Re: Help with 070-217

Gawd! Want me to wipe ya bum for you as well? Come off it mate, 1 or 2
questions are fair enough, not 15 of the bloody things! Do some research, or
pay more money to get answers from whomever you got the questions. If you
*understand* AD/DNS etc, you'd be able to answer these yourself, or at least
tell us what and why you think certain answers are incorrect. Try
http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/default.asp

--
Wayne McGlinn
Brisbane, Oz
http://spaces.msn.com/members/wmcglinn
"help, help I'm being repressed!"
Dennis.



"Microsoft" <test@xxxxxxxxxxxxx> wrote in message
news:uUbM7KrRFHA.248@xxxxxxxxxxxxxxxxxxxxxxx
> Hi
> I am pursuing my MCSE exams, at present 217, could someone answer these
> questions for me.
>
> NO.1 You are the network administrator for the research department of your
> company. The network contains 25,000 computers. The network contains a
> single Windows 2000 domain named research.contoso.com. The research
> department has three Windows 2000 Server computers that are configured as
> domain controllers. The domain controllers are also configured as DNS
> servers that that host an Active Directory-integrated zone for the domain.
> There are 450 Windows 2000 Professional client computers. All of the
> computers in the Research domain are configured to contact the domain
> controllers in the Research domain for name resolution.
> UNIX BIND servers resolve all addresses on the Internet and the company
> intranet. The Internet domain name for the company is contoso.com.
> The central DNS administrators do not allow iterative queries from
> internal
> DNS servers on the network. You disable iterative queries on DNS servers
> in
> the research department. After taking these steps, you notice that
> research
> department computers no longer resolve Web addresses or domain names on
> the
> Internet. You are able to successfully ping several Internet addresses by
> IP
> address.
> You need to ensure that the Research computers can resolve Web addresses
> on
> the Internet by fully qualified domain name (FQDN). What should you do?
> A.Configure the domain controllers to forward recursive queries to the
> UNIX
> BIND servers.
> B.Configure the research.contoso.com domain to notify the UNIX BIND
> servers
> of DNS record changes.
> C.Ask the UNIX BIND administrator to configure your DNS servers as
> secondary
> name servers for the contoso.com domain.
> D.Ask the UNIX BIND administrator to create NS records for the
> research.contoso.com domain that point to the domain controllers of the
> Research domain.
>
> NO.2 You are the network administrator for your company. The network
> consists of a Windows 2000 domain. The network contains three Windows 2000
> Server computers that are configured as domain controllers. The network
> also
> contains 400 Windows 2000 Professional client computers that are
> configured
> as domain members and 100 Windows 2000 Professional client computers that
> are configured in workgroups of between 5 and 10 systems. All IP addresses
> are statically configured.
> Each domain controller is configured as a DNS server that hosts an Active
> Directory integrated zone. The Active Directory integrated zone allows
> secure updates. The Active Directory Installation Wizard installed DNS
> automatically.
> A Windows 2000 client computer user reports that she cannot connect to the
> share on one of the Windows 2000 Professional computers by computer name.
> You examine the DNS server and discover that only the A (host) records of
> the Windows 2000 Professional client computers that are domain members are
> in the DNS zone.
> You need to ensure that all client computers can connect to shares on
> other
> computers by computer name. What are two possible ways to achieve this
> goal?
> (Each correct answer presents a complete solution. Choose two.)
> A.Configure the Active Directory integrated zone so that Yes is selected
> for
> the Allow dynamic updates setting. Run the ipconfig/registerdns command on
> all Windows 2000 Professional client computers.
> B.Configure the Active Directory integrated zone so that No is selected
> for
> the Allow dynamic updates settings. Run the ipconfig/registerdns command
> on
> all Windows 2000 Professional client computer.
> C.Add the IP addresses for each non-domain member Windows 2000
> Professional
> client computer to the Name Servers tab of the DNS zone Properties page.
