disk fails. You decide to replace DCA with a new computer. You install a new Win22k server computer. What should you do next?
A) Add the server to the domain. Do an authoritive restore of the original backup of
the original DCA System State data that you made two weeks ago.
B) Add the server to the domain. Use Windows Backup to create a backup of the DCB
System state data, and restore this backup on the new DCA.
C) Use the Active Directory installation wizard to make the new computer a replica in
the domain.
D) Use the Ntdsutil utility to copy the active Directory database from DCB to the new
DCA.
Answer : C
13) You are the administrator of a win2k domain. The domain has two domain controllers
named Server1 and Server2. The volume that contains the Active Directory database file on Server1 is running out of disk space. You decide to move the database file to an
empty volume on a different disk on Server1. What should you do?
A) Restart Server1 in directory services restore mode. Use the Ntdsutil utility to
move the database file to the empty volume.
B) Use windows Backup to create a backup of the System State data of Server1. Restart Server2 in directory services restore mode. Restore the system State data to the empty volume.
C) Use the Logical disk Manager console to mount the empty volume in the folder that
contains the Active Directory database file.
D) Stop the Netlogon service on Server1. Use Windows Explorer to move Ntds.dit to the
empty volume. Start the NetLogon service again. Force replication from server2
Answer : A
14) You are the enterprise administrator of a Windows 2000 domain. The domain has three domain controllers named DC1, DC2, and DC3. Because of changed hardware requirements, you want to replace
the domain controller named DC1 with a newer computer named DC4. You want DC4 to be a domain controller in the domain. You no longer want DC1 to function as a domain controller. What should you
do?
A) Install DC4 as a stand-alone server in a workgroup named WG. Restore a System
State data backup of DC1 on DC4. On DC1, Use the Active Directory Installation wizard
to remove Active Directory from DC1.
B) Install DC4 as a stand-alone server in a workgroup named WG. Disconnect DC1 from
the network. Rename DC4 to DC1. On DC2, force replication of AD to all its replication
partners.
C) Install DC4 as a member server in the domain. On DC4, use the Active Directory
Installation wizard to install Active Directory on DC4. On DC1 use the Active Directory
Installation wizard to remove Active Directory from DC1.
D) Install DC4 as a member server in the domain. On DC1 use the Ntdsutil to copy the
Active Directory files to DC4. Use the Active Directory Installation wizard to remove
Active Directory from DC1.
Answer : C
15) You are the network administrator for your company. Your company's main office is
in Seattle. Branch offices are in New York, Rome, and Tokyo. The local administrators
at each branch office need to be able to control local resources. You want to prevent
the local administrators from controlling resources in the other branch offices. You
want only the administrators from the main office to be allowed to create and manage
user accounts. You want to create an active directory structure to accomplish these
goals. What should you do?
A) Create a domain tree that has a top-level domain for the main office and a child
domain for each branch office. Grant the local administrators membership in the Domain
Admins group in their child domains.
B) Create a domain tree that has a top-level domain for the main office and a child
domain for each branch office. Grant the local administrators membership in the
Enterprise Admins group in the domain tree.
C) Create a single domain. Create a group named Branch Admins. Grant the local
administrators membership in this group. Assign permissions to the local resources to
this group.
D) Create a single domain. Create and OU for each branch office and an additional OU
named CorpUsers. Delegate authority for resource administration to the local
administrators for their own OUs. Delegate authority to the CorpUsers OU only to the
Domain Admins group.
Answer : D
16) You are the administrator of your company's network. Your company has its main office in Seattle and branch offices in London, Paris, and Rio de Janeiro. The local admin at each branch
office must be able to control users and local resources. You want to prevent the local administrators from controlling resources in branch offices other than their own. You want to create an
Active Directory structure to accomplish these goals. What should you do?
A) Create a top-level OU. Delegate control of this OU to administrators at the main office.
B) Create child OUs for each office. Delegate control of these OUs to administrators at the main office.
