1.
You are the administrator of Metro Tech World. Your company currently has 6 major subnets with dedicated DHCP servers in each. All subnets use contiguous IP addresses. Your company is in the process of acquiring two small companies. These companies will still continue to use their own domain controllers. They need to be a part of the dynamic IP environment. There are about 25 computers in each of these companies and will connect to the main network using a router each. Requirements: 1. The DHCP servers in the main network need fault tolerance 2. The clients in the small networks need to access the DHCP servers in the location closest to them for IP address assignment What should you do? Each of the choices represents a part of the solution. Choose two solutions that will form a complete solution.
Correct Answer(s)
A. Use DHCP servers with contiguous scope to divide scope between the main offices on 80-20 rule
C. Use DHCP relay agents in the small subnets.
Explanation
The main offices as stated have contiguous addresses. Hence they can be used to provide fault tolerance to each other on the basis of the 0-20 rule.
Since the small subnets need to connect to the main offices DHCP server that is physically closest for IP address assignment, you need t to implement a DHCP relay agent in the small subnets.
2.
You are convinced that the DHCP server on the network is overloaded. You need another DHCP on the network to load-balance the existing one. You are required to present the required data to your supervisor to get an approval for the same. What should you do? Choose two.
Correct Answer(s)
A. Audit the DHCP server and generate reports for the same
B. Use a performance monitoring tool that can record the DHCP performance for at least a week.
Explanation
Auditing the DHCP server is usually done for security reasons, but in this case, you may use this facility to convince your supervisor of the access rate of your DHCP server on the network. The Performance Monitoring tool helps to record or capture any performance counters that you may be interested in such as the disk read/write, access rate, performance and utilization of CPU, memory etc. This data that you capture must be for the period of at least a week to indicate the highs and lows of usage time. Otherwise, the data required for analysis is insufficient.
3.
View the exhibit shown below. The scope shows a red icon. What does it indicate and what is the solution? Each choice represents a part of the desired response. Choose two to complete the required response.
Correct Answer(s)
B. It means that the scope is not activated.
E. Activate the scope
Explanation
scope that is ready for use will flash a green icon. If the icon is red it means it is awaiting activation.
4.
You are planning on setting up a DHCP server that not only acts as a DHCP relay agent for the stub network but also has a scope configured to load-balance the DHCP server on the main network. This DHCP server will be a perimeter resource. View the exhibit given below. Which of the given choices must be selected for the DHCP to deliver the services stated in the scenario?
Correct Answer
C. Both
Explanation
Since the DHCP will be used for load balancing the main server as well as act as a relay agent to the stub network, you need to select the option �Both�.
5.
. You have one single DNS server and a UNIX based mail server for the entire network and the one default gateway for each scope in the network. You need to configure this information for each scope accordingly. What should you do? Each choice represents a part of the solution. Choose all that apply to complete the solution.
Correct Answer(s)
A. Choose server option to configure the DNS server and the Mail server
B. Choose scope option for each scope to assign IP address for the router in that scope
Explanation
You should configure the server option 006 with the IP address of DNS and configure the scope option for each scope with the IP address of the local router. The DNS server option and should be configured at the server level because all computers will use the same DNS server. The router option should be configured at the scope level because each subnet will use a default gateway address.
6.
You are the administrator for Metro Tech World. The company has a Windows 2003 network. Your network has several servers and one printer configured with static IP addresses. You must configure the scope for your DHCP server. You expect to add 25 new client computers within the next month. How should you configure the DHCP scope? (Choose three options. Each answer is a part of the solution.)
Correct Answer(s)
A. Consider static IP addresses too when designing subnet mask
D. Consider later additions to the network when designing scope
E. Be precise about the exclusion range information
Explanation
All information such as No of scope, later additions, exclusion range and static IP addresses is very vital when planning subnet mask and IP assignment.
7.