> D.Add the IP addresses for each non-domain member Windows 2000
> Professional
> client computer to the DNS zone for the domain.
> E.Add the IP addresses for each non-domain member Windows 2000
> Professional
> client computer to the Zone Transfers tab of the DNS zone Properties page
> Notify window.
>
> NO.3 You are the network administrator for your company. The network
> consists of a Windows NT 4.0 domain. The network contains Windows NT 4.0
> Server computers and Windows 2000 Professional client computers. All
> computers are members of the domain.
> One Windows NT 4.0 Server computer named ServerA runs DNS, which supports
> SRV (service) records. ServerA hosts only the contoso.com domain. ServerA
> is
> the only DNS server that supports the contoso.com domain and cannot
> supported by a different DNS server.
> You are installing a Windows 2000 domain to perform a migration from your
> Windows NT 4.0 domain. During the promotion, you specify ServerA to host
> the
> new domain named nwtraders.com. When attempting to use ServerA as the DNS
> server, you receive an error stating that the DNS server that handles
> nwtraders.com could not be contacted.
> You cancel the installation of Active Directory on this server. You verify
> that ServerA is accessible from the server that is being promoted to
> support
> the Active Directory domain.
> At installation, you need to designate ServerA as the DNS server for the
> new
> Windows 2000 domain. What should you do?
> A.Install the Microsoft Directory Services client on ServerA.
> B.Upgrade ServerA to Windows 2000 Server, and then reinstall DNS.
> C.Add a new zone and resource records to ServerA for nwtraders.msft.
> D.Configure ServerA to be a domain controller.
>
> NO.4 You are the network administrator for your company. The network
> consists of a Windows 2000 domain. The domain contains Windows 2000 Server
> computers and Windows 2000 Professional client computers.
> All of the client computer accounts the locaed in a top-level
> organizational
> unit (OU) named Clients. You use a Group Policy object (GPO) named
> SecureClient, which is linked to the Clients OU, to secure the Windows
> 2000
> Professional client computers.
> You place one of the client computers in the lobby for guests. You create
> a
> top-level OU named Lobby and move the client computer account into it. You
> create a GPO named LobbyGPO and link it to the Lobby OU. LobbyGPO
> restricts
> the start menu, desktop, and Control Panel features.
> You need to ensure that the restrictions in LobbyGPO are applied to all
> users who log on to the client computer that is located in the lobby. What
> should you do?
> A.Configure LobbyGPO with the No override setting.
> B.Configure SecureClient with the No override setting.
> C.Configure LobbyGPO to enable User Group Policy loopback processing mode
> in
> replace mode.
> D.Configure SecureClient to enable User Group Policy loopback processing
> mode in replace mode.
>
> NO.5 You are the network administrator for your company. The network
> consists of a Windows 2000 domain. The network contains two Windows 2000
> Server computers that are configured as domain controllers named ServerA
> and
> ServerB.
> ServerA has two disk volumes named C and D. the operation system files and
> all Active Directory files are located on the C volume, which is a 4GB
> volume. Volume D is a 25GB volume.
> Each company department is represented by a separate organizational unit
> (OU). Each OU contains all user and group accounts for that department.
> The
> marketing department has 500 users and computers.
> While you are working at ServerA, your manager instructs you delete the
> Marketing OU. Prior to deleting this OU, you need to ensure that the
> Marketing OU and its accounts can be recovered if necessary.
> What should you do?
> A.Run the dcdiag/s:ServerA command.
> B.Back up the System State data on ServerA.
> C.Export the registry of either domain controller to backup media.
> D.Start ServerA by using the Directory Service Restore Mode option and
> make
> a backup copy of the ntds.dit file.
> E.Start ServerA by using the Directory Service Restore Mode option and use
> the Ntdsutil utility to move the database to the D volume.
