70 291 S

Looking for Real Exam Questions for IT Certification Exams!
We guarantee you can pass any IT certification exam at your first attempt with just 10-12 hours study of our guides. Our study guides contain actual exam questions, you will get word to word same on your actual test; accurate answers with detailed explanation verified by experts and all graphics and drag-n-drop exhibits shown just as on the real test. To test the quality of our guides, you can download the one-third portion of any guide from http://www.certificationking.com absolutely free. Besides, we also offer complete version of following exams absolutely free. You can start your certification from these free guides and if you are satisfied you can buy the rest
Microsoft: 70-270, 70-305 Cisco: 642-901 Oracle: 1Z0-007, 200 CompTIA: 220-601 SUN: 310-011, 310-043 Citrix: 1Y0-A01, 1Y0-256 CIW: 1D0-420 Novell: 50-686 Adobe: 9A0-029 Apple: 9L0-005, 9L0-505 Avaya: 132-S-100 Cognos: COG-105 CWNP: PW0-100 EMC: E20-001 Hyperion: 4H0-002 HP: HP0-771, HP0-J24 IBM: 000-253, 000-700 Juniper: JN0-100, JN0-201 Lotus: LOT-737 Nortel: 920-803 SAS: A00-201 SNIA: S10-100 Sybase: 510-015 Symantec: 250-101 TeraData: NR0-011
For pricing and placing order, please visit http://certificationking.com/order.html We accept all major credit cards through www.paypal.com For other payment options and any further query, feel free to mail us at info@certificationking.com
Exam Name: Exam Type: Exam Code:
MCDBA Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Microsoft Total Questions: 445 70-291
Question: 1 ]You receive a report that Computerl is responding slowly to user requests. You 12-19 want a quick way to see which network traffic the server use Network Monitor. You want to see whether any general broadcast traffic is being sent to Computerl. Which counter should you enable? A. Nonunicasts/Interval B. Unicasts/Interval C. Bytes Sent/Interval D. Bytes Received/Interval Answer: A Question: 2 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to monitor the successful incremental zone transfers from south.Microsoft.com to Microsoft.com. Which one of the following should be added to the "Add Counters" form?
A. AXFR Success Received B. IXFR Success Received C. Dynamic Update D. Secure Update E. WINS Reverse Lookup Answer: B Question: 3 In the 10.9.9.0/24 network, a server named Serverl frequently needs to resolve names in the Microsoft.com namespace and on the Internet. You need to configure the TCP/IP properties of Serverl to use the most efficient server as its preferred DNS server. The number of hops required to resolve any name must be kept to a minimum. You also need to minimize the amount of network traffic that is caused by name resolution. On Serverl, which DNS server should you configure as the preferred DNS server?
Page 1 of 296
MCDBA Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Microsoft 70-291 Total Questions: 445
You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Configure the DNS1 Server B. Configure the DNS2 Server C. Configure the DNS3 Server D. Configure the server which IP is 131.107.5.1 Answer: C Question: 4 You work as a security administrator for Microsoft. The basic network and some configurations are as the following:Currently, you need to ensure that Serverl8 can resolve FQDNs for all client computers on the network. Which option should you modify on Serverl?
Page 2 of 296
A. On Serverl, configure the interfaces properties to listen on the IP of 192.168.2.10 only. B. Determine the appropriate trust type for an operating system. C. Describe the overall process you would use to troubleshoot IPSec problems. D. Modify the Dynamically update DNS A and PTR records for DHCP clients that do not request dynamic updates (for example, clients running Windows NT 4.0) check box Answer: D Question: 5 You are a network administrator for Company co., Ltd. The network consists of three Active Directory domains named Company.com, asin.Company.com.An active Directory application partition named specific.Company.com has replicas on all domain controllers in the asin.Company.com and specific.Company.com domains. Another Active Directory application partition named specific.Company.com has been created on one of the DNS servers in the asin.Company.com domain.All the DNS servers run Windows Server 2003 and are configured as domain controllers. The DNS zones named points.com, specific.Company.com, asin.Company.com, and specific.Company.com are active Directory-integrated zones. Company DNS management standards specify that all DNS zones must be replicated by using Active Directory.The intranet administrator of the Asia-Pacific regional division of the company wants a separate NDS zone to be created. This zone will be used to register host names for a regional intranet implementation. This zone must be replicated to all domain controllers in only the asin.Company.com and specific.Company.com domains. The new zone will be named specific.Company.com.You must create the specific.Company.com zone. You need to choose the appropriate configuration settings to meet the requirements. How should you configure the specific.Company.com? A. To all DNS Servers in the Active Directory forest Company.com B. To all domain controllers specified in the scope of the following application directory pattern. C. To create the specific.Company.com zone. D. To Backup and restore important data. Answer: B Question: 6
Page 3 of 296
Which resource record is used to resolve domain names specified in e-mail addresses to the IP address of the mail server associated with the domain? A. PTR B. MX C. A D. CNAME Answer: B Question: 7 You work as a security administrator for Microsoft. The basic network and some configurations are as the following:Currently, you want the dial-up users to have successful connections, and you want to avoid disrupting the LAN. How can you do that?
A. Using the Server Message Block (SMB) protocol to 192.168.1.107. B. Configure the IPSec policy to use Authentication Header (AH) in transport mode with Kerberos authentication to 192.168.1.108. C. You could configure an IPSec policy to require Encapsulating Security Payload (ESP) between the payroll client computers and 192.168.1.103. D. On Server2, configure a static address pool for the dial-up client computers. Answer: D Question: 8 On a new DNS server, you create a zone "" and then create subdomains from that root domain. Which function will the new server be able or unable to perform?
Page 4 of 296
A. The server will be unable to cache names. B. The server will be able to function only as a forwarding server. C. The server will be unable to resolve Internet names. D. The server will be unable to connect to the Internet. Answer: C Question: 9 You work as a security administrator for Microsoft. The basic network and some policies are as the following: Which of the following would be the IP address and Proffered DNS server?
A. 192.168.0.100, 192.168.0.2 B. 192.168.0.110, 192.168.10.2 C. 192.168.0.2, 192.168.5.100 D. 192.168.0.1,255.255.255.0 Answer:
Page 5 of 296
Question: 10 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to ensure that when the DHCP server in one office fails, the client computers will receive a correct IP address configuration from the DHCP server in the other office. Which of the following would be true? Choose two that will apply.
A. Ensure that an attacker does not place a rogue DHCP server on your network. B. Limit the risk of a user unintentionally starting a Windows-based DHCP server on your network. C. Between the offices to forward BOOTP broadcasts configure the router. D. In each office install and configure a DHCP relay agent. Answer: C, D Question: 11 What is a good reason for assigning a policy by means of Netsh when Group Policy can be used to simply assign an IPSec policy across multiple computers? A. Using Netsh is the only way to apply a policy that can be used to permit a user's computer to be used for a telnet session with another computer while blocking all other telnet communications. B. Using Netsh is more easily implemented when multiple machines need to be configured. C. You can apply Netsh even if the computers are not joined in a domain, and Group Policy can work only in a domain. D. You can use Netsh to create a persistent policy that will be used if Group Policy cannot be used. Answer: D Question: 12
Page 6 of 296
Serverl4 is capable of supporting t to create a persistent policy that will be wo processors.Nine hundred users from a branch office relocate to the main office in Chicago. The help desk reports that client computer IP addresses take a usually long time to renew. You confirm that network utilization is within acceptable limits. You notice that in the DHCP Server performance object. The milliseconds per packet (Avg.) counter are 40 percent higher than the baseline.You run System Monitor to baseline Server 14 during normal business hours. You observer the performance results shown in the following table.Currently, you want to improve the performance of Serverl4. What should you do on Serverl4? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Have a wireless access point available. B. Use the Security Configuration and Analysis tool. C. Create, assign, and renew SSL Web server certificates. D. Move the database path to drive E. Answer: A Question: 13 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to configure Clientl so that it can address all the hosts on the network by their names. How should you configure the DHCP service for the 192.168.0.0 scope on Server2?
