MCSE 70-293 Exam Quiz Test 2

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Saurabhsingh878

Saurabhsingh878

Community Contributor

Quizzes Created: 4 | Total Attempts: 2,283

Questions: 50 | Attempts: 147 | Updated: Aug 16, 2024

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Hello Friend
This practice test helps you prepare for Microsoft certification exam 70-293, which counts toward MCSE certification. This practice test contains 50 questions, provided by Saurabh Singh.

Questions and Answers

1.

Which of the following methods can you use to reduce the amount of RIP traffic passing over the T-1 link to the home office?
- A.
  
  Set the Outgoing Packet Protocol setting to RIP Version 1 Broadcast
- B.
  
  Increase the Periodic Announcement Interval setting
- C.
  
  Set the Incoming Packet Protocol setting to RIP Version 1 Only
- D.
  
  Decrease the time Before Route Is Removed setting
Correct Answer
B. Increase the Periodic Announcement Interval setting

Explanation
Increasing the Periodic Announcement Interval setting will reduce the amount of RIP traffic passing over the T-1 link to the home office. This setting determines how often the router sends updates to its neighboring routers. By increasing the interval, the router will send updates less frequently, resulting in less RIP traffic being transmitted over the link.

Rate this question:
2.

On which of the RRAS configurations should you enable demand-dial routing?
- A.
  
  Neither
- B.
  
  Router01 only
- C.
  
  Router02 Only
- D.
  
  Both
Correct Answer
A. Neither

Explanation
The correct answer is Neither because demand-dial routing is not required for either Router01 or Router02.

Rate this question:
3.

In System Monitor, which performance object would you select to monitor the number of TCP/IP error messages transmitted and received by a computer?
- A.
  
  Network Interface
- B.
  
  TCPv4
- C.
  
  ICMP
- D.
  
  UDPv4
Correct Answer
C. ICMP

Explanation
ICMP stands for Internet Control Message Protocol. It is a network protocol used by network devices to send error messages and operational information about network conditions. In System Monitor, selecting the ICMP performance object would allow monitoring of the number of TCP/IP error messages transmitted and received by a computer. This is because ICMP is responsible for transmitting and receiving error messages related to TCP/IP communication. The other options, such as Network Interface, TCPv4, and UDPv4, are not specifically designed to monitor TCP/IP error messages.

Rate this question:
4.

Which of the following are correct reasons that it is more critical to monitor DNS performance than DHCP or WINS performance?
- A.
  
  DNS servers might be accessible from the Internet, and DHCP and WINS servers are not.
- B.
  
  DNS servers are more likely to malfunction than DHCP or WINS servers.
- C.
  
  DNS server failures can have an immediate effect on network client performance.
- D.
  
  DNS servers have less effective monitoring tools.
Correct Answer(s)
A. DNS servers might be accessible from the Internet, and DHCP and WINS servers are not.
C. DNS server failures can have an immediate effect on network client performance.

Explanation
DNS servers might be accessible from the Internet, and DHCP and WINS servers are not. This is a correct reason because DNS servers are often exposed to the public internet, making them more vulnerable to attacks or unauthorized access. On the other hand, DHCP and WINS servers are typically only accessible within the local network, reducing the potential risks.

DNS server failures can have an immediate effect on network client performance. This is also a correct reason because DNS is responsible for translating domain names into IP addresses, allowing clients to access websites and services. If the DNS server malfunctions or becomes unavailable, clients will not be able to access the desired resources, leading to a significant impact on network performance.

Rate this question:
5.

Which of the following backup job types does not reset the archive bits on the files that it copies to the backup medium?
- A.
  
  Full
- B.
  
  Incremental
- C.
  
  Differential
- D.
  
  None of the above
Correct Answer
C. Differential

Explanation
A differential backup job type does not reset the archive bits on the files that it copies to the backup medium. This means that only the files that have been modified since the last full backup will be included in the differential backup, without affecting the archive bit status of the files. This allows for a more efficient backup process, as it only backs up the changes made since the last full backup.

Rate this question:
6.

Which of the following tape drive devices has the greatest capacity?
- A.
  
  LTO
- B.
  
  QIC
- C.
  
  DAT
- D.
  
  DLT
Correct Answer
A. LTO

Explanation
LTO (Linear Tape-Open) tape drive devices have the greatest capacity compared to QIC (Quarter-Inch Cartridge), DAT (Digital Audio Tape), and DLT (Digital Linear Tape) devices. LTO technology is known for its high storage capacity, fast data transfer rates, and reliability. It is designed to handle large amounts of data, making it a popular choice for backup and archival purposes in enterprise environments. QIC, DAT, and DLT devices have lower capacities compared to LTO, and may not be able to accommodate as much data.

Rate this question:
7.

What is the approximate total amount of volatile data that you might have to back up each day?
- A.
  
  60 GB
- B.
  
  160 GB
- C.
  
  360 GB
- D.
  
  480 GB
Correct Answer
B. 160 GB

Explanation
The approximate total amount of volatile data that one might have to back up each day is 160 GB.

Rate this question:
8.

Using the information in Table 6-1, which type of magnetic tape drive would best be suited for this network, assuming that you want to use only a single tape for your daily incremental backups?
- A.
  
  DLT
- B.
  
  8 mm
- C.
  
  QIC
- D.
  
  DAT
Correct Answer
A. DLT

Explanation
Based on the information given in Table 6-1, the DLT (Digital Linear Tape) would be the best type of magnetic tape drive for this network if you want to use only a single tape for daily incremental backups.

Rate this question:
9.

Which of the following System Monitor performance counters can you use to determine whether the DNS server is the target of a DoS attack?
- A.
  