>
> NO.6 The domain administrator delegates full control to you for the
> Accounting OU. You are also given the ability to create Group Policy. The
> Block Policy inheritance setting is enabled on the Accounting OU.
> You need to track local logon activities for all of the computers in the
> department. You want to perform this task with the least amount of
> administrative effort.
> Which two actions should you take? (Each correct answer presents part of
> the
> solution. Choose two)
> A.Review the security log of each computer in the Accounting OU.
> B.Review the system log of each computer in the Accounting OU.
> C.Create a new Group Policy object (GPO) and configure the Audit logon
> events setting by selecting both the Success and the failure check boxes.
> Link the policy to the Accounting OU.
> D.Create a new Group Policy object (GPO) and configure the Audit account
> logon events setting by selecting both the Success and the Failure check
> boxes. Ask the Domain Administrator to link the policy to the domain.
> E.Create a new Group Policy object (GPO) and enable the Security policy
> processing setting. Link the policy to the Accounting OU.
> F.Create a new Group Policy object (GPO) and enable the Security policy
> processing setting. Ask the domain Administrator to link the policy to the
> domain.
>
> NO.7 You are the network administrator for the research department of your
> company. The network consists of a Windows 2000 domain. The research
> department has a Windows 2000 file server named ServerA. All local storage
> on ServerA uses NTFS. The research department also has 300 Windows
> Professional computers.
> All of the computer accounts for the research department are in an
> organizational unit (OU) named Research. You have full control over the
> Research OU and the ability to create Group Policy. The Research OU blocks
> policy inheritance.
> Confidential data is stored on ServerA in a folder named Focus1 and shared
> as Focus1. You need to track all attempts to access the Focus1 folder on
> ServerA.
> Which two actions should you take? (Each correct answer presents part of
> the
> solution. Choose two.)
> A.Ask the domain administrator to enable the Audit object access setting
> on
> the Domain Security Policy for the domain.
> B.Create a new GPO that enables the Audit process tracking setting. Link
> that policy to the Research OU.
> C.Configure the Local Security Policy of ServerA to enable the Audit
> object
> access setting.
> D.Configure the Focus1 system access control list (SACL) so that the
> Everyone group has Success: List Folder/Read Date and Failure: List
> Folder/Read Data permission.
> E.Configure the share permissions on Focus1 so that the Everyone group has
> Allow: Change permission.
>
> NO.8 You are the network administrator for your company. The network
> consists of a Windows 2000 domain. The domain contains Windows 2000 Server
> computers and Windows 2000 Professional client computers. All domain
> controllers are in the default Domain Controllers organizational unit
> (OU).
> The company written security policy requires that all domain users¡¯
> passwords meet the following minimum requirements:
> At least six characters in length
> 20-day minimum age
> 35-day maximum age
> 12-password memory
> One of the branch offices has two Windows 2000 domain controllers. All
> users
> located in the branch office must be forced to use a 10-character
> password.
> What should you do?
> A.Modify the Default Domain Policy Group Policy object (GPO) so that the
> minimum password length is 10
> B.Modify the Default Domain Controllers Policy Group Policy object (GPO)
> so
> that the minimum password length is 10.
> C.Create a new OU named SecureDCs under the domain. Create a new Group
> Policy object (GPO) and link it to the SecureDCs OU. Change the minimum
> password length to 10 in the new GPO. Move both domain controller computer
> objects into the SecureDCs OU.
> D.Create a new OU named SecureDCs under the Domain Controllers OU. Create
> a
> new GPO and link it to the SecureDCs OU. Change the minimum password
> length
> to 10 in the new GPO. Move both domain controller computer objects in to
> the
> SecureDCs OU.
>
> NO.9 You are the network administrator for your company. The network
> consists of a Windows 2000 domain. The domain contains Windows 2000 Server
> computers and windows 2000 Professional client computers. All of the user
> accounts are in an organizational unit (OU) named Employees and all of the
> computer accounts are in an OU named Workstations.