Page 7 of 296
A. Set the IP address of the DNS server to 192.168.0.100. B. Using IPSec to allow remote users to connect to an organization's private network across the Internet. C. Encapsulating Security Payload with certificate-based authentication in tunnel mode would be available. D. Establishing an IPSec connection to the IPSec gateway that provides access to the internal network. Answer: A Question: 14
Page 8 of 296
You administer a network that consists of a single domain. On this network, you have configured a new DNS server named DNS1 to answer queries for Internet names from the local domain. However, although DNS1 is connected to the Internet, it continues to fail its recursive test on the Monitoring tab of the server properties dialog box. Which of the following could be the potential cause for the failure? A. You have configured DN51 in front of a firewall, B. DNS1 hosts a zone named V C. Your root hints have not been modified from the defaults. D. You have not configured DNS1 to forward any queries to upstream servers. Answer: B Question: 15 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to change the IP addressing scheme to accommodate all
required servers in subnet A and subnet B. You are authorized to make any necessary changes.
The diagram in the work area shows the network configuration and the planned number of servers for each subnet. Which IP address should be assigned to each subnet?
A. Subnet A: 131.107.10.0/23 Subnet B: 131.107.10.0/24 B. Subnet A: 131.107.11.0/23 Subnet B: 131.107.10.0/24 C. Subnet A: 131.107.10.0/23 Subnet B: 131.107.11.0/24 D. Subnet A: 131.107.11.0/23 Subnet B: 131.107.10.0/24 Answer: A
Page 9 of 296
Question: 16 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to ensure that users on all three segments of the network can access resources on Serverl. What should you do?
Page 10 of 296
A. Enable Fail on load if bad zone data setting in the advanced properties of Serverl. B. Enable the Secure cache against pollution setting in the advanced properties of Serverl. C. Enable the Enable automatic scavenging of stale resource records setting in the advanced properties of Serverl and set it to 7 days. D. Modify the route to the 192.168.10.0 network in the routing table on Router2. Answer: D Question: 17 Which of the following events could serve as a legitimate reason to modify (but not delete) the default root hints on the Root Hints tab of a DNS server properties dialog box? (Choose all that apply.) A. The Internet root servers have changed. B. The server will not be used as a root server. C. You have disabled recursion on the server. D. Your server is not used to resolve Internet names. Answer: A, B Question: 18 Currently, you need to remove the update from all client computers until you can test the update. What should you do? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Log on to the computer until you contact one of Microsoft??s product activation centers. B. Install a service pack without saving uninstall files by using the ???ii?Cn switch when you install the service pack. C. Configure Automatic Updates to download and install critical updates automatically. D. Clear the update for approval on the WSUS server. Run the spuninst command from the Systemroot\$NtUninstallQ318138$\spuninst directory on each client computer. Answer: D Question: 19 You work as a security administrator for Microsoft. The basic network and some policies are as
the following: Currently, you need to ensure that client computers can successfully connect to the
W5US server. What should you do?
Page 11 of 296
A. Each client computer can resolve names on the network as quickly as possible by using a fully qualified domain name (FQDN). B. Prevent zone replication traffic from occurring on the slow network connections. C. Minimize hard disk utilization on the DNS servers in the Lagos and Nairobi branches as much as possible. D. Ensure that DNS queries in Tangier and Cape Town are resolved locally. E. Specify the Server Name property to be the server's fully qualified domain name (FQDN), in the WSUS GPO. Answer: E Question: 20 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to ensure that all client computers in the domain can access the shared folders on Server6. You must ensure that all communications between client computers and Server6 be encrypted. What should you do?
Page 12 of 296
A. Disable the default exemptions to IPSec filtering on all computers in the domain. B. Disable the default response rule in the Client (Respond Only) IPSec policy in the domain. C. Configure Serverl so that it uses the predefined IPSec policy named Server (Request Security). D. Assign the Client (Respond Only) IPSec policy on all client computers. Answer: D Question: 21 You work as a security administrator for Microsoft. The basic network and some policies are as
the following:Now, you need to configure DNS_One and DNS_Two so that all computers on the
internal network can resolve the host names of other computers on the internal network, and the three servers that are accessible from the Internet. Which of the following would be true? Choose 2 that will apply.
Page 13 of 296
A. Create a primary DNS zone named adatum.com on DNS_Two. B. Create a secondary DNS zone named adatum.com on DNS_Two. C. Configure DNS forwarding from DNS_Two to DNS_One. D. Configure DNS forwarding from DNS_One to DNS_Two. E. Manually add a host record for each computer on the internal network to the adatum.com zone on DNS_One. F. Manually add a host record for each Internet-accessible computer to the Microsoft.com zone on DNS_Two. Answer: A, F
Page 14 of 296
Question: 22 You work as a security administrator for Microsoft. The basic network and some policies are as the following: Currently, you need to view all of the IPSec settings that are applied to Server2 by GPOs. Which tool should you use?
A. you can run the repadmin /replicate command on each database server. B. you can run the gpupdate command on each database server. C. you can run the secedit /refreshpolicy command on each database server. D. you can open Local Computer Policy, select Security Settings, and then use the Reload command on each database server. E. you can run the Resultant Set of Policy console. Answer: E Question: 23 You discover that an administrator has adjusted the default TTL value for your company's primary DNS zone to 5 minutes. Which of the following is the most likely effect of this change? A. Resource records cached on the primary DNS server expire after 5 minutes. B. DNS clients have to query the server more frequently to resolve names for which the server is authoritative. C. Secondary servers initiate a zone transfer every 5 minutes. D. DNS hosts reregister their records more frequently. Answer: B Question: 24 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you confirm that all users can connect to the nonsecure sites hosted on the Web server by using HTTP. You want to view the failed HTTPS requests. What should you do?
Page 15 of 296
A. Monitor any changes to the files and directories that contain your application and content. B. Review Logs on Server. C. Enable auditing for all users for any successful or failed attempts. D. Enable file access auditing for your Web site content. Answer: B Question: 25 Currently, you need to update six high-visibility servers with critical updates by using Windows Server Update Services (WSUS). You approve all of the updates. You need to ensure that the updates are applied within one hour. What should you do? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Configure registry and file system permissions. B. Install the latest service pack on all Windows XP Professional client computers. C. Deploy security templates by using Active Directory-based Group Policy. D. Type the wuauclt /detectnow command at the command prompt on each of the six servers. Answer: D Question: 26 Which of the following is not a benefit of storing DNS zones in the Active Directory database? A. Less frequent transfers B. Decreased need for administration C. Less saturation of network bandwidth D. Secure dynamic updates Answer: A Question: 27
Page 16 of 296
Currently, you need to ensure that all client computers receive all Microsoft security patches, critical updates, and service packs. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Configure registry and file system permissions. B. Install the latest service pack on all Windows XP Professional client computers. C. Deploy security templates by using Active Directory???ii?Cbased Group Policy. D. Install the Automatic Updates client on all client computers. E. Open the WSUS console. Create a target group and assign all client computers to the group. Answer: D, E Question: 28 Currently, you need to install Windows Server Update Services (WSUS) on a computer named Serverl. Serverl has limited hard disk space. Serverl stores a minimal amount of information locally. Client computers must install Microsoft critical updates. You need to ensure that client computers download updates directly from Microsoft Update. Only approved updates should be downloaded. What should you do? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Make all users of Windows XP Professional client computers members of the Administrators local group. B. On all Windows XP Professional client computers, install the latest service pack. C. On all Windows XP Professional client computers, use the gpupdate /force command. D. Open the WSUS console. Modify the synchronization option to not store updates locally. Answer: D Question: 29 You are the network administrator for Lucerne Publishing. The Lucerne Publishing 5-52 network consists of a single domain, lucernepublishing.com, that is protected from the Internet by a firewall. The firewall runs on a computer named NS1 that is directly connected to the Internet. NS1 also runs the DNS Server service, and its firewall allows DNS traffic to pass between the Internet and the DNS Server service on NS1 but not between the Internet and the internal network. The DNS Server service on NS1 is configured to use round robin. Behind the firewall,