C) Create child OUs for each office. Delegate control of each OU to the local administrators at each office.
D) Add the local administrators to the Domain Admins group.
E) Create users groups for each office. Grant the local administrators the appropriate permissions to administer these user groups.
Answer : C
17) You install a windows 2000 Server computer on your network. You promote the computer to be a domain controller. This computer also functions as the DNS server for the domain. All client
computer are running win2k Prof. When users attempt to log on they receive an error message sating that a domain controller cannot be located. You verify that Active Directory is installed and
functional on the server. You want to ensure that the domain controller is available for user logons. What should you do next?
A) Check DNS for the addition of an appropriate SRV record in the zone.
B) Check DNS for the addition of an appropriate A record in the zone.
C) Check for the presence of an NTDS folder on the domain controller.
D) Check for the presence of a Sysvol folder on the domain controller.
E) On the client computers, create a hosts file that contains the SRV records for the domain controller.
F) On the client computers, create a Hosts file that contains the A record for the DC.
Answer : A
18) You are the admin of the Contoso, Ltd., company network. You are designing a Win2k domain. Contoso, Ltd., has an Internet presence and owns contoso.com, a registered domain name. The
existing DNS zone is hosted on WinNT server 4 computers. You want to accomplish the following goals: - Internal host names will not be exposed to the Internet. - Internal users will be able to
resolve external names for access to Internet-based resources. - Complexity and depth of domain names for Active Directory will be minimized. - To comply with management requirements, the
existing DNS servers that host the zone for contoso.com will not be upgraded. You implement a DNS design as shown in the exhibit: Which result(s) does your implementation produce? (All that
apply)
A) Internal host names will not be exposed to the Internet.
B) Internal users will be able to resolve external names for access to Internet-based resources
C) Complexity and depth of domain names for Active Directory will be minimized
D) To comply with management requirements, the existing DNS servers that host the zone for Contoso.com will not be upgraded
Answer : A, B, C
19) You are the network administrator for Arbor Shoes. Part of your multisite Windows 2000 network configuration is show in the exhibit. Server1 is configured with the primary zone for
arborshoes.com. Server3 and Server5 are configured with secondary zones for arborshoes.com.You discover an error in several host records that is preventing client computers in Atlanta from
accessing some shared resources. You make the necessary corrections on Server1. You want these changes to be propagated to Atlanta immediately. What should you do?
A) On the Action menu for the arborshoes.com zone, click Update Server Data Files.
B) At Server5, perform the Transfer from master action for the arborshoes.com zone.
C) At Server1, stop and start the DNS server service.
D) At Server5, select Allow zone transfers on the arborshoes.com zone.
Answer : B
20) You are the network administrator for LitWare, Inc. You are implementing Windows 2000 on your network. Part of your network configuration is shown in the exhibit. You have installed Server2
and Server4 as domain controllers for LitWare.com. You have installed Server1 and Server3 as DNS servers for the litware.com domain. Each server has a standard primary zone named litware.com.You
configure the domain to run in native mode. When Server2 attempts to contact Server4 by name, it cannot establish a connection. However, you cn ping both Server2 and Server4 from any computer in
either site. You need to be able to resolve names of serves in both sites. You want the information to be updated regularly. What should you do?
A) Configure Server1 and Server3 to allow dynamic updates in DNS.
B) Configure Server1 and Server3 to allow zone transfers to any server. Then configure the DNS notification options to notify each server of updates.
C) Reinstall Server4 as a member server in the same domain as Server2. Create a new site, and promote Server4 to a domain controller within the new site.
D) Re-create the litware.com zone on Server3 as a secondary zone. Configure Server3 to replicate DNS data from Server1.
Answer : D
21) You are the administrator for a windows 2000 network. Your network consists of one domain and two OUs. The OUs are named Corporate and Accounting. A user recently reported that she was not
able to log on to the domain. You investigate and find out that the user's account has been deleted. You have been auditing all objects in active Directory since the domain was created. But you
cannot find a record of the user account deletion. You want to find a record that identifies the person who deleted the account. What should you do?