  Segments Retransmitted/Sec in the TCPv4 performance object
- B.
  
  Zone Transfer Failure in the DNS performance object
- C.
  
  Datagrams Received/Sec in the UDPv4 performance object
- D.
  
  Total Query Received/Sec in the DNS performance object
- E.
  
  Messages/Sec in the ICMP performance object
Correct Answer(s)
C. Datagrams Received/Sec in the UDPv4 performance object
D. Total Query Received/Sec in the DNS performance object
10.

Which of the following Nlb.exe commands do you use to shut down NLB operations on a cluster server without interrupting transactions currently in progress?
- A.
  
  Nlb drain
- B.
  
  Nlb params
- C.
  
  Nlb drainstop
- D.
  
  Nlb queryport
Correct Answer
C. Nlb drainstop

Explanation
The correct answer is "Nlb drainstop". This command is used to shut down NLB operations on a cluster server without interrupting transactions currently in progress. It allows for a graceful shutdown of NLB operations, ensuring that ongoing transactions are not disrupted.

Rate this question:
11.

Which of the following failover policies provides the best compensation for multiple node failures?
- A.
  
  Failover pairs
- B.
  
  Hot-standby servers
- C.
  
  N+I
- D.
  
  Failover ring
Correct Answer
C. N+I

Explanation
N+I failover policy provides the best compensation for multiple node failures. In this policy, there are N active nodes and I spare nodes, where N is the number of active nodes required to handle the workload and I is the number of spare nodes available for failover. If any active node fails, one of the spare nodes takes over its workload, ensuring that the system remains operational even with multiple node failures. This policy offers high availability and redundancy, making it the most effective in compensating for multiple node failures.

Rate this question:
12.

You want to be able to use Network Load Balancing Manager, running on one of the Web servers, to configure all the servers in the NLB cluster. Other than this, very little noncluster communication between the Web servers is required. Which of the following communication models should you use to make this possible with the greatest economy? Explain your answer.
- A.
  
  Single network interface adapter in unicast mode
- B.
  
  Single network interface adapter in multicast mode
- C.
  
  Multiple network interface adapters in unicast mode
- D.
  
  Multiple network interface adapters in multicast mode
Correct Answer
B. Single network interface adapter in multicast mode

Explanation
Using a single network interface adapter in multicast mode would be the most economical option for this scenario. Multicast mode allows multiple servers to receive the same network traffic simultaneously, reducing the need for additional network interface adapters. This mode also enables Network Load Balancing Manager to configure all the servers in the NLB cluster from one of the web servers, simplifying the management process. Since there is little noncluster communication required between the web servers, using a single network interface adapter in multicast mode would provide the necessary functionality while minimizing costs and complexity.

Rate this question:
13.

Which of the following storage hardware configurations should you use for the 4-node database server cluster? Explain your answer.
- A.
  
  Install a SCSI host adapter in each server and connect them all to a single SCSI bus
- B.
  
  Install a SCSI host adapter in each server and connect them all to a SCSI hub
- C.
  
  Install a Fibre Channel adapter in each server and connect them in an arbitrated loop
- D.
  
  Install a Fibre Channel adapter in each server and connect them all to a Fibre Channel switch
Correct Answer
D. Install a Fibre Channel adapter in each server and connect them all to a Fibre Channel switch

Explanation
Installing a Fibre Channel adapter in each server and connecting them all to a Fibre Channel switch is the recommended storage hardware configuration for a 4-node database server cluster. This configuration allows for a high-speed, dedicated connection between each server and the storage devices through the Fibre Channel switch. It provides better performance, scalability, and flexibility compared to using a single SCSI bus or SCSI hub. Additionally, using Fibre Channel adapters and a switch allows for easier management and maintenance of the storage infrastructure.

Rate this question:
14.

You have decided to partition your database server application to spread the load among the servers in the cluster. Which of the following failover policies will ensure that the entire database is constantly available without any server running multiple partitions, even if two servers fail? Explain your answer.
- A.
  
  Failover pairs. Split the database into two partitions and assign each one to an active server. Then, configure each of the active servers to fail over to one of the two remaining servers.
- B.
  
  Hot-standby server. Split the database into three partitions and assign each one to an active server. Then, configure each of the active servers to fail over to the one remaining server.
- C.
  
  N+I. Split the database into two partitions and assign each one to an active server. Then, configure each of the active servers to fail over to either one of the two remaining servers.
- D.
  
  Failover ring. Split the database into four partitions and assign each one to an active server. Then, configure each of the four servers to failover to the next server.
Correct Answer
C. N+I. Split the database into two partitions and assign each one to an active server. Then, configure each of the active servers to fail over to either one of the two remaining servers.

Explanation
The N+I failover policy ensures that the entire database is constantly available without any server running multiple partitions, even if two servers fail. By splitting the database into two partitions and assigning each one to an active server, the workload is distributed. If one server fails, the active server can fail over to the remaining server, ensuring continuous availability. This policy allows for redundancy and load balancing, making it an effective choice for maintaining database availability.

Rate this question:
15.

Which of the following Windows Server 2003 versions cannot function as a domain controller?
- A.
  
  Standard Edition
- B.
  
  Enterprise Edition
- C.
  
  Web Edition
- D.
  
  Datacenter Edition
Correct Answer
C. Web Edition

Explanation
The Web Edition of Windows Server 2003 cannot function as a domain controller because it is specifically designed for hosting websites and web applications. It does not have the necessary features and capabilities to manage and control a domain.

Rate this question:
16.

Which of the following server roles require superior network performance?
- A.
  
  Domain controllers
- B.
  
  Infrastructure servers
- C.
  
  Web servers
- D.
  