Page 17 of 296
two computers are running Windows Server 2003-NS2 and NS3-which host a primary and secondary DNS server, respectively, for the lucernepublishing.com zone.Users on the company network report that, although they use host names to connect to computers on the local private network, they cannot use host names to connect to Internet destinations such as www.microsoft.com.Which of the following actions requires the least amount of administrative effort to enable network users to connect to Internet host names? A. Disable recursion on NS2 and NS3. B. Enable netmask ordering on NS1. C. Configure NS2 and NS3 to use NS1 as a forwarder. D. Disable round robin on NS1. Answer: C Question: 30 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to provide this security assessment of every computer and verify that the requirements of the written security policy are met. How could you do that?
A. Scan all the subnets in our data center instead of scanning just the IPs listed in our database of servers. B. Denotes a scan that was completed successfully with no missing updates found. Scan reports are stored on the computer from which you ran MBSA in the %userprofile%\SecurityScans folder. C. Install and run mbsacli.exe with the appropriate configuration switches on a server. D. Schedule automatic scanning for unpatched computers. Answer: C Question: 31 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need verify that all users are using a secure protocol to connect to Serverl from the Internet. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
Page 18 of 296
A. Check the application log on the Web server. B. Use Network Monitor to capture network traffic on the Web server. C. Review the log files created by IIS on the Web server. D. Using Network Monitor to monitor network traffic to Serverl. E. On Serverl, monitor the IIS logs. Answer: D, E Question: 32 You work as the network administrator for the Paris branch office of Microsoft. The basic network and some policies are as the following:Currently, you need to configure DNS on Server_One to meet the requirements. What should you do?
A. Identify common IPSec usage scenarios. B. Describe the IPSec negotiation process, including the differences between Main Mode and Quick Mode communications. C. Determine which authentication method to use with each trust type. D. Set up conditional forwarding to Server_One for the engineering. Microsoft.com namespace. Answer: D Question: 33 You are the administrator for a large network consisting of 10 domains. You have configured a standard primary zone for the mfg.lucernepublishing.com domain on a DNS server computer named Serverl. You have also configured a UNIX server, named Server2, to host a secondary zone for the same domain. The UNIX server is running BIND 8.2.1.You notice that zone transfers
Page 19 of 296
between the primary and secondary servers seem to generate more traffic than expected, putting a strain on network resources.What can you do to decrease the network burden of zone transfers between the primary and secondary servers? A. Clear the BIND Secondaries check box on Serverl. B. Configure a boot file on Serverl to initialize BIND-compatible settings. C. Select the BIND Secondaries check box on Serverl. D. Configure a boot file on Server2 to enable fast zone transfers. Answer: Pending Question: 34 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to configure Filesrvl to ensure that all computers connect to it by using the IPSec policy. How can you do that?
A. Create a GPO with the IPSec policy Server (Request Security) and apply it to this OU. B. retain the Secure Server (Require Security) IPSec policy. C. Create an OU and place the computer accounts of all workstations running Windows XP Professional. D. Assign the Secure Server (Require Security) IPSec policy. Answer: D Question: 35 Currently, you need to ensure that Serverl can communicate with the Windows Update servers. How can you do that on Serverl? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 20 of 296
A. Schedule MBSA to scan your network for unpatched computers at night, so you can review the reports in the morning without waiting for the scan to occur. B. Run Microsoft Baseline Security Analyzer (MBSA) on a client computer that has Internet access and targets all the domain controllers. C. Use it to scan all computers on your network or domain for which you have administrator access. D. Configure authentication to the proxy server in the WSUS options. Answer: D Question: 36 You are designing the DNS namespace for a company named Proseware, which 5-62 has a registered domain name of proseware.com. Proseware has a central office in Rochester and one branch office each in Buffalo and Syracuse. Each office has a separate LAN and network administrator. You want to configure a single DNS server at each location, and you want the central office to host the proseware.com domain. In addition, you want the administrators in Buffalo and Syracuse to maintain responsibility for DNS names and name resolution within their networks.Which of the following steps should you take?
Page 21 of 296
A. Configure a standard primary server in Rochester to host the proseware.com zone. Delegate a subdomain to each of the branch offices. Configure a secondary server in both Buffalo and Syracuse to host each of the delegated subdomains. B. Configure a standard primary server in Rochester to host the proseware.com zone. Configure a secondary server in both Buffalo and Syracuse to improve performance and fault tolerance to the zone. C. Configure the DNS server in Rochester to host a standard primary zone for the proseware.com domain. Configure the DNS servers in both Buffalo and Syracuse to each host a standard primary zone for a subdomain of proseware.com. Create a delegation from the DNS server in Rochester to each of these subdomains.
D. Configure the DNS server in Rochester to host a standard primary zone for the proseware.com
domain. Configure the DNS servers in both Buffalo and Syracuse to host a standard primary zone for a subdomain of proseware.com. Add secondary zones on each DNS server to pull transfers from the primary zones hosted on the other two DNS servers. Answer: C Question: 37 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service. What should you do?
Page 22 of 296
A. Choosing which methods to use for your environment. B. In the computer settings section of the Default Domain Policy GPO, modify the existing software restriction policy hash rule for the Inventory.exe application so that the hash rule has a security level of Disallowed. C. Listed in the New Parameter column can be used with updates released. D. Invokes a dialog box that warns the user that a restart will occur in the specified number of seconds. Answer: Question: 38 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you install WSUS on four servers on the network. Which of the following should be added to First option on Serverl3?
Page 23 of 296
Page 24 of 296
A. Synchronize directly from the Windows Update servers B. Synchronize from a local WSUS server C. Maintain updates on a Windows Update server D. Save the updates to a local folder Answer: B Question: 39 You are the administrator for your company's network, which consists of a central office LAN and three branch office LANs, all in different cities. You have decided to design a new DNS infrastructure while deploying Active Directory on your network.Your goals for the network are
Page 25 of 296
first to implement a single Active Directory forest across all four locations and second to minimize response times for users connecting to resources anywhere on the network. Assume that all branch offices have domain controllers running DNS servers.Which of the following actions best meets these goals? A. Configure a single Active Directory domain for all four locations and configure a single Active Directory-integrated DNS zone that replicates through the entire domain. B. Configure a single Active Directory domain for all four locations, and configure a standard primary zone at the central office with zone transfers to secondary zones at each branch office. C. Configure an Active Directory domain and a DNS domain for the central office, delegate a DNS subdomain to each branch office, and configure an Active Directory-integrated zone in each location that replicates through the entire forest. D. Configure an Active Directory domain and a DNS domain for the central office, delegate a DNS subdomain to each branch office, and configure an Active Directory-integrated zone in each location that replicates through the entire domain. Answer: A Question: 40 Currently, you want to produce a weekly report that will list all the zones that are hosted on each DNS server. Which of the following would you use to configure the DNS server? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Netdiag.exe B. DNScmd.exe C. Nslookup.exe D. Adsiedit.exe Answer: B Question: 41 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to ensure that each DNS server on the WAN has a dynamically updated list of NS records for fineartschool.net. You also need to minimize zone replication traffic across the slow connections and minimize DNS lookups on Serverl. Which of the following would you configure to the Lima Server?