You are in the process of planning a DNS environment for the network that you have just upgraded. You are now using the Windows Server 2003 environment. The requirements for the same are as follows: 1. Each child level company needs a unique identity under the main company name. 2. Replication of DNS information must be completely automated and maintenance free. 3. Reverse resolution for the zones must be permitted. You have the following proposed solutions: 1. You have created forward lookup zones for each of the child level companies 2. Each of the zones uses one of the best configuration member servers as their DNS server respectively. Which of the following choices correctly indicate which of the requirements have been met? Choose all that apply.
Correct Answer(s)
B. Only forward lookup will be possible according to the solution.
C. Replication will not be completely automated and maintenance free according to the solution suggested.
Explanation
For DNS replication to be completely automated and maintenance free the zones will have to be stored in the Active Directory, which is possible only if the DNS server is hosted on a Domain Controller. For reverse lookup to be allowed, you must also create a reverse lookup zone. Unique identity for each child level company has been taken care of in the solution.
8.
Which of the following is attached with a stub zone?
Correct Answer(s)
B. NS record
C. SOA record
D. Host (A) record
Explanation
The stub zone does not have a PTR record, it is only a copy of a zone that has NS record, SOA record and a Host (A) record.
9.
You have set up a Primary DNS for your network which is not able to handle the resolution load lately. You require another DNS server that will allow the creation of zones when the existing server is unavailable along with help it load balance when it is overloaded. What should you do? Each choice is a complete solution in itself. Choose the best answer.
Correct Answer
B. Implement another DNS server and configure round robin for load balance
Explanation
Implementing a Secondary DNS will not permit the creation of zones when the Primary DNS is unavailable.
Using any DNS as a forwarder will only add to network congestion
Creating reverse lookup zones is not relevant here.
The best solution in the scenario is to implement another DNS server and configure round robin between the two DNS servers for load-balancing.
10.
When should you allow a DNS server to accept Secure as well as non-secure updates?
Correct Answer
C. When the update information being received from Active Directory integrated zones as well as zones that are otherwise.
Explanation
Whenever a zone is Active Directory integrated the updates must be always configured to be security updates. Otherwise, zones usually use non-secure updates. When a network has a combination of these zones, the updating process must involve Secure as well as non-secure updates.
11.
View the exhibit below: What does the exhibit indicate?
Correct Answer
C. The server you are troubleshooting is responding but is not completely configured yet
Explanation
The DNS server you are troubleshooting is reachable on the network but is not completely configured.
12.
You have implemented a File replication service on your network that requires all the File servers containing identical data to be recognized by identical names by the users on the network. You have 2 DNS servers on your network one Primary and one Secondary and each on a different subnet. To avoid network congestion and fault tolerance it is preferred that the users on each subnet connect to their respective file servers.
Correct Answer
B. Create A record respectively on each of the DNS to point to the file server in that subnet
Explanation
You should create A records that map the file server name to the IP address of the file server on each subnet on the DNS server
13.
You notice that one of the secondary DNS servers on your network is continually failing to receive updates when the rest of the secondary servers are succeeding in doing so. How would you verify the problem?
Correct Answer
B. Verify the servers listed on the Notification list of the Primary servers
Explanation
If the problem is continually only with one secondary server, then the obvious deduction is that got missed out of the notification list of the Primary server.
14.
You have just completed configuring a DNS server and forced replication on the network. You wish to backup the database and secure it. Which of the following will help you complete the task? Each choice represents a complete solution. Choose two solutions that are possible in this situation.
Correct Answer(s)
A. Manually copy the DNS database and store it with proper security in place
B. Use Jetpack utility
Explanation
The DNS database may be manually copied or you may use the Jetpack utility to preserve it. Both the tasks will help in maintaining the DNS database.
15.
View the exhibit shown below: You have created a Primary zone but are unable to configure Secure updates for the same. What could the reason be?
Correct Answer
C. The zone is not Active Directory integrated
Explanation
The DNS zone that is Primary zone as shown in the exhibit is not an Active Directory integrated zone, which is a must for security updates to be configured.