  Database servers
Correct Answer(s)
B. Infrastructure servers
C. Web servers

Explanation
Infrastructure servers and web servers require superior network performance because they handle a large amount of network traffic. Infrastructure servers are responsible for managing and maintaining the network infrastructure, such as DNS and DHCP servers, and need a fast and reliable network connection to handle the demands of multiple clients. Web servers host websites and need to deliver content quickly to users, so they also require a high-performance network connection to handle the incoming requests and deliver the web pages efficiently.

Rate this question:
17.

Which of the following Windows Server 2003 features can you use to ensure that users supply passwords of a specified length?
- A.
  
  Audit policies
- B.
  
  Group policies
- C.
  
  Authentication protocols
- D.
  
  Access control lists
Correct Answer
B. Group policies

Explanation
Group policies in Windows Server 2003 can be used to enforce password length requirements for users. By configuring the appropriate group policy settings, administrators can specify a minimum password length that users must adhere to when creating or changing passwords. This helps to enhance the security of the system by ensuring that passwords are not easily guessable or susceptible to brute-force attacks.

Rate this question:
18.

In which of the following folders on a Windows Server 2003 NTFS system drive with default permissions can a member of the Users group create a new file? (Choose all correct answers.)
- A.
  
  The root folder
- B.
  
  Documents And Settings
- C.
  
  The user’s home folder
- D.
  
  Windows
Correct Answer(s)
B. Documents And Settings
C. The user’s home folder
D. Windows

Explanation
Members of the Users group can create new files in the Documents And Settings folder, as well as in their own home folder. They do not have permission to create new files in the root folder or the Windows folder.

Rate this question:
19.

For which of the following account policies should you modify the default setting to prevent brute force attempts at password penetration?
- A.
  
  Minimum Password Age
- B.
  
  Store Passwords Using Reversible Encryption
- C.
  
  Account Lockout Threshold
- D.
  
  Enforce User Logon Restrictions
Correct Answer
C. Account Lockout Threshold

Explanation
To prevent brute force attempts at password penetration, it is necessary to modify the default setting of the Account Lockout Threshold policy. This policy determines the number of failed login attempts allowed before the account is locked. By setting a lower threshold, such as 3 or 5, the account will be locked after a few unsuccessful attempts, making it difficult for attackers to guess the password through repeated login attempts. This helps to enhance the security of the system and protect against unauthorized access.

Rate this question:
20.

Which of the following policy modifications could you make to ensure that user passwords cannot be intercepted by analyzing captured packets?
- A.
  
  Change the Enforce Password History value to 10.
- B.
  
  Enable the Password Must Meet Complexity Requirements policy.
- C.
  
  Change the Account Lockout Threshold value to 3.
- D.
  
  Disable the Store Passwords Using Reversible Encryption policy.
Correct Answer
D. Disable the Store Passwords Using Reversible Encryption policy.

Explanation
Disabling the "Store Passwords Using Reversible Encryption" policy ensures that passwords are not stored in a format that can be easily reversed or decrypted. This means that even if an attacker captures the packets containing the passwords, they will not be able to analyze or use the intercepted passwords. This policy modification enhances the security of user passwords and prevents interception.

Rate this question:
21.

Which of the following policy modifications would make it harder for intruders to penetrate user passwords by trial and error? (Choose all correct answers.)
- A.
  
  Change the Reset Account Logon Counter After value to 60 minutes.
- B.
  
  Enable the Password Must Meet Complexity Requirements policy.
- C.
  
  Change the Account Lockout Threshold value to 10.
- D.
  
  Enable the Minimum Password Age policy and set its value to 3.
Correct Answer(s)
A. Change the Reset Account Logon Counter After value to 60 minutes.
B. Enable the Password Must Meet Complexity Requirements policy.

Explanation
Changing the "Reset Account Logon Counter After" value to 60 minutes would make it harder for intruders to penetrate user passwords by trial and error because it would increase the time required between consecutive login attempts, reducing the number of attempts an intruder can make within a given time frame. Enabling the "Password Must Meet Complexity Requirements" policy would also make it harder for intruders to penetrate user passwords by trial and error because it would require users to create passwords that meet certain complexity criteria, making them more difficult to guess or crack.

Rate this question:
22.

You have discovered that some users are bypassing your security requirements by changing their passwords as required, and then immediately changing them back again. Which of the following policy changes would prevent this practice? (Choose all correct answers.)
- A.
  
  Change the Account Lockout Duration value to 600.
- B.
  
  Enable the Minimum Password Age policy and set its value to 28.
- C.
  
  Change the Enforce Password History value to 10.
- D.
  
  Change the Reset Account Logon Counter After value to 60.
Correct Answer(s)
B. Enable the Minimum Password Age policy and set its value to 28.
C. Change the Enforce Password History value to 10.

Explanation
Enabling the Minimum Password Age policy and setting its value to 28 would prevent users from immediately changing their passwords back again. This policy would require users to wait for a minimum period of 28 days before they can change their passwords again. Changing the Enforce Password History value to 10 would also prevent this practice by keeping track of the previous 10 passwords used by each user and not allowing them to reuse any of those passwords.

Rate this question:
23.

Which of the following audit policies enables you to tell what applications were running when a security event occurred?
- A.
  
  Audit Object Access
- B.
  
  Audit Privilege Use
- C.
  
  Audit Process Tracking
- D.
  
  Audit System Events
Correct Answer
C. Audit Process Tracking

Explanation
Audit Process Tracking is the correct answer because this audit policy enables the tracking of processes and programs that are running on a system. It records information about the start and end of processes, including the name of the process, the user account that initiated the process, and the time the process was started and ended. By enabling this policy, administrators can determine what applications were running at the time of a security event, providing valuable information for investigating and responding to security incidents.