Page 26 of 296
A. Standard secondary zone B. Stub zone C. Conditional forwarder D. None of them Answer: A Question: 42 Which of the following is not a benefit of using a stub zone? A. Improving name resolution performance
Page 27 of 296
B. Keeping foreign zone information current C. Simplifying DNS administration D. Increasing fault tolerance for DNS servers Answer: D Question: 43 Netsh is used to create and assign an IPSec policy for a stand-alone server running Windows Server 2003. One of the commands used is the following, executed from the Netsh IPSec Static context:Add rule name="SMTPBIock" policy="smtp" filterlist="smtp computerlist" filteraction="negotiate smtp" description="this rule negotiates smtp"Why is the policy not working? A. The policy is set with the wrong IP addresses. B. Each policy specifies a different encryption algorithm. C. No encryption is taking place. The evidence is revealed in the soft SAs. D. The policy is using Kerberos for authentication and the computer is not a member of a domain. Answer: D Question: 44 Currently, you need to configure DNS02 to host the primary zone for the Microsoft.com namespace. The records that are currently in the Microsoft.com zone must be retained. You want to ensure that all host names can be resolved immediately after DNS02 becomes the new primary name server for the zone. How could you do that? Choose some steps that may be used. You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 28 of 296
A. On DNS02, set up a secondary zone named Microsoft.com. B. Add a name server (NS) record for DNS02 to the Microsoft.com primary zone. C. On DNS02, change the zone type of the Microsoft.com secondary zone to a primary zone. D. On DNS01, delete the Microsoft.com primary zone. E. On DNS01, set up a secondary zone named Microsoft.com. Answer: A, B, C, D, E Question: 45 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to change the configuration of the start of authority (SOA)
Page 29 of 296
resource record for Microsoft.com. In addition, you need to reduce the possibility that users can query local DNS zones before successful zone transfers occur. How could you do that?
A. Change the expiration interval to 12 hours. B. Compress the folder in which the downloaded updates are stored. C. Configure Serverl to store only the locales that are needed. D. Download the updates, and then delete updates that are not approved for client computers. Answer: A Question: 46
Page 30 of 296
You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to configure the start of authority (SOA) resource record properties for the Microsoft.com zone. You also need to ensure that the server in the Cairo office will continue to attempt zone transfers if an initial attempt fails. How could you do that?
A. You can configure the retry interval to be 3 hours. B. You can configure the retry interval to be 12 seconds. C. You can configure the retry interval to be 1 hour. D. You can configure the Microsoft.com zone to expire after 3 hour. E. You can configure the Microsoft.com zone to expire after 1 hour. F. You can configure the Microsoft.com zone to expire after 10 seconds. Answer: C Question: 47 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you must configure the samerica.thecompany.com zone to meet the stated requirements. Which three actions should you perform?
Page 31 of 296
A. Create a primary zone named samerica.thecompany.com, and ensure that the Store the zone in Active Directory option is enabled. B. Enable automatic scavenging of stale resource records on all the DNS servers, and configure the scavenging options on the samerica.thecompany.com zone. C. Configure the Dynamic updates setting on the samerica.thecompany.com zone to be Secure only. D. Create multiple domains to apply different security policies to users or resources to the company. E. Enable compatibility with earlier operating systems. F. First of all, you delete the Policy GPO, and then you reset all client computers. Answer: A, B, C Question: 48 Which command should you execute at the Nslookup prompt to view all contents of the zone contoso.com? A. Is -d contoso.com B. Is -t contoso.com C. Is -a contoso.com
Page 32 of 296
D. Is -any contoso.com Answer: A Question: 49 You work as a security administrator for Microsoft. The basic network and some policies are as the following:To reduce administrative overhead, you want to find solutions that will not require reconfiguration if DNS servers are added to the domain in the future.How can you do that?
A. In the Microsoft.com zone, create a subdomain named manufacturing. B. Configure an IPSec policy to require Authentication Headers (AHs) between the payroll client computers and Server. C. Configure an IPSec policy to require Encapsulating Security Payload (ESP) between the payroll client computers and Server. D. Configure Server to require Server Message Block (SMB) signing. Answer: A Question: 50 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to keep a record of when the primary DNS server for WinyCompany.com informs Serverl of available changes in the WinyCompany.com zone. What should you do?
Page 33 of 296
A. You can configure the log to record Notification events before enabling debugs logging on Serverl. B. Define the permissions for each certificate template to ensure that only authorized users, computers, or group members can obtain certificates based on a certificate template. C. Configure the rules in the Server Traffic policy to use an authentication method other than Kerberos. D. Add a new rule to the Server Traffic policy to encrypt Kerberos traffic. Answer: A Question: 51 Which command should you execute at the Nslookup prompt to view a list of all SRV resource records in a domain? A. set q=srv B. set q=srv <domain name> C. Is -t srv <domain name> D. Is -d srv <domain name> Answer: C Question: 52 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to configure DNS resolution to ensure that all client computers can log on to the network, access the Web sites, and browse the Internet. You must also ensure that the Microsoft.net zone is stored as securely as possible. How can you do that? Choose 2 that will apply.
Page 34 of 296
A. To point to the IP addresses of the domain controllers, configure conditional forwarding for Microsoft.net. B. To point to the IP address of the ISP DNS server, configure conditional forwarding for all other DNS domains. C. Manually add a host record for each computer on the internal network to the adatum.com zone on DNS Server. D. Manually add a host record for each Internet-accessible computer to the Microsoft.com zone on DNS Server. Answer: A, B Question: 53 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Now, you need to ensure that the users in the preproduction environment cannot resolve FQDNs from the production network. You want to accomplish this goal by using the DNS console on Server_One. How can you do that?
Page 35 of 296
A. On Server_One, configure the interfaces properties to listen on the IP of 192.168.2.10 only. B. Determine the appropriate trust type for an operating system. C. Describe the overall process you would use to troubleshoot IPSec problems. D. Describe the first steps to take when isolating a communications problem that might or might not be related to IPSec. Answer: A Question: 54 You work as a security administrator for Microsoft. The basic network and some policies are as the following:However, when you monitor inbound Internet connection attempts to Serverl, you notice many attempted HTTP connections. You want to secure Serverl so that it is not susceptible to malicious Internet users. Serverl must also connect to the Internet to use Windows Update and to download virus definition updates. You do not want to purchase additional hardware or software. How could you do that on Serverl?
Page 36 of 296
A. First, you should enable Internet Connection Firewall, and then select the FTP Server check box in the Services tab. Next, enter Serverl as the server hosting the FTP services. B. Determine the appropriate trust type for an operating system. C. Describe the overall process you would use to troubleshoot IPSec problems. D. Describe the first steps to take when isolating a communications problem that might or might not be related to IPSec. Answer: A Question: 55 Which of the following actions should you perform to enable name resolution for clients at the Syracuse branch? Assume that you want to keep or restore the default security settings for zone transfers. A. Configure ns5.treyresearch.net to be notified of zone updates. B. Add an A resource record to the treyresearch.net zone pointing to the computer ns5.treyresearch.net. C. Configure the treyresearch.net zone to allow zone transfers to any server. D. Add an NS resource record to the treyresearch.net zone pointing to the computer ns5.treyresearch.net. Answer: D Question: 56 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to reconfigure the System Monitor log settings to reduce the amount of data that is captured. How could you do that?
Page 37 of 296
A. Use significant network bandwidth during periods of normal usage.