> You have a new software application that needs to be installed on demand
> from users. You do not want to give users administrative privilege on
> their
> computers. You create a Microsoft Installation (MSI) package for the
> software application.
> What should you do next?
> A.Create a new Group Policy object (GPO) and link it to the Workstations
> OU.
> Configure the computer configuration portion of the GPO to assign the MSI
> package.
> B.Create a new Group Policy object (GPO) and link it to the Employees OU.
> Configure the user configuration portion of the GPO to assign the MSI
> package.
> C.Create a share on a NTFS 5.0 volume and configure it for automatic
> caching. Place the MSI package in the shared folder. Grant users Allow:
> Full
> Control permission to the shared folder. Map a drive to the shared folder
> for each user.
> D.Create a share on a NTFS 5.0 volume and configure the share as a
> Distributed File System (DFS) link. Place the MSI package in the shared
> folder. Grant users Allow: Full Control permission to the shared folder.
> Map
> a drive to the DFS share for each user.
>
> NO.10 You add a new domain controller named GC01 to your network to take
> the
> place of the existing global catalog server. You also enable GC01 as a
> global catalog. You want to use GC00, the original server, as a domain
> controller, but not as a global catalog server for the domain. You want to
> increase disk space on GC00.
> What should you do? (Choose all that apply.)
> A.Use Active Directory Sites and Services.
> Select the NTDS Settings object for the GC00 server to clear the Global
> Catalog check box.
> B.On the GC00 server, run the Ntdsutil utility to defragment Active
> Directory.
> C.On the GC00 server, reinstall Windows 2000.
> D.On the GC01 server, run the Ntdsutil utility to enable the global
> catalog
> server option.
>
> NO.11 You are the network administrator for your company. The network
> consists of a Windows 2000 domain. The network contains Windows 2000
> Server
> computers and Windows 2000 Professional client computers. All of the
> servers
> and client computers are domain members.
> The domain has three top-level organizational units (OUs) named
> Sales_users,
> Groups, and Client_computers. All non-default user, group, and computer
> accounts are located in their respective OUs.
> During a review of the security log for one of the domain controllers, you
> discover that a user named Bruno has modified multiple groups. Bruno
> should
> not have the ability to modify any non-default group.
> What should you do?
> A.Modify the Groups OU to give Bruno¡¯s user account Denny: Write
> properties
> permission to all group accounts.
> B.Modify the Sales_users OU to give Bruno¡¯s user account Deny: Write
> properties permission to all group accounts.
> C.Run the delegation wizard for the Groups OU and give Bruno¡¯s user
> account
> Allow: Read permission to all group accounts.
> D.Run the delegation wizard for the Sales_users OU and give Bruno¡¯s user
> account Allow: Read permission to all group accounts.
>
>
> NO.12 You are the network administrator for your company. The network
> consists of a Windows 2000 Active Directory domain named contoso.com. The
> network contains two Windows 2000 Server computers that are configured as
> domain controllers. The network also contains 400 Windows 2000
> Professional
> client computers.
> The research and marketing departments each have a separate top-level
> organizational unit (OU) that contains all user and group accounts for
> that
> department. These OUs named Research and Marketing, respectively.
> A group named Research_Users has all of the research user accounts as
> members. The Marketing_Users group as all of the marketing user accounts
> as
> members. The Research_Users group is a member of the local Administrators
> group of each research computer.
> During a security audit, you notice that a few marketing user accounts are
> members of the local Administrators group on research department computer.
> You want to prevent research users from giving permanent administrative
> permissions for their computers to users from other departments. You want
> to
> ensure that only Domain Administrators and research users are the
> permanent
> administrators of research department computer.
> What should you do?
> A.Delete the Research_Users group. Add each research user account to the
> local Administrators group of each computer in the Research OU.
> B.Create a new Group Policy object (GPO) and link it to the Research OU.