A) Search the security event logs on each domain controller for account management events.
B) Search the security event logs on each domain controller for object access events.
C) Search the Active Directory Users and Computers console on each domain controller for the user's previous account name.
D) Search the Active Directory Users and Computers console on each domain controller for the user's computer account.
Answer : A
22) You are the admin of your company's network. The network consists of one WinNT 4 domain. You create and implement a security policy that is applied to all windows 2000 Prof. Computers as
they are staged and added to the network. You want this security policy to be in effect at all times on all client computers on eth network. However, you find out that administrators
periodically change security settings on computers when they are troubleshooting or doing maintenance. You want to automate the security analysis and configuration of client computers on the
network so that you can track changes to security policy and reapply the original security policy when it is changed. What should you do?
A) Use Windows NT System Policy to globally configure the security policy settings on the client computers.
B) Use Windows 2000 Group Policy to globally configure the security policy settings on the client computers.
C) Use the Security and Configuration Analysis tool on the client computers to analyze and configure the security policy.
D) Schedule the Secedit command to run on the client computer stop analyze and configure the security policy.
Answer : D
23) You edit the Default Domain Controllers Group Policy on the arborshoes.com domain to required passwords to be at least eight characters long. However, users are able to create passwords that
do not comply with the implemented policy. What should you do?
A) Initiate replication to make sure the Group Policy containers and the Group Policy template (GPT) are replicated.
B) Configure each client computer to have a local Group Policy that requires password to be at least eight characters long.
C) Edit the Default Domain Group Policy to require password to be at least eight characters long.
D) Edit the Default Domain Controllers Group Policy to force the password to meet complexity requirements.
Answer : C
24) You are the windows 2000 network administrator for your company. You are implementing the company's network security model. You network has several servers that contain sensitive or
confidential information. You want to configure security auditing on these servers to monitor access to specific folders. You also want to prevent users from gaining access to these servers when
the security logs become full. What should you do?
A) Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Set up the individual objects to be audited in windows Explorer, and then customize the Event
Viewer logs to limit the size of the security log to 1024 kb.
B) Create a GPO that applies to the servers. Configure the GOP to enable auditing for directory services access. Set up the individual objects tobe audited in Windows Explorer, and then
customize the Event Viewer logs to limit the size of the security log to 1024 KB. Configure the security event log so that it does not overwrite events.
C) Create a GPO that applies to the servers. Configure the GOP to enable auditing for directory service access. Set up the individual objects to be audited in Windows Explorer. Configure the
security event log so that it doesn't not overwrite events. Then configure the GPO to enable the Shut down the system immediately if enable to log security audits setting.
D) Create a GPO that applies to the servers. Configure the GOP to enable auditing for object access. Setup the individual objects to be audited in Windows Explorer. Configure the security event
log so that it does not overwrite events. Then configure the GPO to enable the Shut down the system immediately if enable to log security audits setting.
Answer : D
25) You are the security analyst for Duluth Mutual Life. You are assessing the security weaknesses of the company's Windows 2000 network. The network consists of three sites in one domain. The
domain contains three OUs and 11000 users. There are five domain controllers in the domain. You configure one of the domain controllers to meet the security requirements of the company. You need
to duplicate those settings on the other four domain controllers. You want to use the least possible amount of administrative effort. What should you do?
A) Create a GPO for the domain controllers OU. Configure the GPO settings to match the settings of the secured domain controller.
B) Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration to a template file. Copy the template file to the
Sysvol folder on each domain controller.
C) Create a GPO for the domain. Assign Domain Users Red and Apply Group Policy permissions. Configure the GPO settings to match the settings of the secured domain controller.
D) Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration information to a template file. Open Security
Configuration and Analysis on the other domain controllers, import the template file, and then select Analyze Computer Now.
Answer :A
|