B. If setting the sample rate to 60 seconds, retain the current counter.
C. Lease addresses on more than one subnet. D. Set up a DHCP/BOOTP relay agent on at least one computer running Windows Server 2003 on each subnet. Answer: B Question: 57 The syr.treyresearch.net domain is configured as an Active Directory??i??Cintegrated zone at the Syracuse branch office. The zone replication scope has been set to All DNS Servers In The Active Directory Forest. Which partition in Replication Monitor should you use to force replication of the zone data for the syr.treyresearch.net domain? A. DC=treyresearch,DC=net B. DC=ForestDnsZones,DC=treyresearch,DC=net C. DC=ForestDnsZones,DC=syr,DC=treyresearch,DC=net D. DC=DomainDnsZones,DC=syr,DC=treyresearch,DC=net Answer: B Question: 58 Which type of trigger should you configure? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 38 of 296
A. A WMI event trigger. B. A Network Monitor capture filter. C. A System Monitor alert. D. A Network Monitor trigger. Answer: C Question: 59 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you can access the intranet and public Internet Web sites from the DNS servers. You want to allow all users to access public Internet Web sites and the intranet. You want to log all DNS queries from the LAN on the two new Windows Server 2003 DNS servers. What should you do? A. You should configure both DNS servers to use 131.107.68.93 as a forwarder. B. In the Internet Explorer settings for the VPN dial-up connection on Serverl, enter 10.10.0.1 for the proxy server address. C. In the Internet Explorer settings for the VPN dial-up connection on Serverl, select the automatically detect settings check box. D. On the network properties for the 131.107.68.1 connection on ISA1, clear the Register this connection's addresses in DNS check box. Answer: A Question: 60 Currently, you need to identify whether Serverl is receiving requests for resources through NetBIOS broadcasts. What should you do? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Configure a Capture filter to capture all traffic between Serverl and Clients. B. Start a capture. C. Log on to Clients as Userl and allow the logon process to complete. D. Between Serverl and all clients, use Network Monitor to capture traffic. Answer: D Question: 61 What will you do to configure Network Monitor? Choose two that will apply.
You work as a security administrator for Microsoft.The basc network and some configures are as
the following:
Page 39 of 296
A. Configure a performance alert to write an event to the application event log whenever the number of established FTP connections exceeds 1. B. Use a Network Monitor filter to capture IP traffic from any computer to Serverl. C. Run the finger command on Serverl to identify the source of the FTP requests. D. Run the arp command on Serverl to identify the source of the FTP requests. E. Increase the Network Monitor buffer size setting. F. Decrease the Network Monitor frame size setting. Answer: E, F Question: 62 Which of the following servers are eligible to be the first DHCP server on your network? (Choose all that apply.) A. A Windows Server 2003 domain controller in an Active Directory network B. A Windows 2000 Server workgroup server in a network with no domains C. A Windows Server 2003 workgroup server in an Active Directory network D. A Windows 2000 Server member server in an Active Directory network Answer: A, B, D Question: 63 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, your company places a high priority on protecting user privacy and confidential data. You want to allow cookies that will cause http://inventory.Microsoft.com to display the last search results for each purchasing department user.What should you do to configure the Internet options on purchasing department computers?
Page 40 of 296
A. In the Privacy tab, use the Edit button to allow http://inventory.Microsoft.com. B. Instruct the 20 employees to add http://inventory.Microsoft.com to the list of trusted sites in Internet Explorer on their client computers. C. Instruct the 20 employees to change the Internet Explorer privacy settings on their client computers to Low. D. Uninstall Internet Explorer Enhanced Security Configuration on Server2. Answer: A Question: 64 You work as a security administrator for Microsoft. The basic network and some policies are as the following:You want to find out where the communication failure resides by running a command prompt on a computer in the Los Angeles office. What are two possible ways to achieve this goal? Choose two that apply.
Page 41 of 296
A. Run the pathping 192.168.10.254 command. B. Run the net view \\192.168.10.254 command, C. Run the tracert 192.168.10.254 command, D. Run the nslookup 192.168.10.254 command. Answer: A, C Question: 65 A DHCP scope has been configured with the 003 Router option, which provides clients with the address of a default gateway. However, after running the Ipconfig /renew command and then the Ipconfig /all command at a computer named Clientl, you find that this client is being assigned an IP address within the defined scope but not the address of a default gateway.Which of the following answers could explain this behavior? A. Clientl has become disconnected from the network. B. Clientl's IP address is acquired by means of a reservation at the DHCP server. C. No scope options have been defined at the server level. D. The scope has not been activated. Answer: B Question: 66 You are the network administrator for your company. The network contains a third-party application that runs as a service. The application service is secured with a domain-level service account. The properties of the service account are displayed in the work area.Uses report that the application is no longer available. The application service is stopped.An administrator reports that
Page 42 of 296
the password of the service account had expired and was changed. You reset the password on the service to match the new password of the service account. You unsuccessfully attempt to restart the service.You need to ensure that the service will start. You need to prevent this problem from happening again while retaining administrative control over the service account password.How can you do that? To answer, configure the appropriate option or options in the dialog box in the work area.
A. Users cannot change password B. Password never expired. C. Save password D. Account is disabled. Answer: B Question: 67 You log on to the domain, map a drive to the share \\192.168.5.55\share, and then copy some files. You then use Kerbtray.exe to examine the Kerberos tickets.You find a ticket for your account and the service krgbt. You do not find a ticket for CIFS for this server. What is the most likely reason for this problem? A. The ticket with the service krgbt is the ticket for this type of connection. B. Using the IP address instead of server name means NTLM will be used.
C. The Kerbtray.exe utility shows only TGT tickets, and the share ticket is a user or session ticket.
D. The Kerbtray.exe utility shows only session tickets, and the share ticket is a TGT ticket. Answer: B Question: 68 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Now, you need to ensure that Workstation6 can connect to Server5 and any other hosts on subnet B. How can you do that?
Page 43 of 296
Page 44 of 296