> Configure the policy to add a group named Administrators in the Restricted
> Groups policy. Add Marketing_Users as members of this group.
> C.Create a new Group Policy object (GPO) and link it to the Research OU.
> Configure the policy to add a group named Administrators in the Restricted
> Groups policy. Add Domain Administrators and Research_Users as members of
> this group.
> D.Create a new local group on each research department computer named
> Research_local. Add Research_Users to the Research_Local group. Add the
> localdefault Administrator account to the Research_Local group.
> E.Crete a new local group on each research department computer named
> Research_local. Add the local default Administrator account to the
> Research_local group. Tell research users to log on as the local default
> Administrator.
>
>
> NO.13 You are the network administrator for your company. The network
> consists of a Windows 2000 domain named nwtraders.com. The network
> contains
> Windows 2000 Server computers, Windows NT 4.0 Server computers and Windows
> NT 4.0 Workstation client computers. All computers are members of the
> domain.
> All domain controllers run Windows 2000 Server. One Windows 2000 Server
> computer named ServerA runs DNS and hosts the nwtraders.com domain as a
> standard primary zone. The nwtraders.com zone on ServerA does not support
> dynamic updates.
> You discover that your DNS server has been compromised. Users report that
> they cannot gain access to all network resources. You investigate DNS and
> discover that some of the records were removed and that the DNS backup
> files
> were deleted. The DNS structure is shown in the following graphic. (Click
> the Exhibit button.)
> You need to fix DNS and allow users to access network resources again.
> What
> should you do?
> A.Run the ipconfig/registerdns command on all domain controllers.
> B.Run the net stop dns command. Then run the net start dns command.
> C.Copy the netlogon.dns file from one of the domain controllers to
> ServerA.
> D.Create the _msdcs folder, structure, and SRV (service) records in DNS on
> ServerA.
>
> NO.14 You are the network administrator for your company. The network
> consists of a Windows 2000 domain named contoso.com. The network contains
> Windows 2000 Server computers and Windows 2000 Professional client
> computers. One of the servers is named ServerA and is domain controller.
> ServerA runs DNS and contains the Active Directory integrated zone for
> contoso.com. An application needs to resolve fully qualified domain names
> (FQDNs) from an IP address by using DNS.
> You want to ensure that records are automatically configured in DNS.
> Want should you do?
> A.Run the netdiag/fix command on ServerA.
> B.Run the dcdiag/fix command on ServerA.
> C.Configure the contoso.com zone to allow dynamic updates.
> D.Create a reverse lookup zone that allows dynamic updates.
>
> NO.15 You are a network administrator for your company. The network
> consists
> of a Windows 2000 domain. There are three departments in your company:
> research, marketing, and production.
> Each department has a separate organizational unit (OU) in the domain.
> Each
> OU contains all user and group accounts for that department. The marketing
> department has two subordinate offices named Telemarketing and Sales.
> The Telemarketing and the Sales offices have different administrative
> needs.
> Telemarketing users and computers must inherit all of the Group Policy
> settings that apply to the Marketing OU. Sales users and computers must
> not
> inherit Group Policy settings that apply to the marketing OU.
> All of the users and computers assigned to Telemarketing and Sales must
> inherit all Group Policy settings for the domain. Your manager does not
> want
> you to configure an administrative structure that requires the use of the
> Block Policy inheritance setting.
> You need to configure Active Directory to support the administrative needs
> o
> f the Telemarketing and Sales offices. Which two actions should you take?
> A.Create a child domain named Sales that is subordinate to contoso.com.
> B.Create a child domain named Telemarketing that is subordinate to
> contoso.com.
> C.Create an OU named Sales that is subordinate to the Marketing OU.
> D.Create an OU named Telemarketing that is subordinate to the Marketing
> OU.
> E.Create a top-level OU named Sales in the contoso.com domain.
> F.Create a top-level OU named Telemarketing in the contoso.com domain.
>
>


.