Rate this question:
24.

After installing several member servers running Windows Server 2003 on your Active Directory network, you want to deploy a baseline security configuration that you have designed for the member servers only, using group policies. Which of the following tasks must you perform to accomplish this objective? (Choose all correct answers.)
- A.
  
  Create a new organizational unit
- B.
  
  Move the computer objects representing the member servers
- C.
  
  Create a new GPO
- D.
  
  Modify the domain GPO
- E.
  
  Apply a GPO to an organizational unit
Correct Answer(s)
A. Create a new organizational unit
B. Move the computer objects representing the member servers
C. Create a new GPO
E. Apply a GPO to an organizational unit

Explanation
To accomplish the objective of deploying a baseline security configuration for the member servers using group policies, the following tasks must be performed:

1. Create a new organizational unit: This is necessary to organize and manage the member servers separately from other objects in the Active Directory.

2. Move the computer objects representing the member servers: By moving the computer objects to the newly created organizational unit, you can ensure that the group policies are applied specifically to these servers.

3. Create a new GPO: A new Group Policy Object (GPO) needs to be created to define the baseline security configuration settings for the member servers.

4. Apply a GPO to an organizational unit: The newly created GPO should be linked and applied to the organizational unit containing the member servers, so that the defined security configuration gets applied to those servers only.

Modifying the domain GPO is not required in this scenario as the objective is to apply the baseline security configuration to the member servers only.

Rate this question:
25.

With which of the following Active Directory object types can you associate a GPO? (Choose all correct answers.)
- A.
  
  Domain
- B.
  
  Computer
- C.
  
  Site
- D.
  
  Organizational unit
- E.
  
  Container
Correct Answer(s)
A. Domain
C. Site
D. Organizational unit

Explanation
You can associate a Group Policy Object (GPO) with a Domain, Site, or Organizational Unit (OU) in Active Directory. A GPO allows you to define and enforce specific settings and configurations for users and computers within these objects. By associating a GPO with a domain, site, or OU, you can ensure that the defined policies are applied to the appropriate users and computers within the specified scope. A GPO cannot be associated with a computer or container object in Active Directory.

Rate this question:
26.

Which of the following tasks can users not perform when you enable the Security Options policy, Microsoft Network Server: Digitally Sign Communications (Always) on a computer running Windows Server 2003?
- A.
  
  Submit jobs to a print queue on the server
- B.
  
  View the print queues on the server
- C.
  
  Install printer drivers stored on the server
- D.
  
  Create printer shares on the server
Correct Answer
B. View the print queues on the server

Explanation
When the Security Options policy, Microsoft Network Server: Digitally Sign Communications (Always), is enabled on a computer running Windows Server 2003, users will not be able to view the print queues on the server. This policy enhances security by requiring all communications to be digitally signed, but it restricts the ability to view print queues on the server. Users can still submit jobs to a print queue, install printer drivers stored on the server, and create printer shares on the server.

Rate this question:
27.

Enabling which of the following audit policies is likely to require changing the Maximum Security Log Size value as well?
- A.
  
  Audit Process Tracking
- B.
  
  Audit Policy Change
- C.
  
  Audit Account Logon Events
- D.
  
  Audit Directory Service Access
Correct Answer
A. Audit Process Tracking

Explanation
Enabling the Audit Process Tracking policy is likely to require changing the Maximum Security Log Size value because this policy tracks and audits the creation and termination of processes on a system. This can generate a large amount of log data, especially in environments with high process activity. Therefore, increasing the Maximum Security Log Size value would be necessary to ensure that enough log space is available to store the audit information generated by this policy.

Rate this question:
28.

Although Windows Server 2003 creates a GPO for the Domain Controllers container with default role-specific policy settings in it, you have other policy settings that you want to apply to your domain controllers. Which of the following methods can you use to apply these settings? (Choose all correct answers.)
- A.
  
  Modify the policy settings in the Domain Controllers container’s existing GPO.
- B.
  
  Create a new organizational unit object and create a GPO for it containing the desired policy settings. Then, move the Domain Controllers container to make it a child of the new object.
- C.
  
  Create a second GPO for the Domain Controllers container.
- D.
  
  Create a new child organizational unit object beneath the Domain Controllers container object, and then create a GPO for the new object containing the desired policy settings.
Correct Answer(s)
A. Modify the policy settings in the Domain Controllers container’s existing GPO.
C. Create a second GPO for the Domain Controllers container.

Explanation
You can apply the desired policy settings to the Domain Controllers container by either modifying the existing GPO in the container or creating a second GPO specifically for the container. Modifying the existing GPO allows you to directly add or change the policy settings in the container. Creating a second GPO gives you the flexibility to have separate policy settings for the Domain Controllers container without affecting the existing GPO.

Rate this question:
29.

When creating a GPO for an organizational unit called Servers, you define a particular audit policy and configure it to audit successes only. When creating a GPO for an organizational unit called Infrastructure, which is a child of the Servers organizational unit, you configure the same policy to audit failures only. What is the effective value of that policy for a computer object in the Infrastructure container?
- A.
  
  Undefined
- B.
  
  Success only
- C.
  
  Failure only
- D.
  
  Success and Failure
Correct Answer
C. Failure only

Explanation
The effective value of the audit policy for a computer object in the Infrastructure container is "Failure only". This is because the policy is configured to audit failures only in the Infrastructure organizational unit, which is a child of the Servers organizational unit. The configuration in the child organizational unit overrides the configuration in the parent organizational unit, resulting in the policy being set to audit failures only for the computer object in the Infrastructure container.

Rate this question:
30.