A. Understand the reasons to apply each type of update, and the reasons not to apply them. B. Deploy Certificate Services on multiple servers 255.255.0.0. C. Backup and restore important CA data. D. All traffic to or from IP address 131.107.128.1 to 131.107.194.1. C E. Change the default gateway to 131.107.128.1 on Workstation6. Answer: C Question: 69 You set up Performance Logs And Alerts to send a message to Computer2 to notify an operator when the network use on Computerl gets too high.However, Computer2 never receives the message sent from Computerl. What must you do to enable messages to be sent by Computerl and received byComputer2?(Choose all that apply.) A. On Computerl, start the Messenger service. B. On Computerl, start the Alerter service. C. On Computed, start the Messenger service. D. On Computed, start the Alerter service. Answer: B, C Question: 70 However, you want to conserve addresses as much as possible. Which subnet mask should you use? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 45 of 296
A. 255.255.255.0 B. 255.255.255.255 C. 255.255.255.224 D. 255.255.255.254 Answer: C Question: 71 Now, you need to ensure that client computers on the network can receive an IP address configuration from Server_Two. How can you do that? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 46 of 296
A. Describe the tools available to monitor IPSec on Server_Two. B. List which tools can be used to identify specific IPSec statistics on Server_One. C. Capture and analyze IPSec network traffic to verify that it is being encrypted On Server_Two. D. Authorize the DHCP service on Server_Two in Active Directory. Answer: B Question: 72 Which of the following does not rely on certificates and public key cryptography? A. SSL B. EFS C. IPSec D. Workgroup security Answer: D Question: 73 You work as a security administrator for Microsoft. The basic network and some policies are as the following:You need to ensure that Maria can access the network by using her client computer. You also need to ensure that this problem will not recur. How can you do that?
Page 47 of 296
Page 48 of 296
A. Before restarting Client2, you should exclude the IP addresses 192.168.10.10 to 192.168.10.15 from the DHCP scope. B. reveals the negotiation policy used to establish each Quick Mode SA. C. use to view current information about Quick Mode negotiations. D. Reconcile the DHCP scope on the DHCP server. Restart Client2. Answer: A Question: 74 Currently, you need to ensure that changes you make do not affect the current DHCP functionality. How can you do that? A. Select an appropriate special group for controlling access to resources. B. Determine the type of group to create in Windows Server 2003 to meet the security requirements of your organization. C. Configure a Web server to serve content to the public Internet while minimizing the risk that the system will provide attackers with an entry point to the internal network. D. Modify the Main scope on DHCP_ONE to include addresses 10.1.16.0 through 10.1.27.254. Modify the Branch scope on DHCP_TWO to include addresses 10.2.16.0 through 10.2.27.254. Answer: D Question: 75 Which protocol provides names and name resolution for workgroups in Windows? A. NetBIOS B. CIFS C. DNS D. Kerberos Answer: A Question: 76 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to ensure that no unsecured traffic from the Internet reaches the
Page 49 of 296
internal network through this VPN. You also need to ensure that access to the VPN servers from their respective internal networks is not disrupted. How can you do that?
A. Select an appropriate certificate enrollment method. B. In the properties of RASIPSec, edit the All IP Traffic IP Filter list to include the IP addresses for only Serverl and Server2. C. Explain the importance of thoroughly testing applications with IPSec, and explain the most critical steps to take during the testing process. D. Configure input and output L2TP/IPSec packet filters on the external interfaces of Serverl and Server2. Answer: B Question: 77 Currently, you need to ensure that the users can access http://www.adatum.com. You must also ensure that users retain their ability to access internal resources. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 50 of 296
A. Settings for modems, network clients, and network adapters on Server2. B. Configure the network interface card following the manufacturer's instructions. C. Disconnect the computer from the network, unplug it, and install the adapter in the appropriate slot on the computer. D. Create a root zone on Serverl. E. On all affected users' computers, run the ipconfig /flushdns command. Answer: D, E Question: 78 Which of the following are automatically configured in Windows Server 2003? A. Local area connections B. Dial-up networking C. Routing tables Answer: A Question: 79 You work as a security administrator for Microsoft. The basic network and some policies are as the following: Currently, you want to allow Serverl to connect to WWW. How can you do that?
Page 51 of 296
A. On Serverl, use network diagnostics to pinpoint network configuration problems. B. On ISACorp, click Set Scanning Options and then select additional test actions and categories. C. On ISACorp, rerun the diagnostics tests by clicking Start. Note any problems and resolve them as necessary. D. On Serverl, run the ipconfig /flushdns command from a command prompt. Answer: D Question: 80
Page 52 of 296
You work as a security administrator for Microsoft. The basic network and some configurations are as the following:Currently, you need ensure that all client computers can access the Internet. What should you do?
A. Configure the DHCP Relay Agent on Server2. B. On 5erver2, replaces the Ipsecmon.exe tool included with Windows 2000 Server. C. On Server2, pick up DHCP broadcast messages and forward them to a DHCP server on another network. D. Install DNS on Server2. Configure a secondary zone on Server2 for the Active Directory domain DNS zone. Answer: A Question: 81 You work as a security administrator for Microsoft. The basic network and some policies are as the following: Currently, you want to use the minimum amount of administrative effort. How can you do that?
Page 53 of 296
A. Return information about the computer system, operating system configuration, and operating system version. B. Assign many network configuration settings automatically. C. On each DHCP server that is a member of the Microsoft_2.com domain, configure the 15 DNS Domain Name option to be Microsoft_2.com. D. Contacts the DHCP server that provided the lease. Answer: C Question: 82 Which of the following components are automatically assigned to connections?ExplanationsNo more information available A. Client Service For NetWare B. Network Monitor Driver C. Client For Microsoft Networks Answer: C Question: 83 Currently, you need to configure Server2 to allow users to always connect to Internet Web sites. How can you do that? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 54 of 296
A. Set the demand-dial connection to Persistent. B. Tell the computer the IP address you want to use, the subnet mask for this IP address, and, if necessary, the default gateway to use for internetwork communications. C. Make sure that the address isn't already in use or reserved for use with DHCP. D. Access Network Connections in Control Panel, and then select or double-click the connection you want to work with. Answer: A Question: 84 Currently, you need to verify the cause of the intermittent connection delays to Serverl. You also