16.
You are the network administrator for Metro Tech World. The company has four branch offices and one main office, which are connected to the main office via T1 lines. A DNS server named DNS1 that hosts one standard primary zone for each of the zones is located in the main office. Problem: Network response times for DNS queries are very slow. Required Solution: 1. Improvement in response time 2. Reduce congestion over the T1 links. 3. Install DNS on the domain controllers What should you do?
Correct Answer
D. Create an Active Directory--integrated zone on each of the branch DNS servers for the local domain only. Ensure these are master zones instead of the DNS1 having the master zones. Ensure DNS1 is the forwarder for the DNS in that respective zone.
Explanation
You should create an Active Directory--integrated zone on each of the branch DNS servers and ensure that zone DNS servers are master for their zones and only a secondary zone for these exists on the DNS1. Ensure DNS1 acts as a forwarder for all the DNS severs on the zone.
17.
You have created certain security templates that comply with the company�s written policies for all 30 servers on your network. These are Windows Server 2003 computers. You also need to apply certain security templates on these servers, based on the specific services running on each of them. How would you achieve this with least administrative efforts?
Correct Answer
A. Create a GPO linking it to the Server OU. Import the template that applies to all servers to this new GPO. Group all servers running specific service under one OU. Create a GPO for each service based server linking it to its respective OU and import that specific template to its respective GPO.
Explanation
Create a GPO linking it to the Server OU. Import the template that applies to all servers to this new GPO. Group all servers running specific service under one OU. Create a GPO for each service based server linking it to its respective OU and import that specific template to its respective GPO.
18.
Your network consists of 25 Domain Controllers and 100 servers all spread across departments and locations. You are required to apply strict encryption rules for communication on all servers in the network. You design an IPSec policy that will be applied to all services that need it. Your concern is that some of the member servers located in the remote locations that are rarely accessed by network-wide clients may be missed out and defeat the security policy that is being implemented. What should you do?
Correct Answer
C. Apply the Secure Server IPSec policy to all servers excluding domain controllers
Explanation
You should apply the Secure Server IPSec policy to all servers that are not domain controllers. Since these computers may have the Client IPSec policy assigned, this step will be required.
19.
You are the administrator for Metro Tech world. For maintenance purpose, the Datacenter is temporarily inaccessible to you. You need to deploy a newly designed security template on the file server on priority, but the only computer available on hand to you right now is a domain users� computer who does not have administrative privileges. What should you do?
Correct Answer
C. Perform the task using the Run As command
Explanation
You should use the Run as command with administrative credentials to complete the tasks.
20.
You are keen to verify all the applications that have been recently pushed to the clients from the SUS server. Which of the following should you check?
Correct Answer
C. Synchronization log in the MSUS console
Explanation
You should view the Synchronization log in the Microsoft Software Update Services console. The Synchronization log contains entries for all packages that have been successfully deployed on the network.
21.
Which of the following requirements to be configured to use NTLM v2 to authenticate to Windows Server 2003 Network?
Correct Answer(s)
A. Windows 95 client computers
B. Windows 98 client computers
E. Windows NT 4.0 Workstation client computers
Explanation
The Windows 95 client computers, Windows 98 client computers, and the Windows NT 4.0 Workstation computers should be configured to authenticate using NTLM v2. NTLM v2 significantly improves both the authentication and session security mechanisms over NTLM.
22.
You are hosting a Web server on the network. As per company policies you are required to encrypt all communication with this web server and also allow users to connect to the Web server and request for Certificates. What should you do?
Correct Answer
A. Configure SSL and Web based enrollment
Explanation
By configuring the Web servers to use SSL encryption all transactions will be encrypted using SSL and by configuring Web-based enrollment for users on the Web servers the users will be allowed to connect to the Certificate Authority (CA) via a Web browser and request for a certificate.
23.
Which of the following will ensure that the configuration changes of an active IPSec policy be affected immediately and with least manual intervention?
Correct Answer
B. Netsh dynamic command
Explanation
The netsh IPsec dynamic command can be used to affect the configuration of the active IPsec policy immediately. These commands directly configure the security policy database (SPD).
24.
As an expansion plan for your company, you have been asked to configure the RAS server to accept dial-in connections from remote users who will be dialling-in from various OS platforms across the globe. You have created a policy that grants remote access permission to Domain User group members and have deployed the same. You test the implementation and see that the remote users are not able to access resources of the network. What should you do?
Correct Answer
C. Grant dial-in permissions
Explanation
The two key issues here is the remote access permission to Domain User group members and Dial-in permissions for users to use relevant resources on the network. Both these must be granted for resource access to be successful
25.
As an upgrade plan for security, your company has implemented smart cards for authenticating all the network clients. All the network clients have been configured accordingly except for Windows 98 clients. According to the company�s written policies, all clients must be on track with smart cards within the next three days. What should you do? Choose two options that present a complete solution to the problem.
Correct Answer(s)
A. Install service pack 1 for all Windows 98 clients and configure MS-CHAP v2
C. Configure EAP properties to implement smart cards for Windows 98 computers
Explanation
For Windows 98 computers to use MS-CHAP v2, you have to install Windows 98 Service Pack 1 and configure the EAP properties to implement smart cards
26.
You are the administrator for Metro Tech World, an IT consulting services company. You have been assigned certain company written policies to implement. According to the policies, the home users will be using laptops that should only be configured for remote use . When these home users visit office, they should not be allowed to use the company network through their laptops and will instead be assigned designated computers on the networks. These users must be accessing the remote servers through very secure channel and their authentication with the servers must be equally secure. What should you do?
Correct Answer
B. Configure home user laptops with Windows XP Home edition and implement IPSec certificates for VPN connections of the home users with the network as well as authentication
Explanation
The simplest solution is to use Windows XP home edition on home user laptops and configure VPN connections with IPSec certificates for tunnel security as well as authentication
27.
As per the expansion plans of your company, you are required to accommodate new remote access clients on the network. You have assigned these users the default remote access policy whereas it is required that the remote access permission must be set to allow access. What should you do?
Correct Answer
D. Change setting from Control access to allow access
Explanation
The default setting in Windows Server 2003 is Control access and what is required id allow access. You should change the setting from Control access to Allow access using the remote access policy
28.
You have configured two Database servers complying to the same front end application these servers need to exchange data once in 8 hours to ensure a synchronization of the database. It is required that a dedicated link is set between the two servers but only when required for the synchronization to take place. No other communication should use this link on the network. What should you do? Choose two statements
Correct Answer(s)
A. Setup a two-way demand dial connection between servers
D. Setup filters to monitor for any other traffic on this link
Explanation
You should set up a two-way demand-dial connection between servers as synchronization will be a two-way communication. Setup filters to monitor for any other traffic on this link so that the link is available only for synchronization information between the two servers
29.
You had sometime back implemented a RAS server for receiving requests from the dial-in connections. Lately, you have been receiving complaints that some connections are getting rejected for no reason and connections are very slow. You implement another RAS server but this does not help the situation to a great extent although the number of complaints has reduced by 25%. What should you do?
Correct Answer
C. Implement a RADIUS server that takes over the responsibility of authentication from the RAS server
Explanation
The RADIUS server can take over the responsibility of authenticating users over from the RAS server and free the RAS server to just receiving or rejecting incoming connections. This can improve the speed and efficiency of remote network connections tremendously
30.
You are required to secure dial-in connections on the remote network. The remote clients can be dialling in from any geographical location including the EPABX of a hotel where they would be put up for that assignment. The dial-in the client should be challenged by the RAS server before allowing the connection to be complete and then ensure that the connection is secure. What should you do?
Correct Answer
A. Configure dial-back option on the RAS server and implement VPN with IPSec certificates
Explanation
Configuring a dial-back option on the RAS server ensures the server challenges the dial-in connection and then a VPN with IPSec certificates will ensure that connection will be secure irrespective of where the remote user is dialing in from
31.
Your network is undergoing expansion. You have delegated the task of adding 400 Windows XP professional computers to 5 of your junior administrators. There are 5 RIS s servers that contain images for this deployment across the network. Your company will be engaging in such deployments time and again in the near future as a part of their expansion plans. Your administrators begin the task and 2 hours down the line you receive a complaint from your administrators that the process is taking much longer than it should. You analyze the Utilization of CPU and the Disk performance of the RIS servers. The result of the same is shown below: CPU Utilization: 85% Disk %Disk Time\ Logical disk: 84% Current Disk Queue length: 12 What is the solution to this problem?
Correct Answer
C. Increase the number of RIS servers on the network
Explanation
Since your company will be engaging in these deployments time and again, it is ideal that you increase the number of RIS servers on the network, as the number computers that are being deployed are quite large in number. Increasing the hard disk space would reduce the congestion to an extent but will not over come the problem completely
32.
You are the administrator for Metro Tech World. Your network consists of Windows 2000 as well as Windows 2003 servers and the clients are running Windows 2000 professional. Your company has received a new Web-based software development project from their client. They have also recruited a set of developers who will be working on this project. For this team of new developers, you are required to 1. Assign an exclusive scope of IP addresses from the DHCP server that will be limited only to this team. 2. You are to ensure the Internet service will be secure and that the access and speed will be moderately effective. Which of the following must you do?
Correct Answer
C. Implement IAS server in integrated mode and configure the new scope as Secure NAT clients
Explanation
Implementing IAS server in integrated mode will allow Internet caching along with Firewall service. Configuring Windows 2000 professional clients as Secure Nat clients will require you to change the default gateway to the IP address of the IAS server in the scope assigned to the new team. The scope must change only for this team and not the entire network
33.
As a security measure, you are required to encrypt all Internet communication that leaves and enters the tour network. To deploy this you implement the Secure Server IPSec policy for the entire domain. Users immediately begin complaining that they cannot access any resources on the Internet. How would you set right the existing problem?
Correct Answer
D. IPSec policy Requests Security for TCP ports 20, 21, 80, and 443 and IPSec Require Security for all other traffic
Explanation
You should create a custom IPSec policy that requests security for TCP ports 20, 21, 80, and 443 and requires IPSec for all other traffic. FTP is the protocol used for file downloads and uses ports 20 and 21. HTTP is the default Internet protocol and uses port 80. HTTP is the secure Internet protocol and uses port 443
34.
Your previous system administrator has created a few baselines for mentoring the network. Lately, lots of users have been complaining that resource access is very slow and generally the network is much more congested than before. You intend to monitor the network to capture fresh real-time data and use the same for comparing with earlier set baseline. Which of the following counters should you choose? (Choose all that apply.)
Correct Answer(s)
D. Server\ Bytes Total/sec, Bytes Received/sec, and Bytes Sent/sec
E. Network Interface\ Bytes Total/sec, Bytes Sent/sec, and Bytes Received/sec
Explanation
You should monitor the following counters:
Network Interface\ Bytes Total/sec, Bytes Sent/sec, and Bytes Received/sec
Server\ Bytes Total/sec, Bytes Received/sec, and Bytes Sent/sec
35.
Which of the following actions would ease bottle neck on congested HDD?
Correct Answer
A. Defragment the hard disk
Explanation
Once it is confirmed that the hard disk is congested, it would help to run a defragment tool. This tool can restore some of the free space from unused blocks
36.
You are testing Software Update Services (SUS) server implementation on your network. Which of the following services must be enabled on the test computer to ensure that the updates will successfully be received from the Windows Update site?
Correct Answer
C. Background Intelligent Transfer Service (BITS)
Explanation
You must enable the Background Intelligent Transfer Service (BITS) along with the Automatic Updates feature on the test computer to ensure that the updates will successfully be received from the Windows Update site