For the domain controllers, you want to capture as much auditing information as possible, and you have decided to configure all the audit policies in the Domain Controllers container’s GPO to audit both successes and failures. Which of the following policies should you also configure to accomplish this goal? (Choose all correct answers.)
- A.
  
  Increase the default value of the Event Log policy, Maximum System Log Size
- B.
  
  Enable the Security Options policy, Audit: Audit the Use Of Backup and Restore Privilege.
- C.
  
  Increase the default value of the Event Log policy, Maximum Security Log Size.
- D.
  
  Disable the Security Options policy, Microsoft Network Client: Digitally Sign Communications (Always)
Correct Answer(s)
B. Enable the Security Options policy, Audit: Audit the Use Of Backup and Restore Privilege.
C. Increase the default value of the Event Log policy, Maximum Security Log Size.

Explanation
To capture as much auditing information as possible, you should enable the Security Options policy, "Audit: Audit the Use Of Backup and Restore Privilege." This policy will audit any usage of the backup and restore privilege on the domain controllers. Additionally, you should increase the default value of the Event Log policy, "Maximum Security Log Size." This will ensure that the security log can capture a larger amount of auditing information.

Rate this question:
31.

Which of the following system service policies should you set in the Domain Controllers container’s GPO with a startup type of Automatic? (Choose all correct answers.)
- A.
  
  File Replication Service
- B.
  
  Routing and Remote Access
- C.
  
  Intersite Messaging
- D.
  
  Kerberos Key Distribution Center
- E.
  
  Remote Procedure Call (RPC) Locator
Correct Answer(s)
A. File Replication Service
C. Intersite Messaging
D. Kerberos Key Distribution Center
E. Remote Procedure Call (RPC) Locator
32.

Each file and print server has one printer and two hard drives for user data storage in addition to the system drive. You want users to be able to access the data drives on all the servers using a single directory structure and you want all users on the network to be able to send jobs to the printer on every server. Which of the following policy settings should you include in the FilePrint container’s GPO? (Choose all correct answers.)
- A.
  
  Add the shares on the file and print server drives to the Network Access: Shares That Can Be Accessed Anonymously security option.
- B.
  
  Enable the Print Spooler service.
- C.
  
  Disable the Microsoft Network Server: Digitally Sign Communications (Always) security option.
- D.
  
  Enable the Distributed File System service.
Correct Answer(s)
B. Enable the Print Spooler service.
D. Enable the Distributed File System service.
33.

Which of the following policy changes can you configure in the GPO for the Web- Svrs container to add protection from Internet intruders?
- A.
  
  Enable the Network Access: Do Not Allow Anonymous Enumeration Of SAM accounts and Shares security option
- B.
  
  Enable the Accounts: Rename Administrator Account security option
- C.
  
  Revoke the Administrators group’s Debug Programs user right
- D.
  
  Disable the Interactive Logon: Do Not Require CTRL+ALT+DEL security option
Correct Answer(s)
A. Enable the Network Access: Do Not Allow Anonymous Enumeration Of SAM accounts and Shares security option
B. Enable the Accounts: Rename Administrator Account security option

Explanation
By enabling the "Network Access: Do Not Allow Anonymous Enumeration Of SAM accounts and Shares" security option, the GPO adds protection from Internet intruders by preventing them from anonymously enumerating SAM accounts and shares. This helps to secure sensitive information and restrict unauthorized access. Additionally, by enabling the "Accounts: Rename Administrator Account" security option, the GPO adds another layer of protection by changing the default administrator account name, making it more difficult for intruders to guess the username and gain unauthorized access.

Rate this question:
34.

A user calls your company’s network help desk to report that she has just sent a large print job to her departmental print server by mistake and wants to delete it from the print queue. However, when she tries to access the queue, she receives the error message “Unable to connect. Access denied.” You log on from your workstation with the user’s account and are able to access the print queue in the normal manner. Which of the following could be the problem?
- A.
  
  The Microsoft Network Server: Digitally Sign Communications (Always) security option is enabled on the print server.
- B.
  
  The Microsoft Network Server: Digitally Sign Communications (Always) security option is enabled on the user’s workstation.
- C.
  
  The Microsoft Network Client: Digitally Sign Communications (Always) security option is enabled on the print server.
- D.
  
  The Microsoft Network Client: Digitally Sign Communications (Always) security option is enabled on the user’s workstation.
Correct Answer
D. The Microsoft Network Client: Digitally Sign Communications (Always) security option is enabled on the user’s workstation.

Explanation
The user is unable to access the print queue due to the "Unable to connect. Access denied." error message. However, when the person logging in from their workstation with the user's account, they are able to access the print queue normally. This suggests that the issue is specific to the user's workstation. The correct answer states that the "Microsoft Network Client: Digitally Sign Communications (Always)" security option is enabled on the user's workstation. This security option could be causing the access denied error when trying to connect to the print server.

Rate this question:
35.

In an effort to cooperate with your company’s new emphasis on security, you have used GPOs to enable all the available audit policies on the computers that are running Windows Server 2003. A few days after making these changes, you unlock the data center to find that your domain controller has shut down during the night. Which of the following modifications might prevent this from happening again? (Choose all correct answers.)
- A.
  
  Revoke the Administrators group’s Debug Programs user right.
- B.
  
  Increase the default value specified in the Maximum Security Log Size policy.
- C.
  
  Disable the Shutdown: Allow System to Be Shut Down Without Having To Log On security option.
- D.
  
  Disable the Audit: Shut Down System Immediately If Unable To Log Security audits security option.
Correct Answer(s)
B. Increase the default value specified in the Maximum Security Log Size policy.
D. Disable the Audit: Shut Down System Immediately If Unable To Log Security audits security option.

Explanation
Increasing the default value specified in the Maximum Security Log Size policy would prevent the domain controller from shutting down because it would allow for more events to be logged before the log becomes full. Disabling the Audit: Shut Down System Immediately If Unable To Log Security audits security option would also prevent the shutdown because it would not force the system to shut down if it is unable to log security audits.

Rate this question:
36.

You are the new administrator for an Active Directory network, and while it is clear that someone has changed the security configuration of the network’s domain controllers, your predecessor left no records of the exact changes he made. Which of the following security templates should you apply to the domain controllers to restore their default security settings, and then implement the highest possible level of security?
- A.
  
  Compatws.inf and then Securedc.inf
- B.
  
  Securedc.inf and then Hisecdc.inf
- C.
  
  Hisecdc.inf and then Setup Security.inf
- D.
  
  DC Security.inf and then Hisecdc.inf
- E.
  
  Setup Security.inf and then Securedc.inf
Correct Answer
D. DC Security.inf and then Hisecdc.inf

Explanation
To restore the default security settings of the domain controllers and implement the highest possible level of security, the administrator should apply the "DC Security.inf" template first, followed by the "Hisecdc.inf" template. The "DC Security.inf" template will restore the default security settings, and then the "Hisecdc.inf" template will further enhance the security by implementing the highest possible level of security configurations.

Rate this question:
37.

When you use the Security Configuration And Analysis snap-in to export a template, where do the settings in the new template come from?
- A.
  
  From the computer’s current security settings
- B.
  
  From the snap-in’s currently loaded database
- C.
  
  From the security template you imported into the database
- D.
  
  From a Group Policy Object you specify
Correct Answer
B. From the snap-in’s currently loaded database

Explanation
The settings in the new template come from the snap-in's currently loaded database. This means that the template will include the security settings that are currently configured in the snap-in's database.

Rate this question:
38.

After receiving the security templates from the consultant, you examine one of them by creating a new database in the Security Configuration And Analysis snapin on one of your Web servers, importing the new security template into the database, and performing an analysis. While examining the results of the analysis, you notice that there are quite a few discrepancies between the security settings you have configured on the computer and the settings in the template. You decide that you want to use a combination of the settings in the template and the settings you have already configured on the computer. Which of the following procedures should you use to create a composite security configuration and implement it on all your Web servers?
- A.
  
  In the new database you created, modify the values of the policies corresponding to the template settings you want to use. Then export the database to a new template and apply it to the Web servers’ organizational unit object.
- B.
  
  In the new database you created, modify the values of the policies corresponding to the current computer settings you want to use. Then export the database to a new template and apply it to the Web servers’ organizational unit object.
- C.
  
  Export the database to a new template without making any changes and apply it to the Web servers’ organizational unit object.
- D.
  
  Use the Secedit.exe program to apply only the individual policy settings from the template you want to use on the Web servers.
Correct Answer
B. In the new database you created, modify the values of the policies corresponding to the current computer settings you want to use. Then export the database to a new template and apply it to the Web servers’ organizational unit object.

Explanation
To create a composite security configuration and implement it on all web servers, you should modify the values of the policies corresponding to the current computer settings you want to use in the new database you created. After modifying the values, export the database to a new template and apply it to the Web servers' organizational unit object. This will combine the settings from the template with the settings already configured on the computer, allowing you to create a composite security configuration for all the web servers.

Rate this question:
39.

Which of the following tools can you use to compare the templates supplied by the consultant with the security configurations you have already created on your servers? (Choose all answers that are correct.)
- A.
  
  The Security Templates snap-in
- B.
  
  Secedit.exe
- C.
  
  The Security Configuration and Analysis snap-in
- D.
  
  The Group Policy Object Editor console
Correct Answer(s)
B. Secedit.exe
C. The Security Configuration and Analysis snap-in

Explanation
Secedit.exe and The Security Configuration and Analysis snap-in are both tools that can be used to compare the templates supplied by the consultant with the security configurations already created on the servers. These tools allow for analysis and configuration of security settings, making them suitable for this task. The Security Templates snap-in and The Group Policy Object Editor console are not specifically designed for this purpose and may not provide the same level of functionality and accuracy in comparing security configurations.

Rate this question:
40.

To deploy the security templates, you begin by creating an organizational unit object for each server role in your Active Directory tree. Which of the following procedures can you use to apply the security templates to the organizational units?
- A.
  
  Use the Security Templates snap-in to create Group Policy Objects for each organizational unit using the supplied templates.
- B.
  
  Apply the templates to the correct organizational units using the Security Configuration and Analysis snap-in.
- C.
  
  Use Secedit.exe to apply the security templates to the appropriate Group Policy Objects.
- D.
  
  Create a Group Policy Object for each organizational unit and apply the appropriate template to it using the Group Policy Object Editor console.
Correct Answer
D. Create a Group Policy Object for each organizational unit and apply the appropriate template to it using the Group Policy Object Editor console.

Explanation
The correct answer is to create a Group Policy Object for each organizational unit and apply the appropriate template to it using the Group Policy Object Editor console. This is the correct procedure to apply security templates to the organizational units. The Security Templates snap-in is used to create the templates, but they are applied using Group Policy Objects. The Security Configuration and Analysis snap-in is used to analyze the security settings, not to apply the templates. Secedit.exe is a command-line tool that can be used to apply security settings, but it is not the recommended method for applying templates in this scenario.

Rate this question:
41.

Based on this information, which of the following statements is true?
- A.
  
  None of the three administrators has correctly configured the new domain controllers with the appropriate security settings.
- B.
  
  One of the three domain controllers is correctly configured with the appropriate security settings; the other two are not.
- C.
  
  Two of the three domain controllers are correctly configured with the appropriate security settings; the other one is not.
- D.
  
  All three of the new domain controllers are correctly configured with the appropriate security settings.
Correct Answer
C. Two of the three domain controllers are correctly configured with the appropriate security settings; the other one is not.

Explanation
The information given states that "None of the three administrators has correctly configured the new domain controllers with the appropriate security settings." This means that all three domain controllers are not correctly configured. Therefore, the correct answer is "Two of the three domain controllers are correctly configured with the appropriate security settings; the other one is not."

Rate this question:
42.

Which of the following pieces of information is not included as part of a digital certificate?
- A.
  
  Validity period
- B.
  
  Private key
- C.
  
  Signature algorithm identifier
- D.
  
  Public key
Correct Answer
B. Private key

Explanation
A digital certificate is a digital document that verifies the authenticity and identity of the sender. It includes various pieces of information such as the validity period, signature algorithm identifier, and public key. However, the private key is not included in a digital certificate. The private key is kept confidential by the certificate holder and is used for decrypting data that has been encrypted with the corresponding public key. Including the private key in the certificate would compromise the security of the encryption system.

Rate this question:
43.

Which of the following types of certificates can be issued only by an enterprise certification authority?
- A.
  
  IPSec
- B.
  
  Smart card logon
- C.
  
  Software code signing
- D.
  
  Wireless network authentication
Correct Answer
B. Smart card logon

Explanation
Smart card logon certificates can only be issued by an enterprise certification authority. This type of certificate is used for authentication purposes and allows users to securely log in to a computer or network using a smart card. It provides an additional layer of security by requiring the physical presence of the smart card, making it difficult for unauthorized individuals to access sensitive information.

Rate this question:
44.

Which of the following modifications to a certificate configuration does not increase the burden on the CA’s processor?
- A.
  
  Increasing the key length
- B.
  
  Increasing the certificate’s lifetime
- C.
  
  Issuing new keys with each certificate renewal
- D.
  
  Changing the certificate type
Correct Answer
D. Changing the certificate type

Explanation
Changing the certificate type does not increase the burden on the CA's processor because it does not involve any additional computational operations or complex calculations. Changing the certificate type simply involves modifying the format or structure of the certificate, which can be done without significant impact on the CA's processor. In contrast, increasing the key length, increasing the certificate's lifetime, and issuing new keys with each certificate renewal all require additional processing power and resources from the CA.

Rate this question:
45.

Where does a root CA obtain its own certificate?
- A.
  
  From a third-party certification authority
- B.
  
  From a subordinate CA
- C.
  
  From another root CA
- D.
  
  From itself
Correct Answer
D. From itself

Explanation
A root CA obtains its own certificate from itself because it is the highest level of authority in a certificate hierarchy. Root CAs are responsible for issuing and signing certificates for subordinate CAs and other entities in the certificate chain. Since they are the topmost authority, they generate their own certificate to establish trust and authenticity within the certificate infrastructure. This self-signed certificate serves as the foundation for issuing and validating certificates throughout the system.

Rate this question:
46.

Which of the following tools does an administrator use to manually issue certificates to clients of a stand-alone CA?
- A.
  
  The Certificates snap-in
- B.
  
  The Certification Authority console
- C.
  
  The Web Enrollment Support interface
- D.
  
  The Certificate Templates snap-in
Correct Answer
B. The Certification Authority console

Explanation
The Certification Authority console is used by an administrator to manually issue certificates to clients of a stand-alone CA. This console provides a user interface for managing the CA and performing tasks such as issuing, revoking, and renewing certificates. It allows the administrator to manually generate and issue certificates to clients, ensuring that the appropriate security measures are in place. The other options mentioned, such as the Certificates snap-in, the Web Enrollment Support interface, and the Certificate Templates snap-in, are not used for manually issuing certificates in this scenario.

Rate this question:
47.

Which of the following must a user have to receive certificates from an enterprise CA using auto-enrollment? (Choose all correct answers.)
- A.
  
  Permission to use certificate templates
- B.
  
  Membership in an organizational unit to which administrators have applied a Group Policy Object
- C.
  
  Access to Active Directory
- D.
  
  Access to the Certificates snap-in
Correct Answer(s)
A. Permission to use certificate templates
C. Access to Active Directory

Explanation
To receive certificates from an enterprise CA using auto-enrollment, a user must have permission to use certificate templates. This is necessary in order to request and receive the appropriate certificate. Additionally, the user must have access to Active Directory, as this is where the certificate information is stored and managed. Access to the Certificates snap-in is not necessary for auto-enrollment, as the process is automated and does not require manual intervention. Membership in an organizational unit to which administrators have applied a Group Policy Object may be beneficial, but it is not a requirement for auto-enrollment.

Rate this question:
48.

After the initial deployment of the PKI, which of the CAs can safely be taken offline? (Choose all correct answers.)
- A.
  
  The root CA
- B.
  
  The intermediate CAs
- C.
  
  One of the issuing CAs at each office with an intermediate CA
- D.
  
  All the issuing CAs
Correct Answer(s)
A. The root CA
B. The intermediate CAs

Explanation
The root CA and the intermediate CAs can safely be taken offline after the initial deployment of the PKI. This is because the root CA is responsible for issuing and signing the certificates for the intermediate CAs, and the intermediate CAs are responsible for issuing and signing the certificates for the issuing CAs. Once the certificates are issued and signed, they can be used by the issuing CAs to issue certificates to end entities. Therefore, the root CA and intermediate CAs can be taken offline without affecting the ability of the issuing CAs to issue certificates.

Rate this question:
49.

Does the PKI design described here satisfy all the specified goals?
- A.
  
  . Yes, the design satisfies all the specified goals.
- B.
  
  No, the design satisfies the goals for the network’s internal users, but not for the external users.
- C.
  
  No, the design satisfies all the stated goals except for the goal of smart card logons.
- D.
  
  No, the design does not satisfy any of the stated goals.
Correct Answer
B. No, the design satisfies the goals for the network’s internal users, but not for the external users.

Explanation
The given correct answer states that the PKI design described satisfies the goals for the network's internal users but not for the external users. This means that while the design may be effective for securing internal communications and access, it may not provide the same level of security and functionality for external users. This could be due to limitations in the design or implementation of the PKI system that prevent it from adequately addressing the needs and requirements of external users.

Rate this question:
50.

Which of the following procedures can you use to ensure that only the employees in the R&D department receive certificates for smart card logons, EFS, and IPSec?
- A.
  
  Grant the R&D users the permissions they need to access the Certificates console, which they can use to request the appropriate certificates.
- B.
  
  Using Group Policy objects turn off auto-enrollment for the domain and enable auto-enrollment for an organizational unit containing the R&D users.
- C.
  
  Grant the R&D users permission to use the Smartcard Logon, Basic EFS, and IPSec certificate templates.
- D.
  
  Install the Certificate Services Web Enrollment Support module and restrict access to the certificate enrollment Web pages to the R&D users.
Correct Answer
C. Grant the R&D users permission to use the Smartcard Logon, Basic EFS, and IPSec certificate templates.

Explanation
Granting the R&D users permission to use the Smartcard Logon, Basic EFS, and IPSec certificate templates ensures that only the employees in the R&D department receive certificates for smart card logons, EFS, and IPSec. This option specifically grants the necessary permissions for the desired certificates, ensuring that only the R&D users have access to them.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Aug 16, 2024

Quiz Edited by
ProProfs Editorial Team
Apr 30, 2010

Quiz Created by
Saurabhsingh878

MCSE 70-293 Exam Quiz Test 2

Which of the following methods can you use to reduce the amount of RIP traffic passing over the T-1 link to the home office?

On which of the RRAS configurations should you enable demand-dial routing?

In System Monitor, which performance object would you select to monitor the number of TCP/IP error messages transmitted and received by a computer?

Which of the following are correct reasons that it is more critical to monitor DNS performance than DHCP or WINS performance?

Which of the following backup job types does not reset the archive bits on the files that it copies to the backup medium?

Which of the following tape drive devices has the greatest capacity?

What is the approximate total amount of volatile data that you might have to back up each day?

Using the information in Table 6-1, which type of magnetic tape drive would best be suited for this network, assuming that you want to use only a single tape for your daily incremental backups?

Which of the following System Monitor performance counters can you use to determine whether the DNS server is the target of a DoS attack?

Which of the following Nlb.exe commands do you use to shut down NLB operations on a cluster server without interrupting transactions currently in progress?

Which of the following failover policies provides the best compensation for multiple node failures?

Which of the following storage hardware configurations should you use for the 4-node database server cluster? Explain your answer.

Which of the following Windows Server 2003 versions cannot function as a domain controller?

Which of the following server roles require superior network performance?

Which of the following Windows Server 2003 features can you use to ensure that users supply passwords of a specified length?

In which of the following folders on a Windows Server 2003 NTFS system drive with default permissions can a member of the Users group create a new file? (Choose all correct answers.)

For which of the following account policies should you modify the default setting to prevent brute force attempts at password penetration?

Which of the following policy modifications could you make to ensure that user passwords cannot be intercepted by analyzing captured packets?

Which of the following policy modifications would make it harder for intruders to penetrate user passwords by trial and error? (Choose all correct answers.)

You have discovered that some users are bypassing your security requirements by changing their passwords as required, and then immediately changing them back again. Which of the following policy changes would prevent this practice? (Choose all correct answers.)

Which of the following audit policies enables you to tell what applications were running when a security event occurred?

With which of the following Active Directory object types can you associate a GPO? (Choose all correct answers.)

Which of the following tasks can users not perform when you enable the Security Options policy, Microsoft Network Server: Digitally Sign Communications (Always) on a computer running Windows Server 2003?

Enabling which of the following audit policies is likely to require changing the Maximum Security Log Size value as well?

Which of the following system service policies should you set in the Domain Controllers container’s GPO with a startup type of Automatic? (Choose all correct answers.)

Which of the following policy changes can you configure in the GPO for the Web- Svrs container to add protection from Internet intruders?

When you use the Security Configuration And Analysis snap-in to export a template, where do the settings in the new template come from?

Which of the following tools can you use to compare the templates supplied by the consultant with the security configurations you have already created on your servers? (Choose all answers that are correct.)

To deploy the security templates, you begin by creating an organizational unit object for each server role in your Active Directory tree. Which of the following procedures can you use to apply the security templates to the organizational units?

Based on this information, which of the following statements is true?

Which of the following pieces of information is not included as part of a digital certificate?

Which of the following types of certificates can be issued only by an enterprise certification authority?

Which of the following modifications to a certificate configuration does not increase the burden on the CA’s processor?

Where does a root CA obtain its own certificate?

Which of the following tools does an administrator use to manually issue certificates to clients of a stand-alone CA?

Which of the following must a user have to receive certificates from an enterprise CA using auto-enrollment? (Choose all correct answers.)

After the initial deployment of the PKI, which of the CAs can safely be taken offline? (Choose all correct answers.)

Does the PKI design described here satisfy all the specified goals?

Which of the following procedures can you use to ensure that only the employees in the R&D department receive certificates for smart card logons, EFS, and IPSec?