need to find out whether the problem is related to a hardware deficiency on Serverl. You need to
track these delays over a period of one day. What should you do first? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Explain the importance of thoroughly testing applications with IPSec, and explain the most critical steps to take during the testing process. B. Configured incorrectly, IPSec can cause minor problems, such as a network application that performs poorly or major problems, such as total loss of network connectivity. C. Requires Write access to all IPSec policy objects. D. To track the queue lengths on the network adapter on Serverl, create a System Monitor counter. Answer: D Question: 85 Which of the following features is not configurable through the Routing And Remote Access console? A. Dial-up networking B. Packet filtering C. Internet Connection Sharing
Page 55 of 296
D. Active Directory Answer: D Question: 86 Currently, you need to capture file-transfer network traffic that is being sent to and from Serverl.You need to capture all network traffic that is sent to and from Serverl.How can you do that? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Install Network Monitor Tools on Serverl. Run Network Monitor to capture network traffic. B. Installing new computers one at a time, with minimal infrastructure. C. Install a new computer by using a higher-speed network for installations. D. Open Network Monitor on Server2 and increase the capture buffer from 1 MB to 20 MB in size. Run Network Monitor to capture network traffic. Answer: A Question: 87 Currently, you need to ensure that network users can access Internet Web sites by using their FQDNs, while ensuring that user access to internal resources is not disrupted. Which one of the following could be true? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
Page 56 of 296
A. Create a root zone on Server3. Configure all computers on your network to use the new ISP's DNS server. B. Create a root zone on Serverl. Configure all computers on your network to use the new ISP's DNS server. C. Create a root zone on Server2. Configure all computers on your network to use the new ISP's DNS server. D. Create a root zone on Serverl. Configure Serverl on your network to use the new ISP's DNS server. Answer: A Question: 88 You want your computer running Windows Server 2003 to interoperate with a NetWare network that contains servers running both NetWare 3.11 and NetWare 4.1. How should you configure the NWLink protocol to handle this situation? A. Leave the protocol in Auto Detect mode. B. Configure the frame type as 802.2. C. Configure the frame type as 802.3. D. Configure the Registry to allow both 802.2 and 802.3 frame types. Answer: D Question: 89 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to start the appropriate service or services to ensure that Serverl can correctly resolve name resolution queries. You want to achieve this goal by using the minimum amount of administrative effort. Which service or services should you start?
Page 57 of 296
A. Computer Browser B. DHCP Client C. DNS Client D. HTTP SSL Answer: C Question: 90 Which of the following settings can be applied using Security Configuration And Analysis and a security template? (Choose all that apply.)
Page 58 of 296
A. The password must be 15 characters long. B. The Accountants group is not allowed to access this computer over the network. C. IPSec must be used for all communications between Computerl and Computer2. D. The root file permissions should be Everyone Full Control. Answer: A, B, D Question: 91 How can you do that? Choose 3 that will apply. You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Configure the Restart service after value for Servicel to 1,440 minutes. B. Configure the response to the first failure to be to restart Serverl. C. Configure the response to the second failure to be to restart Servicel. D. Configure the Reset fail count after value for Servicel to 1 day. E. Configure the response to the first failure to be to restart Servicel. F. Configure the response to the second failure to be to restart Serverl. Answer: D, E, F Question: 92 Currently, you need to confirm that the current network bandwidth of the broadband connection will be sufficient for the future expansion of the Microsoft office. You want to use System Monitor on Server23 to find out the current utilization of the broadband network connection. What should you do?
the following:
Page 59 of 296
A. Assign the Server23 computer account the Allow - Read permission on the RAS and IAS Servers Access Check container in Active Directory. B. Add the Server23 computer account to the RAS and IAS Servers security group. C. Add the Server23 computer account to the Windows Authorization Access Group security D. Monitor the Bytes Total/sec counter on the Network Interface object. Answer: D Question: 93
Currently, you need to ensure that computers automatically assign themselves to the correct
computer group. How can you do that? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Configure Computer Options so that Use group policy or registry settings on computers are selected in the WSUS console. B. Create the appropriate computer groups In the WSUS console. C. Configure Computer Options so that Use the Move Computers Task in Windows Server Update Services is selected In the WSUS console. D. Take several hours and puts a bit of a strain on your Internet connection. Answer: A, B Question: 94 Which is the only layer of the TCP/IP reference model that does not contain any TCP/IP protocols? A. The network interface layer B. The internet layer C. The transport layer D. The application layer Answer: A Question: 95 Currently, you need to ensure that the Windows XP Professional client computers receive their updates from Server2. How can you do that?
the following:
Page 60 of 296
A. Configure registry and file system permissions. B. Install the latest service pack on all Windows XP Professional client computers. C. Deploy security templates by using Active Directory=based Group Policy. D. Edit the register of HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU. Answer: B Question: 96 Currently, you need to confirm whether all computers in the domain have received all approved updates from Serverl. How can you do that? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Provides the download and installation of critical Windows updates, such as security patches and hotfixes. B. Provides a background file-transfer mechanism and queue management, and it is used byAutomatic Update to automatically download programs. C. Run the Status of Computers report after opening the WSUS console. D. Enables the Clipbook Viewer to create and share data that can be reviewed by remote users. Answer: C Question: 97 Which of the following TCP/IP protocols does not function at the internet layer? A. IP B. ARP C. TCP D. ICMP
Page 61 of 296
Answer: C Question: 98 Currently, you need to collect information about which users are connecting to the Web site by using HTTPS. How can you do that? You work as a security administrator for Microsoft.The basc network and some configures are as the following:
A. Monitor any changes to the files and directories that contain your application and content. B. Review Logs on Server. C. Enable auditing for all users for any successful or failed attempts. D. Enable file access auditing for your Web site content. Answer: B Question: 99 Now, you fix the problem. You need to log all attempts to access the HKEY_LOCAL_MACHINE\SYSTEM key in the registry on Serverl. You decide to enable auditing in the local security policy on Serverl. How could you do that? Choose 2 that will apply.
the following:
A. Stores information about objects on a network and makes this information available to users and network administrators.
B. Enables Windows applications and Active Directory clients to access several network directory
services, including Active Directory. ADSI is supplied as a software development kit. C. Allows system manufacturers to deliver computers that start at the touch of a keyboard. D. Configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry. Specify auditing of the Full Control permission for everyone.
Page 62 of 296
E. Enable auditing in the local security policy on Serverl. Select the Audit object access (success and failure) option in the audit policy. Answer: D, E Question: 100 Which of the following is a transport-layer protocol? A. IGMP B. UDP C. DNS D. Ethernet Answer: B Question: 101 Which of the following services connect to UDP ports? (Choose all that apply.) A. NetBIOS B. DNS C. Ethernet D. Telnet Answer: A, B Question: 102 You work as a security administrator for Microsoft. The basic network structure is as following:Currently, you view the event logs of the domain controllers. You notice that there are frequent failures of Active Directory transactions, which are caused by DNS lookup failures against the margiestravel.com zone. You discover that the data in the DNS zones on DC03 is out of date. You need to find out why the DNS data on DC03 is out of date. How can you do that on DC03?
Page 63 of 296
A. You could set a manual retention method for the security log. B. Specify a maximum session time enables the RADIUS service to force the client to reauthenticate on a regular basis. C. You could configure the GPO to shut down the computer if it is unable to log security audits. D. Use the Replmon utility to look for Active Directory replication errors. Answer: D Question: 103 A host determines that the destination network ID of a packet is the same as its own network ID. What does the host do with the packet? A. It broadcasts an ARP request to determine the Media Access Control (MAC) address of the destination host and transmits the packet on the local network. B. It sends the packet to the server, which broadcasts the packet on the local network. C. It sends the packet to the default gateway for delivery. Answer: A Question: 104 You work as a security administrator for Microsoft. The basic network structure is as following:Currently, you need to configure the client computers to ensure that all computer names can be resolved by using DNS without the domain name being specified. The configuration of client computers must be automated so that they do not need to be manually reconfigured if an additional domain is added to the forest. How can you do that?
Page 64 of 296
A. Configure the Append these DNS suffixes option in the DNS client configuration of each client computer. B. Configure a packet filter on the router that separates the WLAN from the corporate network. Configure the packet filter to allow only traffic from the WLAN to enter the internal network. C. Configure the Default Domain Policy Group Policy object (GPO) in each domain. Enable the DNS Suffix Search List policy setting in the GPO. D. Allows the holder to act as a registration authority (RA) for Simple Certificate Enrollment Protocol (SCEP) requests. Answer: C Question: 105 Which of the following is the dotted-decimal notation equivalent of the binary address 11001100 00001010 11001000 00000100? To answer the question, first perform notation conversion manually, and then verify your answer with Calculator. A. 204.18.200.3 B. 204.34.202.4 C. 204.10.200.4 D. 202.10.200.4 Answer: C Question: 106 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Now, you need to find out whether DNS client traffic on Server_One is causing this problem. How can you do that?
Page 65 of 296
A. Capture and analyze IPSec network traffic to verify that it is being encrypted. B. Enable auditing of IPSec negotiations and dropped packets to allow for careful analysis of IPSec communications. C. Use the Performance console to gather and analyze IPSec statistics over a period of time. D. Create a DNS log counters Dynamic updates/sec and Total queries/sec using system monitor. Answer: D Question: 107
the following:
Page 66 of 296
What can you do to configure the remote DNS servers? To answer, drag appropriate configure to the correct servers in the work area. A. Cape Town Server2: Standard Secondary zone B. Lagos Server3: Conditional forwarder C. Tangier Server4: Standard Secondary Zone D. Nairobi Server5: Conditional forwarder Answer: A, C, D Question: 108 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to configure the primary and secondary DNS address referrals on the client computers in the Seoul office by using the minimum amount of administrative effort. You need to ensure that users have access to the Internet with as few network hops as possible. You also need to ensure that users can access resources on the internal network in London only as quickly as possible, and that DNS lookup traffic over the WAN does not occur if the local DNS server is available. What should you do?
Page 67 of 296
A. Configure Windows XP Professional portable computers with the primary DNS suffix of Company.com. B. Configure the Advanced TCP/IP Settings setting on the Windows XP Professional portable computers with a DNS suffix for this connection setting of Company.com. C. On each DHCP server that is a member of the Company.com domain, configure the 15 DNS Domain Name option to be Company.com. D. Configure 192.168.3.1 as the primary DNS server. Configure 192.168.2.1 as the secondary DNS server. Answer: D Question: 109 Which of the following is the binary equivalent of the dotted-decimal address 207.209.68.100? To
answer the question, first perform notation conversion manually, and then verify your answer with
Calculator. A. 11001111 11010001 01000100 01100100 B. 11000111 11010001 01000100 01100100 C. 11001111 11010001 01000100 01101100 D. 11001111 11010001 11001101 01100100
Page 68 of 296
Answer: A Question: 110 You work as a security administrator for Microsoft. The basic network and some policies are as the following:Currently, you need to configure the zone properties to ensure that Anne can list the contents of corp.Company.com form Computer1. How can you do that? Choose one that applies.
Page 69 of 296

70 291 S

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

70 291 S

Diunggah oleh

Hak Cipta:

Format Tersedia

Looking for Real Exam Questions for IT Certification Exams!

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

A. 192.168.0.100, 192.168.0.2 B. 192.168.0.110, 192.168.10.2 C. 192.168.0.2, 192.168.5.100 D. 192.168.0.1,255.255.255.0 Answer:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

W5US server. What should you do?

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

A. Use significant network bandwidth during periods of normal usage.

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code:

Exam Name: Exam Type: Exam Code: