ExamWise For MCP / MCSE Certification : Installing, Configuring, and Administering Microsoft Windows 2000 Server Exam 70-215 [1 ed.] 9781590956168

Citation preview

ExamWise For Windows® 2000 Server Certification For Exam 70-215 Installing, Configuring, and Administering Microsoft® Windows® 2000 Server

Online practice exam provided by BeachFront Quizzer, Inc., Friendswood, Texas www.bfqonline.com

Author Davis Smith, MCT, MCSE Alan Grayson, MCT MCSE+I Published by TotalRecall Publications, Inc. 1103 Middlecreek Friendswood, TX 77546 281-992-3131 NOTE: THIS IS BOOK IS GUARANTEED: See details at www.TotalRecallPress.com

TotalRecall Publications, Inc. This Book is sponsored by BeachFront Quizzer, Inc. Copyright  2003 by TotalRecall Publications, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the United States Copyright Act of 1976, No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic or mechanical or by photocopying, recording, or otherwise without the prior permission of the publisher. The views expressed in this book are solely those of the author, and do not represent the views of any other party or parties. Printed in United States of America Printed and bound by Data Duplicators of Houston Texas Printed and bound by Lightning Source, Inc. in the USA and UK ISBN: 1-59095-616-8 UPC: 6-43977-03215-2 Contributing Author was Travis Kelly. Contents Edited by Alan Grayson and David Smith The sponsoring editor is Bruce Moran and the production supervisor is Corby Tate.

Worldwide eBook publication and distribution by:

This publication is not sponsored by, endorsed by, or affiliated with Microsoft, Inc. The “Windows® 2000, MCSE™, MCSD™, MCSE+I™, MCT™” Microsoft logos are trademarks or registered trademarks of Microsoft, Inc. in the United States and certain other countries. All other trademarks are trademarks of their respective owners. Throughout this book, trademarked names are used. Rather than put a trademark symbol after every occurrence of a trademarked name, we used names in an editorial fashion only and to the benefit of the trademark owner. No intention of infringement on trademarks is intended. Disclaimer Notice: Judgments as to the suitability of the information herein for purchaser’s purposes are necessarily the purchaser’s responsibility. BeachFront Quizzer, Inc. and TotalRecall Publications, Inc. extends no warranties, makes no representations, and assumes no responsibility as to the accuracy or suitability of such information for application to the purchaser’s intended purposes or for consequences of its use.

This book is dedicated to our children, Katie Jamie Alex Lauren We love you

Deborah Patrick

ExamWise For

Microsoft Windows® 2000 Server BY Deborah Timmons, MCT, MCSE Patrick Timmons, MCT, MCSE+I About the Author Deborah Timmons is a Microsoft Certified Trainer and Microsoft Certified Systems Engineer. She came into the Microsoft technical field after six years in the adaptive technology field, providing technology and training for persons with disabilities. She is the President and co-owner of Integrator Systems Inc.

Patrick Timmons is Microsoft Certified Trainer and Microsoft Certified Systems Engineer + Internet. He has been working in the IT industry for approximately 15 years, specializing in network engineering. He is currently the CEO of Integrator Systems Inc., a company based in Ottawa, Ontario, Canada.

Patrick and Deborah have four children--Lauren (3), Alexander (7), James (11), and Katherine (12) who take up a lot of their rare spare time.

About the Contributing Author Travis Kelly has worked in computer repair and helpdesk for over 7 years and is currently CIW Certifiable. His computer background is quite varied and he has an intense interest in the current and future state of technology. Travis is working towards his bachelor’s degree in Houston, TX.

About The Book Part of The TotalRecall: IT Question Book Certification Series, this new Self Help and Interactive Exam Study Aid with 30-day voucher for online testing is now available for candidate’s preparing to sit the Microsoft Installing, Configuring, and Administering the Microsoft 2000 Server certification exam 70-215. The book covers the information associated with each of the exam topics in detail and includes information found in no other book. Using the book will help readers determine if they are ready for the Microsoft 70-215 Installing, Configuring, and Administering Microsoft Windows 2000 Server certification exam. This book explains the concepts in a clear and easy-to-understand manner to help you not only pass the exam, but to apply the knowledge later in a real-world situation. Helpful tips and time management techniques will alleviate pre-exam jitters and put you in control.

About Online Testing www.bfqonline.com practice tests include SelfStudy sessions with instant feed back, simulative and adaptive testing with detailed explanations. Register at www.BFQPress.com or send an email Located in the back of the book is a 30-day voucher for online testing.

THIS BOOK IS GUARANTEED: See details at www.TotalRecallPress.com

Table of Contents VII

Table of Contents About the Author ...................................................................................................IV About the Contributing Author...............................................................................IV About The Book .....................................................................................................V About Online Testing..............................................................................................V About 70-215 Certification ..................................................................................VIII Credit Toward Certification .................................................................................VIII Audience Profile ..................................................................................................VIII Skills Being Measured ..........................................................................................IX Basic Server Terminology....................................................................................XII Chapter 1: Installing Windows 2000 Server Chapter 2: Access to Resources

1 83

Chapter 3: Hardware Devices and Drivers

203

Chapter 4: System Performance, Reliability, and Availability

249

Chapter 5: Storage Use

287

Chapter 6: Windows 2000 Network Connections

409

Chapter 7: Security

519

Money Back Book Guarantee

599

70-215 CD-ROM Instructions

600

VIII About 70-215 Certification

About 70-215 Certification Exam 70-215:Installing, Configuring, and Administering Microsoft® Windows® 2000 Server http://www.microsoft.com/traincert/exams/70-215.asp Information you will find in their document will include the following.

Credit Toward Certification When you pass the Installing, Configuring, and Administering Microsoft® Windows® 2000 Server exam, you achieve Microsoft Certified Professional status. You also earn credit toward the following certifications: • Core credit toward Microsoft Certified Systems Engineer on Microsoft Windows 2000 certification • Core credit toward Microsoft Certified Systems Administrator on Microsoft Windows 2000 certification • Core credit toward Microsoft Certified Database Administrator on Microsoft SQL Server 2000 certification

Audience Profile Candidates for this exam operate in medium to very large computing environments that use the Windows 2000 Server operating system. They have a minimum of one year's experience implementing and administering network operating systems in environments that have the following characteristics: • Supported users range from 200-26,000+ • Physical locations range from 5-150+ • Typical network services and applications include file and print, database, messaging, proxy server or firewall, dial-in server, desktop management, and Web hosting. • Connectivity needs include connecting individual offices and users at remote locations to the corporate network and connecting corporate networks to the Internet.

About 70-215 Certification IX

Skills Being Measured This certification exam measures your ability to implement, administer, and troubleshoot information systems that incorporate Microsoft Windows 2000 Server. Before taking the exam, you should be proficient in the job skills listed below.

A. Installing Windows 2000 Server 1. 2.

3.

Perform an attended installation of Windows 2000 Server. Perform an unattended installation of Windows 2000 Server. • Upgrade a server from Microsoft Windows NT® 4.0. • Deploy service packs. Troubleshoot failed installations.

B. Installing, Configuring, and Troubleshooting Access to Resources 1. 2. 3.

4.

Install and configure network services for interoperability. Monitor, configure, troubleshoot, and control access to printers. Monitor, configure, troubleshoot, and control access to files, folders, and shared folders. • Configure, manage, and troubleshoot a stand-alone Distributed file system (Dfs). • Configure, manage, and troubleshoot a domain-based Distributed file system (Dfs). • Monitor, configure, troubleshoot, and control local security on files and folders. • Monitor, configure, troubleshoot, and control access to files and folders in a shared folder. • Monitor, configure, troubleshoot, and control access to files and folders via Web services. Monitor, configure, troubleshoot, and control access to Web sites.

C. Configuring and Troubleshooting Hardware Devices and Drivers 1. 2. 3. 4.

Configure hardware devices. Configure driver-signing options. Update device drivers. Troubleshoot problems with hardware.

X About 70-215 Certification

D. Managing, Monitoring, and Optimizing System Performance, Reliability, and Availability 1. 2. 3. 4. 5.

Monitor and optimize usage of system resources. Manage processes. • Set priorities and start and stop processes. Optimize disk performance. Manage and optimize availability of System State data and user data. Recover System State data and user data. • Recover System State data by using Windows Backup. • Troubleshoot system restoration by starting in safe mode. • Recover System State data by using the Recovery Console.

E. Managing, Configuring, and Troubleshooting Storage Use 1. 2. 3. 4.

Monitor, configure, and troubleshoot disks and volumes. Configure data compression. Monitor and configure disk quotas. Recover from disk failures.

F. Configuring and Troubleshooting Windows 2000 Network Connections 1. 2. 3. 4. 5.

6.

7.

Install, configure, and troubleshoot shared access. Install, configure, and troubleshoot a virtual private network (VPN). Install, configure, and troubleshoot network protocols. Install and configure network services. Configure, monitor, and troubleshoot remote access. • Configure inbound connections. • Create a remote access policy. • Configure a remote access profile. Install, configure, monitor, and troubleshoot Terminal Services. • Remotely administer servers by using Terminal Services. • Configure Terminal Services for application sharing. • Configure applications for use with Terminal Services. Install, configure, and troubleshoot network adapters and drivers.

About 70-215 Certification XI

G. Implementing, Monitoring, and Troubleshooting Security 1. 2.

3. 4. 5. 6.

Encrypt data on a hard disk by using Encrypting File System (EFS). Implement, configure, manage, and troubleshoot policies in a Windows 2000 environment. • Implement, configure, manage, and troubleshoot Local Policy in a Windows 2000 environment. • Implement, configure, manage, and troubleshoot System Policy in a Windows 2000 environment. Implement, configure, manage, and troubleshoot auditing. Implement, configure, manage, and troubleshoot local accounts. Implement, configure, manage, and troubleshoot Account Policy. Implement, configure, manage, and troubleshoot security by using the Security Configuration Tool Set.

XII Basic Server Terminology

Basic Server Terminology There are many different terms and acronyms that you will be learning in this book. It must be assumed that you have a certain amount of networking experience or you may find it necessary to supplement this material with some other books on the subject of networks in general. Before we go very far we will need to define some of the common network terms that we will be using often throughout our text. •

• •

•

• •

•

•

ACPI – Advanced Configuration and Power Interface is an open industry specification that defines a flexible and extensible interface. This allows system designers to select appropriate cost/feature trade-offs for power management. Active Directory Services –is a feature of Windows 2000 server that provides real time address information to uses of the domain Backup Domain Controller (BDC) – a server in the domain that keeps a copy of the master database and security policies and authenticates domain users. If the PDC were to go down, the BDC would take over. BIOS – Basic input/output system -- a set of instructions stored on a ROM chip inside x86 and compatible computers that handles all the I/O functions at the hardware level. Bridging – The connecting of two separate network segments so that packets may be transmitted between them. DACL – Discretionary Access Control List. A feature that is part of an object’s security that denies or grants users and/or groups permission to access the object. Because the object’s owner is the only one who can change the permissions granted or denied in the DACL, access is at the owner’s discretion. Domain – is a collection of resources (typically computers and users) that are under common control. This information is stored in a common database on the Windows 2000 Server. Each domain has a unique name. DNS (Domain Name System) – is the common way of naming computers residing on the Internet. It consists of a database for resolving the names to IP addresses and this database is replicated to other DNS servers residing on the Internet. On Microsoft NT or 2000 Servers, DNS is used to control members of a particular Domain, which may be on the Intranet or Internet.

Basic Server Terminology XIII •

• • • • • •

• •

• • •

• • •

Firewall – A method to keep a network secure. Firewalls are used to control employee’s access to the Internet without breaching internal security, as well as preventing external intrusion into the internal network. GUI – Graphical User Interface – an interface, such as Windows, that provides a graphic, rather than text-based (such as MS-DOS) interface for the user. Hostnames – User-friendly names given to computers in a TCP/IP Network. I/O – input/output Intranet – a private network that uses internet software and internet standards IP address – The numeric identifier that the TCP/IP protocol uses to communicate between devices on a network. LAN – Local Area Network is defined as a group of computers located in a contained geographical area such as an office building or campus that shares services, resources and data. Member Server – a windows NT or 2000 Server that belongs to a domain but does not contain a copy of the Active Directory data MMC – Microsoft Management Console – a framework for hosting administrative consoles. The objects on the tree, including web pages, folders and management tools, define a console. Network – A group of computers connected together for the purpose of sharing resources. NIC – is a Network Interface Controller or adapter. This card is used to interface or connect the computer to the network. Protocols – A set of standards or rules that control data transmission and other interactions between network devices, computers, and operating systems. Protocols define such things as framing, transparency, error control, and the line control. Primary Domain Controller (PDC) – the computer that authenticates domain logins and maintains the security policies and a master database for the domain ROM – Read-only memory Routing – the process of selecting the correct circuit path for messages based on their Network layer address.

14 Basic Server Terminology •

• •

• •

SID – Security Identifier – A unique identifier that represents the entity that exists in a Windows 2000 environment. A SID can represent a user, a computer, or a group of users. Stand-alone Server –A Windows NT or 2000 Server that belongs to a workgroup rather than a domain. Switching – The connecting of multiple network segments so that packets may be transmitted between any two segments at a particular time. Usually implemented by the segmenting of a network rather than the joining of networks. Trusted User – A user who either has an account in the domain or whose account belongs in a trusted domain. WAN – Wide Area Network, defined as a group of computers on LANs that are located in different geographical areas and connected for the purpose of sharing services, resources and data. Usually these utilize remote connectivity methods such as Frame Relay, T1, ATM, ISDN, or leased lines.

Chapter 1

The objective of this chapter is to provide the reader with an understanding of the following: 1.

Perform an attended installation of Windows 2000 Server.

2.

Perform an unattended installation of Windows 2000 Server.

3.

Create unattended answer files by using Setup Manager to automate the installation of Windows 2000 Server.

4.

Create and configure automated methods for installation of Windows 2000.

5.

Upgrade a server from Microsoft Windows NT® 4.0.

6.

Deploy service packs.

7.

Troubleshoot failed installations.

Installing Windows 2000 Server 1

Chapter 1: Installing Windows 2000 Server 1. You are upgrading a Windows NT Server 4.0 computer to Windows 2000 Server. It is a member server in a Windows 2000 domain named sales.bfq.local. The domain runs in native mode. You now want to change the role of the upgraded server from a member server to a domain controller. How should you do this?

A. Upgrade the server to Windows 2000 Server. B. Run the Active Directory Installation Wizard to make the server a domain controller in the sales.bfq.local domain. C. Choose the option during installation to install a domain controller. D. You cannot upgrade the server to Windows 2000. E. This server will not run in native mode.

2. You are installing Windows 2000 Server on a new computer that is connected to a network that contains Windows 98 computers and Windows 2000 Server computers. You want to install Windows 2000 Server from source files located on a server on the network. What is the best way to do this?

A. Start the new computer by using a Windows 98 network boot disk. B. Connect to the network server. C. Run WINNT.EXE. D. Run WINNT32.EXE. E. Start the new computer by using a Windows 2000 boot disk.

2 Chapter 1 1. You are upgrading a Windows NT Server 4.0 computer to Windows 2000 Server. It is a member server in a Windows 2000 domain named sales.bfq.local. The domain runs in native mode. You now want to change the role of the upgraded server from a member server to a domain controller. How should you do this? *A. Upgrade the server to Windows 2000 Server. *B. Run the Active Directory Installation Wizard to make the server a domain controller in the sales.bfq.local domain. C. Choose the option during installation to install a domain controller. D. You cannot upgrade the server to Windows 2000. E. This server will not run in native mode. Explanation: You must first upgrade the machine to Windows 2000 Server. Making the server a domain controller is then accomplished through running the Active Directory Installation Wizard.

2. You are installing Windows 2000 Server on a new computer that is connected to a network that contains Windows 98 computers and Windows 2000 Server computers. You want to install Windows 2000 Server from source files located on a server on the network. What is the best way to do this? *A. Start the new computer by using a Windows 98 network boot disk. *B. Connect to the network server. *C. Run WINNT.EXE. D. Run WINNT32.EXE. E. Start the new computer by using a Windows 2000 boot disk. Explanation: WINNT.EXE should be used because the installation is being started from DOS.

Installing Windows 2000 Server 3 3. How can you install a customized HAL designed for a computer on which you are installing Windows 2000 Server?

A. During the hardware confirmation portion of Windows 2000 Setup, install the customized HAL. B. After the Windows 2000 Server installation completes, install the customized HAL through the System Control Panel. C. After the Windows 2000 Server installation completes, install the customized HAL through the Add/Remove Hardware Control Panel. D. After the Windows 2000 Server installation completes, install the customized HAL through the Add/Remove Programs Control Panel. E. Before Windows 2000 Setup, copy the customized HAL to the partition, which will contain Windows 2000.

4. You are installing Windows 2000 Server on ten new computers. These computers will provide file and print services to branch offices. You want to install, configure and test Windows 2000 Server on the branch offices' computers before shipping them to the branch offices. The users of the branch offices should enter the computer names and serial numbers when they receive the computers. What is the best way to do this?

A. Install Windows 2000 Server on the computers. Use Setup Manager to create a SYSPREP.INF file for SYSPREP.EXE. B. Place the SYSPREP.INF file on the computers and run the 'sysprep -nosidgen' command. C. Install Windows 2000 Server on the computers. Use Setup Manager to create a SYSPREP.DAT file for SYSPREP.EXE. D. Place the SYSPREP.INF file on the computers and run the 'sysprep -noreg' command. E. This cannot be done. The computers must have the serial numbers and computer names entered first.

4 Chapter 1 3. How can you install a customized HAL designed for a computer on which you are installing Windows 2000 Server? *A. During the hardware confirmation portion of Windows 2000 Setup, install the customized HAL. B. After the Windows 2000 Server installation completes, install the customized HAL through the System Control Panel. C. After the Windows 2000 Server installation completes, install the customized HAL through the Add/Remove Hardware Control Panel. D. After the Windows 2000 Server installation completes, install the customized HAL through the Add/Remove Programs Control Panel. E. Before Windows 2000 Setup, copy the customized HAL to the partition, which will contain Windows 2000. Explanation: The HAL should be specified during the hardware confirmation portion of setup.

4. You are installing Windows 2000 Server on ten new computers. These computers will provide file and print services to branch offices. You want to install, configure and test Windows 2000 Server on the branch offices' computers before shipping them to the branch offices. The users of the branch offices should enter the computer names and serial numbers when they receive the computers. What is the best way to do this? *A. Install Windows 2000 Server on the computers. Use Setup Manager to create a SYSPREP.INF file for SYSPREP.EXE. *B. Place the SYSPREP.INF file on the computers and run the 'sysprep -nosidgen' command. C. Install Windows 2000 Server on the computers. Use Setup Manager to create a SYSPREP.DAT file for SYSPREP.EXE. D. Place the SYSPREP.INF file on the computers and run the 'sysprep -noreg' command. E. This cannot be done. The computers must have the serial numbers and computer names entered first. Explanation: A SYSPREP.INF file will specify setup options to be used in a Windows 2000 Installation.

Installing Windows 2000 Server 5 5. You are planning to install a Windows 2000 Server computer that has a disk controller that is not included in the HCL. You start the computer using the Windows 2000 Server CD-ROM. At the end of the text mode on the restart of the computer, you receive "Inaccessible_Boot_Device". What is the best way to do this?

A. Restart Windows 2000 Setup by using the Windows 2000 Server CD-ROM. B. Install a driver for the SCSI controller from a floppy disk. C. Use the Add/Remove Hardware control panel. D. Use the system applet in control panel. E. Use the recovery console.

6. Each of your company's offices has a network of 5 - 20 computers. Employees have a limited knowledge of Windows 2000. You want to install 50 identical computers with Windows 2000 Server in these offices. You create a Setup Information File that specifies the company's standard configuration. Using the least possible amount of time, how should you automate the installation process?

A. Create a floppy disk that contains only the SIF file. B. Instruct an employee at each office to start the installation by using the Windows 2000 Server CD-ROM, with the floppy disk inserted. C. Create a floppy disk that contains only the DAT file. D. Instruct an employee at each office to copy the file from the floppy to the hard drive, then to start the installation by using the Windows 2000 Server CD-ROM. E. Create step-by-step instructions for each user to configure their server.

6 Chapter 1 5. You are planning to install a Windows 2000 Server computer that has a disk controller that is not included in the HCL. You start the computer using the Windows 2000 Server CD-ROM. At the end of the text mode on the restart of the computer, you receive "Inaccessible_Boot_Device". What is the best way to do this? *A. Restart Windows 2000 Setup by using the Windows 2000 Server CD-ROM. *B. Install a driver for the SCSI controller from a floppy disk. C. Use the Add/Remove Hardware control panel. D. Use the system applet in control panel. E. Use the recovery console. Explanation: The SCSI controller should be installed during setup by pressing F6 when prompted.

6. Each of your company's offices has a network of 5 - 20 computers. Employees have a limited knowledge of Windows 2000. You want to install 50 identical computers with Windows 2000 Server in these offices. You create a Setup Information File that specifies the company's standard configuration. Using the least possible amount of time, how should you automate the installation process? *A. Create a floppy disk that contains only the SIF file. *B. Instruct an employee at each office to start the installation by using the Windows 2000 Server CD-ROM, with the floppy disk inserted. C. Create a floppy disk that contains only the DAT file. D. Instruct an employee at each office to copy the file from the floppy to the hard drive, then to start the installation by using the Windows 2000 Server CD-ROM. E. Create step-by-step instructions for each user to configure their server. Explanation: Windows 2000 setup will look for a SIF file on the floppy, and automate the installation accordingly.

Installing Windows 2000 Server 7 7. Your network consists of Windows NT Server computers, Windows NT Workstation computers, and UNIX computers in a single Windows NT domain. You are upgrading a Windows NT Server to Windows 2000 Server. It is currently a BDC. The existing DNS server is a UNIX computer that supports SRV (service) records and accepts dynamic updates. Another Windows NT Server serves as a WINS server. You want on configuring the upgraded server as a domain controller in a new Active Directory forest, with the Windows NT domain accounts upgraded to Active Directory. Other domain controllers will be upgraded after this initial server upgrade. What is the best way to do this?

A. Promote the server to the PDC of the domain. B. Run Windows 2000 Setup on the server. C. Install a new PDC for the domain. D. Remove the UNIX computer. E. Remove the WINS Server.

8. You are installing Windows 2000 Server on a multiprocessor computer. How can you install a customized HAL designed for a computer on which you are installing Windows 2000 Server?

A. During the text mode portion of Windows 2000 Setup, install the customized HAL. B. After Windows 2000 Setup completes, use the system applet in control panel to install the customized HAL. C. Install the HAL before running Windows 2000 Setup. D. During the GUI mode portion of Windows 2000 Setup, install the customized HAL. E. During the Windows 2000 boot process, install the customized HAL.

8 Chapter 1 7. Your network consists of Windows NT Server computers, Windows NT Workstation computers, and UNIX computers in a single Windows NT domain. You are upgrading a Windows NT Server to Windows 2000 Server. It is currently a BDC. The existing DNS server is a UNIX computer that supports SRV (service) records and accepts dynamic updates. Another Windows NT Server serves as a WINS server. You want on configuring the upgraded server as a domain controller in a new Active Directory forest, with the Windows NT domain accounts upgraded to Active Directory. Other domain controllers will be upgraded after this initial server upgrade. What is the best way to do this? *A. Promote the server to the PDC of the domain. *B. Run Windows 2000 Setup on the server. C. Install a new PDC for the domain. D. Remove the UNIX computer. E. Remove the WINS Server. Explanation: The server should be promoted to PDC before running Windows 2000 Setup on it.

8. You are installing Windows 2000 Server on a multiprocessor computer. How can you install a customized HAL designed for a computer on which you are installing Windows 2000 Server? *A. During the text mode portion of Windows 2000 Setup, install the customized HAL. B. After Windows 2000 Setup completes, use the system applet in control panel to install the customized HAL. C. Install the HAL before running Windows 2000 Setup. D. During the GUI mode portion of Windows 2000 Setup, install the customized HAL. E. During the Windows 2000 boot process, install the customized HAL. Explanation: The customized HAL should be installed during Windows 2000 setup.

Installing Windows 2000 Server 9 9. You use Setup Manager to create an answer file for an unattended installation of Windows 2000 Server. Which components can you specify using Setup Manager?

A. Create Txtsetup.oem files B. Configure network settings C. Create a subfolder in the distribution folder D. Configure the installation to install IIS E. Define user name options such as creating a Uniqueness Database File to access a file of valid computer names

10. Your company is adding 75 Windows 2000 servers to your network. The servers are Pentium II 400 MHz with 514 MB of RAM and five 30-GB SCSI hard drives. They have 100-Mbps Ethernet cards and writeable CD-ROM drives. You are in charge of deploying Windows 2000 Server on these computers. After formatting a partition and establishing network connectivity, you must install the software via an unattended installation. You must specify a Uniqueness Database File (UDF) and an answer file. How can you configure the answer file?

A. Use Notepad to create the answer file unattend.txt B. Use notepad to create the answer file unattend.msi C. Use Setup Manager to create the answer file unattend.msi D. Use Setup Manager to create the answer file unattend.txt E. Use Notepad to create the answer file unattend.una

10 Chapter 1 9. You use Setup Manager to create an answer file for an unattended installation of Windows 2000 Server. Which components can you specify using Setup Manager? A. Create Txtsetup.oem files *B. Configure network settings C. Create a subfolder in the distribution folder D. Configure the installation to install IIS E. Define user name options such as creating a Uniqueness Database File to access a file of valid computer names Explanation: The network settings are the only choice from the selection that can be specified in Setup Manager.

10. Your company is adding 75 Windows 2000 servers to your network. The servers are Pentium II 400 MHz with 514 MB of RAM and five 30-GB SCSI hard drives. They have 100-Mbps Ethernet cards and writeable CD-ROM drives. You are in charge of deploying Windows 2000 Server on these computers. After formatting a partition and establishing network connectivity, you must install the software via an unattended installation. You must specify a Uniqueness Database File (UDF) and an answer file. How can you configure the answer file? *A. Use Notepad to create the answer file unattend.txt B. Use notepad to create the answer file unattend.msi C. Use Setup Manager to create the answer file unattend.msi *D. Use Setup Manager to create the answer file unattend.txt E. Use Notepad to create the answer file unattend.una Explanation: The unattend.txt file can be created through Setup Manager or manually through a text editor.

Installing Windows 2000 Server 11 11. You are in charge of upgrading 100 Windows NT 4.0 servers to Windows 2000 servers by implementing an unattended installation that meets the following requirements:

You must upgrade the existing software from Windows NT 4.0 to Windows 2000 Server. You must copy the source files to the computer's F: drive. You must specify the location for the L: drive as the drive for the network share since it contains the \I386 directory. You must specify a reboot 15 seconds after copying files to continue setup. You must specify the L: drive as the location for the unattend.txt file.

You take the following action: On the Run line, you type: Winnt32.exe /s:L:\I386 /unattend 15:L:\unattend.txt /tempdrive:F.

Which requirements does the command meet?

A. The command copies the source files to the computer's F: drive B. The command specifies the L: drive as the location for the unattend.txt file C. The command specifies a reboot 15 seconds after copying files to continue setup D. The command successfully upgrades the existing software from Windows NT 4.0 to Windows 2000 Server E. The command specifies the location for the L: drive as the drive for the network share since it contains the \I386 directory

12 Chapter 1 11. You are in charge of upgrading 100 Windows NT 4.0 servers to Windows 2000 servers by implementing an unattended installation that meets the following requirements:

You must upgrade the existing software from Windows NT 4.0 to Windows 2000 Server. You must copy the source files to the computer's F: drive. You must specify the location for the L: drive as the drive for the network share since it contains the \I386 directory. You must specify a reboot 15 seconds after copying files to continue setup. You must specify the L: drive as the location for the unattend.txt file.

You take the following action: On the Run line, you type: Winnt32.exe /s:L:\I386 /unattend 15:L:\unattend.txt /tempdrive:F.

Which requirements does the command meet? *A. The command copies the source files to the computer's F: drive *B. The command specifies the L: drive as the location for the unattend.txt file *C. The command specifies a reboot 15 seconds after copying files to continue setup *D. The command successfully upgrades the existing software from Windows NT 4.0 to Windows 2000 Server *E. The command specifies the location for the L: drive as the drive for the network share since it contains the \I386 directory Explanation: The command given meets all of the requirements.

Installing Windows 2000 Server 13 12. As the network administrator, you must upgrade 2 Windows NT 4.0 PDC's and 2 Windows NT 4.0 BDC's to the Windows 2000 Server operating system. The current servers have Windows NT 4.0 RAID level 1 implementations. You must meet the following requirements during the upgrade process: You must install the new operating system and implement a RAID level 1 configuration under Windows 2000. You must upgrade to Windows 2000 using the company network. You must upgrade a Windows NT 4.0 Workstation computer to Windows 2000 Server. You must provide support on all servers so all distributed applications can use the HTTP protocol to communicate through Internet Information Services (IIS). You take the following actions: On the Windows NT 4.0 Server computers and the Windows NT 4.0 Workstation computers, you upgrade the servers by connecting to the network shared CD-ROM drive g:\i386\winnt32.exe. On the Windows 2000 servers, you install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy Internet Information Services (IIS). Which requirements do the actions meet?

A. The upgrade will take place using the company network B. The Windows NT 4.0 Workstation computer will be upgraded to Windows 2000 Server C. The RAID level 1 configuration will be in place in the Windows 2000 operating system D. Support is provided on all servers so all distributed applications can use the HTTP protocol to communicate through IIS E. The upgrade will take place using the Internet.

14 Chapter 1 12. As the network administrator, you must upgrade 2 Windows NT 4.0 PDC's and 2 Windows NT 4.0 BDC's to the Windows 2000 Server operating system. The current servers have Windows NT 4.0 RAID level 1 implementations. You must meet the following requirements during the upgrade process: You must install the new operating system and implement a RAID level 1 configuration under Windows 2000. You must upgrade to Windows 2000 using the company network. You must upgrade a Windows NT 4.0 Workstation computer to Windows 2000 Server. You must provide support on all servers so all distributed applications can use the HTTP protocol to communicate through Internet Information Services (IIS). You take the following actions: On the Windows NT 4.0 Server computers and the Windows NT 4.0 Workstation computers, you upgrade the servers by connecting to the network shared CD-ROM drive g:\i386\winnt32.exe. On the Windows 2000 servers, you install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy Internet Information Services (IIS). Which requirements do the actions meet? *A. The upgrade will take place using the company network B. The Windows NT 4.0 Workstation computer will be upgraded to Windows 2000 Server *C. The RAID level 1 configuration will be in place in the Windows 2000 operating system *D. Support is provided on all servers so all distributed applications can use the HTTP protocol to communicate through IIS E. The upgrade will take place using the Internet. Explanation: The upgrade will NOT take place using the Internet, nor will the Windows NT 4.0 Workstation be upgraded.

Installing Windows 2000 Server 15 13. As the network administrator, you must upgrade 3 Windows 98 computers to the Windows 2000 Server operating system. The Windows 98 computers are Pentium III 550 MHz computers with 256 MB of RAM, but they do not have a CD-ROM in them. You must perform an over-the-network install of the operating system. How can you perform this function?

A. Share the installation folder. Boot the computers with an MS-DOS network boot disk. B. Share the installation folder. Boot the computers with a Windows 98 network boot disk. C. Share the installation folder. Upgrade the new operating system using the Winnt.exe command. D. Share the installation folder. Migrate to the new operating system using the Winnt32.exe command from the Run line of Windows 98 E. Delete Windows 98.

14. You are the administrator for a Windows 2000 network. The network uses Terminal Services. You have decided to deploy applications to the client computers from the domain controller. You have discovered that the original application installation package did not install all of the necessary components to the local disk. What do you need to use in deploying the application from the domain controller?

A. target file B. transform file C. installation file D. initialization file E. batch file

16 Chapter 1 13. As the network administrator, you must upgrade 3 Windows 98 computers to the Windows 2000 Server operating system. The Windows 98 computers are Pentium III 550 MHz computers with 256 MB of RAM, but they do not have a CD-ROM in them. You must perform an over-the-network install of the operating system. How can you perform this function? A. Share the installation folder. Boot the computers with an MS-DOS network boot disk. B. Share the installation folder. Boot the computers with a Windows 98 network boot disk. C. Share the installation folder. Upgrade the new operating system using the Winnt.exe command. *D. Share the installation folder. Migrate to the new operating system using the Winnt32.exe command from the Run line of Windows 98 E. Delete Windows 98. Explanation: You can run the 32-Bit Installer from inside of Windows 98, reading the installer files from a regular network share.

14. You are the administrator for a Windows 2000 network. The network uses Terminal Services. You have decided to deploy applications to the client computers from the domain controller. You have discovered that the original application installation package did not install all of the necessary components to the local disk. What do you need to use in deploying the application from the domain controller? A. target file *B. transform file C. installation file D. initialization file E. batch file Explanation: A transform file is used to modify installations.

Installing Windows 2000 Server 17 15. After installing Windows 2000 Server, the server fails to start and you receive a blue screen error. How can you resolve this error?

A. Increase the amount of memory in the server B. Verify all hardware is properly detected an on the HCL C. Create enough free space for the Windows 2000 Server installation on the target partition D. Replace the CD-ROM drive with one that is on the Windows 2000 Hardware Compatibility List E. Replace your memory.

16. You want to perform an installation of Windows 2000 Server on three new computers. You must meet the following requirements: The installation must be performed over the network. The users must not be able to change any installation options. The users must be able to use the Recovery Console after installation. You must specify an optional folder named INSTALL to be installed and not removed with the temporary files after the installation. You take the following action: On the Run line, you type: Winnt32.exe /s:L:\I386 /u:\unattend.txt /r:INSTALL. Which requirement does the command meet?

A. The installation is performed over the network B. The actions do not meet any of the requirements C. The users cannot change any installation options D. The users can use the Recovery Console after installation E. The optional folder named INSTALL is installed and not removed with the temporary files after the installation

18 Chapter 1 15. After installing Windows 2000 Server, the server fails to start and you receive a blue screen error. How can you resolve this error? A. Increase the amount of memory in the server *B. Verify all hardware is properly detected an on the HCL C. Create enough free space for the Windows 2000 Server installation on the target partition D. Replace the CD-ROM drive with one that is on the Windows 2000 Hardware Compatibility List E. Replace your memory. Explanation: Improperly configured hardware will produce a blue screen.

16. You want to perform an installation of Windows 2000 Server on three new computers. You must meet the following requirements: The installation must be performed over the network. The users must not be able to change any installation options. The users must be able to use the Recovery Console after installation. You must specify an optional folder named INSTALL to be installed and not removed with the temporary files after the installation. You take the following action: On the Run line, you type: Winnt32.exe /s:L:\I386 /u:\unattend.txt /r:INSTALL. Which requirement does the command meet? A. The installation is performed over the network *B. The actions do not meet any of the requirements C. The users cannot change any installation options D. The users can use the Recovery Console after installation E. The optional folder named INSTALL is installed and not removed with the temporary files after the installation Explanation: The command line given is incorrect for the required options.

Installing Windows 2000 Server 19 17. As the network administrator, you must upgrade 3 Windows 3.1 workstations to the Windows 2000 Server operating system. The workstations meet the minimum hardware requirement for installing Windows 2000 Server, but they do not have a CD-ROM in them. You must perform an over-the-network install of the operating system. You must also partition the hard drive in the computer so it is 2 GB and not the existing 1 GB. How can you perform this function?

A. Boot the computers with a Windows 95 boot disk B. Boot the computers with an MS-DOS network boot disk C. Install the new OS using the Winnt.exe command D. Fdisk the drive, delete the partition, and create a new 2 GB primary partition E. Fdisk the drive, delete the partition, create a new 2 GB primary partition and format the new partition

18. You attempt to install Windows 2000 server on a Pentium III 550 MHz computer with a bootable CD-ROM and a bootable CD-RW drive and you receive a media error. You have received this error on the bootable CD-ROM drive on three attempts. You then change the CMOS settings so the CD-RW drive is the first place the computer looks for initialization files. However, you also receive a media error when attempting to install Windows 2000 on the computer. Both drives are on the Hardware Compatibility List (HCL) for Windows 2000. How should you proceed?

A. Verify all hardware is properly detected and on the HCL B. Verify the proper domain name is used during the installation C. Contact Microsoft and request a Windows 2000 server replacement CD D. Ensure the target partition has sufficient free space for the Windows 2000 server installation E. Replace the CD-ROM drive and reset the CMOS to search it first for initialization files during the system boot process

20 Chapter 1 17. As the network administrator, you must upgrade 3 Windows 3.1 workstations to the Windows 2000 Server operating system. The workstations meet the minimum hardware requirement for installing Windows 2000 Server, but they do not have a CD-ROM in them. You must perform an over-the-network install of the operating system. You must also partition the hard drive in the computer so it is 2 GB and not the existing 1 GB. How can you perform this function? A. Boot the computers with a Windows 95 boot disk *B. Boot the computers with an MS-DOS network boot disk *C. Install the new OS using the Winnt.exe command D. Fdisk the drive, delete the partition, and create a new 2 GB primary partition *E. Fdisk the drive, delete the partition, create a new 2 GB primary partition and format the new partition Explanation: Fdisk is used to delete and create partitions. Partitions must then be formatted.

18. You attempt to install Windows 2000 server on a Pentium III 550 MHz computer with a bootable CD-ROM and a bootable CD-RW drive and you receive a media error. You have received this error on the bootable CD-ROM drive on three attempts. You then change the CMOS settings so the CD-RW drive is the first place the computer looks for initialization files. However, you also receive a media error when attempting to install Windows 2000 on the computer. Both drives are on the Hardware Compatibility List (HCL) for Windows 2000. How should you proceed? A. Verify all hardware is properly detected and on the HCL B. Verify the proper domain name is used during the installation *C. Contact Microsoft and request a Windows 2000 server replacement CD D. Ensure the target partition has sufficient free space for the Windows 2000 server installation E. Replace the CD-ROM drive and reset the CMOS to search it first for initialization files during the system boot process Explanation: The CD is damaged or defective.

Installing Windows 2000 Server 21 19. During installing Windows 2000 Server, you receive an insufficient disk space error. There is a small amount of data on this disk that must not be erased, and the server's hardware must not be modified. How can you resolve this error?

A. Format the partition B. Install another hard drive C. Verify all hardware is properly detected and on the Hardware Compatibility List D. Create enough free space for the Windows 2000 Server installation on the target partition E. Add more memory

20. Which of the following operating systems cannot be directly upgraded to Windows 2000 Server?

A. Windows NT 3.51 Server B. Windows NT 4.0 Server C. Windows NT 3.5 Server D. Novell 4.12 Server

22 Chapter 1 19. During installing Windows 2000 Server, you receive an insufficient disk space error. There is a small amount of data on this disk that must not be erased, and the server's hardware must not be modified. How can you resolve this error? A. Format the partition B. Install another hard drive C. Verify all hardware is properly detected and on the Hardware Compatibility List *D. Create enough free space for the Windows 2000 Server installation on the target partition E. Add more memory Explanation: Windows 2000 must have enough free space for the installation to complete.

20. Which of the following operating systems cannot be directly upgraded to Windows 2000 Server? A. Windows NT 3.51 Server B. Windows NT 4.0 Server *C. Windows NT 3.5 Server *D. Novell 4.12 Server Explanation: Any Microsoft server operating system prior to Windows NT 3.51, as well as Novell, Banyan Vines, UNIX and OS/2, cannot be directly upgraded. Reference: Microsoft Technet May 2000 - Automating Server Installation and Upgrade.

Installing Windows 2000 Server 23 21. Which version of Windows 2000 includes Windows Clustering and load balancing?

A. Windows 2000 Professional B. Windows 2000 Server C. Windows 2000 Advanced Server D. Windows 2000 Datacenter Server

22. Windows 2000 Datacenter Server supports multiple processors. Up to how many processors will it support?

A. 2 Processors B. 4 Processors C. 8 Processors D. 16 Processors E. 32 Processors

24 Chapter 1 21. Which version of Windows 2000 includes Windows Clustering and load balancing? A. Windows 2000 Professional B. Windows 2000 Server *C. Windows 2000 Advanced Server *D. Windows 2000 Datacenter Server Explanation: Windows 2000 Advanced Server, designed for use in a large enterprise network, contains all the features available in Windows 2000 Server, in addition to Windows Clustering and load balancing. Windows 2000 Datacenter Server also includes these features. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum

22. Windows 2000 Datacenter Server supports multiple processors. Up to how many processors will it support? A. 2 Processors B. 4 Processors C. 8 Processors D. 16 Processors *E. 32 Processors Explanation: Windows 2000 Datacenter will support up to 32 processors. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Note: Courseware incorrectly specifies a maximum of 16 processors for Datacenter server. Datacenter server actually supports up to 32 processors. Reference: Microsoft Windows 2000 product information Web site (www.microsoft.com/windows2000). Exam Category: Installing Windows 2000 Server

Installing Windows 2000 Server 25 23. To create the setup disks for installing Windows 2000, which command is used?

A. Winnt /b B. Winnt32 /b C. Makeboot D. Sys /a: E. Setup /b

24. When installing Windows 2000 Advanced Server, which of the following are optional components that can be chosen during the installation process?

A. Certificate Services B. IIS C. Remote Storage D. Terminal Services E. Script Debugger

26 Chapter 1 23. To create the setup disks for installing Windows 2000, which command is used? A. Winnt /b B. Winnt32 /b *C. Makeboot D. Sys /a: E. Setup /b Explanation: To make the setup disks, run the "makeboot.exe" program from another computer running Windows 2000. It is also located on the Makeboot folder on the Windows 2000 compact disk. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing Windows 2000 Server

24. When installing Windows 2000 Advanced Server, which of the following are optional components that can be chosen during the installation process? *A. Certificate Services *B. IIS *C. Remote Storage *D. Terminal Services *E. Script Debugger Explanation: All of these components can be chosen during the installation process. Others include Script Debugger, Indexing Services, Message Queuing and more. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing Windows 2000 Server

Installing Windows 2000 Server 27 25. You need to repair a Windows 2000 installation. Which processes can you use to do this?

A. Emergency Repair Process B. Recovery Console C. Emergency Console D. Repair and Replace Process

26. Which of the following tasks can you do using Recovery Console?

A. Start and stop services B. Read and write data on a local drive formatted FAT only C. Read and write data on a local drive formatted NTFS, FAT32 or FAT D. Format hard disks E. Read and write data on a local drive formatted DOS only

28 Chapter 1 25. You need to repair a Windows 2000 installation. Which processes can you use to do this? *A. Emergency Repair Process *B. Recovery Console C. Emergency Console D. Repair and Replace Process Explanation: Windows 2000 provides two methods to repair a damaged installation - the Emergency Repair Process and the Recovery Console. Reference: Microsoft Technet - May 2000; Windows 2000 Server Resource Kit. Exam Category: Managing, Monitoring, and Optimizing System Performance, Reliability and Availability.

26. Which of the following tasks can you do using Recovery Console? *A. Start and stop services B. Read and write data on a local drive formatted FAT only *C. Read and write data on a local drive formatted NTFS, FAT32 or FAT *D. Format hard disks E. Read and write data on a local drive formatted DOS only Explanation: You can start and stop services, read and write data on a local drive formatted NTFS, FAT and FAT32, format hard disks and display hidden system files using the Recovery Console. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Managing, Monitoring, and Optimizing System Performance, Reliability and Availability.

Installing Windows 2000 Server 29 27. Which of the following is NOT a command you can use with Recovery Console?

A. Copy B. Disable C. Fixmbr D. Edit

28. Which of the following advanced startup options will not work on a Windows 2000 Domain Controller?

A. Restore Mode B. Enable Boot Logging C. Safe Mode with Networking D. Debugging Mode

30 Chapter 1 27. Which of the following is NOT a command you can use with Recovery Console? A. Copy B. Disable C. Fixmbr *D. Edit Explanation: Edit is not a command you can use with Recovery Console. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Managing, Monitoring, and Optimizing System Performance, Reliability and Availability.

28. Which of the following advanced startup options will not work on a Windows 2000 Domain Controller? A. Restore Mode B. Enable Boot Logging *C. Safe Mode with Networking D. Debugging Mode Explanation: Safe Mode and Safe Mode with Networking will not work on a Windows 2000 Domain Controller. They will not start the Netlogon service, and you will be unable to log onto the system. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Managing, Monitoring, and Optimizing System Performance, Reliability and Availability.

Installing Windows 2000 Server 31 29. Windows 2000 introduces a new Windows installer package. This package is called:

A. Setup.exe B. .msi C. .ins D. .win

30. How do you add the Recovery Console to existing installations of Windows 2000?

A. Control Panel, Add/Remove Programs B. Control Panel, Administrative Tools C. Start, Run x:I386\Winnt32.exe /cmdcons D. Command Prompt, reccons -x

32 Chapter 1 29. Windows 2000 introduces a new Windows installer package. This package is called: A. Setup.exe *B. .msi C. .ins D. .win Explanation: Windows Installer introduces a new installer package that replaces the setup.exe file with a file called .msi. Reference: Implementing Microsoft Windows 2000 Professional and Server. Exam Category: Installing, Configuring and Troubleshooting Access to Resources

30. How do you add the Recovery Console to existing installations of Windows 2000? A. Control Panel, Add/Remove Programs B. Control Panel, Administrative Tools *C. Start, Run x:I386\Winnt32.exe /cmdcons D. Command Prompt, reccons -x Explanation: To add the Recovery Console to existing installations of Windows 2000, on the Start menu, click Run, and then type: x:\I386\Winnt32.exe /cmdcons where x is the CD-ROM drive letter. The switch " /cmdcons " specifies that the recovery console is to be installed on the computer, and added as an option to the start menu. This installation requires approximately 7 megabytes (MB) of disk space on your system partition. Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Monitoring and Optimizing System Performance, Reliability and Availability

Installing Windows 2000 Server 33 31. You wish to install Recovery Console on a computer that has a mirrored volume. How do you do this?

A. Using Control Panel, Add/Remove Programs, add Recovery Console to the first part of the mirror. The information will be copied to the mirror. B. Using Control Panel, Add/Remove Programs, add Recovery Console to both partitions where the mirror exists. C. Break the mirror, then install the Recovery Console using x:\I386\winnt32.exe /cmdcons. After the Recovery Console is installed, you can re-establish the mirrored volume. D. Do it as part of the pre-installation package.

32. To use the Recovery Console, you must know the password for the local Administrator account, for which you will be prompted on execution. Once the logon has been verified, what do you have access to on the hard disk?

A. All files and folders that the local administrator would have access to. B. The entire system, registry, administrative settings and disk information. C. %SystemRoot%, %Windir%, %SystemRoot%\Cmdcons and its subfolders. D. %SystemRoot%\Cmdcons and its subfolders.

34 Chapter 1 31. You wish to install Recovery Console on a computer that has a mirrored volume. How do you do this? A. Using Control Panel, Add/Remove Programs, add Recovery Console to the first part of the mirror. The information will be copied to the mirror. B. Using Control Panel, Add/Remove Programs, add Recovery Console to both partitions where the mirror exists. *C. Break the mirror, then install the Recovery Console using x:\I386\winnt32.exe /cmdcons. After the Recovery Console is installed, you can re-establish the mirrored volume. D. Do it as part of the pre-installation package. Explanation: You cannot preinstall Recovery Console on a mirrored volume. First you must break the mirror, install Recovery Console and then re-establish the mirrored volume. Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Monitoring and Optimizing System Performance, Reliability and Availability

32. To use the Recovery Console, you must know the password for the local Administrator account, for which you will be prompted on execution. Once the logon has been verified, what do you have access to on the hard disk? A. All files and folders that the local administrator would have access to. B. The entire system, registry, administrative settings and disk information. *C. %SystemRoot%, %Windir%, %SystemRoot%\Cmdcons and its subfolders. D. %SystemRoot%\Cmdcons and its subfolders. Explanation: You will have full access to the Recovery Console, but limited access to the hard disk. You can only access the following folders on your computer: %SystemRoot%. (The partition that contains Boot.ini and other Windows files required to start the system) %Windir% and subfolders of the Windows 2000 installation that you are currently logged on to. %SystemRoot%\Cmdcons and its subfolders. Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Monitoring and Optimizing System Performance, Reliability and Availability

Installing Windows 2000 Server 35 33. Your Windows 2000 domain is operating in mixed mode because you still have some Windows NT 4.0 domains on the network. Explicit one-way trusts have been formed between where the Windows NT 4.0 domains trust the Windows 2000 domains. There are three different subnets between 192.168.5.0, 192.168.6.0, and 192.168.7.0 all using 24-bit subnet masks. A Cisco router connects the three networks and has interfaces of 192.168.5.1, 192.168.6.1, and 192.168.7.1. The Windows 2000 domain controllers occupy the 192.168.5.0 and 192.168.6.0 networks using valid IP ranges within those networks. The Windows NT 4.0 domains are using valid IP addresses within the 192.168.7.0 network - all hosts on that network are using a default gateway of 192.168.7.1. You are trying to share some resources from a Windows 2000 Member Server that is part of domain5.local domain. The Windows 2000 Server's IP address is 192.168.5.27. The network administrator that is trying to grant access to the Windows NT 4.0 clients says she is unable to find the appropriate accounts. What is the problem?

A. the Windows 2000 domain must be configured to trust the Windows NT 4.0 domain B. the Windows NT clients are using the wrong default gateway C. trusts cannot be utilized between Windows 2000 and Windows NT D. trusts cannot traverse different subnets E. the Windows 2000 Server is using an incorrect IP address

36 Chapter 1 33. Your Windows 2000 domain is operating in mixed mode because you still have some Windows NT 4.0 domains on the network. Explicit one-way trusts have been formed between where the Windows NT 4.0 domains trust the Windows 2000 domains. There are three different subnets between 192.168.5.0, 192.168.6.0, and 192.168.7.0 all using 24-bit subnet masks. A Cisco router connects the three networks and has interfaces of 192.168.5.1, 192.168.6.1, and 192.168.7.1. The Windows 2000 domain controllers occupy the 192.168.5.0 and 192.168.6.0 networks using valid IP ranges within those networks. The Windows NT 4.0 domains are using valid IP addresses within the 192.168.7.0 network - all hosts on that network are using a default gateway of 192.168.7.1. You are trying to share some resources from a Windows 2000 Member Server that is part of domain5.local domain. The Windows 2000 Server's IP address is 192.168.5.27. The network administrator that is trying to grant access to the Windows NT 4.0 clients says she is unable to find the appropriate accounts. What is the problem? *A. the Windows 2000 domain must be configured to trust the Windows NT 4.0 domain B. the Windows NT clients are using the wrong default gateway C. trusts cannot be utilized between Windows 2000 and Windows NT D. trusts cannot traverse different subnets E. the Windows 2000 Server is using an incorrect IP address Explanation: In order to be able to grant access to the Windows NT 4.0 users from the Windows 2000 domain, there must be a trust relationship where the Windows 2000 explicitly trusts the Windows NT 4.0 domain. The IP addresses, default gateways, and subnet masks described should not cause a problem. Trusts can be used across separate subnets, and Windows 2000 domains can establish trust relationships with Windows NT 4.0 domains.

Installing Windows 2000 Server 37 34. You work on a 300-node network. All systems are configured under a single domain that spans several segments. Your network uses the 10.0.0.0 private IP address range. All of your client computers are running Windows 2000 Professional. Recently, a service pack has been issued by Microsoft to correct several problems that your clients have been experiencing. What is the most efficient way to distribute and ensure the installation of the service pack to all of your clients?

A. Use Setup Manager to create an unattended setup script B. Use SysPrep C. Use a GPO to assign the application to the computers on your network D. Use SIDWalker E. Create a central share and send an e-mail to all users asking them to connect to the share and download the service pack

35. Which of the following single master operations roles are forest-wide?

A. Schema master B. Domain naming master C. RID master D. PDC emulator E. Infrastructure master

38 Chapter 1 34. You work on a 300-node network. All systems are configured under a single domain that spans several segments. Your network uses the 10.0.0.0 private IP address range. All of your client computers are running Windows 2000 Professional. Recently, a service pack has been issued by Microsoft to correct several problems that your clients have been experiencing. What is the most efficient way to distribute and ensure the installation of the service pack to all of your clients? A. Use Setup Manager to create an unattended setup script B. Use SysPrep *C. Use a GPO to assign the application to the computers on your network D. Use SIDWalker E. Create a central share and send an e-mail to all users asking them to connect to the share and download the service pack Explanation: Although sharing the service pack and asking employees to download it will work, it is more efficient to deploy the service pack through group policy. GPO will ensure that the service pack is deployed when system are rebooted. Setup Manager and SysPrep are for new installations. SIDWalker is used to make unique Security IDs on systems, not to install service packs.

35. Which of the following single master operations roles are forest-wide? *A. Schema master *B. Domain naming master C. RID master D. PDC emulator E. Infrastructure master Explanation: Each Active Directory forest must have one domain controller that fulfills the role of schema master and one for domain naming master. These are forest-wide roles, and do not require one per domain. Reference: Implementing Microsoft Windows 2000 Professional and Server. Exam Category: Installing Windows 2000 Server

Installing Windows 2000 Server 39 36. You have configured a multiple-domain Windows 2000 network as shown in the figure. You want to optimize the FSMO roles and placement of global catalog servers (GCS) on your network. Based on the graphic, which of the following would be appropriate placements?

A. Make dc2.domx.com the GCS for the domain B. Configure dc1.domx.local as an additional GCS C. Remove the GCS designation from dc1.domx.com D. Move the schema master role to dc1.domx.local E. Move the domain naming master role to dc2.domx.com

40 Chapter 1 36. You have configured a multiple-domain Windows 2000 network as shown in the figure. You want to optimize the FSMO roles and placement of global catalog servers (GCS) on your network. Based on the graphic, which of the following would be appropriate placements? A. Make dc2.domx.com the GCS for the domain *B. Configure dc1.domx.local as an additional GCS C. Remove the GCS designation from dc1.domx.com D. Move the schema master role to dc1.domx.local E. Move the domain naming master role to dc2.domx.com Explanation: Configuring an additional GCS on the dc1.domx.local is a good plan because the Flagstaff site is separated from the rest of the network and the global catalog will allow clients to locate forest resources more quickly. The other suggestions are inappropriate for the following reasons: The infrastructure master role should not be on a global catalog server. The domain-naming master should be on a global catalog server. The domain naming master and schema master roles should be placed on the same server. KB Q223346

Installing Windows 2000 Server 41 37. YCorp has hired you as a consultant to help install 300 Windows 2000 servers on their 25,000-node network. The company has already hired a team study the network and an installation task list has been created. The distribution and placements of the servers has already been decided as shown in the table below: Location Number of servers OS types Number of clients Koh Samui 2 Windows NT 30 Workstation 4.0 Penang 2 Windows NT 30 Server 4.0 Narita 100 Mix of Windows NT 10000 4.0 Server and Windows NT 3.51 Server Songtan 45 Mix of Windows NT 2440 4.0 Workstation and Windows NT 4.0 Server Mallersdorf 25 Windows 98 and 1800 Windows 95 Utrecht 100 Windows NT 4.0 10000 Server Flagstaff 26 Mix of Windows NT 700 4.0 Server and Windows 98 Which of the following operating systems will be able to upgrade instead of requiring a fresh installation? A. Windows 95 B. Windows 98 C. Windows NT 4.0 Workstation D. Windows NT 4.0 Server E. Windows NT 3.51 Server

42 Chapter 1 37. YCorp has hired you as a consultant to help install 300 Windows 2000 servers on their 25,000-node network. The company has already hired a team study the network and an installation task list has been created. The distribution and placements of the servers has already been decided as shown in the table below: Location Number of servers OS types Number of clients Koh Samui 2 Windows NT 30 Workstation 4.0 Penang 2 Windows NT 30 Server 4.0 Narita 100 Mix of Windows NT 10000 4.0 Server and Windows NT 3.51 Server Songtan 45 Mix of Windows NT 2440 4.0 Workstation and Windows NT 4.0 Server Mallersdorf 25 Windows 98 and 1800 Windows 95 Utrecht 100 Windows NT 4.0 10000 Server Flagstaff 26 Mix of Windows NT 700 4.0 Server and Windows 98 Which of the following operating systems will be able to upgrade instead of requiring a fresh installation? A. Windows 95 B. Windows 98 C. Windows NT 4.0 Workstation *D. Windows NT 4.0 Server *E. Windows NT 3.51 Server Explanation: The only operating systems that can be upgraded to Windows 2000 are the existing Windows NT Servers (either 3.51 or 4.0). However, assuming that all the above computers meet the hardware standards for Windows 2000 installation, the systems that are not already installed as Windows NT Servers can be given fresh Windows 2000 installations.

Installing Windows 2000 Server 43 38. Which of the following methods can be used for clean installations of Windows 2000 Server on computers that have dissimilar hardware?

A. Syspart B. Sysprep C. SMS D. Bootable CD

44 Chapter 1 38. Which of the following methods can be used for clean installations of Windows 2000 Server on computers that have dissimilar hardware? *A. Syspart B. Sysprep C. SMS D. Bootable CD Explanation: Syspart is used for clean installations to computers with dissimilar hardware. Sysprep is used when the master computer and target computers have identical hardware, including the HAL and mass storage device controllers. SMS should be used to manage upgrades to multiple systems, particularly when those systems are not geographically close. The Bootable CD method is used with a computer whose BIOS allows it to start from CD. Reference: Microsoft Technet May 2000 - Automating Server Installation and Upgrade. Exam Category: Installing Windows 2000 Server

Installing Windows 2000 Server 45 39. You are attempting to troubleshoot reported communications problems on a Windows 2000 network. The network is using the private IP address range 10.0.0.0 with a 24bit subnet mask. There are only two domains on the network and you are immediately suspicious about the configuration you see in the Active Directory Domains and Trusts application. According to the domain2.local Properties sheet, shown in the figure, what is the configuration of the domains?

A. parent-child B. single domain C. separate forests D. domain trees in a forest E. single domain tree

46 Chapter 1 39. You are attempting to troubleshoot reported communications problems on a Windows 2000 network. The network is using the private IP address range 10.0.0.0 with a 24bit subnet mask. There are only two domains on the network and you are immediately suspicious about the configuration you see in the Active Directory Domains and Trusts application. According to the domain2.local Properties sheet, shown in the figure, what is the configuration of the domains? A. parent-child B. single domain C. separate forests *D. domain trees in a forest E. single domain tree Explanation: The figure shows that there is a tree root trust between domain2.local and domain1.com. This type of trust is formed between domains in a forest configuration. The other answers are incorrect because they would not form such a trust relationship. A single domain doesn't utilize trusts and domain trees for parentchild trust relationships. Separate forests can only utilize one-way non-transitive trust relationships.

Installing Windows 2000 Server 47 40. Which file systems does Windows 2000 support?

A. HPFS B. FAT C. FAT32 D. NTFS E. DOS

41. You would like to automate the installation of your new network of 300 clients. One of the members of your network administration team has suggested you use RIS. You have decided to research the requirements for installing the clients via RIS. Your colleague tells you that all of your clients are remote boot capable and PXE compliant. He also tells you that all the existing servers on the network are DDNS capable. Which of the following must you confirm are available on the network before the RIS installations can proceed?

A. DHCP B. WINS C. Active Directory D. RIS Server E. NAT Server

48 Chapter 1 40. Which file systems does Windows 2000 support? A. HPFS *B. FAT *C. FAT32 *D. NTFS E. DOS Explanation: Windows 2000 Server supports the NTFS, FAT and FAT32 file systems. The inclusion of FAT32 is new to Windows 2000. NTFS is still the recommended file system for Windows 2000. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing Windows 2000 Server

41. You would like to automate the installation of your new network of 300 clients. One of the members of your network administration team has suggested you use RIS. You have decided to research the requirements for installing the clients via RIS. Your colleague tells you that all of your clients are remote boot capable and PXE compliant. He also tells you that all the existing servers on the network are DDNS capable. Which of the following must you confirm are available on the network before the RIS installations can proceed? *A. DHCP B. WINS *C. Active Directory *D. RIS Server E. NAT Server Explanation: To install clients using RIS, you will require a RIS server that is either a domain controller or part of a Windows 2000 domain, Active Directory must be installed on the network, and a RIS server that will hold the RIS images must be available. Also, dynamic DNS (DDNS) and RIS capable clients must be available. There is no requirement for WINS or a NAT server.

Installing Windows 2000 Server 49 42. You are the administrator of a 1200-node network. Recently, your department was increased by 300 people. Over the weekend, you wired the user stations and placed the new systems in each user's cubicle. Today, you want to install 300 systems using an unattended answer file and shared distribution folder. Goals Configure an automated setup file that can be run on client systems. Create a distribution share for Windows 2000 installation. Use the automated setup file to install your systems. Automate application installation after Windows 2000 installation over the network. Proposed Solution You create an unattended answer file with Setup Manager. You copy the Windows 2000 installation files to a central server and share the folder to which those files were copied. You copy the unattended answer file to the central share. Then, you use SysPrep on the client systems to download your installation and automate application installation. Which goals are achieved by this proposed solution?

A. Configure an automated setup file that can be run on client systems. B. Create a distribution share for Windows 2000 installation. C. Use the automated setup file to install your systems. D. Automate application installation after Windows 2000 installation over the network.

50 Chapter 1 42. You are the administrator of a 1200-node network. Recently, your department was increased by 300 people. Over the weekend, you wired the user stations and placed the new systems in each user's cubicle. Today, you want to install 300 systems using an unattended answer file and shared distribution folder. Goals Configure an automated setup file that can be run on client systems. Create a distribution share for Windows 2000 installation. Use the automated setup file to install your systems. Automate application installation after Windows 2000 installation over the network. Proposed Solution You create an unattended answer file with Setup Manager. You copy the Windows 2000 installation files to a central server and share the folder to which those files were copied. You copy the unattended answer file to the central share. Then, you use SysPrep on the client systems to download your installation and automate application installation. Which goals are achieved by this proposed solution? *A. Configure an automated setup file that can be run on client systems. *B. Create a distribution share for Windows 2000 installation. C. Use the automated setup file to install your systems. D. Automate application installation after Windows 2000 installation over the network. Explanation: Creating an unattended installation file and using SysPrep are two different ways to automate Windows 2000 installation. SysPrep is for OEM system cloning for identical configurations. Unattended installations are for network installations that can be loaded over the network and the SysDiff utility can be used to create an image that can be used to install applications over the network.

Installing Windows 2000 Server 51 43. You have been asked to upgrade 7,500 systems for GlobalXOrg, a company with 250 offices worldwide. You are briefing a group of system engineers about performing upgrades in the various locations. You have advised them that they should check the hardware compatibility list before attempting to upgrade mission critical servers. However, you want to give them a quick way to check the hardware compatibility using the Windows 2000 Server CD-ROM via the WINNT.EXE file. Of the switches listed below, which one is a valid WINNT32.EXE switch for checking the hardware of the system you are going to upgrade?

A. /checkupgradeonly B. /systemcheck C. /drivescan D. /bootcheck E. /hardwaretest

52 Chapter 1 43. You have been asked to upgrade 7,500 systems for GlobalXOrg, a company with 250 offices worldwide. You are briefing a group of system engineers about performing upgrades in the various locations. You have advised them that they should check the hardware compatibility list before attempting to upgrade mission critical servers. However, you want to give them a quick way to check the hardware compatibility using the Windows 2000 Server CD-ROM via the WINNT.EXE file. Of the switches listed below, which one is a valid WINNT32.EXE switch for checking the hardware of the system you are going to upgrade? *A. /checkupgradeonly B. /systemcheck C. /drivescan D. /bootcheck E. /hardwaretest Explanation: The winnt32.exe /checkupgradeonly command can be used on existing Windows NT Server installations to help you determine whether the hardware requirements for installing Windows 2000 are met.

Installing Windows 2000 Server 53 44. You work for a large computer vendor that needs to pre-configure laptops with Windows 2000 installations, including application packages. You have 7,000 identical systems to configure and ship by the end of the week. You know that it wouldn't be possible for you to set up and install each of these systems manually. You have the tools for drive duplication, but you want the users to have to enter their own personal information when they boot their computers for the first time. Goals Configure your master computer Use SysPrep on the master system Automate Windows 2000 and related application installation Duplicate the master computer's hard disk Configure a system that will ask for basic user settings when booted Proposed Solution You plan to take the first of 7,000 computers and install Windows 2000 via the CD-ROM drive. Then, you will install all of the custom applications that you require. You will use Setup Manager to create a sysprep.inf file and save that file under C:\sysprep. Then, you will run SysPrep on the system. Which of the following are accomplished by the proposed solution?

A. Configure your master computer B. Use SysPrep to configure a master system C. Automate Windows 2000 and related application installation on the 7,000 systems D. Duplicate the master computer's hard disk E. Configure a system that will ask for basic user settings when booted

54 Chapter 1 44. You work for a large computer vendor that needs to pre-configure laptops with Windows 2000 installations, including application packages. You have 7,000 identical systems to configure and ship by the end of the week. You know that it wouldn't be possible for you to set up and install each of these systems manually. You have the tools for drive duplication, but you want the users to have to enter their own personal information when they boot their computers for the first time. Goals Configure your master computer Use SysPrep on the master system Automate Windows 2000 and related application installation Duplicate the master computer's hard disk Configure a system that will ask for basic user settings when booted Proposed Solution You plan to take the first of 7,000 computers and install Windows 2000 via the CD-ROM drive. Then, you will install all of the custom applications that you require. You will use Setup Manager to create a sysprep.inf file and save that file under C:\sysprep. Then, you will run SysPrep on the system. Which of the following are accomplished by the proposed solution? *A. Configure your master computer *B. Use SysPrep to configure a master system C. Automate Windows 2000 and related application installation on the 7,000 systems D. Duplicate the master computer's hard disk *E. Configure a system that will ask for basic user settings when booted Explanation: When you select a computer and install Windows 2000 and related applications, you have configured a master computer. Then, you must create a sysprep.inf file on that master computer, which prepares the system to have SysPrep run. After that, you can run SysPrep to finalize the configuration of the master computer. The proposed solution presented didn't mention duplicating the master's hard disk, which can be done with a third-party disk duplication utility or system (such as Drive Image Pro). If that necessary master disk duplication step is not completed, then automated installation cannot be completed. When you run SysPrep on the master computer, you will configure a system that will ask for basic user settings when it is rebooted. The idea is that you duplicate the master system's hard disk before you reboot the master system. This will means that all duplicates will ask for basic user information when they are booted the first time, which will provide automated installation for users.

Installing Windows 2000 Server 55 45. Your organization is using a domain tree with multiple domains. There are a total of five domains in your domain tree. HQCorp was the first domain online and it is the root domain. NCorp was the second domain controller and the first child of HQCorp. The other child domains are SCorp, ECorp, and WCorp. Assuming that no one has changed the default operations master roles, where would you find the schema master and domain-naming master?

A. On each domain controller. B. HQCorp would be the schema master and NCorp would be the domain-naming master. C. HQCorp would be the domain-naming master and NCorp would be the schema master. D. HQCorp would be the schema master and each domain controller would be its own domain-naming master. E. On HQCorp would perform both the domain naming master and schema operations master roles.

56 Chapter 1 45. Your organization is using a domain tree with multiple domains. There are a total of five domains in your domain tree. HQCorp was the first domain online and it is the root domain. NCorp was the second domain controller and the first child of HQCorp. The other child domains are SCorp, ECorp, and WCorp. Assuming that no one has changed the default operations master roles, where would you find the schema master and domain-naming master? A. On each domain controller. B. HQCorp would be the schema master and NCorp would be the domain-naming master. C. HQCorp would be the domain-naming master and NCorp would be the schema master. D. HQCorp would be the schema master and each domain controller would be its own domain-naming master. *E. On HQCorp would perform both the domain naming master and schema operations master roles. Explanation: There is only one schema master and one domain-naming master for an entire domain tree and forest. By default, the first domain controller installed is the schema and domain-naming master. Unless the role is transferred, the first domain controller will continue to be the schema master and domain-naming master for the entire enterprise.

Installing Windows 2000 Server 57 46. The ABC Corporation has implemented three networks using an internal addressing scheme. The headquarters segment uses IP addresses on the 192.168.0.0/24 network and the two remote sites use IP address ranges 192.168.1.0/24 and 192.168.2.0/24 respectively. Each segment has its own domain. The headquarters domain is called HQDom and the remote site domains are called Site1Dom and Site2Dom. Each remote location is connected to the HQDom via 56K WAN connections. Users from Site1Dom and Site2Dom are complaining that they cannot log on and that they are unable to perform network searches for objects. Based on these complaints, which of the following Proposed solutions is appropriate?

A. Add a domain-naming master to each of the remote sites B. Add a schema master to each of the remote sites C. Add a RID master to HQDom, Site1Dom, and Site2Dom. D. Create a GCS on each of the remote sites E. Create a PPTP connection between the remote sites and the HQDom

58 Chapter 1 46. The ABC Corporation has implemented three networks using an internal addressing scheme. The headquarters segment uses IP addresses on the 192.168.0.0/24 network and the two remote sites use IP address ranges 192.168.1.0/24 and 192.168.2.0/24 respectively. Each segment has its own domain. The headquarters domain is called HQDom and the remote site domains are called Site1Dom and Site2Dom. Each remote location is connected to the HQDom via 56K WAN connections. Users from Site1Dom and Site2Dom are complaining that they cannot log on and that they are unable to perform network searches for objects. Based on these complaints, which of the following Proposed solutions is appropriate? A. Add a domain-naming master to each of the remote sites B. Add a schema master to each of the remote sites C. Add a RID master to HQDom, Site1Dom, and Site2Dom. *D. Create a GCS on each of the remote sites E. Create a PPTP connection between the remote sites and the HQDom Explanation: A Global Catalog Server (GCS) is used for searches of the entire directory structure and also helps user systems locate domain controllers. Based on the information you have been given, a GCS problem is highly probable. By default, a GCS is only created on the first domain controller of the1 forest and domain, but it is wise to enable other systems as GCSs, especially when you have remote locations. If client systems cannot contact the GCS, they cannot log on. There can only be one domain-naming master and one schema master per domain, so you cannot add those to remote sites. Each domain has its own RID master, that is created automatically and additional RID masters cannot be added. Using encryption, such as PPTP, would actually increase the bandwidth consumed on the WAN links and may intensify the problem, but certainly wouldn't solve the situation.

Installing Windows 2000 Server 59 47. You are installing a second domain controller on your domain and after trying to begin the copying of Active Directory records from one system to another, you receive the message telling you that the domain controller for the domain cannot be located or that the domain does not exist. You check and the proper A Records are in your Standard Primary DNS zone and you can ping the name and domain. You attempt the installation again and the same message is returned. Which of the following would contribute to this problem?

A. the proper SRV records are not in DNS B. dynamic update is not enabled C. there is a cable break between the domain controllers D. there is a CNAME configured for the domain that points to another server that is offline E. the zone must be Active Directory integrated in order to install a second domain controller

60 Chapter 1 47. You are installing a second domain controller on your domain and after trying to begin the copying of Active Directory records from one system to another, you receive the message telling you that the domain controller for the domain cannot be located or that the domain does not exist. You check and the proper A Records are in your Standard Primary DNS zone and you can ping the name and domain. You attempt the installation again and the same message is returned. Which of the following would contribute to this problem? *A. the proper SRV records are not in DNS *B. dynamic update is not enabled C. there is a cable break between the domain controllers D. there is a CNAME configured for the domain that points to another server that is offline E. the zone must be Active Directory integrated in order to install a second domain controller Explanation: Dynamic update allows the servers to automatically update their records in DNS, which means that all of the necessary SRV records will be added. These SRV records are required for domain controllers to find one another. You do not need to have an Active Directory integrated zone. A cable break doesn't seem likely because you can ping between the systems. An incorrect CNAME map shouldn't affect the name resolution process, and if it were in some way misconfigured, it would show up when you used ping.

Installing Windows 2000 Server 61 48. You are discussing RIS installations with a group of colleagues. They are unsure how RIS actually works. One of your colleagues has outlined the events that are part of the installation process, but his order is a little off. Place the events that are listed below in their correct order. 1. DNS is used to locate a domain controller 2. the bootstrap image copies all installation files to the local drive 3. the client locates a RIS server with an LDAP call 4. DHCP is used to assign an IP and DNS configuration information 5. an installation script is used to perform an unattended installation 6. the remote boot protocol is used to connect to the RIS service 7. the client locates a DNS server

A. 4, 7, 6, 2, 5, 3, 1 B. 4, 7, 1, 3, 6, 2, 5 C. 4, 6, 2, 5, 3, 7, 1 D. 4, 7, 3, 6, 2, 5, 1 E. 3, 4, 7, 1, 6, 2, 5

49. Which of the following automated install methods will allow an upgrade installation of Windows 2000 server?

A. Syspart B. Sysprep C. SMS D. Bootable CD

62 Chapter 1 48. You are discussing RIS installations with a group of colleagues. They are unsure how RIS actually works. One of your colleagues has outlined the events that are part of the installation process, but his order is a little off. Place the events that are listed below in their correct order. 1. DNS is used to locate a domain controller 2. the bootstrap image copies all installation files to the local drive 3. the client locates a RIS server with an LDAP call 4. DHCP is used to assign an IP and DNS configuration information 5. an installation script is used to perform an unattended installation 6. the remote boot protocol is used to connect to the RIS service 7. the client locates a DNS server A. 4, 7, 6, 2, 5, 3, 1 *B. 4, 7, 1, 3, 6, 2, 5 C. 4, 6, 2, 5, 3, 7, 1 D. 4, 7, 3, 6, 2, 5, 1 E. 3, 4, 7, 1, 6, 2, 5 Explanation: The RIS client receives its IP and DNS configuration from a DHCP server. From there, the RIS client must find a DNS server, so that it can find a domain controller. From the DNS server the client obtains the IP address of the domain controller. The RIS client then contacts the domain controller in order to locate the RIS server. Once the client locates the RIS server, it uses the remote boot protocol to connect to the RIS server. After that, the installation files are copied to the RIS client from the RIS server and then an unattended script is run to configure Windows 2000 on the client.

49. Which of the following automated install methods will allow an upgrade installation of Windows 2000 server? A. Syspart B. Sysprep *C. SMS D. Bootable CD Explanation: All of the methods can be used for a clean install of Windows 2000 Server. However, only SMS can be used for an upgrade installation. Reference: Microsoft Technet May 2000 - Automating Server Installation and Upgrade.

Installing Windows 2000 Server 63 50. When setting up your distribution server, you must create a subfolder that contains new or updated files for installing mass storage device drivers and hardware abstraction layers (HALs). This subfolder should be named:

A. \I386\$OEM$\Textmode B. \I386\$OEM$\$$ C. \I386\$OEM$\$1 D. \I386\$OEM$\$1\Sysprep

51. Which command allows you to use the /syspart switch for installing Windows 2000 Server?

A. Winnt B. Winnt32 C. Setup D. Net run

64 Chapter 1 50. When setting up your distribution server, you must create a subfolder that contains new or updated files for installing mass storage device drivers and hardware abstraction layers (HALs). This subfolder should be named: *A. \I386\$OEM$\Textmode B. \I386\$OEM$\$$ C. \I386\$OEM$\$1 D. \I386\$OEM$\$1\Sysprep Explanation: You create the \$OEM$ subfolder in the distribution folder directly beneath the \I386 folder, which contains the files necessary to install Windows 2000 Server. During Setup you can automatically copy directories, standard 8.3 format files, and any tools needed for your automated installation process to the \$OEM$ subfolder. You then create the \$OEM$\Textmode subfolder, which contains new or updated files for installing mass storage device drivers and HALs. These files can include OEM HALs and drivers for SCSI devices. You must make sure to include the Txtsetup.oem file that directs the loading and installing of these components. Reference: Microsoft Technet May 2000 - Automating Server Installation and Upgrade.

51. Which command allows you to use the /syspart switch for installing Windows 2000 Server? A. Winnt *B. Winnt32 C. Setup D. Net run Explanation: The syspart command runs through a parameter of winnt32.exe. This method is used when the master computer and target computer do not have the same hardware. You start the target computer and connect to the distribution folder on the master computer. From the Run command, type winnt32 /unattend:unattend.txt /s:install_source /syspart:second_drive /tempdrive:seconddrive noreboot. Syspart automatically marks the drive as the active default boot device. Reference: Microsoft Technet May 2000 - Automating Server Installation and Upgrade.

Installing Windows 2000 Server 65 52. X Corp has a 2,500-node network with 200 Windows NT 4.0 Workstation clients. There are still two Windows NT 4.0 BDCs online to support downlevel clients. The company is using a single domain model with the root domain named xcorp.local. There are five domain controllers supporting the operation. The operations master roles are divided among the servers as follows: Domain Controller Name FSMO Role(s) dc1.xcorp.local Schema master and domain naming master dc2.xcorp.local RID master dc3.xcorp.local PDC emulator dc4.xcorp.local Infrastructure master dc5.xcorp.local None People at the Windows NT 4.0 Workstations tell you that they are being locked out of their terminals because they couldn't change their passwords successfully before they expired. Which domain controller would you suspect might be offline or inaccessible?

A. dc1.xcorp.local B. dc2.xcorp.local C. dc3.xcorp.local D. dc4.xcorp.local E. dc5.xcorp.local

53. What are three different power schemes available in Windows 2000 for use in mobile computing?

A. Portable/Laptop B. Sleeping C. Home/Office Desk D. Always On E. Hibernation

66 Chapter 1 52. X Corp has a 2,500 node network with 200 Windows NT 4.0 Workstation clients. There are still two Windows NT 4.0 BDCs online to support downlevel clients. The company is using a single domain model with the root domain named xcorp.local. There are five domain controllers supporting the operation. The operations master roles are divided among the servers as follows: Domain Controller Name FSMO Role(s) dc1.xcorp.local Schema master and domain naming master dc2.xcorp.local RID master dc3.xcorp.local PDC emulator dc4.xcorp.local Infrastructure master dc5.xcorp.local None People at the Windows NT 4.0 Workstations tell you that they are being locked out of their terminals because they couldn't change their passwords successfully before they expired. Which domain controller would you suspect might be offline or inaccessible? A. dc1.xcorp.local B. dc2.xcorp.local *C. dc3.xcorp.local D. dc4.xcorp.local E. dc5.xcorp.local Explanation: The PDC emulator handles time synchronization, password changes, authentication failures, and account lockouts. The problems described in this question are all related to roles performed by the PDC emulator. Given your list of choices, dc3.xcorp.local would likely be the problem because it is performing the PDC emulator role.

53. What are three different power schemes available in Windows 2000 for use in mobile computing? *A. Portable/Laptop B. Sleeping *C. Home/Office Desk *D. Always On E. Hibernation

Installing Windows 2000 Server 67 54. Which of the following are valid uses of the Setup Manager?

A. Unattend.txt files B. RAS Scripts C. Sysprep Installation scripts D. RIS scripts E. Winnt.inf files

55. You are attempting to use Microsoft's Remote Installation Services to deploy 1,000 Windows 2000 Professional clients. Prior to conducting the massive rollout of these clients to your company, you have setup a test lab to deploy Windows 2000 Professional to the three hardware platforms your company supports on the desktop. You have already set up and configured the necessary supporting services for Remote Installation Services. In addition, you have created the necessary Windows 2000 Professional-based client disk images, formatted the image volume with NTFS, and shared the image volume. Upon conducting your tests, you observe that two of your three hardware platforms are able to connect to the Remote Installation Services Server and install the correct Windows 2000 Professional image. The last of the hardware platforms, a clone, is unable to connect to the Remote Installation Services server. What factor(s) is mostly likely causing the problem?

A. The System Preparation Tool (sysprep.exe) was run without the -pnp switch. B. The Windows 2000 Professional candidate platform is unable is unable to resolve the name for the Remote Installation Services Server in the WINS Server, nor locate the Remote Installation Services Server in the Active Directory. C. The clone machine does not have the minimum free space required of 685MB to support the installation of Windows 2000 Professional. D. The Network Adapter installed in the clone does not meet the Net PC specification or have PXE ROM enabled.

68 Chapter 1 54. Which of the following are valid uses of the Setup Manager? *A. Unattend.txt files B. RAS Scripts *C. Sysprep Installation scripts *D. RIS scripts E. Winnt.inf files Explanation: The Setup Manager is included with the Resource Kit for Windows 2000; it is used to create the answer files for unattended installation of Windows 2000. It can also be used to create the Sysprep Installation scripts, as well as RIS scripts.

55. You are attempting to use Microsoft's Remote Installation Services to deploy 1,000 Windows 2000 Professional clients. Prior to conducting the massive rollout of these clients to your company, you have setup a test lab to deploy Windows 2000 Professional to the three hardware platforms your company supports on the desktop. You have already set up and configured the necessary supporting services for Remote Installation Services. In addition, you have created the necessary Windows 2000 Professional-based client disk images, formatted the image volume with NTFS, and shared the image volume. Upon conducting your tests, you observe that two of your three hardware platforms are able to connect to the Remote Installation Services Server and install the correct Windows 2000 Professional image. The last of the hardware platforms, a clone, is unable to connect to the Remote Installation Services server. What factor(s) is mostly likely causing the problem? A. The System Preparation Tool (sysprep.exe) was run without the -pnp switch. B. The Windows 2000 Professional candidate platform is unable is unable to resolve the name for the Remote Installation Services Server in the WINS Server, nor locate the Remote Installation Services Server in the Active Directory. C. The clone machine does not have the minimum free space required of 685MB to support the installation of Windows 2000 Professional. *D. The Network Adapter installed in the clone does not meet the Net PC specification or have PXE ROM enabled. Explanation: There are three types of configurations with which the deployment of Windows 2000 Professional will work: 1) Network Interface cards that meet the NetPC specification, 2) Network Interface cards that have PXE ROM enabled, and 3) a network startup disk that has the correct Network Adapter drivers and configuration files that will allow a connection to the RIS Server.

Installing Windows 2000 Server 69 56. You are preparing to install Remote Installation Services to help automate the installation of 500 Windows 2000 Professional machines. What are the services that must be configured prior to the installation of Remote Installation Services?

A. WINS Server B. DNS Server C. A shared, NTFS-formatted volume D. Active Directory Server E. DHCP Server

57. When installing Windows 2000 from a bootable CD, how would you use an unattended answer file?

A. Create a winnt.sif file and copy it to the Hard Drive. B. During the install, choose the option to use an unattended answer file. C. Create a winnt.sif file and copy it to the CD. D. Use the winnt.exe /u:unattended option during the install. E. Create a winnt.sif file and copy it to a floppy, and leave it in the A: drive.

70 Chapter 1 56. You are preparing to install Remote Installation Services to help automate the installation of 500 Windows 2000 Professional machines. What are the services that must be configured prior to the installation of Remote Installation Services? A. WINS Server *B. DNS Server C. A shared, NTFS-formatted volume *D. Active Directory Server *E. DHCP Server Explanation: There are a number of required services that are used by a RIS server to help automate rollouts on your Windows network. An Active Directory Server, a DHCP Server and a DNS server are all required in order to fully implement RIS.

57. When installing Windows 2000 from a bootable CD, how would you use an unattended answer file? A. Create a winnt.sif file and copy it to the Hard Drive. B. During the install, choose the option to use an unattended answer file. *C. Create a winnt.sif file and copy it to the CD. D. Use the winnt.exe /u:unattended option during the install. E. Create a winnt.sif file and copy it to a floppy, and leave it in the A: drive. Explanation: If you are installing Windows 2000 from a bootable CD, the system will look for a winnt.sif file on a floppy in the floppy drive. This file is created with the Setup Manager when you select the No; this answer file will be used to install from a CD. Only if this file is created in the correct fashion will this option work.

Installing Windows 2000 Server 71 58. When using the RIS setup Wizard, the RIS software is installed, the Windows 2000 Professional installation files are copied to the server, and what else is done for you?

A. The cloned image that the RIS install will use are configured. B. Unattend.txt answer files are created for you. C. The client installation wizard pages for system startup are configured. D. The client installation setup steps for system startup are configured. E. *.sif files are created for you.

72 Chapter 1 58. When using the RIS setup Wizard, the RIS software is installed, the Windows 2000 Professional installation files are copied to the server, and what else is done for you? A. The cloned image that the RIS install will use are configured. B. Unattend.txt answer files are created for you. *C. The client installation wizard pages for system startup are configured. D. The client installation setup steps for system startup are configured. *E. *.sif files are created for you. Explanation:

Installing Windows 2000 Server 73

Note: The remaining questions in this chapter cover two pages each. Notes:

74 Chapter 1 59. JCorp has hired your network consulting team to upgrade 300 Windows NT Server 4.0 systems to Windows 2000 Server. You have been tasked with identifying potential problems with the installation. Your first mission was to collect data about the hardware configurations of the 300 systems that the company has ordered. You sent three members of your team out to five different rooms to gather that information. From the information your team collected, you produced the table below: Location Number of Systems Hardware Configuration Room 157 15 Pentium 150MHz processors 16MB of RAM 700MB of free disk space Room 157 75 Pentium 100MHz processors 32MB of RAM 1.5GB of free disk space Room 143 90 Pentium 60MHz processors 96MB of RAM 200MB of free disk space Room 169 20 Pentium 166MHz processors 256MB of RAM 3GB of free hard disk space Room 112 50 Pentium 333MHz 1GB of RAM 1TB of free disk space Room 113 40 Pentium 1.5GHz 2GB of RAM 1.5TB of free disk space Room 192 10 Pentium 333MHz 1GB of RAM 500MB of free disk space

Installing Windows 2000 Server 75 Which rooms have systems that will require hardware upgrades before Windows 2000 Server can be installed?

A. Room 157 B. Room 143 C. Room 169 D. Room 112 E. Room 192

76 Chapter 1 59. JCorp has hired your network consulting team to upgrade 300 Windows NT Server 4.0 systems to Windows 2000 Server. You have been tasked with identifying potential problems with the installation. Your first mission was to collect data about the hardware configurations of the 300 systems that the company has ordered. You sent three members of your team out to five different rooms to gather that information. From the information your team collected, you produced the table below: Location Number of Systems Hardware Configuration Room 157 15 Pentium 150MHz processors 16MB of RAM 700MB of free disk space Room 157 75 Pentium 100MHz processors 32MB of RAM 1.5GB of free disk space Room 143 90 Pentium 60MHz processors 96MB of RAM 200MB of free disk space Room 169 20 Pentium 166MHz processors 256MB of RAM 3GB of free hard disk space Room 112 50 Pentium 333MHz 1GB of RAM 1TB of free disk space Room 113 40 Pentium 1.5GHz 2GB of RAM 1.5TB of free disk space Room 192 10 Pentium 333MHz 1GB of RAM 500MB of free disk space

Installing Windows 2000 Server 77 Which rooms have systems that will require hardware upgrades before Windows 2000 Server can be installed? *A. Room 157 *B. Room 143 C. Room 169 D. Room 112 *E. Room 192 Explanation: Windows 2000 Server requires a minimum processor of 133MHz, 64MB RAM, and 1GB of hard disk space. You will most likely want a faster processor, more RAM, and will typically have more hard drive space. If you see systems that have less than 1GB of free hard disk space, or less than 133 MHz processors, or less than 64MB of RAM, you should expect to upgrade the hardware before installing.

78 Chapter 1 60. You are a Project Consultant working for ZRF Consulting Inc. You have been assigned to plan the migration efforts of a client that has a mix of different operating systems and hardware platforms. The desktop operating systems include Unix, Windows 3.x, Windows 95/98, Windows NT 3.51, and Windows NT 4.0 Workstations. You have already determined all hardware available is sufficient to install Windows 2000 Professional. You also need to ensure that the pre-installed applications will continue to operate correctly upon completion of the client upgrades.

Installing Windows 2000 Server 79 Below are listed potential migration paths for each of the aforementioned desktop operating systems. Which of the following client-upgrade paths are possible?

A. Unix: Use either a CD-based or a network based installation using WINNT.EXE to upgrade directly to Windows 2000 Professional. B. Windows NT 3.51: Use either a CD-based or a network-based installation using WINNT32.EXE to upgrade to Windows NT 4.0, then use the Windows 2000 Professional version of WINNT32.EXE to upgrade to Windows 2000 Professional. C. Windows 3.x: Use either a CD-based or network based installation using WINNT.EXE to upgrade directly to Windows 2000 Professional. D. Windows NT 4.0: Use either a CD based or network based installation using WINNT32.EXE to upgrade directly to Windows 2000 Professional. E. Windows 95/98: Use either a CD-based or network based installation using WINNT32.EXE to upgrade directly to Windows 2000 Professional.

80 Chapter 1 60. You are a Project Consultant working for ZRF Consulting Inc. You have been assigned to plan the migration efforts of a client that has a mix of different operating systems and hardware platforms. The desktop operating systems include Unix, Windows 3.x, Windows 95/98, Windows NT 3.51, and Windows NT 4.0 Workstations. You have already determined all hardware available is sufficient to install Windows 2000 Professional. You also need to ensure that the pre-installed applications will continue to operate correctly upon completion of the client upgrades. Below are listed potential migration paths for each of the aforementioned desktop operating systems. Which of the following client-upgrade paths are possible? A. Unix: Use either a CD-based or a network based installation using WINNT.EXE to upgrade directly to Windows 2000 Professional. *B. Windows NT 3.51: Use either a CD-based or a network-based installation using WINNT32.EXE to upgrade to Windows NT 4.0, then use the Windows 2000 Professional version of WINNT32.EXE to upgrade to Windows 2000 Professional. C. Windows 3.x: Use either a CD-based or network based installation using WINNT.EXE to upgrade directly to Windows 2000 Professional. *D. Windows NT 4.0: Use either a CD based or network based installation using WINNT32.EXE to upgrade directly to Windows 2000 Professional. *E. Windows 95/98: Use either a CD-based or network based installation using WINNT32.EXE to upgrade directly to Windows 2000 Professional.

Installing Windows 2000 Server 81 Explanation: For answer " Unix: Use either a CD-based or network-based installation using WINNT.EXE to upgrade directly to Windows 2000 Professional." There is no migration/upgrade path from Unix to Windows 2000 Professional. You would have to reformat the machine and start over from scratch. For answer "Windows 3.x: Use either a CD-based or network-based installation using WINNT.EXE to upgrade directly to Windows 2000 Professional." in order to migrate Windows 3.x to Windows 2000 Professional, you would need first need to upgrade the machine to Windows 95/98, then upgrade to Windows 2000 Professional. For answer "Windows NT 3.51: Use either a CD-based or network-based installation using WINNT32.EXE to upgrade to Windows NT 4.0, then use the Windows 2000 Professional version of WINNT32.EXE to upgrade to Windows 2000 Professional." Although this upgrade path is possible, you are actually able to migrate directly from Windows NT 3.51 to Windows 2000 Professional. No intermediate migration/upgrade from Windows NT 3.51 to Windows NT 4.0 is required.

82 Chapter 2

The objective of this chapter is to provide the reader with an understanding of the following: 1.

Install and configure network services for interoperability.

2.

Monitor, configure, troubleshoot, and control access to printers.

3.

Monitor, configure, troubleshoot, and control access to files, folders, and shared folders.

4.

Configure, manage, and troubleshoot a stand-alone Distributed file system (Dfs).

5.

Configure, manage, and troubleshoot a domain-based Distributed file system (Dfs).

6.

Monitor, configure, troubleshoot, and control local security on files and folders.

7.

Monitor, configure, troubleshoot, and control access to files and folders in a shared folder.

8.

Monitor, configure, troubleshoot, and control access to files and folders via Web services.

9.

Monitor, configure, troubleshoot, and control access to Web sites.

Access to Resources 83

Chapter 2: Access to Resources 1. You have installed Terminal Services on a Windows 2000 domain controller, and the Terminal Services Client on the client computers, but users report they are not allowed to log in to the Terminal Services. As an administrator, you are able to log on to the Terminal server. How can you allow the other users to log on to the Terminal server?

A. Grant the users the right to log on locally. B. Allow the users to log on as an Administrator. C. Add the users to the local Administrators group D. Add the users to the Domain Admins group E. Reinstall Terminal Services

2. You configure the Local Security Options for the Default Domain Policy object in your domain, and enable a local security option to display a logon message when a user logs onto the domain. You want the New York OU to have a different logon message, without changing the other Local Security Options. What is the best way to do this?

A. Create a new GPO in the New York OU with the appropriate logon message. B. Enable policy inheritance for the new GPO. C. Create a new GPO at the same level as the New York OU with the appropriate logon message. D. Enable policy inheritance for the New York ou. E. Create a new GPO above the New York OU with the appropriate logon message.

84 Chapter 2 1. You have installed Terminal Services on a Windows 2000 domain controller, and the Terminal Services Client on the client computers, but users report they are not allowed to log in to the Terminal Services. As an administrator, you are able to log on to the Terminal server. How can you allow the other users to log on to the Terminal server? *A. Grant the users the right to log on locally. B. Allow the users to log on as an Administrator. C. Add the users to the local Administrators group D. Add the users to the Domain Admins group E. Reinstall Terminal Services Explanation: When logging onto Terminal Services, users are considered to actually be logged onto the server. This is because the resources they are accessing are all stored on the server. Because of this, users must have access to log on locally to the server.

2. You configure the Local Security Options for the Default Domain Policy object in your domain, and enable a local security option to display a logon message when a user logs onto the domain. You want the New York OU to have a different logon message, without changing the other Local Security Options. What is the best way to do this? *A. Create a new GPO in the New York OU with the appropriate logon message. *B. Enable policy inheritance for the new GPO. C. Create a new GPO at the same level as the New York OU with the appropriate logon message. D. Enable policy inheritance for the New York ou. E. Create a new GPO above the New York OU with the appropriate logon message. Explanation:

Access to Resources 85 3. What method would use the least amount of administrative effort to add a custom registry entry into a Group Policy Object?

A. Configure an ADM template and add the template to the GPO. B. Create the custom registry entry manually. C. Create a new GPO. D. Add the template to the registry. E. Add the GPO to the template.

4. You have shared a printer named HPPTR on a Windows 2000 Server computer named ptrsrv.bfq.local. You grant Print permission only to the Domain Local group named BfqSales. You then add a new child domain named bristol.bfq.local. A member of the global group named BrisolSales in the bristol.bfq.local domain reports that she is unable to send a print job to HPPTR. How can you allow all members of the BrisolSales group to be able to print to HPPTR?

A. Add the BrisolSales group to the BfqSales group. B. Add the BfqSales group to the BrisolSales group. C. Add each member of the BrisolSales group to the BfqSales. D. Add each member of the BfqSales group to the BrisolSales. E. Add ptrsrv.bfq.local to the bristol.bfq.local domain.

86 Chapter 2 3. What method would use the least amount of administrative effort to add a custom registry entry into a Group Policy Object? *A. Configure an ADM template and add the template to the GPO. B. Create the custom registry entry manually. C. Create a new GPO. D. Add the template to the registry. E. Add the GPO to the template. Explanation: The use of ADM templates is one of the easiest ways to

4. You have shared a printer named HPPTR on a Windows 2000 Server computer named ptrsrv.bfq.local. You grant Print permission only to the Domain Local group named BfqSales. You then add a new child domain named bristol.bfq.local. A member of the global group named BrisolSales in the bristol.bfq.local domain reports that she is unable to send a print job to HPPTR. How can you allow all members of the BrisolSales group to be able to print to HPPTR? *A. Add the BrisolSales group to the BfqSales group. B. Add the BfqSales group to the BrisolSales group. C. Add each member of the BrisolSales group to the BfqSales. D. Add each member of the BfqSales group to the BrisolSales. E. Add ptrsrv.bfq.local to the bristol.bfq.local domain. Explanation: Global groups can be added as members of local groups. By adding BrisolSales to the BftSales group, all users will in bristol.bfq.local will be granted access to print to the print devise.

Access to Resources 87 5. Your network consists of a Windows 2000 Server that runs Internet Information Services (IIS). Web developers need to update Web sites and virtual directories from remote locations simultaneously using Microsoft FrontPage. How can you ensure that each developer can do this simultaneously?

A. Configure the server extensions for each Web site by selecting Configure Server Extensions from the All Tasks menu in IIS. B. Configure the server extensions to allow each developer update access for each Web site. C. Configure IIS to allow Remote Administration. D. Configure IIS to allow Dynamic Updates. E. Configure the server extensions to allow remote administration.

6. Your network consists of a single Windows NT 4.0 domain. How can you configure a new server to make it a domain controller in the existing domain?

A. On the new computer, install Windows NT Server 4.0 and designate the computer as a BDC in the existing domain. B. Promote the computer to the PDC of the domain. C. Promote the computer to a BDC of the domain. D. Upgrade the computer to Windows 2000 Server. E. Install Windows 2000 Server.

88 Chapter 2 5. Your network consists of a Windows 2000 Server that runs Internet Information Services (IIS). Web developers need to update Web sites and virtual directories from remote locations simultaneously using Microsoft FrontPage. How can you ensure that each developer can do this simultaneously? *A. Configure the server extensions for each Web site by selecting Configure Server Extensions from the All Tasks menu in IIS. *B. Configure the server extensions to allow each developer update access for each Web site. C. Configure IIS to allow Remote Administration. D. Configure IIS to allow Dynamic Updates. E. Configure the server extensions to allow remote administration. Explanation: In order for FrontPage to work correctly with IIS, the Server Extensions must be configured for that site. In order for the web developers to have simultaneous access to the same site, they must be granted Update access for each site.

6. Your network consists of a single Windows NT 4.0 domain. How can you configure a new server to make it a domain controller in the existing domain? *A. On the new computer, install Windows NT Server 4.0 and designate the computer as a BDC in the existing domain. *B. Promote the computer to the PDC of the domain. *C. Promote the computer to a BDC of the domain. D. Upgrade the computer to Windows 2000 Server. E. Install Windows 2000 Server. Explanation: In a network that only contains one NT 4.0 domain, it may be best to simply use another NT Server 4.0 machine configured to act as the BDC of the already existing domain.

Access to Resources 89 7. How do you configure the deployment of a Windows 2000 service pack so that users will automatically receive the service pack when they log on to the domain?

A. Create a Microsoft Windows Installer package for the service pack. B. Configure the package in a Group Policy. C. Configure the package in an ou. D. Copy the Microsoft Windows Installer package to each machine. E. Add the Microsoft Windows Installer package to the startup folder on each computer.

8. You are the administrator of your company's network. You use a non-administrator account to log onto the server to perform routine upgrades. Prior to updating all the critical system files and patches on the server, what is the best way to do this?

A. Log on as an Administrator B. Run Windows Update. C. Log on as your non-administrator account. D. Reinstall Windows 2000 E. Back up files.

90 Chapter 2 7. How do you configure the deployment of a Windows 2000 service pack so that users will automatically receive the service pack when they log on to the domain? *A. Create a Microsoft Windows Installer package for the service pack. *B. Configure the package in a Group Policy. C. Configure the package in an ou. D. Copy the Microsoft Windows Installer package to each machine. E. Add the Microsoft Windows Installer package to the startup folder on each computer. Explanation: To distribute software to user machines, it is best to make a Windows Installer package first. This package can then be distributed by configuring it in a Group Policy.

8. You are the administrator of your company's network. You use a non-administrator account to log onto the server to perform routine upgrades. Prior to updating all the critical system files and patches on the server, what is the best way to do this? *A. Log on as an Administrator *B. Run Windows Update. C. Log on as your non-administrator account. D. Reinstall Windows 2000 *E. Back up files. Explanation: When updating critical system files, you must be logged in as an Administrator. In order to update system files, you should use the Windows Update utility. And, as always, before you make any major changes to a system, you should backup important files.

Access to Resources 91 9. Each of your branch offices uses Internet Connection Sharing to connect to the Internet. Randy is configuring a Windows 2000 Server as a file server. When he uses Windows Update for the first time, he selects Product Update, and receives an access denied error. How can you allow Randy to configure the server?

A. Give Randy's user account administrator privileges on the Windows 2000 Server computer. B. Tell Randy to log on. C. Give Randy's user account administrator privileges on the Windows 2000 Domain. D. Give Randy's user account administrator privileges on the Windows 2000 Server computer, and deny Randy's user account privileges on the Windows 2000 Domain. E. Give Randy's user account administrator privileges on the Windows 2000 Domain computer, and deny Randy's user account privileges on the Windows 2000 Server.

10. You want to make an application available on all of the client computers in your network using Terminal Services on a Windows 2000 Server computer. The server will not run as a domain controller. You install Terminal Services. The Support department needs to be able to remotely control users' sessions to support and troubleshoot the application. How can you enable the Support department to control users' sessions?

A. Grant the Support department Full Control permission to the Remote Desktop Protocol on the Terminal server. B. Grant the Support department Administrative rights to the Terminal server. C. Allow the Support department to use the Terminal Server locally. D. Have the Support department go to each user's computer E. Grant the Support department permissions to manage users and groups

92 Chapter 2 9. Each of your branch offices uses Internet Connection Sharing to connect to the Internet. Randy is configuring a Windows 2000 Server as a file server. When he uses Windows Update for the first time, he selects Product Update, and receives an access denied error. How can you allow Randy to configure the server? *A. Give Randy's user account administrator privileges on the Windows 2000 Server computer. B. Tell Randy to log on. C. Give Randy's user account administrator privileges on the Windows 2000 Domain. D. Give Randy's user account administrator privileges on the Windows 2000 Server computer, and deny Randy's user account privileges on the Windows 2000 Domain. E. Give Randy's user account administrator privileges on the Windows 2000 Domain computer, and deny Randy's user account privileges on the Windows 2000 Server. Explanation: Randy is receiving an error because he does not currently have administrator privileges on the Windows 2000 server. Giving Randy such access will allow him to use Windows Update to update core system files.

10. You want to make an application available on all of the client computers in your network using Terminal Services on a Windows 2000 Server computer. The server will not run as a domain controller. You install Terminal Services. The Support department needs to be able to remotely control users' sessions to support and troubleshoot the application. How can you enable the Support department to control users' sessions? *A. Grant the Support department Full Control permission to the Remote Desktop Protocol on the Terminal server. B. Grant the Support department Administrative rights to the Terminal server. C. Allow the Support department to use the Terminal Server locally. D. Have the Support department go to each user's computer E. Grant the Support department permissions to manage users and groups Explanation: The users' sessions can be controlled if Full Control permission is given to the Remote Desktop Protocol.

Access to Resources 93 11. Your three domain controllers are being backed up daily. You need to revert Active Directory to a version that was backed up on the previous day. What will you do to get the backed up Active Directory installed?

A. Shut down and restart a single domain control in Directory Services Restore Mode. B. Use Windows Backup to restore the System State Data. C. Run the Ntdsutil utility. D. Restart the computer. E. Restore the System State Data on all 3 servers

12. You use Regedt32 to edit the registry of your Windows 2000 Server to insert a new value, and remove an unused key. Now when you reboot, your computer stops responding before the logon screen appears. How can you return the computer to its previous configuration?

A. Restart the computer using the Last Known Good Configuration. B. Reinstall Windows 2000. C. Restart the computer using the Recovery Console. D. Restart the computer using Safe Mode. E. Restart the computer using command prompt only.

94 Chapter 2 11. Your three domain controllers are being backed up daily. You need to revert Active Directory to a version that was backed up on the previous day. What will you do to get the backed up Active Directory installed? *A. Shut down and restart a single domain control in Directory Services Restore Mode. *B. Use Windows Backup to restore the System State Data. *C. Run the Ntdsutil utility. *D. Restart the computer. E. Restore the System State Data on all 3 servers Explanation: You should run the Ntdsutil utility and synchronize the domain controllers.

12. You use Regedt32 to edit the registry of your Windows 2000 Server to insert a new value, and remove an unused key. Now when you reboot, your computer stops responding before the logon screen appears. How can you return the computer to its previous configuration? *A. Restart the computer using the Last Known Good Configuration. B. Reinstall Windows 2000. C. Restart the computer using the Recovery Console. D. Restart the computer using Safe Mode. E. Restart the computer using command prompt only. Explanation: The Last Known Good Configuration will correct a problem you caused with the registry.

Access to Resources 95 13. Your network consists of two trees, with four domains in each tree. You want to deploy a service pack to the support.IS.Bfq.com domain and the support.IS.yco.com domain, but to no other domains. You will use a Group Policy to configure the service pack package. You want to minimize complexity, administration, and network traffic. You create a Windows Installer package for the service pack. How can you configure the Group Policy?

A. Configure the Windows Installer package in a Group Policy for the support.IS.Bfq.com and support.IS.yco.com domains. B. Configure the Windows Installer package in a Group Policy for the Bfq.com and yco.com domains. C. Configure the Windows Installer package in a Group Policy for the IS.Bfq.com and IS.yco.com domains. D. Instruct each user to execute the Windows Installer package. E. Assign the Windows Installer package to each user's start menu

14. How can you configure the deployment of an application update so that users automatically install the update when they log on to the domain?

A. Create a Microsoft Windows Installer package for the application update. B. Apply the package to a Group Policy. C. Create a Microsoft Windows Installer package for the application update. D. Apply the package to a domain. E. Assign the application to the users' start menus.

96 Chapter 2 13. Your network consists of two trees, with four domains in each tree. You want to deploy a service pack to the support.IS.Bfq.com domain and the support.IS.yco.com domain, but to no other domains. You will use a Group Policy to configure the service pack package. You want to minimize complexity, administration, and network traffic. You create a Windows Installer package for the service pack. How can you configure the Group Policy? *A. Configure the Windows Installer package in a Group Policy for the support.IS.Bfq.com and support.IS.yco.com domains. B. Configure the Windows Installer package in a Group Policy for the Bfq.com and yco.com domains. C. Configure the Windows Installer package in a Group Policy for the IS.Bfq.com and IS.yco.com domains. D. Instruct each user to execute the Windows Installer package. E. Assign the Windows Installer package to each user's start menu Explanation: The Windows Installer package should be configured in group policies for both domains.

14. How can you configure the deployment of an application update so that users automatically install the update when they log on to the domain? *A. Create a Microsoft Windows Installer package for the application update. *B. Apply the package to a Group Policy. C. Create a Microsoft Windows Installer package for the application update. D. Apply the package to a domain. E. Assign the application to the users' start menus. Explanation: Application updates can be automated through packages and group policies.

Access to Resources 97 15. Your Windows 2000 Server network runs in mixed mode. You create and share a new HP LaserJet printer. Your Windows 2000 Professional clients can print to the new printer successfully, but your Windows NT Workstation clients cannot. You receive the following error message on your NT Workstation clients: "The server on which the printer resides does not have a suitable HP LaserJet printer driver installed. Click on OK if you wish to install the driver on your local machine". How can you have the printer driver automatically installed on the Windows NT Workstation computers?

A. Change the sharing options on the printer to install additional drivers for Windows NT or Windows 2000. B. Change the sharing options on the printer to remove additional drivers for Windows NT or Windows 2000. C. Change the sharing options on the printer to install additional drivers for Windows 95/98 Clients. D. Create a new shared printer for Windows NT clients. E. Change the share permissions to allow the Everyone group Full Access

16. You have an Active Directory-enabled Windows 2000 server. You create an Organizational Unit with a child OU named Designers. The child object must have explicit rights assigned to it, but the OU's permissions must propagate to the OU and all its other child objects. What is the best way to do this?

A. Configure permission inheritance on the ou. B. From the Security tab, clear the Allow Inheritable Permissions From Parent to Propagate To This Object box on the Designer's object. C. Configure delegation on the ou. D. From the Security tab, check the Allow Inheritable Permissions From Parent to Propagate To This Object box on the Designer's object. E. Configure permissions for the ou.

98 Chapter 2 15. Your Windows 2000 Server network runs in mixed mode. You create and share a new HP LaserJet printer. Your Windows 2000 Professional clients can print to the new printer successfully, but your Windows NT Workstation clients cannot. You receive the following error message on your NT Workstation clients: "The server on which the printer resides does not have a suitable HP LaserJet printer driver installed. Click on OK if you wish to install the driver on your local machine". How can you have the printer driver automatically installed on the Windows NT Workstation computers? *A. Change the sharing options on the printer to install additional drivers for Windows NT or Windows 2000. B. Change the sharing options on the printer to remove additional drivers for Windows NT or Windows 2000. C. Change the sharing options on the printer to install additional drivers for Windows 95/98 Clients. D. Create a new shared printer for Windows NT clients. E. Change the share permissions to allow the Everyone group Full Access Explanation: By installing additional drivers on the print server, clients of other operating system versions can automatically have their printers installed.

16. You have an Active Directory-enabled Windows 2000 server. You create an Organizational Unit with a child OU named Designers. The child object must have explicit rights assigned to it, but the OU's permissions must propagate to the OU and all its other child objects. What is the best way to do this? *A. Configure permission inheritance on the ou. *B. From the Security tab, clear the Allow Inheritable Permissions From Parent to Propagate To This Object box on the Designer's object. C. Configure delegation on the ou. D. From the Security tab, check the Allow Inheritable Permissions From Parent to Propagate To This Object box on the Designer's object. E. Configure permissions for the ou. Explanation: Permissions will be inherited into the OU, but since the box has been cleared on the child object, it will be independent.

Access to Resources 99 17. You configure several Group Policies to restrict users' desktop configuration changes. You want them to be applied immediately. What is the best way to do this?

A. Run the SECEDIT.EXE command to refresh the policy. B. Run the SECAPPLY.EXE command to refresh the policy. C. Run the GPAPPLY.EXE command to refresh the policy. D. Run the GPEDIT.EXE command to refresh the policy. E. Run the POLEDIT.EXE command to refresh the policy.

18. On several Windows 2000 computers, you install the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. After installing the protocol you discover that the Windows 2000 machines can communicate with some but not all of the NetWare servers. What is the best way to do this?

A. The frame type is not set correctly. Reconfigure the Windows 2000 computers for Manual Frame Detection. B. The frame type is not set correctly. Reconfigure the Windows 2000 computers for Automatic Frame Detection. C. The frame type is not set correctly. Reconfigure the Windows 2000 computers for No Frame Detection. D. Reinstall the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. E. Delete the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol.

100 Chapter 2 17. You configure several Group Policies to restrict users' desktop configuration changes. You want them to be applied immediately. What is the best way to do this? *A. Run the SECEDIT.EXE command to refresh the policy. B. Run the SECAPPLY.EXE command to refresh the policy. C. Run the GPAPPLY.EXE command to refresh the policy. D. Run the GPEDIT.EXE command to refresh the policy. E. Run the POLEDIT.EXE command to refresh the policy. Explanation: SECEDIT.EXE will refresh the group policies immediately.

18. On several Windows 2000 computers, you install the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. After installing the protocol you discover that the Windows 2000 machines can communicate with some but not all of the NetWare servers. What is the best way to do this? *A. The frame type is not set correctly. Reconfigure the Windows 2000 computers for Manual Frame Detection. B. The frame type is not set correctly. Reconfigure the Windows 2000 computers for Automatic Frame Detection. C. The frame type is not set correctly. Reconfigure the Windows 2000 computers for No Frame Detection. D. Reinstall the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. E. Delete the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. Explanation: Incorrect Frame Type is the most common problem with IPX/SPX.

Access to Resources 101 19. You wish to install Recovery Console on a computer that has a mirrored volume. How do you do this?

A. Break the mirror. B. Install the Recovery Console using x:\I386\winnt32.exe /cmdcons C. Reestablish the mirrored volume. D. Refresh the mirrored volume. E. Install the Recovery Console using x:\I386\winnt32.exe /install

20. You are the head of the MIS department of your company. You are required to travel about 25% of the time to various remote locations. The corporate office network consists of 17 Windows 2000 domain controllers that use the Cluster Service. One of the domain controllers has Terminal Services, Routing, and Remote Access installed on it. When you travel, you must be able to edit the registry of the Windows 2000 server at the corporate office while using a remote access connection from a laptop computer. How can you configure this functionality?

A. Use WINS to edit the registry B. Use Terminal services to edit the registry C. Use Routing and Remote Access to edit the registry D. Use Routing and Remote Access to connect to the Terminal Server and edit the registry E. Edit the Registry from the Internet.

102 Chapter 2 19. You wish to install Recovery Console on a computer that has a mirrored volume. How do you do this? *A. Break the mirror. B. Install the Recovery Console using x:\I386\winnt32.exe /cmdcons C. Reestablish the mirrored volume. D. Refresh the mirrored volume. E. Install the Recovery Console using x:\I386\winnt32.exe /install Explanation: You must break the mirror to install the Recovery Console.

20. You are the head of the MIS department of your company. You are required to travel about 25% of the time to various remote locations. The corporate office network consists of 17 Windows 2000 domain controllers that use the Cluster Service. One of the domain controllers has Terminal Services, Routing, and Remote Access installed on it. When you travel, you must be able to edit the registry of the Windows 2000 server at the corporate office while using a remote access connection from a laptop computer. How can you configure this functionality? A. Use WINS to edit the registry B. Use Terminal services to edit the registry C. Use Routing and Remote Access to edit the registry *D. Use Routing and Remote Access to connect to the Terminal Server and edit the registry E. Edit the Registry from the Internet. Explanation: Once connected through Routing and Remote Access, you can remotely edit the registry.

Access to Resources 103 21. Your Windows 2000 network consists of 10 Windows 2000 Professional computers and a Windows 2000 domain controller running Windows 2000 Server. All the users of the Windows 2000 Professional computers are attorneys, paralegals, or administrative assistants, and they must print to various types of forms. Your network has a single Hewlett Packard 5SI printer on it. You must configure the printer as follows: All legal-sized documents print to the printer's upper tray. All letter-sized documents print to the lower tray. The print mode is specified as PCL and a separation page is configured to print before printing each document. All members of the Attorneys group have the minimum permissions required to print to the printer. You take the following actions You set up the HP LaserJet 5SI Properties for Device Settings as shown here: You set up the HP LaserJet 5SI Properties for printing as shown here: You assign the Attorneys group Modify permissions to the printer. Which requirements are met by the actions?

See Graphics on next page:

A. All letter-sized documents print to the lower tray B. All legal-sized documents print to the printer's upper tray C. All members of the Attorneys group have the minimum permissions required to print to the printer D. The print mod is specified as PCL and a separation page is configured to print before printing each document E. All documents print to the lower tray

104 Chapter 2

Access to Resources 105

106 Chapter 2 21. Your Windows 2000 network consists of 10 Windows 2000 Professional computers and a Windows 2000 domain controller running Windows 2000 Server. All the users of the Windows 2000 Professional computers are attorneys, paralegals, or administrative assistants, and they must print to various types of forms. Your network has a single Hewlett Packard 5SI printer on it. You must configure the printer as follows: All legal-sized documents print to the printer's upper tray. All letter-sized documents print to the lower tray. The print mode is specified as PCL and a separation page is configured to print before printing each document. All members of the Attorneys group have the minimum permissions required to print to the printer. You take the following actions: You set up the HP LaserJet 5SI Properties for Device Settings as shown here: You set up the HP LaserJet 5SI Properties for printing as shown here: You assign the Attorneys group Modify permissions to the printer. Which requirements are met by the actions? *A. All letter-sized documents print to the lower tray *B. All legal-sized documents print to the printer's upper tray C. All members of the Attorneys group have the minimum permissions required to print to the printer *D. The print mod is specified as PCL and a separation page is configured to print before printing each document E. All documents print to the lower tray Explanation: These settings will allow you to control which documents print on which forms.

Access to Resources 107 22. After installing Windows 2000 Server, you notice that the dependency service fails to start. How can you resolve this error?

A. Verify the local computer name is unique to the network B. Verify the proper domain name is used during the installation C. Ensure the proper protocol and network adapter are configured in Network Settings D. Ensure the target partition has sufficient free space for the Windows 2000 Server installation E. Verify the local computer name is in use.

108 Chapter 2 22. After installing Windows 2000 Server, you notice that the dependency service fails to start. How can you resolve this error? *A. Verify the local computer name is unique to the network B. Verify the proper domain name is used during the installation *C. Ensure the proper protocol and network adapter are configured in Network Settings D. Ensure the target partition has sufficient free space for the Windows 2000 Server installation E. Verify the local computer name is in use. Explanation: Check your network settings to resolve this problem.

Access to Resources 109 23. You are administering a Windows 2000 network for your company. The network consists of Windows 2000 Server and Windows 2000 Professional computers. The network is configured for Active Directory and includes a DNS server. You are making routine configuration changes to the network. Security Configuration and Analysis snap-in.

You are using the

Which tasks can you perform using this snap-in?

A. Track events B. Create group policies C. Set a working database D. Import a security template E. Configure DNS

24. You are the administrator for a Windows 2000 network. The network is configured with Active Directory and Group Policies. Only Windows 2000 Server and Windows 2000 Professional computers are used on the network. You need to make some group policy configuration changes. You create a group policy object (GPO) linked to an Organizational Unit (ou). You do not want the GPO to use any policies from the domain. How can you accomplish this task?

A. Check the "Block Inheritance" box in the main screen of the OU's Group Policy Editor B. Check the "Apply Group Policy" box in the main screen of the domain's Group Policy Editor C. Check the "Delete All Child Objects" box in the domain GPO policy's Properties dialog box D. Check the "No Override" box in the OU GPO's Options dialog box within the Properties dialog box E. Check the "Allow Inheritance" box in the main screen of the OU's Group Policy Editor

110 Chapter 2 23. You are administering a Windows 2000 network for your company. The network consists of Windows 2000 Server and Windows 2000 Professional computers. The network is configured for Active Directory and includes a DNS server. You are making routine configuration changes to the network. Security Configuration and Analysis snap-in.

You are using the

Which tasks can you perform using this snap-in? A. Track events B. Create group policies *C. Set a working database *D. Import a security template E. Configure DNS Explanation: Tracking events is done in the Event Viewer Snap-In. Group policies are created in the Group Policy Snap-In. DNS is configured in the DNS Snap-In.

24. You are the administrator for a Windows 2000 network. The network is configured with Active Directory and Group Policies. Only Windows 2000 Server and Windows 2000 Professional computers are used on the network. You need to make some group policy configuration changes. You create a group policy object (GPO) linked to an Organizational Unit (ou). You do not want the GPO to use any policies from the domain. How can you accomplish this task? *A. Check the "Block Inheritance" box in the main screen of the OU's Group Policy Editor B. Check the "Apply Group Policy" box in the main screen of the domain's Group Policy Editor C. Check the "Delete All Child Objects" box in the domain GPO policy's Properties dialog box D. Check the "No Override" box in the OU GPO's Options dialog box within the Properties dialog box E. Check the "Allow Inheritance" box in the main screen of the OU's Group Policy Editor Explanation: The Block Inheritance box will allow the OU to be independent.

Access to Resources 111 25. You are administering a Windows 2000 network. The network uses Active Directory and Group Policies. The network consists of a DNS server and uses auditing to track events. You are making configuration changes to the audit policy. You have decided to enable auditing for an additional event. After making the change, how will it begin to take effect?

A. By restarting the computer B. By typing Secedit at a command prompt C. From a regularly scheduled policy propagation D. By logging off and logging on to the computer E. By typing RefreshPolicy machine_policy at a command prompt

26. You are the administrator for a Windows 2000 network. The network is configured to use Active Directory and Group Policies. The network contains a DNS server and DHCP server. You need to make changes to the security configurations stored in the network. These configurations are stored in security templates on the domain controller. What can you access to make these changes?

A. Security Templates snap-in B. Security Configuration and Analysis snap-in C. Active Directory Sites and Services snap-in D. Active Directory Users and Computers snap-in E. Active Directory Domains and Trusts snap-in

112 Chapter 2 25. You are administering a Windows 2000 network. The network uses Active Directory and Group Policies. The network consists of a DNS server and uses auditing to track events. You are making configuration changes to the audit policy. You have decided to enable auditing for an additional event. After making the change, how will it begin to take effect? A. By restarting the computer B. By typing Secedit at a command prompt *C. From a regularly scheduled policy propagation D. By logging off and logging on to the computer E. By typing RefreshPolicy machine_policy at a command prompt Explanation: The policy will be propagated on a regular schedule, like other policies.

26. You are the administrator for a Windows 2000 network. The network is configured to use Active Directory and Group Policies. The network contains a DNS server and DHCP server. You need to make changes to the security configurations stored in the network. These configurations are stored in security templates on the domain controller. What can you access to make these changes? *A. Security Templates snap-in B. Security Configuration and Analysis snap-in C. Active Directory Sites and Services snap-in D. Active Directory Users and Computers snap-in E. Active Directory Domains and Trusts snap-in Explanation: The Security Templates snap-in is used to modify security templates.

Access to Resources 113 27. You are the administrator for a Windows 2000 network that uses Windows 2000 Server computers and Windows 2000 Professional client computers. The network is configured to use Active Directory and Group Policies. You find out that one of the Windows 2000 Server computer's local group policy settings is incorrect according to your company's standards. The administrator before you changed the permissions for the local group policy. You want the permissions set back to the defaults. Where will you access these permissions and how should the permissions be set?

A. Use the WINNT\System directory, and set the permissions to: Administrators = Read, Write, and Modify SYSTEM = Full Control Authenticated Users = List Folder Contents. B. Use the WINNT\System32 directory, and set the permissions to: Administrators = Read, Write, and Modify SYSTEM = Full Control Authenticated Users = Read, and List Folder Contents. C. Use the WINNT\System directory, and set the permissions to: Administrators = Full Control SYSTEM = Read, Write, and Modify Authenticated Users = Read and Execute, and List Folder Contents. D. Use the WINNT\System32\GroupPolicy directory, and set the permissions to: Administrators = Full Control SYSTEM = Full Control Authenticated Users = Read and Execute, List Folder Contents, and Read. E. Use the WINNT\System32\GroupPolicy directory, and set the permissions to: Administrators = Full Control SYSTEM = No Access Authenticated Users = Read and Execute, List Folder Contents, and Read.

114 Chapter 2 27. You are the administrator for a Windows 2000 network that uses Windows 2000 Server computers and Windows 2000 Professional client computers. The network is configured to use Active Directory and Group Policies. You find out that one of the Windows 2000 Server computer's local group policy settings is incorrect according to your company's standards. The administrator before you changed the permissions for the local group policy. You want the permissions set back to the defaults. Where will you access these permissions and how should the permissions be set? A. Use the WINNT\System directory, and set the permissions to: Administrators = Read, Write, and Modify SYSTEM = Full Control Authenticated Users = List Folder Contents. B. Use the WINNT\System32 directory, and set the permissions to: Administrators = Read, Write, and Modify SYSTEM = Full Control Authenticated Users = Read, and List Folder Contents. C. Use the WINNT\System directory, and set the permissions to: Administrators = Full Control SYSTEM = Read, Write, and Modify Authenticated Users = Read and Execute, and List Folder Contents. *D. Use the WINNT\System32\GroupPolicy directory, and set the permissions to: Administrators = Full Control SYSTEM = Full Control Authenticated Users = Read and Execute, List Folder Contents, and Read. E. Use the WINNT\System32\GroupPolicy directory, and set the permissions to: Administrators = Full Control SYSTEM = No Access Authenticated Users = Read and Execute, List Folder Contents, and Read. Explanation: Authenticated users need to be able to read and execute from the GroupPolicy folder, while Administrators and the System account need full access.

Access to Resources 115 28. As the network administrator, you create an Organizational Unit (OU) with a child OU named ENGUSERS. The child object must have explicit rights assigned to it, but the OU's permissions must propagate to the OU and all its other child objects. How can you configure this functionality on the Active Directory-enabled Windows 2000 server?

A. Configure permission inheritance on the OU B. Configure permission inheritance on the OU and all child objects C. On the child object with explicit rights, use the Security tab and clear the check box to Allow Inheritable Permissions From Parent to Propagate To This Object D. On the child object with explicit rights, use the Security tab and select the check box to Allow Inheritable Permissions from Parent to Propagate To This Object E. Configure permission inheritance on the OU

29. Your company plans to establish a new Web site. This Web site will allow visitors to download various shareware programs from your FTP site. The network administrator will be responsible for managing the FTP traffic to the site. Which optional component should you install?

A. Remote Storage B. Windows Media Services C. Remote Installation Services D. IIS E. IEAK

116 Chapter 2 28. As the network administrator, you create an Organizational Unit (OU) with a child OU named ENGUSERS. The child object must have explicit rights assigned to it, but the OU's permissions must propagate to the OU and all its other child objects. How can you configure this functionality on the Active Directory-enabled Windows 2000 server? *A. Configure permission inheritance on the OU B. Configure permission inheritance on the OU and all child objects *C. On the child object with explicit rights, use the Security tab and clear the check box to Allow Inheritable Permissions From Parent to Propagate To This Object D. On the child object with explicit rights, use the Security tab and select the check box to Allow Inheritable Permissions from Parent to Propagate To This Object E. Configure permission inheritance on the OU Explanation: Clearing the Allow Inheritable Permissions From Parent to Propagate To This Object box will allow you to assign explicit permissions to the child object.

29. Your company plans to establish a new Web site. This Web site will allow visitors to download various shareware programs from your FTP site. The network administrator will be responsible for managing the FTP traffic to the site. Which optional component should you install? A. Remote Storage B. Windows Media Services C. Remote Installation Services *D. IIS E. IEAK Explanation: IIS is used to administer Web and FTP services.

Access to Resources 117

Notes:

118 Chapter 2 30. You are a network administrator for your company's Windows 2000 Server network. The network contains a remote access server with dial-in access enabled. You need to set the profile properties for the default remote access policy. You want to accomplish the following goals: Disconnect client sessions if the dial-in client is idle for 15 minutes. Limit client sessions to three hours. Limit client system access times to Monday through Friday, 7:00 a.m. to 6:00 p.m. Limit clients to Async modem access. You perform the following actions: From the Routing and Remote Access console, you double-click your remote access server. You open the Properties dialog box for the default remote access policy. You click the Edit Profile button. You make the changes as shown below: Which goal or goals are accomplished from these actions?

A. Limit clients to Async modem access B. Limit client sessions to three hours C. Disconnect client sessions if the dial-in client is idle for 15 minutes D. Limit client system access times to Monday through Friday, 7:00am to 6:00pm E. Limit client sessions to six hours

Access to Resources 119

120 Chapter 2 30. You are a network administrator for your company's Windows 2000 Server network. The network contains a remote access server with dial-in access enabled. You need to set the profile properties for the default remote access policy. You want to accomplish the following goals: Disconnect client sessions if the dial-in client is idle for 15 minutes. Limit client sessions to three hours. Limit client system access times to Monday through Friday, 7:00 a.m. to 6:00 p.m. Limit clients to Async modem access. You perform the following actions: From the Routing and Remote Access console, you double-click your remote access server. You open the Properties dialog box for the default remote access policy. You click the Edit Profile button. You make the changes as shown below:

Which goal or goals are accomplished from these actions? A. Limit clients to Async modem access *B. Limit client sessions to three hours *C. Disconnect client sessions if the dial-in client is idle for 15 minutes *D. Limit client system access times to Monday through Friday, 7:00am to 6:00pm E. Limit client sessions to six hours Explanation: Dial-in is not limited to Async modem access.

Access to Resources 121 31. You are configuring Group Policy for your Windows 2000 network. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. You want to create a group policy. You want the policy linked to a site. You must first create a group policy object (GPO). How can you accomplish this task?

A. Open the Active Directory Sites and Services snap-in. Select the site and open the Properties dialog box. Select the Object tab and enter the object name. B. Open the Active Directory Users and Computers snap-in. Select the Users node and open the Properties dialog box for Group Policy Creator Owners. Enter a name for the new GPO. C. Open the Active Directory Sites and Services snap-in. Select the site and open the Properties dialog box. Select the Group Policy tab and click New. Enter a name for the new GPO. D. Open the Active Directory Users and Computers snap-in. Select the site and open the Properties dialog box. Select the Group Policy tab and click New. Enter a name for the new GPO. E. Delete the site.

32. You have recently been hired as one of the network administrators for a Windows 2000 network. The network uses Active Directory and Group Policies, and consists of all Windows 2000 Server computers and Windows 2000 Professional client computers. You have been training for your new position with one of the administrators. While observing maintenance procedures, the administrator uses the utility Gpedit.msc. Why did the administrator use this utility?

A. To edit the local GPO B. To edit the domain GPO C. To create a new local GPO D. To create a new domain GPO E. To delete the local GPO

122 Chapter 2 31. You are configuring Group Policy for your Windows 2000 network. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. You want to create a group policy. You want the policy linked to a site. You must first create a group policy object (GPO). How can you accomplish this task? A. Open the Active Directory Sites and Services snap-in. Select the site and open the Properties dialog box. Select the Object tab and enter the object name. B. Open the Active Directory Users and Computers snap-in. Select the Users node and open the Properties dialog box for Group Policy Creator Owners. Enter a name for the new GPO. *C. Open the Active Directory Sites and Services snap-in. Select the site and open the Properties dialog box. Select the Group Policy tab and click New. Enter a name for the new GPO. D. Open the Active Directory Users and Computers snap-in. Select the site and open the Properties dialog box. Select the Group Policy tab and click New. Enter a name for the new GPO. E. Delete the site. Explanation: The Active Directory Sites and Services snap-in is used to create a Group Policy Object.

32. You have recently been hired as one of the network administrators for a Windows 2000 network. The network uses Active Directory and Group Policies, and consists of all Windows 2000 Server computers and Windows 2000 Professional client computers. You have been training for your new position with one of the administrators. While observing maintenance procedures, the administrator uses the utility Gpedit.msc. Why did the administrator use this utility? *A. To edit the local GPO B. To edit the domain GPO C. To create a new local GPO D. To create a new domain GPO E. To delete the local GPO Explanation: Gpedit.msc is used to edit the local GPO

Access to Resources 123 33. You are configuring Group Policy for your Windows 2000 network. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. You want to create a group policy. You want the policy linked to a domain. You must first create a group policy object. What do you access to accomplish this task?

A. Services snap-in B. Security Configuration and Analysis snap-in C. Active Directory Sites and Services snap-in D. Active Directory Domains and Trusts snap-in E. Active Directory Users and Computers snap-in

34. A Windows 2000 server print device fails and can no longer print successfully. You must print a specific document sent to the print device. The queue for the print device has 200 pending print jobs. How can you print the specific document?

A. Print the document to a file B. Delete and recreate the print device C. Redirect the single document to another print device D. Redirect all documents to a different print device E. Restart the server.

124 Chapter 2 33. You are configuring Group Policy for your Windows 2000 network. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. You want to create a group policy. You want the policy linked to a domain. You must first create a group policy object. What do you access to accomplish this task? A. Services snap-in B. Security Configuration and Analysis snap-in C. Active Directory Sites and Services snap-in D. Active Directory Domains and Trusts snap-in *E. Active Directory Users and Computers snap-in Explanation: GPOs for a domain are created in the Active Directory Users and Computers snap-in.

34. A Windows 2000 server print device fails and can no longer print successfully. You must print a specific document sent to the print device. The queue for the print device has 200 pending print jobs. How can you print the specific document? A. Print the document to a file B. Delete and recreate the print device C. Redirect the single document to another print device *D. Redirect all documents to a different print device E. Restart the server. Explanation: Redirecting all documents to a different print device will allow them to print.

Access to Resources 125 35. You are the administrator of an OU with an FQDN of acct.branch1.corpx.com. You know that corporate policy is to limit roaming user profile sizes to 30,000KB. However, you have recently noticed that user profile sizes are exceeding 30,000KB even though account settings are mapping them to a server in your OU. You have checked your GPO and your limit user profiles setting is not configured, so that the corporate settings are flowing through. You have called the administrator of corpx.com and he tells you that the user profile limit is still in place, but that "no override" is not set for the policy. What is the most likely problem?

A. user profiles are not shared B. the server isn't using an NTFS partition C. block policy inheritance is configured at corpx.com D. roaming user profiles are not enabled

36. If "Verify Caller ID" is enabled, which of the following statements is true?

A. If the caller's phone number does not match the configured number, access is denied. B. If the caller's phone number does not match one of the numbers provided at setup, access is denied. C. If the caller's phone number does not match one of the numbers provided at setup, the caller must provide additional authentication. D. If the caller's phone number does not match the configured number, the caller must provide additional authentication.

126 Chapter 2 35. You are the administrator of an OU with an FQDN of acct.branch1.corpx.com. You know that corporate policy is to limit roaming user profile sizes to 30,000KB. However, you have recently noticed that user profile sizes are exceeding 30,000KB even though account settings are mapping them to a server in your OU. You have checked your GPO and your limit user profiles setting is not configured, so that the corporate settings are flowing through. You have called the administrator of corpx.com and he tells you that the user profile limit is still in place, but that "no override" is not set for the policy. What is the most likely problem? A. user profiles are not shared B. the server isn't using an NTFS partition *C. block policy inheritance is configured at corpx.com D. roaming user profiles are not enabled Explanation: A block at the parent container can override settings of its parent container so long as no override is configured. Roaming profiles are clearly working because users are getting profiles larger than 30,000KB as described in the scenario. The partition doesn't really have anything to do with this problem and the "server" referenced isn't clear anyway. User profiles don't have to be shared, but the folder in which the profiles are stored must be shared. Of course, the folder must be shared because users are getting access to their profiles.

36. If "Verify Caller ID" is enabled, which of the following statements is true? *A. If the caller's phone number does not match the configured number, access is denied. B. If the caller's phone number does not match one of the numbers provided at setup, access is denied. C. If the caller's phone number does not match one of the numbers provided at setup, the caller must provide additional authentication. D. If the caller's phone number does not match the configured number, the caller must provide additional authentication. Explanation: The server will verify the caller's phone number. If the number does not match the configured number, access will be denied. In addition, if you configure Caller ID setting for users, and you do not have support for the passing of this information from the caller to remote access, access will be denied. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Configuring and Troubleshooting Windows 2000 Network Connections

Access to Resources 127 37. Examine the following information: CN=George Doe, CN=Users, DC=international, DC=msft This is an example of:

A. A distinguished name B. A relative distinguished name C. A user principal name D. A GUID

38. Which of the following can be a member of a global group in a Windows 2000 domain running in native mode?

A. Domain users B. Domain Local Groups C. Domain Global Groups D. Universal Groups within the forest

128 Chapter 2 37. Examine the following information: CN=George Doe, CN=Users, DC=international, DC=msft This is an example of: *A. A distinguished name B. A relative distinguished name C. A user principal name D. A GUID Explanation: This is an example of a distinguished name. A distinguished name identifies a domain where the object is located as well as the complete path to the object. CN refers to the common name and DC refers to the domain components of the distinguished name. All objects in Active Directory must have a distinguished name. Reference: Implementing Microsoft Windows 2000 Professional and Server. Exam Category: Installing, Configuring and Troubleshooting Access to Resources

38. Which of the following can be a member of a global group in a Windows 2000 domain running in native mode? *A. Domain users B. Domain Local Groups *C. Domain Global Groups D. Universal Groups within the forest Explanation: Global groups have limited membership. They can contain user accounts and global groups within the domain where they were created. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing, Configuring and Troubleshooting Access to Resources.

Access to Resources 129 39. You are configuring Group Policy on your Windows 2000 Server when one of the people on your network administration team tells you that you must also configure System Policies for your legacy clients. She has located five different templates, but she is unclear which operating systems use which templates. She has made a list of the templates she has found below. system.adm common.adm inetres.adm windows.adm winnt.adm Using their respective codes from above, match the template with the OS for which it was intended. Choose only the correct matches from the choices below.

A. system.adm and inetres.adm are for Windows 2000 clients B. winnt.adm is for Windows NT 4.0 and Windows 2000 clients C. common.adm is for Windows 9x clients D. system.adm and windows.adm work with Windows NT 4.0 and Windows 9x clients E. common.adm works with Windows NT 4.0 clients

130 Chapter 2 39. You are configuring Group Policy on your Windows 2000 Server when one of the people on your network administration team tells you that you must also configure System Policies for your legacy clients. She has located five different templates, but she is unclear which operating systems use which templates. She has made a list of the templates she has found below. system.adm common.adm inetres.adm windows.adm winnt.adm Using their respective codes from above, match the template with the OS for which it was intended. Choose only the correct matches from the choices below. *A. system.adm and inetres.adm are for Windows 2000 clients B. winnt.adm is for Windows NT 4.0 and Windows 2000 clients *C. common.adm is for Windows 9x clients D. system.adm and windows.adm work with Windows NT 4.0 and Windows 9x clients *E. common.adm works with Windows NT 4.0 clients Explanation: The Windows 2000 policy templates are system.adm and inetres.adm. The other templates are for legacy clients. Common.adm works with both Windows NT 4.0 and Windows 9x clients (Windows 95 and Windows98). Windows.adm can only be used with Windows 9x clients. Winnt.adm is only for Windows NT 4.0 clients.

Access to Resources 131 40. You have configured system policies for your Windows NT 4.0 users. One user has complained that he is not receiving the appropriate configuration. He says that his Run dialog box is disabled, even though he is a member of the Accounting Group, for which the Run command is specifically not disabled (the checkbox is cleared). John is a member of the Accounting Group and Marketing Group only. You check the System Policy that is configured for your network and you see the Group Priority that is shown in the figure. You know that the Accounting Group has specifically enabled the Run dialog box. Which of the following are possible reasons that John doesn't have the Run dialog box?

A. John's user profile has the run command disabled B. the Marketing Group has the Run command disabled, which overrides the Accounting Group C. the Manager Group has the Run command disabled, which overrides the Accounting group D. John is working on a Windows 2000 system, which has the Run command disabled E. the Marketing Group setting is overriding John's personal settings

132 Chapter 2 40. You have configured system policies for your Windows NT 4.0 users. One user has complained that he is not receiving the appropriate configuration. He says that his Run dialog box is disabled, even though he is a member of the Accounting Group, for which the Run command is specifically not disabled (the checkbox is cleared). John is a member of the Accounting Group and Marketing Group only. You check the System Policy that is configured for your network and you see the Group Priority that is shown in the figure. You know that the Accounting Group has specifically enabled the Run dialog box. Which of the following are possible reasons that John doesn't have the Run dialog box? *A. John's user profile has the run command disabled B. the Marketing Group has the Run command disabled, which overrides the Accounting Group C. the Manager Group has the Run command disabled, which overrides the Accounting group *D. John is working on a Windows 2000 system, which has the Run command disabled E. the Marketing Group setting is overriding John's personal settings Explanation: From the figure, you can see that John has a personal user profile, which overrides all group settings. The logic is that when users have personal profiles, someone wanted them to have those settings and only those settings. None of the other group policies are applied in that case, so there is no need to even consider them. The only other thing that might be happening is that John has logged on to a Windows 2000 system. If the Windows 2000 system doesn't allow him access to the Run command, then it doesn't matter what is configured in the System Policy.

Access to Resources 133 41. Which of the following can be a member of a local group?

A. Global groups within the domain B. Domain users C. Local users D. Universal groups within the forest

42. Which of the following can be a member of a domain local group?

A. Local users B. Domain Users C. Universal Groups within the forest D. Global groups within the domain E. Universal Users

134 Chapter 2 41. Which of the following can be a member of a local group? A. Global groups within the domain B. Domain users *C. Local users D. Universal groups within the forest Explanation: Local groups should be used only on computers that are not members of a domain. Local groups can contain user accounts from the local computer. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing, Configuring and Troubleshooting Access to Resources.

42. Which of the following can be a member of a domain local group? A. Local users *B. Domain Users *C. Universal Groups within the forest *D. Global groups within the domain E. Universal Users Explanation: Domain local groups can be used to grant permission to resources anywhere in the domain. They can contain user accounts, global groups and Universal groups anywhere from any domain, provided the trust relationship is in place. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing, Configuring and Troubleshooting Access to Resources.

Access to Resources 135 43. Your network administration team wants to use quotas to manage the size of the desktops of roaming users. The group has been discussing various ways of doing this, and several solutions have been proposed. You are aware that several of the suggestions will not work because of the limitations of the Windows 2000 quota management service. The most recent suggestion is to perform the following: 1. Allow users to logon from different systems on the network 2. Configure roaming profiles to be stored on a central server and volume 3. Locate the desktop folder inside each profile and set it to the specified size limit 4. Limit administrators to 200MB desktops and all other users to 100MB desktops Which aspects of the most recent proposal require revision?

A. 1 only B. 2 only C. 3 and 4 only D. 2 and 4 only E. 1 and 4 only

44. You have a Windows 2000 Server running as a stand-alone server on your network. Several of the systems on your network are providing shares, and you have decided to organize the shares to make it easier for network clients to navigate their resources. You decide to configure DFS on the your Windows 2000 Server. Now you would like to create a replica of the DFS root on another Windows 2000 Server, but you cannot find the option to do so. What is the problem?

A. your server is using a FAT32 partition B. stand-alone servers cannot create DFS Root replicas C. your server is using a FAT16 partition D. your server is using an NTFS partition

136 Chapter 2 43. Your network administration team wants to use quotas to manage the size of the desktops of roaming users. The group has been discussing various ways of doing this, and several solutions have been proposed. You are aware that several of the suggestions will not work because of the limitations of the Windows 2000 quota management service. The most recent suggestion is to perform the following: 1. Allow users to logon from different systems on the network 2. Configure roaming profiles to be stored on a central server and volume 3. Locate the desktop folder inside each profile and set it to the specified size limit 4. Limit administrators to 200MB desktops and all other users to 100MB desktops Which aspects of the most recent proposal require revision? A. 1 only B. 2 only *C. 3 and 4 only D. 2 and 4 only E. 1 and 4 only Explanation: Windows 2000 quota manager operates at the volume level, not the directory level, so you cannot limit specific folder sizes. In addition, administrative accounts are exempt from quota limits. You can centralize user profiles, and you should allow users to logon from different systems, if they are to be roaming users. By default, users have the right to log on from other systems in the network.

44. You have a Windows 2000 Server running as a stand-alone server on your network. Several of the systems on your network are providing shares, and you have decided to organize the shares to make it easier for network clients to navigate their resources. You decide to configure DFS on the your Windows 2000 Server. Now you would like to create a replica of the DFS root on another Windows 2000 Server, but you cannot find the option to do so. What is the problem? A. your server is using a FAT32 partition *B. stand-alone servers cannot create DFS Root replicas C. your server is using a FAT16 partition D. your server is using an NTFS partition Explanation: Stand-alone servers cannot create replica DFS Roots. Replica DFS Roots can only be created on domain controller and they must be using an NTFS partition. On a stand-alone Windows 2000 Server, you can create a DFS Root on a FAT, FAT32, or NTFS partition.

Access to Resources 137 45. Carlos is an employee in XYZ Corp (xzcorp.com). He is a member of the Domain Users and Telemarketing domain global groups. Department managers are members of the Managers domain global group and have full control access to a shared folder named Timesheet located on your Windows 2000 Server. The manager of the Telemarketing department has left on vacation and left Carlos is in charge of updating timesheets for the department. He just called to tell you that he can read files in the Timesheet share, but he cannot save changes. You check the permissions and NTFS security and find the following configuration: Timesheet share permissions Timesheet security permissions Managers - full control Managers - Full control Accountants - deny access Telemarketing - Modify Domain users - read Domain users - Read access Which of the following can you do to ensure that Carlos can save changes?

A. give the telemarketing group read access to the share B. add Carlos in the accountants group C. ask Carlos to access the files directly by logging on to your server D. add Carlos to the managers group E. remove Carlos from the domain users group

138 Chapter 2 45. Carlos is an employee in XYZ Corp (xzcorp.com). He is a member of the Domain Users and Telemarketing domain global groups. Department managers are members of the Managers domain global group and have full control access to a shared folder named Timesheet located on your Windows 2000 Server. The manager of the Telemarketing department has left on vacation and left Carlos is in charge of updating timesheets for the department. He just called to tell you that he can read files in the Timesheet share, but he cannot save changes. You check the permissions and NTFS security and find the following configuration: Timesheet share permissions Timesheet security permissions Managers - full control Managers - Full control Accountants - deny access Telemarketing - Modify Domain users - read Domain users - Read access Which of the following can you do to ensure that Carlos can save changes? A. give the telemarketing group read access to the share B. add Carlos in the accountants group C. ask Carlos to access the files directly by logging on to your server D. add Carlos to the managers group *E. remove Carlos from the domain users group Explanation: NTFS Security applies at the local server and share security applies for users connecting over the network. Since Carlos is a member of the telemarketing group, if he logged on to the server where the files were stored locally, he could access and change them because he would have modify permissions. If you add Carlos to the managers group, he will have full control to the documents from wherever he logs on. If you place Carlos in the accountants group, he will be denied access across the network. Removing Carlos from domain users would prevent him from even reading the timesheet files across the network. Granting read access to the telemarketing group for the timesheet share would not allow Carlos to modify timesheet files.

Access to Resources 139

Notes:

140 Chapter 2 46. John is a user on a Windows 2000 Professional system, which is part of your company's Ace.local domain. You are in charge of a Windows 2000 Server, which is also part of the Ace.local domain. You have shared a company bulletin in a folder named "shareme" for everyone to access. However, John is complaining that he cannot access the resource. You know that you have configured the domain users group for read access, but you decide to check the share and NTFS permissions just to be sure (see figure). Based on what you have found, which accounts should be able to access the shareme folder over the network?

A. only administrators B. only valid domain users C. all users would have at least read access D. only domain users would have read access E. no one would be able to access shareme

Access to Resources 141

142 Chapter 2 46. John is a user on a Windows 2000 Professional system, which is part of your company's Ace.local domain. You are in charge of a Windows 2000 Server, which is also part of the Ace.local domain. You have shared a company bulletin in a folder named "shareme" for everyone to access. However, John is complaining that he cannot access the resource. You know that you have configured the domain users group for read access, but you decide to check the share and NTFS permissions just to be sure (see figure). Based on what you have found, which accounts should be able to access the shareme folder over the network? A. only administrators B. only valid domain users C. all users would have at least read access D. only domain users would have read access *E. no one would be able to access shareme Explanation: The share permissions show that the Everyone group has been denied all forms of share access. This means that no one, even administrators, will be able to access the share across the network.

Access to Resources 143 47. You are configuring a file storage location for the users on your network. You want the users to be able to remotely store and access their files from the server. You also want all of the files stored securely using encryption. You also want to protect data integrity during the transfer. Your clients are running Windows 2000 Professional clients and using the FAT32 file system. Goals Create a location for users to store their files centrally Prevent users from accessing the private folders of other users on the central server Encrypt the data that is transferred between the clients and servers. Allow clients to encrypt data that is on the central server. Allow clients to store encrypted files on their local systems. Proposed Solution To accomplish these goals, you plan to set up a central Windows 2000 Server with shared folders for each of your users. You also plan to configure NTFS permissions so that each user is the only one who has access to their personal folder on the server. Then, you will have each client convert their partitions to NTFS and teach them how to encrypt files locally. Which of the following will be accomplished by the proposed solution?

A. create a location for users to store their files centrally B. prevent users from accessing the private folders of other users on the central server C. encrypt the data that is transferred between the clients and servers D. allow clients to encrypt data that is on the central server E. allow clients to store encrypted files on their local systems

144 Chapter 2 47. You are configuring a file storage location for the users on your network. You want the users to be able to remotely store and access their files from the server. You also want all of the files stored securely using encryption. You also want to protect data integrity during the transfer. Your clients are running Windows 2000 Professional clients and using the FAT32 file system. Goals Create a location for users to store their files centrally Prevent users from accessing the private folders of other users on the central server Encrypt the data that is transferred between the clients and servers. Allow clients to encrypt data that is on the central server. Allow clients to store encrypted files on their local systems. Proposed Solution To accomplish these goals, you plan to set up a central Windows 2000 Server with shared folders for each of your users. You also plan to configure NTFS permissions so that each user is the only one who has access to their personal folder on the server. Then, you will have each client convert their partitions to NTFS and teach them how to encrypt files locally. Which of the following will be accomplished by the proposed solution? *A. create a location for users to store their files centrally *B. prevent users from accessing the private folders of other users on the central server C. encrypt the data that is transferred between the clients and servers D. allow clients to encrypt data that is on the central server *E. allow clients to store encrypted files on their local systems Explanation: The proposed solution says that a central server was configured and that clients could store their files at that location. Also, NTFS permissions were set to restrict access to only the specific user for which the folder was created. Converting the client's file systems to NTFS and teaching, them to encrypt files can be considered allowing them to store encrypted files locally. However, you haven't set up an encryption method such as SSL, or VPN between the client and server, so the data transferred over the network is not encrypted. Also, if you don't specifically enable "Trusted for Delegation" on the central server, clients will not be able to encrypt data on the server. To enable this option, you must go through Active Directory users and computers, access the computer's properties and then check the "Trust computer for delegation" on the server.

Access to Resources 145 48. Which of the following is stored on the host computer on a standalone DFS?

A. The DFS Root B. The topology C. The shared folders D. The data

49. Only client computers running DFS software can access DFS resources. Which of the following operating systems include DFS client software?

A. Windows 2000 Professional B. Windows NT 4.0 Workstation C. Windows 98 D. Windows 95 E. DOS

146 Chapter 2 48. Which of the following is stored on the host computer on a standalone DFS? *A. The DFS Root *B. The topology C. The shared folders D. The data Explanation: The DFS root and topology are stored on the host computer in a standalone DFS. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing, Configuring and Troubleshooting Access to Resources.

49. Only client computers running DFS software can access DFS resources. Which of the following operating systems include DFS client software? *A. Windows 2000 Professional *B. Windows NT 4.0 Workstation *C. Windows 98 D. Windows 95 E. DOS Explanation: Clients running Windows 2000, Windows NT 4.0 and Windows 98 include DFS software. Windows 95 clients must download a DFS client and install it. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum Exam Category: Installing, Configuring and Troubleshooting Access to Resources.

Access to Resources 147 50. On a domain-based DFS, where is the topology stored?

A. On the host computer B. On the domain controllers C. In Active Directory D. On the synchronized computer

51. How are permissions applied in DFS?

A. DFS folders have unique share and NTFS permissions that must be assigned at the time DFS is configured. B. DFS root folders have unique share and NTFS permissions that must be assigned at the time DFS is configured. All subfolders under the root have the permissions of the root folder. C. First level folders must have share and permissions assigned at the time DFS is configured. All subfolders under the first level folder will, by default, inherit the permissions of the parent folder, but may be configured to suit administrative need. D. DFS does not use unique share and NTFS permissions. The permissions assigned to the share where DFS points are the permissions that are applied.

148 Chapter 2 50. On a domain-based DFS, where is the topology stored? A. On the host computer B. On the domain controllers *C. In Active Directory D. On the synchronized computer Explanation: In a domain-based DFS, the topology is stored in Active Directory. Changes to the DFS tree are synchronized with Active Directory and the topology can be restored from Active Directory should the root fail.

51. How are permissions applied in DFS? A. DFS folders have unique share and NTFS permissions that must be assigned at the time DFS is configured. B. DFS root folders have unique share and NTFS permissions that must be assigned at the time DFS is configured. All subfolders under the root have the permissions of the root folder. C. First level folders must have share and permissions assigned at the time DFS is configured. All subfolders under the first level folder will, by default, inherit the permissions of the parent folder, but may be configured to suit administrative need. *D. DFS does not use unique share and NTFS permissions. The permissions assigned to the share where DFS points are the permissions that are applied. Explanation: DFS does not use separate NTFS or share permissions to a link. Permissions assigned to the share at the time the link was established are the effective permissions. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum

Access to Resources 149 52. While monitoring a client, you note that every time the client wishes to access a DFS link, it queries the DFS server about the location. This happens every time, even if the client had already established a connection to the link a short time before. Why is this happening?

A. The link is not statically mapped. B. The link's cache referral has been set to 0. C. The original link has failed and fault tolerance is in effect. D. The replica was not found.

53. How many replicas can each DFS link have?

A. 64 Replicas B. 16 Replicas C. 32 Replicas D. Unlimited Replicas E. 8 Replicas

150 Chapter 2 52. While monitoring a client, you note that every time the client wishes to access a DFS link, it queries the DFS server about the location. This happens every time, even if the client had already established a connection to the link a short time before. Why is this happening? A. The link is not statically mapped. *B. The link's cache referral has been set to 0. C. The original link has failed and fault tolerance is in effect. D. The replica was not found. Explanation: One of the options on the DFS link is the length of time the client will cache the referral. In this case, the length of time has been set to 0, so the client must refresh the referral each time it wishes to access a link. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum

53. How many replicas can each DFS link have? A. 64 Replicas B. 16 Replicas *C. 32 Replicas D. Unlimited Replicas E. 8 Replicas Explanation: Each DFS link can have up to 32 replicas. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum

Access to Resources 151 54. In order to share folders on a system in a Windows 2000 domain, you must be a member of one of the following groups:

A. Administrators B. Power Users C. Server Operators D. File Systems Operators

152 Chapter 2 54. In order to share folders on a system in a Windows 2000 domain, you must be a member of one of the following groups: *A. Administrators B. Power Users *C. Server Operators D. File Systems Operators Explanation: In order to share folders in a Windows 2000 domain, you must be a member of Administrators or Server Operators. On a stand-alone server in the domain, however, Power Users can share folders. Reference: Implementing Windows 2000 Professional and Server, Microsoft Official Curriculum

Access to Resources 153 55. You have created an application share for the accounting users. You have granted access to the share to only the accounting users. Martin is a member of the both marketing and accounting groups. He says he is having trouble accessing the share. You check that the share and NTFS permissions and the accounting group access are configured as expected, shown in the table below. Shared Folder Share Permissions NTFS Security Administrators - Full Control Administrators - Full Control Accounting - Full Control Accounting - Full Control Domain Users - Read Domain Users - Read Guests - Deny Access Marketing - Deny Access Which of the following can you do to grant access to Martin?

A. grant Martin membership in the administrators group B. grant Martin membership in the domain users group C. grant the domain users group full access D. remove Martin from the marketing group E. remove Martin from the accounting group

154 Chapter 2 55. You have created an application share for the accounting users. You have granted access to the share to only the accounting users. Martin is a member of the both marketing and accounting groups. He says he is having trouble accessing the share. You check that the share and NTFS permissions and the accounting group access are configured as expected, shown in the table below. Shared Folder Share Permissions NTFS Security Administrators - Full Control Administrators - Full Control Accounting - Full Control Accounting - Full Control Domain Users - Read Domain Users - Read Guests - Deny Access Marketing - Deny Access Which of the following can you do to grant access to Martin? A. grant Martin membership in the administrators group B. grant Martin membership in the domain users group C. grant the domain users group full access *D. remove Martin from the marketing group E. remove Martin from the accounting group Explanation: The NTFS security setting that is denying the marketing group access to the shared folder is causing the problem. Since Martin is a member of marketing, his membership in that group is preventing him from gaining access to the share. The only proposed solution presented that recognizes this fact is to remove Martin from the marketing group. Other possible proposed solutions would be to remove the marketing group from the NTFS security settings, so that they are not specifically denied access. Removing Martin from the accounting group or granting the domain users group full control will not solve the issue. Adding Martin to the domain users group or administrators group will not allow Martin to get past the marketing group's denied access.

Access to Resources 155 56. You have created a DFS Root on your Windows 2000 Server for your network clients. Your DFS Root server is named xdot3.xcorp.com and its replica is named xdot4.xcorp.com. The DFS Root that you have established is named XFILES. Recently, a client a Windows 2000 Professional system tried to access a folder named CRYPTO on that is published by your DFS server, but received an access denied message. The user tells you that she is trying to access the folder via the name \\xcorp\xfiles. You have traced a DFS link to a Windows 95 system named 95Cryptic sharing the folder Crypto. You then discover that the Windows 95 system is down. Upon rechecking your DFS configuration, you see that there is replica link pointing to a Windows NT Server. Which of the following are possible explanations for the access denied message?

A. the Windows 95 system is denying access B. the Windows NT Server doesn't recognize the user's account C. the client is using the DFS replica, which is trying to access the Windows 95 system only D. the Windows NT Server is specifically denying access to the user E. a Windows 95 share cannot be linked to from a DFS root

156 Chapter 2 56. You have created a DFS Root on your Windows 2000 Server for your network clients. Your DFS Root server is named xdot3.xcorp.com and its replica is named xdot4.xcorp.com. The DFS Root that you have established is named XFILES. Recently, a client a Windows 2000 Professional system tried to access a folder named CRYPTO on that is published by your DFS server, but received an access denied message. The user tells you that she is trying to access the folder via the name \\xcorp\xfiles. You have traced a DFS link to a Windows 95 system named 95Cryptic sharing the folder Crypto. You then discover that the Windows 95 system is down. Upon rechecking your DFS configuration, you see that there is replica link pointing to a Windows NT Server. Which of the following are possible explanations for the access denied message? A. the Windows 95 system is denying access *B. the Windows NT Server doesn't recognize the user's account C. the client is using the DFS replica, which is trying to access the Windows 95 system only *D. the Windows NT Server is specifically denying access to the user E. a Windows 95 share cannot be linked to from a DFS root Explanation: Something is happening in this problem, an access denied message is being issued. Since the Windows 95 system is down, it cannot be sending the "access denied" message. However, the Windows NT Server could be sending this message. The Windows NT Server may be sending the message because the user is specifically denied access on the Windows NT Server or because the NT Server doesn't recognize the users account name/password. It is possible to link Windows 95 shares through DFS.

Access to Resources 157 57. You are working on a network that has a mix of Linux and Windows 2000 systems. All of the files you need to access are on the Windows 2000 Servers. To increase compatibility on the network all printers are running the Line Printer Daemon (LPD) printer services. You must configure your Windows 2000 Server so that it can print to an LPD server. Which service must you install on your Windows 2000 Server?

A. Network Monitoring Services B. Simple TCP/IP Services C. File and Printer Services for NetWare D. File and Printer Services for Macintosh E. File and Printer Services for UNIX

58. You have configured a printer on your network for users. The printer was automatically published in Active Directory, since it was installed on a Windows 2000 Server. A user named John mentions to you that another user has been deleting print jobs. After talking with John, for several minutes you realize that the other user was just deleting her own print jobs in the spool. You explain that this is normal and then go on to explain that is configured by default when a new printer is shared. Which object from the default set of printer permissions allows a user to delete his or her print job?

A. Everyone B. Administrators C. Power Users D. Print Operators E. Creator Owner

158 Chapter 2 57. You are working on a network that has a mix of Linux and Windows 2000 systems. All of the files you need to access are on the Windows 2000 Servers. To increase compatibility on the network all printers are running the Line Printer Daemon (LPD) printer services. You must configure your Windows 2000 Server so that it can print to an LPD server. Which service must you install on your Windows 2000 Server? A. Network Monitoring Services B. Simple TCP/IP Services C. File and Printer Services for NetWare D. File and Printer Services for Macintosh *E. File and Printer Services for UNIX Explanation: File and Printer Services for UNIX installs the LPR client, which is necessary to send print jobs to an LPD server.

58. You have configured a printer on your network for users. The printer was automatically published in Active Directory, since it was installed on a Windows 2000 Server. A user named John mentions to you that another user has been deleting print jobs. After talking with John, for several minutes you realize that the other user was just deleting her own print jobs in the spool. You explain that this is normal and then go on to explain that is configured by default when a new printer is shared. Which object from the default set of printer permissions allows a user to delete his or her print job? A. Everyone B. Administrators C. Power Users D. Print Operators *E. Creator Owner Explanation: The Creator Owner group is given the Manage Documents permission. The originator of a file is considered to be the Creator Owner of that file, which is how that person is able to access and delete the file. The Everyone group is only given the Print permission by default, which does not allow users to delete their own print jobs. The Administrator, Power Users, and Print Operators groups are only for selected users, and although they do have the rights to Manage Documents and Printers, those groups don't explain why anyone who sends a print job can delete that print job.

Access to Resources 159 59. You wish to add a printer that uses the TCP/IP protocol. Using the Add Printer Wizard, what do you do to create this printer?

A. Add Port, LPR Port B. Add Port, Standard TCP/IP Port C. Create New Port, LPR Port D. Create New Port, Standard TCP/IP Port

60. To control settings for all documents on a printer, a user must have which permission?

A. Print B. Manage Documents C. Manage Printers D. Full Control

160 Chapter 2 59. You wish to add a printer that uses the TCP/IP protocol. Using the Add Printer Wizard, what do you do to create this printer? A. Add Port, LPR Port B. Add Port, Standard TCP/IP Port C. Create New Port, LPR Port *D. Create New Port, Standard TCP/IP Port Explanation: This process has changed from Windows NT 4.0. To create a new printer under Windows 2000, use the Add Printer wizard; choose Select Port, Create New Port, Standard TCP/IP Port. Reference: Implementing Microsoft Windows 2000 Professional and Server.

60. To control settings for all documents on a printer, a user must have which permission? A. Print *B. Manage Documents C. Manage Printers D. Full Control Explanation: There are three levels of permissions with a printer in Windows 2000. These are Print, Manage Documents and Manage Printers. Manage Documents will allow a user to print documents, pause, restart, and delete all documents, connect to a printer, and control settings on all documents. Reference: Windows 2000 Server Manual.

Access to Resources 161 61. To share a printer, a user must have which permission?

A. Print B. Manage Documents C. Manage Printers D. Full Control

62. You have been receiving complaints from a client that printing from his Outlook client is extremely slow. You examine the situation and discover that his Outlook client is configured for multiple languages. How do you resolve this printing problem?

A. Restrict the printing from Outlook client to single language. B. Increase the spool directory on the client computer. C. Install multiple languages on the print server. D. Change the print requirements to print directly to server, without spooling.

162 Chapter 2 61. To share a printer, a user must have which permission? A. Print B. Manage Documents *C. Manage Printers D. Full Control Explanation: There are three levels of permissions for printers in Windows 2000. These are Print, Manage Documents, and Manage Printers. Manage Printers replaces the "Full Control" permission in Windows NT 4.0, and allows full management of printers in the domain, including sharing printers. Reference: Windows 2000 Server Manual.

62. You have been receiving complaints from a client that printing from his Outlook client is extremely slow. You examine the situation and discover that his Outlook client is configured for multiple languages. How do you resolve this printing problem? A. Restrict the printing from Outlook client to single language. B. Increase the spool directory on the client computer. *C. Install multiple languages on the print server. D. Change the print requirements to print directly to server, without spooling. Explanation: Install multiple languages on the print server. If a client is using multiple languages on his computer, these languages should all be installed on the Windows 2000 print server. Reference: Windows 2000 Server Manual.

Access to Resources 163 63. You are working on a domain named xcorp.com. On your domain, you have three Windows 2000 Servers and 250 Windows Professional client systems. Two of the Windows 2000 Servers are functioning as domain controllers and the other is a Member Server on the domain. Lately you have noticed that shares from each of the Windows 2000 Servers have become confusing for users. You have decided to implement DFS to better organize the network. After considering the structure, you have decided to use a DFS root and replica (for fault tolerance). You are considering several configuration options. Which of the following choices is the best solution?

A. Configure both root and replica on Windows 2000 Member Server B. Configure one DFS root on the Windows 2000 Professional system C. Configure one DFS root on the Windows 2000 Server and a replica on one of the domain controllers D. Place the DFS root on the Windows 2000 Server and a replica on one of the Windows 2000 Professional Systems E. Place root and replica on different Windows 2000 Professional systems

164 Chapter 2 63. You are working on a domain named xcorp.com. On your domain, you have three Windows 2000 Servers and 250 Windows Professional client systems. Two of the Windows 2000 Servers are functioning as domain controllers and the other is a Member Server on the domain. Lately you have noticed that shares from each of the Windows 2000 Servers have become confusing for users. You have decided to implement DFS to better organize the network. After considering the structure, you have decided to use a DFS root and replica (for fault tolerance). You are considering several configuration options. Which of the following choices is the best solution? A. Configure both root and replica on Windows 2000 Member Server B. Configure one DFS root on the Windows 2000 Professional system *C. Configure one DFS root on the Windows 2000 Server and a replica on one of the domain controllers D. Place the DFS root on the Windows 2000 Server and a replica on one of the Windows 2000 Professional Systems E. Place root and replica on different Windows 2000 Professional systems Explanation: Only Windows 2000 Servers (not Windows 2000 Professional systems) can host DFS roots or replicas of roots. One server can only host one root. Of the answers listed, the only one that doesn't break those two rules is to place the DFS root on the Windows 2000 Member Server and place the replica on a domain controller.

Access to Resources 165 64. You are the administrator of a company named XYZ Corporation. The company network consists of five Windows 2000 Server Domain Controllers, 10 Windows 2000 Servers operating as file, print, or application servers, and 500 Windows 2000 Professional workstations. The Executive Standards committee has established that users must have three opportunities to log on to the network before their user accounts are locked out for a mandatory 30-minute time interval. All users must use unique passwords that have a minimum length of 12 characters and must be able to change their own passwords. In addition, the administrator must assign all initial passwords for all users. As the administrator, you want to verify that every user account you create is able to successfully log on to the Windows 2000 Network, so you want to ensure that users must use an administrator-defined password for a set length of time before they can change it. What must you configure in order for you, the administrator, to test the user account logons before the users are able to change their passwords?

A. Minimum password length B. Maximum password age C. Enforce password history D. Minimum password age. E. Store password using reversible encryption for all users in the domain

166 Chapter 2 64. You are the administrator of a company named XYZ Corporation. The company network consists of five Windows 2000 Server Domain Controllers, 10 Windows 2000 Servers operating as file, print, or application servers, and 500 Windows 2000 Professional workstations. The Executive Standards committee has established that users must have three opportunities to log on to the network before their user accounts are locked out for a mandatory 30-minute time interval. All users must use unique passwords that have a minimum length of 12 characters and must be able to change their own passwords. In addition, the administrator must assign all initial passwords for all users. As the administrator, you want to verify that every user account you create is able to successfully log on to the Windows 2000 Network, so you want to ensure that users must use an administrator-defined password for a set length of time before they can change it. What must you configure in order for you, the administrator, to test the user account logons before the users are able to change their passwords? A. Minimum password length B. Maximum password age C. Enforce password history *D. Minimum password age. E. Store password using reversible encryption for all users in the domain Explanation: Minimum password age prevents a user from change the password until the number of days the administrator has configured. This will allow the administrator to test the user account logons using the pre-defined password for x number of days before the user can change his/her password.

Access to Resources 167 65. Jennifer is an employee of a company called XYZ Dimensions Inc. located in Chicago. Jennifer is currently using a stand-alone Windows 2000 Professional workstation, named JennyW2KP, to use a locally installed graphics editing application. As the administrator, you are going to add JennyW2KP to the Windows 2000 Domain, named XYZDimensions.edu, which currently consists of one Windows 2000 Server Domain Controller and four Windows 2000 Professional workstations. Before adding JennyW2KP to the XYZDimensions.edu Domain, you use the Local Group Policy MMC snap-in on JennyW2KP and configure the account lockout policy to lock out Jennifer's local user account after three bad logon attempts. Afterwards, you configure the Default Domain Controllers Policy to lockout Jennifer's Domain Account after two bad logon attempts. What will be Jennifer's result if she attempts to logon to the Windows 2000 Network using her Domain Logon account and providing an invalid password both times? Select the correct answer.

A. Jennifer will be allowed three more logon attempts to the Windows 2000 Network because the Local Group Policy and Default Domain Controllers Policy cumulatively allow her five bad logon attempts. B. Jennifer will be locked out of the Windows 2000 Network for a configured amount of time designated by the administrator. C. Jennifer will be allowed one more logon attempt to the Windows 2000 Professional machine because the Local Group Policy allows her three bad logon attempts. D. Jennifer will be allowed one more logon to the Windows 2000 Network because the Local Group Policy overrides the Group Policy

168 Chapter 2 65. Jennifer is an employee of a company called XYZ Dimensions Inc. located in Chicago. Jennifer is currently using a stand-alone Windows 2000 Professional workstation, named JennyW2KP, to use a locally installed graphics editing application. As the administrator, you are going to add JennyW2KP to the Windows 2000 Domain, named XYZDimensions.edu, which currently consists of one Windows 2000 Server Domain Controller and four Windows 2000 Professional workstations. Before adding JennyW2KP to the XYZDimensions.edu Domain, you use the Local Group Policy MMC snap-in on JennyW2KP and configure the account lockout policy to lock out Jennifer's local user account after three bad logon attempts. Afterwards, you configure the Default Domain Controllers Policy to lockout Jennifer's Domain Account after two bad logon attempts. What will be Jennifer's result if she attempts to logon to the Windows 2000 Network using her Domain Logon account and providing an invalid password both times? Select the correct answer. *A. Jennifer will be allowed three more logon attempts to the Windows 2000 Network because the Local Group Policy and Default Domain Controllers Policy cumulatively allow her five bad logon attempts. B. Jennifer will be locked out of the Windows 2000 Network for a configured amount of time designated by the administrator. C. Jennifer will be allowed one more logon attempt to the Windows 2000 Professional machine because the Local Group Policy allows her three bad logon attempts. D. Jennifer will be allowed one more logon to the Windows 2000 Network because the Local Group Policy overrides the Group Policy Explanation: Jennifer is using a Domain User account, which is impacted by the settings the administrator configured in the Default Domain Controllers Policy.

Access to Resources 169 66. While logging on to a Windows 2000 Professional machine, what entries must the user enter to successfully log on?

A. Machine Name B. Username C. Password D. Log on Hours E. DNS Name

170 Chapter 2 66. While logging on to a Windows 2000 Professional machine, what entries must the user enter to successfully log on? A. Machine Name *B. Username *C. Password D. Log on Hours E. DNS Name Explanation: For a user to successfully log on to a network the user must supply a valid username. Once a valid username is entered, a password is needed. Before you can access the system, the user must be validated to the system so access rights can be granted.

Access to Resources 171 67. A company named XYZ Publishing has selected Windows 2000 Professional as the standard desktop of choice. The Windows 2000 Professional workstations are currently deployed in the Accounting, Research and Development, and Finance Departments. Users in the Finance and Research and Development Departments each have their own workstations to perform their day-to-day responsibilities. Users in the Accounting Department also have their own workstations; however there is one Windows 2000 Professional machine, named AcctShrdWrkst, which all Accounting users use because it is the only machine configured with Internet Access. Each of the Accounting Department's employees has personalized their desktops with shortcuts, screensavers, and desktop themes. XYZ Publishing's policy mandates that network traffic during network authentication are to be minimized by not employing the use of roaming profiles; however each of the Accounting Department's employees want to retain their desktops on the AcctShrdWrkst. As the administrator, what must you do in order to allow the Accounting employees to have matching profiles on both their personal machines and the shared Windows 2000 Professional workstation?

A. Create roaming personal profiles for each of the users in the Accounting Department. B. Copy the profile folders for each of the Accounting Department users from their personal machines to the shared Windows 2000 Professional machine, AcctShrdWrkst. C. Create an image of each of the Accounting Department users' Windows 2000 Professional workstations. Each time a user wants to use the shared workstation, restore the user's image to the shared Windows 2000 Professional machine. D. Instruct each user to log on to the shared Windows 2000 Professional machine, AcctShrdWrkst, and instruct them to recreate their desktops to match the desktop of their personal machines.

172 Chapter 2 67. A company named XYZ Publishing has selected Windows 2000 Professional as the standard desktop of choice. The Windows 2000 Professional workstations are currently deployed in the Accounting, Research and Development, and Finance Departments. Users in the Finance and Research and Development Departments each have their own workstations to perform their day-to-day responsibilities. Users in the Accounting Department also have their own workstations; however there is one Windows 2000 Professional machine, named AcctShrdWrkst, which all Accounting users use because it is the only machine configured with Internet Access. Each of the Accounting Department's employees has personalized their desktops with shortcuts, screensavers, and desktop themes. XYZ Publishing's policy mandates that network traffic during network authentication are to be minimized by not employing the use of roaming profiles; however each of the Accounting Department's employees want to retain their desktops on the AcctShrdWrkst. As the administrator, what must you do in order to allow the Accounting employees to have matching profiles on both their personal machines and the shared Windows 2000 Professional workstation? A. Create roaming personal profiles for each of the users in the Accounting Department. B. Copy the profile folders for each of the Accounting Department users from their personal machines to the shared Windows 2000 Professional machine, AcctShrdWrkst. C. Create an image of each of the Accounting Department users' Windows 2000 Professional workstations. Each time a user wants to use the shared workstation, restore the user's image to the shared Windows 2000 Professional machine. *D. Instruct each user to log on to the shared Windows 2000 Professional machine, AcctShrdWrkst, and instruct them to recreate their desktops to match the desktop of their personal machines. Explanation: There is no Windows 2000 domain employed in the scenario above. As a result, each user must have a separate user account for each of the machines where they will sit and work. This means each Accounting Department employee will have two local user accounts to gain access to local resources: one user account for their personal Windows 2000 Professional workstation and one user account on the Windows 2000 Professional workstation named AcctShrdWrkst. This also means that a user will have to maintain two separate local profiles that look exactly the same.

Access to Resources 173 68. Jennifer, an employee of XYZ Software, has configured her Windows 2000 Professional Desktop with shortcuts to the company's proprietary customer service application, the network applications belonging to the Microsoft Office 2000 suite, and the collateral folder on the Marketing Server. In addition, a scanned image of Jennifer's family is being used as the background of the Windows 2000 Professional desktop. Today, Jennifer reports that she is able to log on to the Windows 2000 Network, but is unable to retrieve her desktop with the three shortcuts and scanned image as the background. Upon further investigation, you conclude that Jennifer's profile folders are corrupt. Other users are able to retrieve their local profiles when they log on to this machine. Further, company standards dictate that no roaming profiles are to be configured for any of the Windows 2000 Professional users. What is the best way to resolve Jennifer's problem and restore her desktop to its original format?

A. Create a roaming profile for Jennifer, have Jennifer logon on to the network. After Jennifer completes this, clear the roaming profile value in Jennifer's user account. B. Instructor Jennifer is to log on to another Windows 2000 Professional workstation. Afterwards, have Jennifer copy the profile files from this Windows 2000 Professional workstation to her Windows 2000 Professional workstation. C. Reinstall Windows 2000 Professional on the machine Jennifer was using. D. Delete the local profile files from Jennifer's Window 2000 Professional workstation. Instruct Jennifer to log back on to the Windows 2000 Professional and recreate the three shortcuts and reconfigure the desktop background.

174 Chapter 2 68. Jennifer, an employee of XYZ Software, has configured her Windows 2000 Professional Desktop with shortcuts to the company's proprietary customer service application, the network applications belonging to the Microsoft Office 2000 suite, and the collateral folder on the Marketing Server. In addition, a scanned image of Jennifer's family is being used as the background of the Windows 2000 Professional desktop. Today, Jennifer reports that she is able to log on to the Windows 2000 Network, but is unable to retrieve her desktop with the three shortcuts and scanned image as the background. Upon further investigation, you conclude that Jennifer's profile folders are corrupt. Other users are able to retrieve their local profiles when they log on to this machine. Further, company standards dictate that no roaming profiles are to be configured for any of the Windows 2000 Professional users. What is the best way to resolve Jennifer's problem and restore her desktop to its original format? A. Create a roaming profile for Jennifer, have Jennifer logon on to the network. After Jennifer completes this, clear the roaming profile value in Jennifer's user account. B. Instructor Jennifer is to log on to another Windows 2000 Professional workstation. Afterwards, have Jennifer copy the profile files from this Windows 2000 Professional workstation to her Windows 2000 Professional workstation. C. Reinstall Windows 2000 Professional on the machine Jennifer was using. *D. Delete the local profile files from Jennifer's Window 2000 Professional workstation. Instruct Jennifer to log back on to the Windows 2000 Professional and recreate the three shortcuts and reconfigure the desktop background. Explanation: Delete the corrupted local profile folders and files from Jennifer's Windows 2000 Professional workstation. The next time Jennifer logs on to the machine, she will receive a copy of the default local profile. From there, Jennifer should be able to reestablish her desktop background provided that the file is not corrupted.

Access to Resources 175 69. BTWX Company relies on each of its employees to create content via Microsoft Office applications and share this information across the network. As a result, each user must be able to create shared folders on their own Windows 2000 Professional machines. On one Windows 2000 Professional machine, named WIN2Kprof, you create a local user account for Fred. Fred uses his local account to run the Microsoft Office applications. Furthermore, Fred is able to create new folders, save and delete files, and assign permissions to other users and groups to files system resources. However, Fred is unable to make his resources available across the network. How can you allow Fred to make his resources across the network without jeopardizing administrative privileges?

A. Create a shared folder for Fred on a Windows 2000 Server and have him copy his content to the share. Then assign permissions to the users who require access to these files. B. Add Fred to the Administrators Group. C. Add Fred to the Power Users Group. D. Add Fred to the Backup Operators Group.

176 Chapter 2 69. BTWX Company relies on each of its employees to create content via Microsoft Office applications and share this information across the network. As a result, each user must be able to create shared folders on their own Windows 2000 Professional machines. On one Windows 2000 Professional machine, named WIN2Kprof, you create a local user account for Fred. Fred uses his local account to run the Microsoft Office applications. Furthermore, Fred is able to create new folders, save and delete files, and assign permissions to other users and groups to files system resources. However, Fred is unable to make his resources available across the network. How can you allow Fred to make his resources across the network without jeopardizing administrative privileges? A. Create a shared folder for Fred on a Windows 2000 Server and have him copy his content to the share. Then assign permissions to the users who require access to these files. B. Add Fred to the Administrators Group. *C. Add Fred to the Power Users Group. D. Add Fred to the Backup Operators Group. Explanation: A member of the Power Users Group in Windows 2000 is an advanced version of the regular Users Group. In addition to other permissions, a Power User has access to share folder on their local computer on the network.

Access to Resources 177 70. You are the administrator for a company named XYZ Engineering. Recently, XYZ Engineering upgraded their Windows NT 4.0 Primary Domain Controllers and Backup Domain Controllers of the XYZEngineering Domain to Windows 2000 Server Domain Controllers. The new Domain name is XYZEngineering.org. The existing workstations used by the employees are a mix of Windows 2000 Professional, Windows NT 4.0 Workstations, and Windows 95/98 desktops. Although the goal of XYZ Engineering is to eventually phase out all Windows NT 4.0 Workstations and Windows 95/98 desktops, budgetary constraints have forced the administrators to manage this mixed environment until next year. The IT Management staff, however, wants to begin controlling the appearance of all employee desktops regardless of the desktop operating system in use. As a result, the IT management staff is relying on you to curtail the use of Registry editing tools, deny network browsing capabilities, and identify which Windows applications are able to run on all Windows 2000 Professional, Windows NT 4.0, and Windows 95/98 workstations by utilizing the strengths of system policy capabilities of Windows 2000 Server. What must you do to enforce the directives of the IT Management staff?

A. Use the Group Policy capabilities of Windows 2000 Server to enforce the IT Management staff's directives for the Windows 2000 Professional workstation. Use the PolEdit.exe utility provided with Windows 2000 Server to create system policies specific to Windows NT 4.0 and Windows 95/98 desktops. B. Use the PolEdit.exe utility provided with Windows 2000 Server to create one policy file for the Windows 2000 Professional workstations, one policy file for the Windows NT 4.0 workstations, and one policy file for the Windows 95/98 machines. C. Do nothing. Windows NT 4.0 and Windows 95/98 system policies will work by default as they are converted in the upgrade process from the Windows NT 4.0 PDCs and BDCs. D. Implement a Group Policy that will defines the IT Management staff's directives for all Windows 2000 Professional, Windows NT 4.0, and Windows 95/98 workstations.

178 Chapter 2 70. You are the administrator for a company named XYZ Engineering. Recently, XYZ Engineering upgraded their Windows NT 4.0 Primary Domain Controllers and Backup Domain Controllers of the XYZEngineering Domain to Windows 2000 Server Domain Controllers. The new Domain name is XYZEngineering.org. The existing workstations used by the employees are a mix of Windows 2000 Professional, Windows NT 4.0 Workstations, and Windows 95/98 desktops. Although the goal of XYZ Engineering is to eventually phase out all Windows NT 4.0 Workstations and Windows 95/98 desktops, budgetary constraints have forced the administrators to manage this mixed environment until next year. The IT Management staff, however, wants to begin controlling the appearance of all employee desktops regardless of the desktop operating system in use. As a result, the IT management staff is relying on you to curtail the use of Registry editing tools, deny network browsing capabilities, and identify which Windows applications are able to run on all Windows 2000 Professional, Windows NT 4.0, and Windows 95/98 workstations by utilizing the strengths of system policy capabilities of Windows 2000 Server. What must you do to enforce the directives of the IT Management staff? *A. Use the Group Policy capabilities of Windows 2000 Server to enforce the IT Management staff's directives for the Windows 2000 Professional workstation. Use the PolEdit.exe utility provided with Windows 2000 Server to create system policies specific to Windows NT 4.0 and Windows 95/98 desktops. B. Use the PolEdit.exe utility provided with Windows 2000 Server to create one policy file for the Windows 2000 Professional workstations, one policy file for the Windows NT 4.0 workstations, and one policy file for the Windows 95/98 machines. C. Do nothing. Windows NT 4.0 and Windows 95/98 system policies will work by default as they are converted in the upgrade process from the Windows NT 4.0 PDCs and BDCs. D. Implement a Group Policy that will defines the IT Management staff's directives for all Windows 2000 Professional, Windows NT 4.0, and Windows 95/98 workstations. Explanation: Group Policies have registry settings that are unique to Windows 2000 Professional Machines. For Windows NT 4.0 Workstations and Windows 95/98, the PolEdit.exe utility provided by Windows 2000 Server has templates with settings specific to these two desktop operating systems (winnt.adm and windows.adm, respectively).

Access to Resources 179 71. What are two group scopes in Windows 2000?

A. Security Groups B. Local Groups C. Distribution Groups D. Domain Local Groups E. Global Groups

72. What are two types of groups in Windows 2000 domain networking?

A. Global Groups B. Security Groups C. Domain Local Groups D. Distribution Groups E. Universal Groups

180 Chapter 2 71. What are two group scopes in Windows 2000? A. Security Groups B. Local Groups C. Distribution Groups *D. Domain Local Groups *E. Global Groups Explanation: In Windows 2000 domain networking, there are two types of groups in Active directory - Security groups, which are used to assign permissions to resources, and Distribution groups, which cannot be used to grant permission but are used for applications that use distribution lists, like e-mail, etc. Groups in Windows 2000 also have a property called scope, which defines whether the group spans multiple domains or not. There are three scopes, global groups are still used to organized domain user accounts in Active Directory and can be added to either domain local groups or universal groups to be granted permission to a resource. Domain local groups are used to grant permissions to resources in the domain in which the group is created, while universal groups can be used to grant permission to related resources in multiple domains.

72. What are two types of groups in Windows 2000 domain networking? A. Global Groups *B. Security Groups C. Domain Local Groups *D. Distribution Groups E. Universal Groups Explanation: In Windows 2000 domain networking, there are two types of groups in Active directory - Security groups, which are used to assign permissions to resources, and Distribution groups, which cannot be used to grant permission but are used for applications that use distribution lists, like e-mail, etc. Groups in Windows 2000 also have a property called scope, which defines whether the group spans multiple domains or not. There are three scopes, global groups are still used to organized domain user accounts in Active Directory and can be added to either domain local groups or universal groups to be granted permission to a resource. Domain local groups are used to grant permissions to resources in the domain in which the group is created, while universal groups can be used to grant permission to related resources in multiple domains.

Access to Resources 181 73. What are two guidelines for using local groups in Windows 2000 workgroup networking?

A. Grant permissions to resources on the same local computer that the local group was created on. B. Add the appropriate Active Directory users to the local group to enable access to resources on the local computer. C. Create the local groups on the appropriate Windows 2000 domain controller. D. You should set up local groups only on computers that do not belong to the domain.

74. It is your first day working at your new network administration position. You need to create a new group in the domain for the new R & D division that your company has just launched. Where do you go in Windows 2000 to create this new group?

A. Start - Programs - Administrative Tools - Active Directory Users and Computers B. Start - Programs - Administrative Tools - User Manager C. Start - Programs - Administrative Tools - Computer Management D. Start - Programs - Administrative Tools - Users and Computers

182 Chapter 2 73. What are two guidelines for using local groups in Windows 2000 workgroup networking? *A. Grant permissions to resources on the same local computer that the local group was created on. B. Add the appropriate Active Directory users to the local group to enable access to resources on the local computer. C. Create the local groups on the appropriate Windows 2000 domain controller. *D. You should set up local groups only on computers that do not belong to the domain. Explanation:

74. It is your first day working at your new network administration position. You need to create a new group in the domain for the new R & D division that your company has just launched. Where do you go in Windows 2000 to create this new group? *A. Start - Programs - Administrative Tools - Active Directory Users and Computers B. Start - Programs - Administrative Tools - User Manager C. Start - Programs - Administrative Tools - Computer Management D. Start - Programs - Administrative Tools - Users and Computers Explanation: Local user accounts and local groups are both created on the computer where the resource is needed, using Start - Programs - Administrative Tools Computer Management. User Manager was the tool used on Windows NT 4.0 Workstation and member servers. Active Directory Users and Computers are used to create domain user accounts and domain groups.

Access to Resources 183 75. Your Marketing manager has requested that you do something to assure that his print jobs will print before the others at their departmental printer. What feature of Windows 2000 printing can you use to fulfill this request?

A. Priorities B. Pooling C. IP Printing D. Printing Security

76. Your users in Marketing are complaining about having to wait for extended periods of time for other print jobs to finish before theirs can print. What feature of Windows 2000 printing can you enable to alleviate the printing backlog?

A. Priorities B. Pooling C. Printing Security D. IP Printing

184 Chapter 2 75. Your Marketing manager has requested that you do something to assure that his print jobs will print before the others at their departmental printer. What feature of Windows 2000 printing can you use to fulfill this request? *A. Priorities B. Pooling C. IP Printing D. Printing Security Explanation: When a print device is over-burdened with print jobs, you can attach additional printers to the print server and enable printer pooling. The first available print device at the destination print server then prints print jobs sent. You must use compatible print devices, since a single print driver will format all print jobs coming. Printer priorities allow the administrator to create another printer and point both printers at the same print device, but set them with different priorities. The print job with the higher priority always prints first.

76. Your users in Marketing are complaining about having to wait for extended periods of time for other print jobs to finish before theirs can print. What feature of Windows 2000 printing can you enable to alleviate the printing backlog? A. Priorities *B. Pooling C. Printing Security D. IP Printing Explanation: When a print device is over-burdened with print jobs, you can attach additional printers to the print server and enable printer pooling. The first available print device at the destination print server then prints print jobs sent. You must use compatible print devices, since a single print driver will format all print jobs coming. Printer priorities allow the administrator to create another printer and point both printers at the same print device, but set them with different priorities. The print job with the higher priority always prints first.

Access to Resources 185 77. As the administrator of a Windows 2000 network with Active Directory installed, you wish to install a printer and make it available for all users. After you add and share the network printer, what else do you need to do to enable users to easily access the printer through Active Directory?

A. Nothing. When you create the shared printer in an Active Directory-enabled Windows 2000 network, the shared printer is automatically published in Active Directory. B. You need to configure the appropriate Group Policy object to "push" the printer to the users workstations. C. You need to go to the Add Printer wizard and publish the printer. D. You need to go to Active Directory Users and Computers and publish the printer.

78. You are installing your first Windows 2000 network, and your customer needs to be able to have 28 Windows 2000 Professional workstations print to their new laser printer. What are the three minimal requirements for printing in Windows 2000?

A. The client must be running Windows 2000 Professional. B. The print server needs sufficient RAM for print job processing. C. At least one Windows 2000 computer to act as a print server. D. The client requires sufficient RAM for print job processing. E. The print server requires sufficient disk space to spool print jobs.

186 Chapter 2 77. As the administrator of a Windows 2000 network with Active Directory installed, you wish to install a printer and make it available for all users. After you add and share the network printer, what else do you need to do to enable users to easily access the printer through Active Directory? *A. Nothing. When you create the shared printer in an Active Directory-enabled Windows 2000 network, the shared printer is automatically published in Active Directory. B. You need to configure the appropriate Group Policy object to "push" the printer to the users workstations. C. You need to go to the Add Printer wizard and publish the printer. D. You need to go to Active Directory Users and Computers and publish the printer. Explanation: The basic steps for adding a printer in a Windows 2000 network have not changed since Windows NT 4.0, however, Active Directory adds a dimension that was not present in Windows T 4.0. IN Windows 2000 networks with Active Directory installed, network printers are automatically published in Active Directory as they are shared, enabling users to more easily find printers through Active Directory

78. You are installing your first Windows 2000 network, and your customer needs to be able to have 28 Windows 2000 Professional workstations print to their new laser printer. What are the three minimal requirements for printing in Windows 2000? A. The client must be running Windows 2000 Professional. *B. The print server needs sufficient RAM for print job processing. *C. At least one Windows 2000 computer to act as a print server. D. The client requires sufficient RAM for print job processing. *E. The print server requires sufficient disk space to spool print jobs. Explanation: For printing in Windows 2000, you need at least one machine running Windows 2000 to act as a print server, and that machine will need sufficient RAM and sufficient hard disk space to store and process the documents. While clients do have RAM and hard disk requirements, the print server services multiple clients, and so is much more sensitive to these requirements.

Access to Resources 187 79. Your company has purchased 20 laptop computers for use by the salespeople. The data that they access on the network also needs to be accessible when they are traveling. When configuring Offline Folders and Files, what needs to be configured on the server to make this work?

A. Configure the Laptop to accept Offline Data B. Configure the Offline Folder to Accept Synchronize Data C. Synchronize All Offline Files before Logging Off D. Enable Offline Files E. Enable Online Files

188 Chapter 2 79. Your company has purchased 20 laptop computers for use by the salespeople. The data that they access on the network also needs to be accessible when they are traveling. When configuring Offline Folders and Files, what needs to be configured on the server to make this work? A. Configure the Laptop to accept Offline Data B. Configure the Offline Folder to Accept Synchronize Data *C. Synchronize All Offline Files before Logging Off *D. Enable Offline Files E. Enable Online Files Explanation:

Access to Resources 189 80. Your company has purchased 20 laptop computers for use by the salespeople. The data that they access on the network also needs to be accessible when they are traveling. When configuring Offline Folders and Files, what needs to be configured on the workstation to make this work?

A. Configure the shortcut to the Folder B. Enable Offline Folders C. Allow caching of files in this shared folder D. Enable Offline Files E. Synchronize All Offline Files before Logging Off

190 Chapter 2 80. Your company has purchased 20 laptop computers for use by the salespeople. The data that they access on the network also needs to be accessible when they are traveling. When configuring Offline Folders and Files, what needs to be configured on the workstation to make this work? A. Configure the shortcut to the Folder B. Enable Offline Folders *C. Allow caching of files in this shared folder D. Enable Offline Files E. Synchronize All Offline Files before Logging Off Explanation: Once Offline Folders and Files have been configured on the server, the clients need to enable the caching of data. This can be down by going into the Caching Settings for the folder and check the Allow Caching of Files in this Shared Folder. Once that is selected, you can configure the system for Manual Caching, Automatic Caching for Documents, and Automatic Caching for Programs. Manual Caching for Documents, users must select the files that they would like cached for Offline use. Automatic Caching for Documents, Every file a user opens is automatically downloaded and cached on the local hard drive. Older files are replaced with a newer cached file. Automatic Caching for Programs, opened files are automatically downloaded and cached on the local hard drive so that the programs will be cached for offline use. If an older version of the program exists, it will be overwritten with the newer files. Offline Folders and Files allow a system to download data files and folders to the systems local cache, allowing the files or folders to be worked on when the server isn't available. Once the connection with the server is made, the data can then be synchronized back to the server. This allows someone with a laptop to download data, leave the office, and when they return and connect to the server the data will be synchronized again.

Access to Resources 191 81. You have installed Windows 2000 Professional on your company's 25 laptop computers, and enabled offline file caching. What folder setting will allow user programs that reside on the network to be run when the user is not connected?

A. Automatic Caching for Applications B. Manual Caching for Documents C. Automatic Caching for Documents D. Automatic Caching for Programs E. Manual Caching for Programs

192 Chapter 2 81. You have installed Windows 2000 Professional on your company's 25 laptop computers, and enabled offline file caching. What folder setting will allow user programs that reside on the network to be run when the user is not connected? A. Automatic Caching for Applications B. Manual Caching for Documents C. Automatic Caching for Documents *D. Automatic Caching for Programs E. Manual Caching for Programs Explanation: This can be done by going into the Caching Settings for the folder and checking the Allow Caching of Files in this Shared Folder option. Once that is selected, you can select Automatic Caching for Programs. This will automatically cache any program that has been executed on the workstation. With Manual Caching for Documents, users must select the files that they would like cached for Offline use. With Automatic Caching for Documents, every file a user opens is automatically downloaded and cached on the local hard drive. Older files are replaced with a newer cached file. With Automatic Caching for Programs, opened files are automatically downloaded and cached on the local hard drive so that the programs will be cached for offline use. If an older version of the program exists, it will be overwritten with the newer files. Offline Folders and Files allows a system to download data files and folders to the system's local cache, allowing the files or folders to be worked on when the server isn't available. Once the connection with the server is made, the data can then be synchronized back to the server. This allows someone with a laptop to download data and leave the office, and when he or she returns and connects to the server, the data will be synchronized again.

Access to Resources 193 82. You have installed Windows 2000 Professional on your company's 25 laptop computers, and enabled offline file caching. What folder setting will allow your users to access documents when they are not connected, without their intervention?

A. Automatic Caching for Applications B. Manual Caching for Documents C. Automatic Caching for Documents D. Automatic Caching for Programs E. Manual Caching for Programs

83. You have installed Windows 2000 Professional on your company's 25 laptop computers, and enabled offline file caching. How would you configure your system to allow users to choose which files to cache for offline access?

A. Automatic Caching for Applications B. Manual Caching for Documents C. Automatic Caching for Documents D. Automatic Caching for Programs E. Manual Caching for Programs

194 Chapter 2 82. You have installed Windows 2000 Professional on your company's 25 laptop computers, and enabled offline file caching. What folder setting will allow your users to access documents when they are not connected, without their intervention? A. Automatic Caching for Applications B. Manual Caching for Documents *C. Automatic Caching for Documents D. Automatic Caching for Programs E. Manual Caching for Programs Explanation: This can be done by going into the Caching Settings for the folder and checking the Allow Caching of Files in this Shared Folder option. Once that is selected, you can select the Automatic Caching for Documents. This will automatically cache any document that has been opened on the workstation. With Manual Caching for Documents, users must select the files that they would like cached for Offline use. With Automatic Caching for Documents, every file a user opens is automatically downloaded and cached on the local hard drive. Older files are replaced with a newer cached file. Offline Folders and Files allows a system to download data files and folders to the system's local cache, allowing the files or folders to be worked on when the server isn't available. Once the connection with the server is made, the data can then be synchronized back to the server. This allows someone with a laptop to download data and leave the office, and when he or she returns and connects to the server, the data will be synchronized again.

83. You have installed Windows 2000 Professional on your company's 25 laptop computers, and enabled offline file caching. How would you configure your system to allow users to choose which files to cache for offline access? A. Automatic Caching for Applications *B. Manual Caching for Documents C. Automatic Caching for Documents D. Automatic Caching for Programs E. Manual Caching for Programs Explanation:

Access to Resources 195 84. How can you configure Offline folders to synchronize your data when the system has been idle for 15 minutes?

A. From Explorer, choose the Setup option from the Tools menu; then choose the Logon/Logoff tab, and then the Advanced option. B. From Explorer, choose the Setup option from the Tools menu; then choose the On Idle tab. C. From Explorer, choose the Synchronize option from the Tools menu. D. From Explorer, choose the Setup option from the Tools menu; then choose the On Idle tab, and then the Timeout option. E. From Explorer, choose the Setup option from the Tools menu; then choose the On Idle tab, and then the Advanced option.

196 Chapter 2 84. How can you configure Offline folders to synchronize your data when the system has been idle for 15 minutes? A. From Explorer, choose the Setup option from the Tools menu; then choose the Logon/Logoff tab, and then the Advanced option. B. From Explorer, choose the Setup option from the Tools menu; then choose the On Idle tab. C. From Explorer, choose the Synchronize option from the Tools menu. D. From Explorer, choose the Setup option from the Tools menu; then choose the On Idle tab, and then the Timeout option. *E. From Explorer, choose the Setup option from the Tools menu; then choose the On Idle tab, and then the Advanced option. Explanation: The Synchronize Manager utility is accessed through the Tools menu in Windows Explorer. Once the manager is opened, you can configure the synchronization of data either based on Logon/Logoff, On Idle, or Scheduled. From the Logon/Logoff tab, you can select to synchronize the data upon Logon or Logoff or can choose to be asked before synchronization happens. From the On Idle tab, you can synchronize the data when the network connection is made, can synchronize only the checked items, or can enable the Idle Synchronization when the computer is not in use. Offline Folders and Files allow a system to download data files and folders to the system's local cache, allowing the files or folders to be worked on when the server isn't available. Once the connection with the server is made, the data can then be synchronized back to the server. This allows someone with a laptop to download data and leave the office, and when he or she returns and connects to the server, the data will be synchronized again.

Access to Resources 197

Notes:

198 Chapter 2 85. You are a member of the Help Desk, Level 1 Support for XYZ Technical Institute. Company business hours are from 8:30 a.m. - 9:30 p.m. A Windows 2000 Network has been setup in a single-tree, single-domain configuration with two Window 2000 Server Domain Controllers. One Windows 2000 Domain Controller is setup at the company Headquarters in Pittsburgh and the other Windows 2000 Domain Controller setup at the branch office in Philadelphia. At the company headquarters, there is an additional Windows 2000 Server, named DataServer, set up to support file and print services for the entire company. Employees of XYZ Technical Institute log on to the Windows 2000 Network by authentication from the Windows 2000 Server Domain Controller in their respective branch. All users currently have Read access to the D:\Public folder, located on DataServer in Pittsburgh, as a result of membership in the Domain Users Global group, which is a member of the Local Users Group on DataServer, which has "Read" permissions assigned. On September 25, 2000, the decision is made to delegate responsibility to manage content in the D:\Public folder to the Marketing Department. At 9:30 a.m., you proceed to create a Global Group for the Marketing users called MktgGlobal and place all Marketing employees in the group as members. You then place the MktgGlobal group into the Domain Local Marketing group (named MktgLocal and previously created by another administrator) that has Full Control Permissions to the D:\Public folder. At 10:00 a.m., the Help Desk is bombarded with a series of support calls from employees working in the Marketing department reporting they are able to access the data, but is unable to save any changes. You open MMC - Active Directory Users and Computers on both of the Domain Controllers to verify that synchronization has taken place between the two Windows 2000 Server Domain Controllers. You observe that Domain Controller 1 has a Global group named MktgGlobal, and a Domain Local group named MktgLocal. The same two groups exist on Domain Controller 2. Upon further investigation, you verify that all of the necessary groups have been created and all the necessary memberships and permissions have been assigned. Why are the Marketing Users able to gain access to data in the D:\Public folder for Read purposes and not able to modify any data?

Access to Resources 199 A. Marketing users were authenticated, prior to the administrator creating the Marketing groups, by either of the Windows 2000 Server Domain Controllers. This event resulted in access control tokens for the Marketing users that did not list their membership in the MktgGlobal Group. B. The MktgLocal Domain Local Group has been denied Full Control permissions to the D:\public folder on the DataServer. C. Domain Controller 1 and Domain Controller 2 are out of synchronization and are now providing outdated access control tokens that identify the marketing users as Members of the MktgGlobal Global Group which is a member of the MktgLocal Domain Local Group. D. Domain Controller 1 and Domain Controller 2 are unable to assign the Full Control permission to the D:\public folder on the DataServer in Pittsburgh.

200 Chapter 2 85. You are a member of the Help Desk, Level 1 Support for XYZ Technical Institute. Company business hours are from 8:30 a.m. - 9:30 p.m. A Windows 2000 Network has been setup in a single-tree, single-domain configuration with two Window 2000 Server Domain Controllers. One Windows 2000 Domain Controller is setup at the company Headquarters in Pittsburgh and the other Windows 2000 Domain Controller setup at the branch office in Philadelphia. At the company headquarters, there is an additional Windows 2000 Server, named DataServer, set up to support file and print services for the entire company. Employees of XYZ Technical Institute log on to the Windows 2000 Network by authentication from the Windows 2000 Server Domain Controller in their respective branch. All users currently have Read access to the D:\Public folder, located on DataServer in Pittsburgh, as a result of membership in the Domain Users Global group, which is a member of the Local Users Group on DataServer, which has "Read" permissions assigned. On September 25, 2000, the decision is made to delegate responsibility to manage content in the D:\Public folder to the Marketing Department. At 9:30 a.m., you proceed to create a Global Group for the Marketing users called MktgGlobal and place all Marketing employees in the group as members. You then place the MktgGlobal group into the Domain Local Marketing group (named MktgLocal and previously created by another administrator) that has Full Control Permissions to the D:\Public folder. At 10:00 a.m., the Help Desk is bombarded with a series of support calls from employees working in the Marketing department reporting they are able to access the data, but is unable to save any changes. You open MMC - Active Directory Users and Computers on both of the Domain Controllers to verify that synchronization has taken place between the two Windows 2000 Server Domain Controllers. You observer that Domain Controller 1 has a Global group named MktgGlobal, and a Domain Local group named MktgLocal. The same two groups exist on Domain Controller 2. Upon further investigation, you verify that all of the necessary groups have been created and all the necessary memberships and permissions have been assigned.

Access to Resources 201 Why are the Marketing Users able to gain access to data in the D:\Public folder for Read purposes and not able to modify any data? *A. Marketing users were authenticated, prior to the administrator creating the Marketing groups, by either of the Windows 2000 Server Domain Controllers. This event resulted in access control tokens for the Marketing users that did not list their membership in the MktgGlobal Group. B. The MktgLocal Domain Local Group has been denied Full Control permissions to the D:\public folder on the DataServer. C. Domain Controller 1 and Domain Controller 2 are out of synchronization and are now providing outdated access control tokens that identify the marketing users as Members of the MktgGlobal Global Group which is a member of the MktgLocal Domain Local Group. D. Domain Controller 1 and Domain Controller 2 are unable to assign the Full Control permission to the D:\public folder on the DataServer in Pittsburgh. Explanation: The users in the Marketing Group logged onto the Windows 2000 Network at 8:30 a.m. (or at least before the you created the MktgGlobal and MktgLocal Groups) and were issued what were soon to be out of date Access Control Tokens. Because group membership is not a dynamic feature of the Windows 2000 Active Directory Database, you would need to ask the Marketing users to log off and log back on to the Windows 2000 Network to recreate their Access Control Tokens. This action on the part of the users would then list their membership in the MktgGlobal Group and ultimately provide them Full Control permissions to the D:\public folder on the DataServer.

202 Chapter 3

The objective of this chapter is to provide the reader with an understanding of the following: 1.

Configure hardware devices.

2.

Configure driver-signing options.

3.

Update device drivers.

4.

Troubleshoot problems with hardware.

Hardware Devices and Drivers 203

Chapter 3: Hardware Devices and Drivers 1. You configure a server named print01.marketing.bfq.local as a print server at your New York site. You create and share printers on the server for use by your employees in the marketing.bfq.local domain. You are currently in Tokyo, and you want to review the configured properties of all of the shared printers on the print01.marketing.bfq.local server. How can you do this?

A. Use your Web browser to connect to http://print01.marketing.bfq.local/printers. B. Use your Web browser to connect to http://print01.marketing.bfq.local/print C. Use your Windows Explorer to connect to print01.marketing.bfq.local/print$ D. Use your Windows Explorer to connect to print01.marketing.bfq.local/print E. Open the printers folder on the print server.

2. Your TCP/IP network consists of Windows 2000 Servers computers, Windows 2000 Professional computers, and UNIX servers and uses IP addresses from the private range 10.0.0.0. Print jobs are sent to a shared printer on a Windows 2000 Server named PTRSRV. A print device is attached to one of the UNIX servers. This server uses an LPR printing protocol and its IP address is 10.1.1.99. The name of the printer queue is UPRINT. How can you allow users to be able to connect to this printer from their computers?

A. Create a local printer on PTRSRV. B. Create a new TCP/IP port for an LPR port for an LPR server at address 10.1.1.99 with a queue named UPRINT. C. Share this printer and connect to it from the users' computers. D. Create a local printer on each client. E. Assign the print device an IP Address of 10.1.1.100.

204 Chapter 3 1. You configure a server named print01.marketing.bfq.local as a print server at your New York site. You create and share printers on the server for use by your employees in the marketing.bfq.local domain. You are currently in Tokyo, and you want to review the configured properties of all of the shared printers on the print01.marketing.bfq.local server. How can you do this? *A. Use your Web browser to connect to http://print01.marketing.bfq.local/printers. B. Use your Web browser to connect to http://print01.marketing.bfq.local/print C. Use your Windows Explorer to connect to print01.marketing.bfq.local/print$ D. Use your Windows Explorer to connect to print01.marketing.bfq.local/print E. Open the printers folder on the print server. Explanation: If IIS is installed on the target server, then the printer setup can be accessed by typing in the server name, followed by /printers.

2. Your TCP/IP network consists of Windows 2000 Servers computers, Windows 2000 Professional computers, and UNIX servers and uses IP addresses from the private range 10.0.0.0. Print jobs are sent to a shared printer on a Windows 2000 Server named PTRSRV. A print device is attached to one of the UNIX servers. This server uses an LPR printing protocol and its IP address is 10.1.1.99. The name of the printer queue is UPRINT. How can you allow users to be able to connect to this printer from their computers? *A. Create a local printer on PTRSRV. *B. Create a new TCP/IP port for an LPR port for an LPR server at address 10.1.1.99 with a queue named UPRINT. *C. Share this printer and connect to it from the users' computers. D. Create a local printer on each client. E. Assign the print device an IP Address of 10.1.1.100. Explanation: By creating and sharing a local printer on the Windows 2000 server, you will be able to print to the printer. Once the printer is configured on the server, other users' computers will be able to print to the print device via the Windows 2000 server.

Hardware Devices and Drivers 205 3. You are installing Windows 2000 on new computers in your network. These servers will provide file and print services. You want to install the computers using a centralized copy of the Windows 2000 installation files, which are stored on an existing Windows 2000 Server. What do you do?

A. Create an MS-DOS network boot disk. B. Create an Unattend.txt file. C. Create a UDF file that identifies the names of the new computers. D. Begin the installation process by running the Winnt /s /u /udf. E. Create a DAT file that identifies the names of the new computers.

4. Your network consists of numerous domains within a single LAN, with one remote domain. The remote location is running an outdated service pack. While retaining the domain administrator's access to the Group Policy configuration, how can you update the remote location while reducing network traffic and easing administration of Group Policies?

A. Configure a Group Policy for the remote domain. B. Configure a service pack software package for the Group Policy. C. Configure a Group Policy for the remote domain. D. Configure a Group Policy for the local domain. E. Configure a service pack software package for the ou.

206 Chapter 3 3. You are installing Windows 2000 on new computers in your network. These servers will provide file and print services. You want to install the computers using a centralized copy of the Windows 2000 installation files, which are stored on an existing Windows 2000 Server. What do you do? *A. Create an MS-DOS network boot disk. *B. Create an Unattend.txt file. *C. Create a UDF file that identifies the names of the new computers. *D. Begin the installation process by running the Winnt /s /u /udf. E. Create a DAT file that identifies the names of the new computers. Explanation: In an environment where you need to install Windows 2000 onto multiple machines, it is sometimes easiest to store the installation files in a centralized location. To then begin the installation from the network source, you should make an MS-DOS network boot disk that contains an unattend.txt file. UDF files should also be used to name the new computes. The Windows 2000 installation should then be started be running WINNT /s /u /udf. These parameters will reflect the current installation conditions.

4. Your network consists of numerous domains within a single LAN, with one remote domain. The remote location is running an outdated service pack. While retaining the domain administrator's access to the Group Policy configuration, how can you update the remote location while reducing network traffic and easing administration of Group Policies? *A. Configure a Group Policy for the remote domain. *B. Configure a service pack software package for the Group Policy. C. Configure a Group Policy for the remote domain. D. Configure a Group Policy for the local domain. E. Configure a service pack software package for the ou. Explanation: To distribute software to remote machines, it is best to make a Windows Installer package first. This package can then be distributed by configuring it in a Group Policy.

Hardware Devices and Drivers 207 5. An incorrect driver was installed during installing a modem on your Windows 2000 Server computer. The computer will be used as a Routing and Remote Access server for a branch office. You attempt to remove the modem by the Phone and Modem Option, but the computer stops responding. What is the quickest way to install the correct driver after restarting the computer?

A. Use the Add/Remove Hardware Wizard to uninstall the modem. B. Restart the server. C. Remove the card from the computer. D. Get a new modem. E. Delete all of the driver files.

6. You are replacing an integrated 10-MB Ethernet adapter with a new 100-MB Ethernet adapter. After installing the new adapter, you receive an error message stating the new adapter is missing or is not working. What is the best way to do this?

A. Use Device Manager to disable the integrated 10-MB Ethernet adapter. B. Use Device Manager to disable the 100-MB Ethernet adapter. C. Use Device Manager to enable the integrated 10-MB Ethernet adapter. D. Use Device Manager to reconfigure the integrated 10-MB Ethernet adapter. E. Use Device Manager to reconfigure the 100-MB Ethernet adapter.

208 Chapter 3 5. An incorrect driver was installed during installing a modem on your Windows 2000 Server computer. The computer will be used as a Routing and Remote Access server for a branch office. You attempt to remove the modem by the Phone and Modem Option, but the computer stops responding. What is the quickest way to install the correct driver after restarting the computer? *A. Use the Add/Remove Hardware Wizard to uninstall the modem. *B. Restart the server. C. Remove the card from the computer. D. Get a new modem. E. Delete all of the driver files. Explanation: The modem should be installed through the Add/Remove Hardware Wizard.

6. You are replacing an integrated 10-MB Ethernet adapter with a new 100-MB Ethernet adapter. After installing the new adapter, you receive an error message stating the new adapter is missing or is not working. What is the best way to do this? *A. Use Device Manager to disable the integrated 10-MB Ethernet adapter. B. Use Device Manager to disable the 100-MB Ethernet adapter. C. Use Device Manager to enable the integrated 10-MB Ethernet adapter. D. Use Device Manager to reconfigure the integrated 10-MB Ethernet adapter. E. Use Device Manager to reconfigure the 100-MB Ethernet adapter. Explanation: The integrated 10-MB Ethernet adapter should be disabled to allow the new card to be operational, since you do not need to use both cards.

Hardware Devices and Drivers 209 7. You have a Windows 2000 Server that uses a non-Plug and Play ISA modem that uses IRQ 5. You add a PCI modem and restart the computer. You realize that both modems are trying to use IRQ 5. What is the best way to do this?

A. Edit the CMOS settings on the computer to reserve IRQ 5 for non-Plug and Play. B. Edit the CMOS settings on the computer to reserve IRQ 5 for Plug and Play. C. Edit the CMOS settings on the computer to reserve IRQ 7 for Plug and Play. D. Edit the CMOS settings on the computer to reserve IRQ 7 for non-Plug and Play. E. Disable the new modem.

8. Your Windows 2000 Server computer uses a SCSI adapter that is not included in the HCL. You install an updated driver for your SCSI adapter that is not included in the HCL. After restarting the computer, you receive "Inaccessible_Boot_Device". What is the best way to do this?

A. Start the computer by using the Windows 2000 Server CD-ROM. Perform an emergency repair. B. Reinstall the old driver for the SCSI adapter. C. Start the computer by using the Recovery Console. D. Copy the old driver for the SCSI adapter to the system volume and to C:\ntbootdd.sys E. Restart the computer.

210 Chapter 3 7. You have a Windows 2000 Server that uses a non-Plug and Play ISA modem that uses IRQ 5. You add a PCI modem and restart the computer. You realize that both modems are trying to use IRQ 5. What is the best way to do this? *A. Edit the CMOS settings on the computer to reserve IRQ 5 for non-Plug and Play. B. Edit the CMOS settings on the computer to reserve IRQ 5 for Plug and Play. C. Edit the CMOS settings on the computer to reserve IRQ 7 for Plug and Play. D. Edit the CMOS settings on the computer to reserve IRQ 7 for non-Plug and Play. E. Disable the new modem. Explanation: The non-Plug and Play device is the one that must be reserved.

8. Your Windows 2000 Server computer uses a SCSI adapter that is not included in the HCL. You install an updated driver for your SCSI adapter that is not included in the HCL. After restarting the computer, you receive "Inaccessible_Boot_Device". What is the best way to do this? *A. Start the computer by using the Windows 2000 Server CD-ROM. Perform an emergency repair. *B. Reinstall the old driver for the SCSI adapter. *C. Start the computer by using the Recovery Console. *D. Copy the old driver for the SCSI adapter to the system volume and to C:\ntbootdd.sys *E. Restart the computer. Explanation: You will need to reinstall the original driver to be able to boot.

Hardware Devices and Drivers 211 9. You add a new partition to your disk, and receive "Windows 2000 could not start because the following file is missing or corrupt: \system32\ntoskrnl.exe. Please re-install a copy of the above file" when you reboot. What is the best way to do this?

A. Start the computer by using the Recovery Console. B. Modify the Partition parameter in the operating system path in C:\Boot.ini. C. Reinstall a copy of ntoskrnl.exe from the Windows 2000 CD. D. Remove the partition. E. Reinstall Windows 2000.

10. Frequently, a newly installed modem stops communicating with your ISP. The only way to reactivate the modem is to restart the computer. You want to install a new driver for the modem. What is the best way to do this?

A. In Device Manager, on the property sheet for the modem, click the Update Driver button. B. Use the Add/Remove Hardware applet in Control Panel. C. Use the Add/Remove Programs applet in Control Panel. D. Use the Phone and Modem Options applet in Control Panel. E. Use the Internet Options applet in Control Panel.

212 Chapter 3 9. You add a new partition to your disk, and receive "Windows 2000 could not start because the following file is missing or corrupt: \system32\ntoskrnl.exe. Please re-install a copy of the above file" when you reboot. What is the best way to do this? *A. Start the computer by using the Recovery Console. *B. Modify the Partition parameter in the operating system path in C:\Boot.ini. C. Reinstall a copy of ntoskrnl.exe from the Windows 2000 CD. D. Remove the partition. E. Reinstall Windows 2000. Explanation: The boot.ini file should reflect partition changes.

10. Frequently, a newly installed modem stops communicating with your ISP. The only way to reactivate the modem is to restart the computer. You want to install a new driver for the modem. What is the best way to do this? *A. In Device Manager, on the property sheet for the modem, click the Update Driver button. B. Use the Add/Remove Hardware applet in Control Panel. C. Use the Add/Remove Programs applet in Control Panel. D. Use the Phone and Modem Options applet in Control Panel. E. Use the Internet Options applet in Control Panel. Explanation: The Update Driver option in Device Manager is the best way to install a new driver.

Hardware Devices and Drivers 213 11. You have a Windows 2000 Server that uses a non-Plug and Play EISA modem that uses IRQ 11. You add a second PCI network adapter and restart the computer. You realize that both adapters are trying to use IRQ 11. What is the best way to do this?

A. Edit the CMOS settings on the computer to reserve IRQ 11 for the non-Plug and Play device. B. Edit the CMOS settings on the computer to reserve IRQ 11 for the Plug and Play device. C. Edit the CMOS settings on the computer to reserve IRQ 10 for the Plug and Play device. D. Edit the CMOS settings on the computer to reserve IRQ 9 for the Plug and Play device. E. Edit the CMOS settings on the computer to reserve IRQ 10 for the non-Plug and Play device.

12. Your Windows 2000 Server has an integrated network interface adapter. You are replacing it with a new network interface adapter that will be installed in an available PCI slot. When you restart the computer, you receive an error message stating that the new network interface adapter is missing or not working. What is the best way to do this?

A. Disable the integrated network interface adapter. B. Disable the new network interface adapter. C. Enable the integrated network interface adapter. D. Enable the new network interface adapter. E. Reseat the PCI Card.

214 Chapter 3 11. You have a Windows 2000 Server that uses a non-Plug and Play EISA modem that uses IRQ 11. You add a second PCI network adapter and restart the computer. You realize that both adapters are trying to use IRQ 11. What is the best way to do this? *A. Edit the CMOS settings on the computer to reserve IRQ 11 for the non-Plug and Play device. B. Edit the CMOS settings on the computer to reserve IRQ 11 for the Plug and Play device. C. Edit the CMOS settings on the computer to reserve IRQ 10 for the Plug and Play device. D. Edit the CMOS settings on the computer to reserve IRQ 9 for the Plug and Play device. E. Edit the CMOS settings on the computer to reserve IRQ 10 for the non-Plug and Play device. Explanation: The resources for the non-Plug and Play device should be reserved, not those for the Plug-and-Play Devices.

12. Your Windows 2000 Server has an integrated network interface adapter. You are replacing it with a new network interface adapter that will be installed in an available PCI slot. When you restart the computer, you receive an error message stating that the new network interface adapter is missing or not working. What is the best way to do this? *A. Disable the integrated network interface adapter. B. Disable the new network interface adapter. C. Enable the integrated network interface adapter. D. Enable the new network interface adapter. E. Reseat the PCI Card. Explanation: If you do not need to use both network cards, disable the integrated card to free resources and avoid conflicts.

Hardware Devices and Drivers 215 13. You have a Windows 2000 Server that serves as a print server. You install a second Plug and Play network adapter to improve network performance. The first network adapter uses IRQ 11. The second network adapter uses IRQ 5. The server is now unable to print to the print device connected to the non-Plug and Play LPT2 port adapter. What is the best way to do this?

A. Edit the CMOS settings on the computer to reserve IRQ 5 for non-Plug and Play devices. B. Edit the CMOS settings on the computer to reserve IRQ 11 for non-Plug and Play devices. C. Edit the CMOS settings on the computer to reserve IRQ 5 for Plug and Play devices. D. Edit the CMOS settings on the computer to reserve IRQ 11 for Plug and Play devices. E. Edit the CMOS settings on the computer to reserve IRQ 9 for non-Plug and Play devices.

14. Your Windows 2000 Server is configured with Routing and Remote Access. What can you do to help diagnose why dial-in users cannot connect to the server via a new modem?

A. Use the Routing and Remote Access snap-in to find out whether the ports for both modems are operational. B. Update the modem driver. C. Uninstall the new modem. D. Reinstall the new modem. E. Remove the old modem.

216 Chapter 3 13. You have a Windows 2000 Server that serves as a print server. You install a second Plug and Play network adapter to improve network performance. The first network adapter uses IRQ 11. The second network adapter uses IRQ 5. The server is now unable to print to the print device connected to the non-Plug and Play LPT2 port adapter. What is the best way to do this? *A. Edit the CMOS settings on the computer to reserve IRQ 5 for non-Plug and Play devices. B. Edit the CMOS settings on the computer to reserve IRQ 11 for non-Plug and Play devices. C. Edit the CMOS settings on the computer to reserve IRQ 5 for Plug and Play devices. D. Edit the CMOS settings on the computer to reserve IRQ 11 for Plug and Play devices. E. Edit the CMOS settings on the computer to reserve IRQ 9 for non-Plug and Play devices. Explanation: The IRQ of the non-Plug and Play device should be reserved, not the IRQ of the Plug-and-Play device.

14. Your Windows 2000 Server is configured with Routing and Remote Access. What can you do to help diagnose why dial-in users cannot connect to the server via a new modem? *A. Use the Routing and Remote Access snap-in to find out whether the ports for both modems are operational. B. Update the modem driver. C. Uninstall the new modem. D. Reinstall the new modem. E. Remove the old modem. Explanation: The Routing and Remote Access snap-in will diagnose some modem problems.

Hardware Devices and Drivers 217 15. How do you configure the remote Windows 2000 server computers so that whenever a new Microsoft driver becomes available, branch offices are notified automatically when the administrator logs onto the server?

A. Install Windows Critical Update Notification. B. Install the Notification Service. C. Install the Messaging Service. D. Run Windows Update as a scheduled task. E. Install driver signing.

16. After you install a new video adapter, one of the users at a remote location reports that Routing and Remote Access does not accept calls. After you resolve the Routing and Remote Access problem, you need to configure the server to prevent users from installing any unsigned device drivers. What two actions should you take in the Driver Signing Options dialog box?

A. Set File Signature Verification to Block. B. Select the Apply settings as system default check box. C. Set File Signature Verification to Allow. D. Set File Signature Verification to Prompt. E. Unselect the Apply settings as system default check box.

218 Chapter 3 15. How do you configure the remote Windows 2000 server computers so that whenever a new Microsoft driver becomes available, branch offices are notified automatically when the administrator logs onto the server? *A. Install Windows Critical Update Notification. B. Install the Notification Service. C. Install the Messaging Service. D. Run Windows Update as a scheduled task. E. Install driver signing. Explanation: Windows Critical Update Notification will notify an administrator when he logs in.

16. After you install a new video adapter, one of the users at a remote location reports that Routing and Remote Access does not accept calls. After you resolve the Routing and Remote Access problem, you need to configure the server to prevent users from installing any unsigned device drivers. What two actions should you take in the Driver Signing Options dialog box? *A. Set File Signature Verification to Block. *B. Select the Apply settings as system default check box. C. Set File Signature Verification to Allow. D. Set File Signature Verification to Prompt. E. Unselect the Apply settings as system default check box. Explanation: File Signature Verification will specify whether or not unsigned drivers will be blocked.

Hardware Devices and Drivers 219 17. You have a Pentium III 400 MHz Windows 2000 Server computer with a built-in sound card. You must install another sound card that is on the HCL and enable it on the server. How should you configure the computer to use the new sound card and install the drivers for the sound card?

A. Install the new sound card. B. In Device Manager, disable the integrated sound card. C. Allow Windows 2000 to automatically detect the new sound card during the next boot of the computer after the sound card is installed. D. Manually install the new sound card's drivers. E. Configure both cards to work on the computer.

18. You must prevent any unsigned drivers from being installed on any computer in your Windows 2000 network. The network consists of Windows 2000 domain controllers, Windows 2000 file and print servers, and Windows 2000 Professional computers. What is the best way to do this?

A. Configure the domain controllers, file and print servers, and client computers to Block unsigned drivers. B. Configure the domain controllers, file and print servers, and client computers to Allow unsigned drivers. C. Configure the domain controllers, file and print servers, and client computers to digitally sign drivers. D. Configure the domain controllers, file and print servers, and client computers to Delete unsigned drivers. E. Configure the domain controllers, file and print servers, and client computers to prompt before installing unsigned drivers.

220 Chapter 3 17. You have a Pentium III 400 MHz Windows 2000 Server computer with a built-in sound card. You must install another sound card that is on the HCL and enable it on the server. How should you configure the computer to use the new sound card and install the drivers for the sound card? *A. Install the new sound card. *B. In Device Manager, disable the integrated sound card. *C. Allow Windows 2000 to automatically detect the new sound card during the next boot of the computer after the sound card is installed. D. Manually install the new sound card's drivers. E. Configure both cards to work on the computer. Explanation: Disable the integrated sound card before installing the drivers for the integrated sound card.

18. You must prevent any unsigned drivers from being installed on any computer in your Windows 2000 network. The network consists of Windows 2000 domain controllers, Windows 2000 file and print servers, and Windows 2000 Professional computers. What is the best way to do this? *A. Configure the domain controllers, file and print servers, and client computers to Block unsigned drivers. B. Configure the domain controllers, file and print servers, and client computers to Allow unsigned drivers. C. Configure the domain controllers, file and print servers, and client computers to digitally sign drivers. D. Configure the domain controllers, file and print servers, and client computers to Delete unsigned drivers. E. Configure the domain controllers, file and print servers, and client computers to prompt before installing unsigned drivers. Explanation: Blocking unsigned drivers will allow only digitally signed drivers to be installed on those computers.

Hardware Devices and Drivers 221 19. You have a Pentium III 400 MHz Windows 2000 Server computer with a built-in sound card on the motherboard. You must install a high-end sound card that is on the HCL and enable it on the server. How should you configure the computer to use the new sound card and install the drivers for the sound card?

A. Disable the sound card in the CMOS B. Install the new sound card into the computer C. Disable the integrated sound card in Device Manager D. Use the Add/Remove Hardware Wizard and manually install the sound card E. Let Windows 2000 automatically detect the new sound card during the next boot of the computer after the sound card is installed

20. In Device Manager on your Windows 2000 server, you notice a red X next to the U.S. Robotics 56K Voice PCI modem. How can you resolve this problem using Device Manager?

A. Right-click on the device and select Troubleshooter B. Right-click on the device, select Properties, and on the General tab of the device's Properties page select Use This Device (enable) under the Device usage section of the page C. Using the left pane of the two-pane Device Manager display, right-click on Device Manager on Local Computer, select View, select Devices by Connection, and expand the IRQ section in the right pane D. Using the left pane of the two-pane Device Manager display, right-click on Device Manager on Local Computer, select View, select Resources by Connection, and expand the IRQ section in the right pane E. Right-click on the device and select Remove

222 Chapter 3 19. You have a Pentium III 400 MHz Windows 2000 Server computer with a built-in sound card on the motherboard. You must install a high-end sound card that is on the HCL and enable it on the server. How should you configure the computer to use the new sound card and install the drivers for the sound card? A. Disable the sound card in the CMOS *B. Install the new sound card into the computer *C. Disable the integrated sound card in Device Manager D. Use the Add/Remove Hardware Wizard and manually install the sound card *E. Let Windows 2000 automatically detect the new sound card during the next boot of the computer after the sound card is installed Explanation: You should disable the integrated sound card to prevent conflicts.

20. In Device Manager on your Windows 2000 server, you notice a red X next to the U.S. Robotics 56K Voice PCI modem. How can you resolve this problem using Device Manager? A. Right-click on the device and select Troubleshooter *B. Right-click on the device, select Properties, and on the General tab of the device's Properties page select Use This Device (enable) under the Device usage section of the page C. Using the left pane of the two-pane Device Manager display, right-click on Device Manager on Local Computer, select View, select Devices by Connection, and expand the IRQ section in the right pane D. Using the left pane of the two-pane Device Manager display, right-click on Device Manager on Local Computer, select View, select Resources by Connection, and expand the IRQ section in the right pane E. Right-click on the device and select Remove Explanation: The device has been previously disabled. Re-enabling the device will activate it again.

Hardware Devices and Drivers 223 21. You are installing a new network adapter for a Windows 2000 Server computer on the Windows 2000 network you administer. You complete the installation and install the device drivers. Which function will notify you whether the driver you are installing passes the Microsoft certification process?

A. Event Logs B. Driver Signing C. Device Manager D. Service Pack Slipstreaming E. Driver Logging

22. Due to strict security limitations of your Windows 2000 production environment, you must prevent any unsigned drivers from being installed on any computer in your Windows 2000 network. The network consists of Windows 2000 domain controllers, Windows 2000 file and print servers, and Windows 2000 Professional computers. How can you prevent installing any unsigned drivers on all the computers on your network?

A. Implement a Group Policy to Ignore signature verification B. Configure a Local Policy on the main Windows 2000 domain controller C. Configure the domain controllers, file and print servers, and client computers to Block unsigned drivers D. Configure the domain controllers, file and print servers, and client computers to Ignore unsigned drivers E. Implement a Group Policy to Validate signature verification

224 Chapter 3 21. You are installing a new network adapter for a Windows 2000 Server computer on the Windows 2000 network you administer. You complete the installation and install the device drivers. Which function will notify you whether the driver you are installing passes the Microsoft certification process? A. Event Logs *B. Driver Signing C. Device Manager D. Service Pack Slipstreaming E. Driver Logging Explanation: Driver signing is used to verify that a driver has been approved by Microsoft.

22. Due to strict security limitations of your Windows 2000 production environment, you must prevent any unsigned drivers from being installed on any computer in your Windows 2000 network. The network consists of Windows 2000 domain controllers, Windows 2000 file and print servers, and Windows 2000 Professional computers. How can you prevent installing any unsigned drivers on all the computers on your network? A. Implement a Group Policy to Ignore signature verification B. Configure a Local Policy on the main Windows 2000 domain controller *C. Configure the domain controllers, file and print servers, and client computers to Block unsigned drivers D. Configure the domain controllers, file and print servers, and client computers to Ignore unsigned drivers E. Implement a Group Policy to Validate signature verification Explanation: By blocking unsigned drivers, drivers not certified by Microsoft cannot be installed onto the computers.

Hardware Devices and Drivers 225 23. You must take a Windows 98 Pentium III 550 MHz computer and make it a Windows 2000 domain controller. After installing the Windows 2000 operating system, you install a USB scanner on the computer while it is on. How can you force Windows 2000 to search for a new scanner?

A. Restart the computer B. Log off and back on to the domain controller C. Right-click on the domain controller's name in Device Manager and select "Scan for hardware changes" D. This is not possible because Windows 2000 domain controllers do not support adding hardware while the computer is on E. Shut down the computer

24. In Device Manager on your Windows 2000 server, you notice a yellow question mark next to the Realtek RTL8139 PCI Fast Ethernet NIC. You suspect the problem is due to an IRQ conflict. How can you troubleshoot the problem with this device using Device Manager?

A. Right-click on the device and select Troubleshooter B. Right-click on the device, select Properties, and on the General tab of the device's Properties page, select Troubleshooter C. Using the left pane of the two-pane Device Manager display, right-click Device Manager on the Local Computer, select View, select Devices by Connection, and expand the IRQ section in the right pane D. Using the left pane of the two-pane Device Manager display, right-click Device Manager on the Local Computer, select View, select Resources by Connection, and expand the IRQ section in the right pane E. Right-click on the device, select Delete, and on the General tab of the device's Properties page, select Troubleshooter

226 Chapter 3 23. You must take a Windows 98 Pentium III 550 MHz computer and make it a Windows 2000 domain controller. After installing the Windows 2000 operating system, you install a USB scanner on the computer while it is on. How can you force Windows 2000 to search for a new scanner? A. Restart the computer B. Log off and back on to the domain controller *C. Right-click on the domain controller's name in Device Manager and select "Scan for hardware changes" D. This is not possible because Windows 2000 domain controllers do not support adding hardware while the computer is on E. Shut down the computer Explanation: "Scan for Hardware changes" will look for new devices.

24. In Device Manager on your Windows 2000 server, you notice a yellow question mark next to the Realtek RTL8139 PCI Fast Ethernet NIC. You suspect the problem is due to an IRQ conflict. How can you troubleshoot the problem with this device using Device Manager? A. Right-click on the device and select Troubleshooter B. Right-click on the device, select Properties, and on the General tab of the device's Properties page, select Troubleshooter C. Using the left pane of the two-pane Device Manager display, right-click Device Manager on the Local Computer, select View, select Devices by Connection, and expand the IRQ section in the right pane *D. Using the left pane of the two-pane Device Manager display, right-click Device Manager on the Local Computer, select View, select Resources by Connection, and expand the IRQ section in the right pane E. Right-click on the device, select Delete, and on the General tab of the device's Properties page, select Troubleshooter Explanation: Device Manager can be found in the System applet in Control Panel.

Hardware Devices and Drivers 227 25. You are administering a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. You need to configure some settings for the network adapter in one of the server computers. You want to use the tools that Windows 2000 provides for managing the device. Where can most of these tools be found?

A. The General tab of the System Properties dialog box B. The Advanced tab of the System Properties dialog box C. The Hardware tab of the System Properties dialog box D. The Network Identification tab of the System Properties dialog box E. The Options tab of the System Properties dialog box

26. Which of the following statements most clearly defines BAP (Bandwidth Allocation Protocol)? A. BAP replaces Multilink in Windows 2000, allowing you to combine multiple physical links into one logical link and dynamically adding or dropping links on demand. B. BAP enhances Multilink. Multilink allows you to combine multiple physical links into one logical link. BAP allows you to dynamically add or drop links on demand. C. You can use either BAP or Multilink in Windows 2000. Multilink should be used on servers that do not require callback security. BAP, because of its higher overhead, should be used for multilink capabilities only when callback security is required. D. Multilink uses PPP security and should be used on lower security networks. BAP uses IPSec security and should be the choice on higher security networks.

228 Chapter 3 25. You are administering a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. You need to configure some settings for the network adapter in one of the server computers. You want to use the tools that Windows 2000 provides for managing the device. Where can most of these tools be found? A. The General tab of the System Properties dialog box B. The Advanced tab of the System Properties dialog box *C. The Hardware tab of the System Properties dialog box D. The Network Identification tab of the System Properties dialog box E. The Options tab of the System Properties dialog box Explanation: The hardware tab of the system properties will contain most of the tools used to administer hardware and drivers in Windows 2000.

26. Which of the following statements most clearly defines BAP (Bandwidth Allocation Protocol)? A. BAP replaces Multilink in Windows 2000, allowing you to combine multiple physical links into one logical link and dynamically adding or dropping links on demand. *B. BAP enhances Multilink. Multilink allows you to combine multiple physical links into one logical link. BAP allows you to dynamically add or drop links on demand. C. You can use either BAP or Multilink in Windows 2000. Multilink should be used on servers that do not require callback security. BAP, because of its higher overhead, should be used for multilink capabilities only when callback security is required. D. Multilink uses PPP security and should be used on lower security networks. BAP uses IPSec security and should be the choice on higher security networks. Explanation: BAP is an enhancement to Multilink. It is a PPP control protocol and works with PPP to provide bandwidth on demand, dynamically adding or dropping links on demand. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Configuring and Troubleshooting Windows 2000 Network Connections

Hardware Devices and Drivers 229

Notes:

230 Chapter 3 27. You are the administrator of your company's Windows 2000 network. One of the Windows 2000 Server domain controllers needs its hardware upgraded to keep up with company standards. You need to upgrade the 10BaseT network card to a 100BaseT network card. In addition, you need to add a 3D sound card, a modem, and a Super VGA video card to your domain controller for videoconferencing capabilities. The domain controller's motherboard has an on-board video card and sound card. The new video card is not on the Hardware Compatibility List (HCL), but you need to use it. The new sound card is on the HCL. The new network adapter is not on the HCL. The new modem is on the HCL. You take the following actions to install the software properly: You configure driver-signing options as below: You disable the on-board sound card and video card. You physically install the hardware into the computer. You boot the domain controller and install the appropriate drivers. Which devices will function properly in the domain controller?

A. Modem B. Sound card C. Video card D. Network adapter E. On-Board Video

Hardware Devices and Drivers 231

232 Chapter 3 27. You are the administrator of your company's Windows 2000 network. One of the Windows 2000 Server domain controllers needs its hardware upgraded to keep up with company standards. You need to upgrade the 10BaseT network card to a 100BaseT network card. In addition, you need to add a 3D sound card, a modem, and a Super VGA video card to your domain controller for videoconferencing capabilities. The domain controller's motherboard has an on-board video card and sound card. The new video card is not on the Hardware Compatibility List (HCL), but you need to use it. The new sound card is on the HCL. The new network adapter is not on the HCL. The new modem is on the HCL. You take the following actions to install the software properly: You configure driver-signing options as below: You disable the on-board sound card and video card. You physically install the hardware into the computer. You boot the domain controller and install the appropriate drivers. Which devices will function properly in the domain controller? *A. Modem *B. Sound card *C. Video card *D. Network adapter E. On-Board Video Explanation: The On-board video has not been configured.

Hardware Devices and Drivers 233 28. You are administering a Windows 2000 network that uses Windows 2000 Server computers and Windows 2000 Professional client computers. You need to make some configuration changes to the hardware profiles for one of the server computers. What should you access to accomplish this task?

A. System in Control Panel B. Power Options in Control Panel C. Add/Remove Hardware in Control Panel D. Network and Dial-Up Connections in Control Panel E. Network Applet in Control Panel

29. You are installing a new modem in your Windows 2000 Server to support dial-in clients. Before you install the modem, you read that it is set to use COM3. You review your system settings and you see that COM1 and COM2 are already in use. Which of the following default IRQ settings is the default for COM3, but is already in use?

A. IRQ 1 B. IRQ 2 C. IRQ 3 D. IRQ 4 E. IRQ 5

234 Chapter 3 28. You are administering a Windows 2000 network that uses Windows 2000 Server computers and Windows 2000 Professional client computers. You need to make some configuration changes to the hardware profiles for one of the server computers. What should you access to accomplish this task? *A. System in Control Panel B. Power Options in Control Panel C. Add/Remove Hardware in Control Panel D. Network and Dial-Up Connections in Control Panel E. Network Applet in Control Panel Explanation: Hardware settings are found in the system applet in control panel.

29. You are installing a new modem in your Windows 2000 Server to support dial-in clients. Before you install the modem, you read that it is set to use COM3. You review your system settings and you see that COM1 and COM2 are already in use. Which of the following default IRQ settings is the default for COM3, but is already in use? A. IRQ 1 B. IRQ 2 C. IRQ 3 *D. IRQ 4 E. IRQ 5 Explanation: By default, IRQ 4 is assigned to COM1 and COM3 and IRQ 3 is assigned to COM2 and COM4. The keyboard uses IRQ 1, IRQ 2 is a cascade to IRQ 9, and IRQ 5 is often used by a multimedia device like a sound card, or can be used by a second printer port (LPT2).

Hardware Devices and Drivers 235 30. You are preparing to add another network card to your Windows 2000 Server. Before doing so, you decide to check your available resources, shown in the figure. Based on the information you have gathered, which interrupts can you utilize for your new hardware?

A. interrupt 2 B. interrupt 12 C. interrupt 3 D. interrupt 4 E. interrupt 5

236 Chapter 3 30. You are preparing to add another network card to your Windows 2000 Server. Before doing so, you decide to check your available resources, shown in the figure. Based on the information you have gathered, which interrupts can you utilize for your new hardware? A. interrupt 2 *B. interrupt 12 C. interrupt 3 D. interrupt 4 *E. interrupt 5 Explanation: IRQ 5 and 12 are not in use on the system according to the device manager. IRQ 3 and 4 are in use, so installing your network card to use those IRQs would cause a conflict. IRQ 2 is a cascade to IRQ 9, and since IRQ 9 is in use, IRQ 2 is unavailable.

Hardware Devices and Drivers 237 31. You wish to check whether or not a driver has been loaded, and run System Information. Under which subcategory should you check for the status of a driver?

A. System Summary B. Hardware Resources C. Components D. Software Environment E. Internet Explorer 5

32. You have added a second network card to your overworked Windows 2000 server. In what utility do you enable this plug and play device?

A. System Properties -> Plug and Play Detector B. Control Panel -> Add/Remove Hardware C. Control Panel -> Detect Hardware D. Control Panel -> Plug and Play Detector E. Device Manager -> Detect Hardware

238 Chapter 3 31. You wish to check whether or not a driver has been loaded, and run System Information. Under which subcategory should you check for the status of a driver? A. System Summary B. Hardware Resources C. Components *D. Software Environment E. Internet Explorer 5 Explanation: Software Environment. Checking drivers under software environment will allow you to verify what drivers are loaded, which ones are currently running, and the status of the driver. Reference: Microsoft Windows 2000 Server Resource Kit. Exam Category: Configuring and Troubleshooting Hardware Devices and Drivers

32. You have added a second network card to your overworked Windows 2000 server. In what utility do you enable this plug and play device? A. System Properties -> Plug and Play Detector *B. Control Panel -> Add/Remove Hardware C. Control Panel -> Detect Hardware D. Control Panel -> Plug and Play Detector E. Device Manager -> Detect Hardware Explanation: The Add/Remove Hardware tool in the Control Panel is used to add and troubleshoot Plug-and-Play devices. Once the device is physically installed into the system, the administrator runs the Add/Remove Hardware Wizard that will first attempt to auto-detect the device. If that succeeds, it will prompt for the software and finish the installation. If that fails, it will allow the administrator to select the device from a list of devices or use diskettes to add an unknown device. Once the device is installed and recognized, the Device Manager utility can be used to change the configuration settings.

Hardware Devices and Drivers 239 33. When viewing your devices in Computer Management, a new device that was just installed shows up with an exclamation point instead of a normal icon. Why?

A. The device is working properly, just disabled. B. The device has been configured with settings that conflict with another Device. C. The device is of an unknown type. D. The device is incorrectly configured, or the driver files are missing.

240 Chapter 3 33. When viewing your devices in Computer Management, a new device that was just installed shows up with an exclamation point instead of a normal icon. Why? A. The device is working properly, just disabled. B. The device has been configured with settings that conflict with another Device. C. The device is of an unknown type. *D. The device is incorrectly configured, or the driver files are missing. Explanation: When a device in Computer Management has an exclamation point on the icon, it typically means that the device is incorrectly configured for that type of device or the device drivers are missing. Typically removing the device and adding it again will fix the problem; make sure to overwrite the old drivers. Icons for devices in Windows 2000 are as follows: A normal icon means the device is installed and working correctly. A question mark means a new device is found, but Windows 2000 doesn't know what type of device it is and doesn't have a driver for it. A stop sign on the icon means the device is disabled, typically because its hardware settings conflict with another device in the system. Attempt to change the hardware settings so they don't conflict and check it again. An exclamation point on the icon means the hardware device is incorrectly configured or drivers are missing.

Hardware Devices and Drivers 241 34. You are the senior administrator for a large health-care company and are concerned about other, less experienced administrators adding untested drivers to your Windows 2000 servers. In what utility can you control the addition of new device drivers on your Windows 2000 server?

A. Add/Remove Programs, Driver signing option B. Device Manager, Driver signing option C. System Properties, Driver signing option D. Hardware Profiles, Driver signing option

242 Chapter 3 34. You are the senior administrator for a large health-care company and are concerned about other, less experienced administrators adding untested drivers to your Windows 2000 servers. In what utility can you control the addition of new device drivers on your Windows 2000 server? A. Add/Remove Programs, Driver signing option *B. Device Manager, Driver signing option C. System Properties, Driver signing option D. Hardware Profiles, Driver signing option Explanation: To configure the Windows 2000 Drivers Signing options, you have to go to the System icon in Control Panel. Then go to the Hardware tab. From there, go to the Device Manager option and click Driver Signing. Once in the dialog box for the driver Signing, you can select to have the system either Ignore - Install all files, regardless of file signature; Warn - Display a message before installing an unsigned file; or Block - Prevent installation of unsigned files. And you also have the option to have this option applied as the default for the entire system. Windows 2000 drivers and operating system files that are endorsed by Microsoft have a signature placed on the file ensuring that the driver is a valid Windows 2000 file. The system can be configured to install, ask before installing, or not install a driver that does not have a signature on it. With this method, Microsoft Windows 2000 can easily track possible problems caused by incorrect or poorly written drivers or system files.

Hardware Devices and Drivers 243 35. What two utilities does Windows 2000 provide to troubleshoot device driver signatures?

A. SigFind B. SigVerif C. DriveSig D. FileSig E. SFC

244 Chapter 3 35. What two utilities does Windows 2000 provide to troubleshoot device driver signatures? A. SigFind *B. SigVerif C. DriveSig D. FileSig *E. SFC Explanation: SFC (System File Checker) is used to check the digital signature of files on the system. SigVerif (Signature Verification utility) allows the administrator to view a file's name, its location, its modification date, its type, and its version number. The syntax for SFC is as follows: SFC {/scannow} {/scanonce} {/scanboot} {/cancel} {/quiet} {/enable} {/purgecache} {/cachesize=x} /scannow - causes the SFC utility to scan all protected files immediately. /scanonce causes the SFC utility to scan all protected files at the next system restart. /scanboot causes the SFC utility to scan all protected files every time the system is restarted. /cancel - causes the SFC utility to cancel all pending scans of protected files. /quiet causes the SFC utility to replace all incorrect files without prompting the user. /enable - causes the SFC utility to set all parameters back to default. /purgecache causes the SFC utility to purge the file cache and scans all protected files immediately. /cachesize=x - set the file cache size for the SFC utility. Windows 2000 drivers and operating system files that are endorsed by Microsoft have a signature placed on the file ensuring that the driver is a valid Windows 2000 file. The system can be configured to install, ask before installing, or not install a driver that does not have a signature on it. With this method, Microsoft Windows 2000 can easily track possible problems caused by incorrect or poorly written drivers or system files.

Hardware Devices and Drivers 245 36. Your manager has told you that all drivers on the new Windows 2000 servers must be signed drivers or you cannot install them. What does a signature on a device driver mean?

A. That the driver manufacturer placed information about the device B. That the driver has been digitally signed C. That the driver has been encrypted for protection D. That the driver has been compressed

246 Chapter 3 36. Your manager has told you that all drivers on the new Windows 2000 servers must be signed drivers or you cannot install them. What does a signature on a device driver mean? A. That the driver manufacturer placed information about the device *B. That the driver has been digitally signed C. That the driver has been encrypted for protection D. That the driver has been compressed Explanation: Windows 2000 drivers and operating system files that are endorsed by Microsoft have a signature placed on the file ensuring that the driver is a valid Windows 2000 file. The system can be configured to install, ask before installing, or not install a driver that does not have a signature on it. With this method, Microsoft Windows 2000 can easily track possible problems caused by incorrect or poorly written drivers or system files. To configure the Windows 2000 Drivers Signing options, you have to go to the System icon in Control Panel. Then go to the Hardware tab. From there, go to the Device Manager option and click Driver Signing. Once in the dialog box for the driver Signing, you can select to have the system either Ignore - Install all files, regardless of file signature; Warn - Display a message before installing an unsigned file; or Block - Prevent installation of unsigned files. And you also have the option to have this option applied as the default for the entire system.

Notes:

248 Chapter 4

The objective of this chapter is to provide the reader with an understanding of the following: 1.

Monitor and optimize usage of system resources.

2.

Manage processes.

3.

Set priorities and start and stop processes.

4.

Optimize disk performance.

5.

Manage and optimize availability of System State data and user data.

6.

Recover System State data and user data.

7.

Recover System State data by using Windows Backup.

8.

Troubleshoot system restoration by starting in safe mode.

9.

Recover System State data by using the Recovery Console.

Performance, Reliability, & Availability 249

Chapter 4: System Performance, Reliability, and Availability 1. Your 32-bit application stops responding several days after installation. When you check the Task Manager, it shows the CPU usage to be 100 percent. You end the application, but the CPU usage stays at 100 percent. What is the best way to correct this?

A. Use Task Manager to end any related child processes. B. Use Task Manager to end any child processes. C. Use Task Manager to change the priority of the program. D. Use Task Manager to change the priority of related child processes. E. Reinstall the application.

2. You have a multiple-process database named Application on your Windows 2000 Server, which has stopped responding to queries. Since the server is running, you decide to restart the application. What should you do first?

A. End the Application.exe process tree. B. End the Application.exe process. C. Restart the server. D. Reinstall the database. E. Restore the database from a backup.

250 Chapter 4 1. Your 32-bit application stops responding several days after installation. When you check the Task Manager, it shows the CPU usage to be 100 percent. You end the application, but the CPU usage stays at 100 percent. What is the best way to correct this? *A. Use Task Manager to end any related child processes. B. Use Task Manager to end any child processes. C. Use Task Manager to change the priority of the program. D. Use Task Manager to change the priority of related child processes. E. Reinstall the application. Explanation: This problem is likely due to other child processes called by the 32-bit application. In order to completely end these processes and return the CPU utilization to a reasonable level, you should use the Task Manager.

2. You have a multiple-process database named Application on your Windows 2000 Server, which has stopped responding to queries. Since the server is running, you decide to restart the application. What should you do first? *A. End the Application.exe process tree. B. End the Application.exe process. C. Restart the server. D. Reinstall the database. E. Restore the database from a backup. Explanation: You should end the process tree, not just the single process.

Performance, Reliability, & Availability 251 3. Your Windows 2000 Server computer runs many 16-bit applications. When one of these stops responding, it causes all other 16-bit applications to stop responding. What can you do to isolate the application to monitor and troubleshoot?

A. Create a batch file that starts the application by running the start /separate command. Use this batch file to start the application. B. Reinstall the application. C. Create a shortcut to the application, and select the Run in a separate memory space. Use this shortcut to start the application. D. Upgrade all applications to 32-bit E. Start Up your server in Safe Mode.

4. You are considering adding one or more processors to your Windows 2000 server. In performance, which columns would you look at to determine whether the response times of a new application would improve by adding processors?

A. USER Objects B. I/O Reads C. Page Reads/sec D. Page Writes/sec E. Committed Bytes

252 Chapter 4 3. Your Windows 2000 Server computer runs many 16-bit applications. When one of these stops responding, it causes all other 16-bit applications to stop responding. What can you do to isolate the application to monitor and troubleshoot? *A. Create a batch file that starts the application by running the start /separate command. Use this batch file to start the application. B. Reinstall the application. *C. Create a shortcut to the application, and select the Run in a separate memory space. Use this shortcut to start the application. D. Upgrade all applications to 32-bit E. Start Up your server in Safe Mode. Explanation: You should run the application in a separate memory space to isolate it.

4. You are considering adding one or more processors to your Windows 2000 server. In performance, which columns would you look at to determine whether the response times of a new application would improve by adding processors? *A. USER Objects *B. I/O Reads C. Page Reads/sec D. Page Writes/sec E. Committed Bytes Explanation: USER Objects and I/O Reads will show you if additional processors would help.

Performance, Reliability, & Availability 253 5. When you run Microsoft Excel every afternoon users complain that the response time on the server lags. What is the best way to do this?

A. Use Task Manager to set the priority of the Excel.exe process to Low. B. Use Task Manager to set the priority of the Excel.exe process to Above Average. C. Use Task Manager to set the priority of all other processes to High. D. Reinstall Microsoft Excel. E. Restart the server before using Excel each day.

6. Running System Monitor locally, and ensuring it has the least impact on other processes, how do you measure the physical disk performance counters on your Windows 2000 Server computer?

A. From the command prompt, run the Start/low perfmon command. B. Use Task Manager to set the priority of the MMC.EXE process to Low. C. Run the application in a separate memory space. D. Increase the priority of other applications to AboveNormal. E. In system properties, optimize the server for Background Processes.

254 Chapter 4 5. When you run Microsoft Excel every afternoon users complain that the response time on the server lags. What is the best way to do this? *A. Use Task Manager to set the priority of the Excel.exe process to Low. B. Use Task Manager to set the priority of the Excel.exe process to Above Average. C. Use Task Manager to set the priority of all other processes to High. D. Reinstall Microsoft Excel. E. Restart the server before using Excel each day. Explanation: By setting the priority to low, other processes will have better response times.

6. Running System Monitor locally, and ensuring it has the least impact on other processes, how do you measure the physical disk performance counters on your Windows 2000 Server computer? *A. From the command prompt, run the Start/low perfmon command. *B. Use Task Manager to set the priority of the MMC.EXE process to Low. C. Run the application in a separate memory space. D. Increase the priority of other applications to AboveNormal. E. In system properties, optimize the server for Background Processes. Explanation: Setting task manager to a low priority assures that it will have the least effect on other processes.

Performance, Reliability, & Availability 255 7. Your Windows 2000 Server runs both 32-bit and 16-bit applications. Each 16-bit application is configured to run in a separate memory space. You want to create a performance baseline chart for all applications on the server. You add all of the 32bit applications. How can you add the 16-bit applications?

A. Add the ntvdm and the ntvdm#2 instances of the %Processor Time counter for the Process object. B. Add the ntvdm and the ntvdm#2 instances of the %Privileged Time counter for the Process object. C. Add the ntvdm and the ntvdm#2 instances of the %Interrupt Time counter for the Process object. D. Add the ntvdm and the ntvdm#2 instances of the %User Time counter for the Process object. E. Add the ntvdm and the ntvdm#2 instances of the %DPC Time counter for the Process object.

8. You have Routing and Remote Access on a server that has one modem. The server is configured to use demand-dial routing to connect to the main office. The manager wants users to be able to dial in to the server only between 6:00 p.m. and 8:00 a.m., but wants users to be able to log on at any time when connected directly to the LAN. How can you limit only dial-in access to this timeframe?

A. Set the remote access policy to deny connections between 8:00 a.m. and 6:00 p.m. B. Set the remote access policy to deny connections between 6:00 p.m. and 8:00 a.m. C. Set the demand-dial routing policy to deny connections between 8:00 a.m. and 6:00 p.m. D. Set the demand-dial routing policy to deny connections between 6:00 p.m. and 8:00 a.m. E. Set the logon policy to deny logons between 8:00 a.m. and 6:00 p.m.

256 Chapter 4 7. Your Windows 2000 Server runs both 32-bit and 16-bit applications. Each 16-bit application is configured to run in a separate memory space. You want to create a performance baseline chart for all applications on the server. You add all of the 32bit applications. How can you add the 16-bit applications? *A. Add the ntvdm and the ntvdm#2 instances of the %Processor Time counter for the Process object. B. Add the ntvdm and the ntvdm#2 instances of the %Privileged Time counter for the Process object. C. Add the ntvdm and the ntvdm#2 instances of the %Interrupt Time counter for the Process object. D. Add the ntvdm and the ntvdm#2 instances of the %User Time counter for the Process object. E. Add the ntvdm and the ntvdm#2 instances of the %DPC Time counter for the Process object. Explanation: The two instances of the %Processor Time counter will include the 16-bit applications running in separate memory spaces.

8. You have Routing and Remote Access on a server that has one modem. The server is configured to use demand-dial routing to connect to the main office. The manager wants users to be able to dial in to the server only between 6:00 p.m. and 8:00 a.m., but wants users to be able to log on at any time when connected directly to the LAN. How can you limit only dial-in access to this timeframe? *A. Set the remote access policy to deny connections between 8:00 a.m. and 6:00 p.m. B. Set the remote access policy to deny connections between 6:00 p.m. and 8:00 a.m. C. Set the demand-dial routing policy to deny connections between 8:00 a.m. and 6:00 p.m. D. Set the demand-dial routing policy to deny connections between 6:00 p.m. and 8:00 a.m. E. Set the logon policy to deny logons between 8:00 a.m. and 6:00 p.m. Explanation: Setting the remote access policy hours will not affect the logon hours when accessing the server from the LAN.

Performance, Reliability, & Availability 257 9. Your company has developed a 32-bit application that collects information from various processes. You want to make the application available on all of the client computers by using Terminal Services. The company wants users to shut down their computers at the end of their shifts, and to leave the application running on the Terminal Server. What is the best way to do this?

A. Set the RDP on the server to override user settings, and set the End Disconnected Sessions setting to Never. B. Set the RDP on the server to override user settings, and set the End Disconnected Sessions setting to Always. C. Set the RDP on the server to use the user's settings, and set the End Disconnected Sessions setting to Never. D. Set the RDP on the server to use the user's settings, and set the End Disconnected Sessions setting to Always. E. Use the default server settings.

10. You have created a shared printer for your managers so they do not have to wait for their documents to print when the printer queue is large. You set up permissions for the following groups; Administrators, Creator Owner, Everyone, Managers, Print Operators and Server Operators. You select the check box to allow Printer permission for the Managers group. You want only the Administrators, Print Operators, Server Operators, and Managers groups to be able to print to the printer. What is the best way to do this?

A. Remove the Everyone group. B. Clear all check boxes for the Everyone group. C. Remove the Managers group. D. Clear all check boxes for the Managers group. E. Set No Access for the Everyone group.

258 Chapter 4 9. Your company has developed a 32-bit application that collects information from various processes. You want to make the application available on all of the client computers by using Terminal Services. The company wants users to shut down their computers at the end of their shifts, and to leave the application running on the Terminal Server. What is the best way to do this? *A. Set the RDP on the server to override user settings, and set the End Disconnected Sessions setting to Never. B. Set the RDP on the server to override user settings, and set the End Disconnected Sessions setting to Always. C. Set the RDP on the server to use the user's settings, and set the End Disconnected Sessions setting to Never. D. Set the RDP on the server to use the user's settings, and set the End Disconnected Sessions setting to Always. E. Use the default server settings. Explanation: By telling the Terminal Server to Never End Disconnected Sessions, applications will continue to run on the server.

10. You have created a shared printer for your managers so they do not have to wait for their documents to print when the printer queue is large. You set up permissions for the following groups; Administrators, Creator Owner, Everyone, Managers, Print Operators and Server Operators. You select the check box to allow Printer permission for the Managers group. You want only the Administrators, Print Operators, Server Operators, and Managers groups to be able to print to the printer. What is the best way to do this? *A. Remove the Everyone group. *B. Clear all check boxes for the Everyone group. C. Remove the Managers group. D. Clear all check boxes for the Managers group. E. Set No Access for the Everyone group. Explanation: Removing permissions for the Everyone group will restrict access to only the specified groups.

Performance, Reliability, & Availability 259 11. How can you assign an application to one processor exclusively?

A. Right-click the application process, select Set Affinity, and select the appropriate processor. B. Right-click the application process, select Set Processor, and select the appropriate processor. C. Right-click the application process, select Set CPU, and select the appropriate processor. D. Right-click the application process, select Set Priority, and select the appropriate processor. E. Right-click the application process, select Set Application, and select the appropriate processor.

12. Your Windows 2000 server runs three 16-bit applications. The applications have their default installation settings and were installed in Windows NT 4.0. The Windows NT 4.0 server was then migrated to Windows 2000. You want to monitor the performance of these applications using the Process Performance object of Performance Monitor. How can you monitor these applications?

A. Monitor the %Processor Time counter B. Monitor the %Privileged Time counter C. Monitor the NTVDM for each application D. Monitor a single Windows Virtual DOS machine E. Monitor the %Interrupt Time counter

260 Chapter 4 11. How can you assign an application to one processor exclusively? *A. Right-click the application process, select Set Affinity, and select the appropriate processor. B. Right-click the application process, select Set Processor, and select the appropriate processor. C. Right-click the application process, select Set CPU, and select the appropriate processor. D. Right-click the application process, select Set Priority, and select the appropriate processor. E. Right-click the application process, select Set Application, and select the appropriate processor. Explanation: Set Affinity will allow you to select a processor for a process.

12. Your Windows 2000 server runs three 16-bit applications. The applications have their default installation settings and were installed in Windows NT 4.0. The Windows NT 4.0 server was then migrated to Windows 2000. You want to monitor the performance of these applications using the Process Performance object of Performance Monitor. How can you monitor these applications? A. Monitor the %Processor Time counter B. Monitor the %Privileged Time counter C. Monitor the NTVDM for each application *D. Monitor a single Windows Virtual DOS machine E. Monitor the %Interrupt Time counter Explanation: The 16-bit applications run in the same memory space.

Performance, Reliability, & Availability 261 13. A Windows 2000 domain controller has two Pentium III processors in it and you are required to assign the Exchange.exe process to one of the processors exclusively. How can you perform this function?

A. This configuration is not possible B. Right-click the Exchange process, select Set priority, and select Low C. Right-click the Exchange process, select Set priority, and select High D. Right-click the Exchange process, select Set priority, and select Realtime E. Right-click the Exchange process, select Set Affinity, and select the appropriate processor

14. You must configure a process to use the maximum available resources on the computer to complete the task. How should you configure the process using Task Manager?

A. Right-click the process, select Set priority, and select Low B. Right-click the process, select Set priority, and select High C. Right-click the process, select Set priority, and select Normal D. Right-click the process, select Set priority, and select Realtime E. Right-click the process, select Set priority, and select Above Normal

262 Chapter 4 13. A Windows 2000 domain controller has two Pentium III processors in it and you are required to assign the Exchange.exe process to one of the processors exclusively. How can you perform this function? A. This configuration is not possible B. Right-click the Exchange process, select Set priority, and select Low C. Right-click the Exchange process, select Set priority, and select High D. Right-click the Exchange process, select Set priority, and select Realtime *E. Right-click the Exchange process, select Set Affinity, and select the appropriate processor Explanation: Set Affinity will allow you to select a processor for a specific process.

14. You must configure a process to use the maximum available resources on the computer to complete the task. How should you configure the process using Task Manager? A. Right-click the process, select Set priority, and select Low B. Right-click the process, select Set priority, and select High C. Right-click the process, select Set priority, and select Normal *D. Right-click the process, select Set priority, and select Realtime E. Right-click the process, select Set priority, and select Above Normal Explanation: Realtime is the highest priority that can be assigned to a process.

Performance, Reliability, & Availability 263 15. You are the administrator of your Windows 2000 domain controller. The domain controller serves 65 Windows 2000 clients. During the day, there are always four programs running on the domain controller: your accounting software, your Exchange 5.5 service, Word 2000, and outlook. You must monitor the server as follows: You must monitor the amount of time the CPU is used by the operating system. You must view the status of the running applications. You must view the amount of time the CPU is used by each process. You must view the percentage of the CPU a process is using at a given time. You take the following actions: In the Performance tab of Task Manager, you select View and then you select Show Kernel Times. You then view the amount of time the CPU is being used by the operating system. In the Applications tab of Task Manager, you view the applications that are active on the domain controller and the status of those applications. In the Processes tab of Task Manager, you view the amount of time each process uses the CPU and the percentage of the CPU a process is using at any given time. Which requirements do the actions meet?

A. You can successfully view the amount of time the CPU is used by each process B. You can successfully view the status of running applications on the domain controller C. You can successfully view the percentage of the CPU a process is using at a given time D. You can successfully monitor the amount of time the CPU is being used by the operating system E. You can successfully view the amount of space is used on the hard drive.

264 Chapter 4 15. You are the administrator of your Windows 2000 domain controller. The domain controller serves 65 Windows 2000 clients. During the day, there are always four programs running on the domain controller: your accounting software, your Exchange 5.5 service, Word 2000, and outlook. You must monitor the server as follows: You must monitor the amount of time the CPU is used by the operating system. You must view the status of the running applications. You must view the amount of time the CPU is used by each process. You must view the percentage of the CPU a process is using at a given time. You take the following actions: In the Performance tab of Task Manager, you select View and then you select Show Kernel Times. You then view the amount of time the CPU is being used by the operating system. In the Applications tab of Task Manager, you view the applications that are active on the domain controller and the status of those applications. In the Processes tab of Task Manager, you view the amount of time each process uses the CPU and the percentage of the CPU a process is using at any given time. Which requirements do the actions meet? *A. You can successfully view the amount of time the CPU is used by each process *B. You can successfully view the status of running applications on the domain controller *C. You can successfully view the percentage of the CPU a process is using at a given time *D. You can successfully monitor the amount of time the CPU is being used by the operating system E. You can successfully view the amount of space is used on the hard drive. Explanation: You can monitor CPU usage, memory usage, processes, and applications from task manager.

Performance, Reliability, & Availability 265 16. You must back up the Registry, the COM+ Class Registration database, the system boot files, the Certificate Server database, the Active Directory Services database, and the SYSVOL directory on a Windows 2000 Active Directory domain controller. The domain controller is a Pentium 200 MHz with a RAID 5 array composed of ten 3-GB partitions. How can you back up the appropriate files while minimizing the time the backup takes?

A. Use Windows Backup to perform a full system backup B. Use Windows Backup to create a differential backup C. Use Windows Backup to back up the System State Data D. Use Windows Backup to create a backup of specified folders E. Use Windows Backup to create an incremental backup

266 Chapter 4 16. You must back up the Registry, the COM+ Class Registration database, the system boot files, the Certificate Server database, the Active Directory Services database, and the SYSVOL directory on a Windows 2000 Active Directory domain controller. The domain controller is a Pentium 200 MHz with a RAID 5 array composed of ten 3-GB partitions. How can you back up the appropriate files while minimizing the time the backup takes? A. Use Windows Backup to perform a full system backup B. Use Windows Backup to create a differential backup *C. Use Windows Backup to back up the System State Data D. Use Windows Backup to create a backup of specified folders E. Use Windows Backup to create an incremental backup Explanation: Windows backup with System State Data will back up the vital system data files.

Performance, Reliability, & Availability 267 17. You are the administrator for your company's Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network uses the Encrypting File System (EFS) to encrypt data files and folders. You are setting up encryption on some files of a user's computer. You want to achieve the following goals: Encrypt the data in the My Documents folder. Configure the My Documents folder to be archived. Configure the My Documents folder to be indexed. Compress the data in the My Documents folder. You perform the following actions: You select the My Documents folder, right-click, and open the Properties dialog box. You click the Advanced button to open the Advanced Attributes dialog box. You check the "Folder is ready for archiving" box. You check the "For fast searching, allow Indexing" box. You check the "Encrypt Contents To Secure Data" box. You close the dialog boxes. Which goal or goals are accomplished from these actions?

A. Encrypt the data in the My Documents folder B. Compress the data in the My Documents folder C. Configure the My Documents folder to be indexed D. Configure the My Documents folder to be archived E. Make the My Documents folder Read-Only

268 Chapter 4 17. You are the administrator for your company's Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network uses the Encrypting File System (EFS) to encrypt data files and folders. You are setting up encryption on some files of a user's computer. You want to achieve the following goals: Encrypt the data in the My Documents folder. Configure the My Documents folder to be archived. Configure the My Documents folder to be indexed. Compress the data in the My Documents folder. You perform the following actions: You select the My Documents folder, right-click, and open the Properties dialog box. You click the Advanced button to open the Advanced Attributes dialog box. You check the "Folder is ready for archiving" box. You check the "For fast searching, allow Indexing" box. You check the "Encrypt Contents To Secure Data" box. You close the dialog boxes. Which goal or goals are accomplished from these actions? *A. Encrypt the data in the My Documents folder B. Compress the data in the My Documents folder *C. Configure the My Documents folder to be indexed *D. Configure the My Documents folder to be archived E. Make the My Documents folder Read-Only Explanation: You cannot encrypt and compress the same folder.

Performance, Reliability, & Availability 269 18. As the network administrator, you must run a processor intensive report every afternoon before closing. You receive many complaints from network users about the network slowing down dramatically during the time this report runs. You must still run the report locally on the Windows 2000 server, but you must minimize the effect on the processor. How can you achieve this functionality?

A. Run the application that creates the report with the /BelowNormal switch from the Run line B. Use the Processes tab of Task Manager and set the priority of the process running the report to Low C. Use the Performance tab of Task Manager and set the priority of the process running the report to Low. D. Use the Processes tab of Task Manager and set the priority of the process running the report to Realtime. E. Use the Performance tab of Task Manager and set the priority of the process running the report to Realtime.

270 Chapter 4 18. As the network administrator, you must run a processor intensive report every afternoon before closing. You receive many complaints from network users about the network slowing down dramatically during the time this report runs. You must still run the report locally on the Windows 2000 server, but you must minimize the effect on the processor. How can you achieve this functionality? A. Run the application that creates the report with the /BelowNormal switch from the Run line *B. Use the Processes tab of Task Manager and set the priority of the process running the report to Low C. Use the Performance tab of Task Manager and set the priority of the process running the report to Low. D. Use the Processes tab of Task Manager and set the priority of the process running the report to Realtime. E. Use the Performance tab of Task Manager and set the priority of the process running the report to Realtime. Explanation: Setting the priority of the process running the report to Low will minimize the effect it has on the processor.

Performance, Reliability, & Availability 271 19. You are troubleshooting the performance of a Windows 2000 Server that is providing file and printer sharing services for 100 clients. Sometimes up to 50 clients will be accessing the Windows 2000 Server simultaneously. You didn't expect that many simultaneous users when you originally configured the server. You are wondering if the system has enough RAM to handle the load, which of the following objects and counters would help you determine whether or not you need more RAM?

A. Network Interface Bytes Total/sec B. Memory Pages/sec C. PhysicalDisk %Disk Time D. Server Bytes Total/sec E. Paging File %Usage

272 Chapter 4 19. You are troubleshooting the performance of a Windows 2000 Server that is providing file and printer sharing services for 100 clients. Sometimes up to 50 clients will be accessing the Windows 2000 Server simultaneously. You didn't expect that many simultaneous users when you originally configured the server. You are wondering if the system has enough RAM to handle the load, which of the following objects and counters would help you determine whether or not you need more RAM? A. Network Interface Bytes Total/sec *B. Memory Pages/sec C. PhysicalDisk %Disk Time *D. Server Bytes Total/sec *E. Paging File %Usage Explanation: Memory pages/sec and the paging file usage tell you how frequently the system is using the paging file, which is used when the system runs low on physical RAM. The Network Interface and Server counters are useful for telling you how much the server is being used, but not how much RAM is required. The PhysicalDisk is a hard disk counter that can indicate whether your hard disk is a bottleneck. However, a lack of RAM could have an adverse effect on the hard drive because excessive paging could make the hard disk appear slow. Be sure that the bottleneck isn't your paging file before you change your disk configuration.

Performance, Reliability, & Availability 273 20. You have been monitoring the paging file on one of your Windows 2000 Servers and you notice that it is getting used quite a bit. Although you have ordered more memory for the server, you are told that it will be several weeks before you will get the additional memory. Assume that you cannot add any hardware to your current system, but you still want to improve performance. Your system is configured as follows: Paging file location C drive Paging file initial size setting 256 MB Paging file observed average 510 MB Paging file maximum size setting 1024 MB %system root% location C drive Number of physical disks on server 3 Partitions on Disk 0 C Partitions on Disk 1 D Partitions on Disk 2 E Of the following options, which will improve the performance of the paging file on the above server?

A. configure a RAID 5 stripe set with parity and place the page file on the stripe set B. configure a RAID 0 stripe set on the D and E drives and place the paging file on that drive C. move the paging file away from the system files D. increase the initial paging file size E. reduce the initial paging file size

274 Chapter 4 20. You have been monitoring the paging file on one of your Windows 2000 Servers and you notice that it is getting used quite a bit. Although you have ordered more memory for the server, you are told that it will be several weeks before you will get the additional memory. Assume that you cannot add any hardware to your current system, but you still want to improve performance. Your system is configured as follows: Paging file location C drive Paging file initial size setting 256 MB Paging file observed average 510 MB Paging file maximum size setting 1024 MB %system root% location C drive Number of physical disks on server 3 Partitions on Disk 0 C Partitions on Disk 1 D Partitions on Disk 2 E Of the following options, which will improve the performance of the paging file on the above server? A. configure a RAID 5 stripe set with parity and place the page file on the stripe set B. configure a RAID 0 stripe set on the D and E drives and place the paging file on that drive *C. move the paging file away from the system files *D. increase the initial paging file size E. reduce the initial paging file size Explanation: Techniques for improving the page file performance include moving the paging file to a stripe set or stripe set with parity because this improves disk access speed. If possible, move the paging file to a physical drive that does not contain the system files. You should also increase the initial paging file size to average observed paging file size, which reduces the delay in increasing the paging file to that size after a system reboot. Reducing the initial paging file size will actually reduce performance, so that is not a good solution. To make a RAID 5 configuration you would require three physical disks the same size that are not part of the system or boot partitions; the C drive has the system partition, so it cannot participate in a RAID-5 configuration.

Performance, Reliability, & Availability 275 21. You have several applications that run on your Windows 2000 Server to support network users. You have created a stripe set with parity to support your users and increase performance while protecting their data. You have also optimized throughput for application sharing. However, now you want to ensure that a Win32 financial application (FINAP.EXE) runs at a higher priority than the other applications on your server. Which of the following commands would run the financial application at a higher priority others on your system?

A. START FINAP.EXE /HIGH B. START FINAP.EXE /REALTIME C. START FINAP.EXE /SEPARATE D. START FINAP.EXE /MAX E. START FINAP.EXE /ABOVENORMAL

276 Chapter 4 21. You have several applications that run on your Windows 2000 Server to support network users. You have created a stripe set with parity to support your users and increase performance while protecting their data. You have also optimized throughput for application sharing. However, now you want to ensure that a Win32 financial application (FINAP.EXE) runs at a higher priority than the other applications on your server. Which of the following commands would run the financial application at a higher priority others on your system? *A. START FINAP.EXE /HIGH *B. START FINAP.EXE /REALTIME C. START FINAP.EXE /SEPARATE D. START FINAP.EXE /MAX *E. START FINAP.EXE /ABOVENORMAL Explanation: The /ABOVENORMAL, /HIGH, and /REALTIME are all valid options for running applications at a higher than normal priority on Windows 2000. Using the /SEPARATE switch is only to run Win16 applications in separate memory and doesn't increase priority, especially for a Win32 application. The /MAX switch is to launch the program maximized, which doesn't affect the priority of the application. The setting only controls size of the window in which the program is run.

Performance, Reliability, & Availability 277 22. Your network administration team is having a meeting on the status of the network. One of the administrators says that the Windows 2000 Server named XFILE is no longer running efficiently. Another administrator says that she thinks the system should have a RAID 5 drive array like the other applications servers. Your job is to confirm or deny that request based on a System Monitor report that is to be conducted over the next week. You have decided to monitor 24 hours per day for seven days to create your report. Which of the following objects and counters help you determine whether a RAID 5 configuration will improve performance?

A. PhysicalDisk Avg. Disk Queue Length B. Server Bytes Total/sec C. Thread % Processor Time D. Processor % Processor Time E. PhysicalDisk % Disk Time

278 Chapter 4 22. Your network administration team is having a meeting on the status of the network. One of the administrators says that the Windows 2000 Server named XFILE is no longer running efficiently. Another administrator says that she thinks the system should have a RAID 5 drive array like the other applications servers. Your job is to confirm or deny that request based on a System Monitor report that is to be conducted over the next week. You have decided to monitor 24 hours per day for seven days to create your report. Which of the following objects and counters help you determine whether a RAID 5 configuration will improve performance? *A. PhysicalDisk Avg. Disk Queue Length B. Server Bytes Total/sec C. Thread % Processor Time D. Processor % Processor Time *E. PhysicalDisk % Disk Time Explanation: The PhysicalDisk counters are useful for determining disk performance. If the %Disk Time is at or near 100% consistently or the Disk Queue Length is consistently above 4, you should consider using a RAID configuration. The Processor and Thread objects allow you to check processor performance and see if any applications are using a lot of processor time. The Server Bytes Total/sec allows you to see how much work your server is receiving from network clients.

Performance, Reliability, & Availability 279 23. You are in charge of three different Windows 2000 Servers on your network. Each server provides file and printer sharing to Windows 2000 Professional clients. Lately, you have noticed that users are complaining about the performance of one of the servers. You suspect it is because that server is being used more than the other servers are to answer client requests. Which of the following objects and counters should you monitor on each server to make this determination?

A. Redirector - Server Reconnects B. System - System Calls/sec C. Server Work Queues - Total Operations/sec D. UDP - Datagrams/sec E. Server - Bytes Total/sec

24. Your Windows 2000 Server has recently run into a boot problem. You have attempted to use the Last Known Good configuration, but without success. The Emergency Repair Disk you have created doesn't seem to be working either. You suspect that the Master Boot Record has been corrupted or modified by another user. At this point, you realize that the recovery console is probably your best option. Which of the following are valid methods for accessing the recovery console?

A. run winnt32 /cmdcons B. run rconsole C. boot from the Windows 2000 CD and then choose to repair your installation D. run rdisk from a Windows 2000 command prompt E. boot from the boot floppies and press R when prompted

280 Chapter 4 23. You are in charge of three different Windows 2000 Servers on your network. Each server provides file and printer sharing to Windows 2000 Professional clients. Lately, you have noticed that users are complaining about the performance of one of the servers. You suspect it is because that server is being used more than the other servers are to answer client requests. Which of the following objects and counters should you monitor on each server to make this determination? A. Redirector - Server Reconnects B. System - System Calls/sec *C. Server Work Queues - Total Operations/sec D. UDP - Datagrams/sec *E. Server - Bytes Total/sec Explanation: Server Work Queues - Total Operations/sec and Server - Bytes Total/sec are measuring the server service on your system. The server service handles client requests, which means that you see how busy the server is by monitoring server counters. The redirector service is used for connecting to other servers and won't indicate how much your server is being used to service client requests. The system object measuring system calls/sec can only tell you how many applications are accessing the system/processor. Although UDP datagrams/sec does tell you something about network performance, it is specific to the UDP protocol. Therefore, UDP would not be a good general protocol to measure client access to the server (unless you could be sure that all clients were limited to the UDP protocol, which is highly unlikely).

24. Your Windows 2000 Server has recently run into a boot problem. You have attempted to use the Last Known Good configuration, but without success. The Emergency Repair Disk you have created doesn't seem to be working either. You suspect that the Master Boot Record has been corrupted or modified by another user. At this point, you realize that the recovery console is probably your best option. Which of the following are valid methods for accessing the recovery console? *A. run winnt32 /cmdcons B. run rconsole *C. boot from the Windows 2000 CD and then choose to repair your installation D. run rdisk from a Windows 2000 command prompt *E. boot from the boot floppies and press R when prompted Explanation: Rdisk does not run from a Windows 2000 command prompt. Rconsole is not the recovery console, it is an application used for remote access. The other methods described are valid for loading the recovery console.

Performance, Reliability, & Availability 281 25. You work for a company that has one Windows 2000 file/print server to share public data for 1,000 users. In the last two weeks, users have been complaining that the length of time to open documents stored on the server is increasing. Using System Monitor, you must find and resolve the bottleneck. You have already checked the Memory, Disk and Processor counters and have eliminated them from being the cause of the bottleneck; however you notice the Network Interface: Output Queue Length and Network Interface: Packets Outbound Discarded are extremely high. What are you able to conclude about the Network subsystem?

A. The Network Interface card is not part of the bottleneck and you need to analyze the physical network segment with additional tools. B. The physical network segment may be reaching its bandwidth capacity. C. The Network Interface card is potentially malfunctioning or does not have the throughput capabilities to support all of the client requests efficiently. D. The clients that are connecting to the Windows 2000 File/Print Server are attempting to communicate with this server using an incorrect TCP/IP address.

26. What is the System Monitor: Processor: %Processor Time utilization threshold where you should consider replacing the Processor with a faster processor or adding another processor?

A. A Processor: %Processor Time spike of 95% B. A sustained Processor: %Processor Time utilization of 80% C. A Processor: %Processor Time spike of 80% D. A sustained Processor: %Processor Time utilization of 75%

282 Chapter 4 25. You work for a company that has one Windows 2000 file/print server to share public data for 1,000 users. In the last two weeks, users have been complaining that the length of time to open documents stored on the server is increasing. Using System Monitor, you must find and resolve the bottleneck. You have already checked the Memory, Disk and Processor counters and have eliminated them from being the cause of the bottleneck; however you notice the Network Interface: Output Queue Length and Network Interface: Packets Outbound Discarded are extremely high. What are you able to conclude about the Network subsystem? A. The Network Interface card is not part of the bottleneck and you need to analyze the physical network segment with additional tools. *B. The physical network segment may be reaching its bandwidth capacity. *C. The Network Interface card is potentially malfunctioning or does not have the throughput capabilities to support all of the client requests efficiently. D. The clients that are connecting to the Windows 2000 File/Print Server are attempting to communicate with this server using an incorrect TCP/IP address. Explanation: If packets are being discarded, you may have a malfunctioning network card or your card may have reached its bandwidth limitation. In addition, your network in general may be experiencing bandwidth problems. You can't automatically conclude that the network card is not the problem and since some data, communication is occurring the IP Addresses are most likely correct.

26. What is the System Monitor: Processor: %Processor Time utilization threshold where you should consider replacing the Processor with a faster processor or adding another processor? A. A Processor: %Processor Time spike of 95% *B. A sustained Processor: %Processor Time utilization of 80% C. A Processor: %Processor Time spike of 80% D. A sustained Processor: %Processor Time utilization of 75% Explanation: Spikes in Processor utilization are a frequent and normal occurrence, especially with the initiation of an application. Processor utilization may even spike to 100%, but as long as Processor utilization returns to a sustained/average rate of less than 80%, no further action is required.

Performance, Reliability, & Availability 283 27. Your Windows 2000 application server is responding sluggishly to any client request for service (running an application; establishing a file session). What object do you track in Performance Monitor to determine the cause of the problem?

A. System B. Process C. Processor D. PhysicalDisk E. Time

28. The Windows 2000 server that you use for application services has been performing very poorly, especially during peak periods of the day. You suspect that the older NIC card is the bottleneck. Of the following Microsoft Windows 2000 tools, which ones are able to display network connection data for troubleshooting purposes?

A. TASK MANAGER B. System Monitor C. NBTSTAT D. NETWORK MONITOR E. NETSTAT

284 Chapter 4 27. Your Windows 2000 application server is responding sluggishly to any client request for service (running an application; establishing a file session). What object do you track in Performance Monitor to determine the cause of the problem? A. System *B. Process C. Processor D. PhysicalDisk E. Time Explanation: By using the Process object, you will be able to see instances of applications running on the application server or other Windows 2000-based machine. This will allow you to monitor application by application to determine if there is a leaky application that is consuming more than its fair share of Processor or Memory usage.

28. The Windows 2000 server that you use for application services has been performing very poorly, especially during peak periods of the day. You suspect that the older NIC card is the bottleneck. Of the following Microsoft Windows 2000 tools, which ones are able to display network connection data for troubleshooting purposes? A. TASK MANAGER *B. System Monitor *C. NBTSTAT *D. NETWORK MONITOR *E. NETSTAT Explanation: In addition to other tools used to troubleshoot network issues, Windows 2000 includes NETSTAT, NBTSTAT, SYSTEM MONITOR, and NETWORK MONITOR. Task Manager generally deals with local application and processes rather than network troubleshooting.

Notes:

286 Chapter 5

The objective of this chapter is to provide the reader with an understanding of the following: 1.

Monitor, configure, and troubleshoot disks and volumes.

2.

Configure data compression.

3.

Monitor and configure disk quotas.

4.

Recover from disk failures.

Storage Use 287

Chapter 5: Storage Use 1. Your application writes a large number of temporary files to a single directory on your Windows 2000 Server. You add three new 150-GB SCSI disks to hold the temporary files, and you want the application to use all 450 GB of space using a single drive letter, using the fastest performance while writing to the disks. What is the best way to do this?

A. Convert all three disks to dynamic disks. B. Create a striped volume. C. Create a mirrored volume. D. Create a spanned volume. E. Convert all three disks to dynamic disks.

2. Your boot volume is installed on volume C on your Windows 2000 Server, and volume C is mirrored on dynamic Disk 1. Later, you find that volume C shows Failed Redundancy, and Disk 1 says Missing. You attempt to reactivate Disk1, and the status of volume C does not return to Healthy after. What is the best way to do this?

A. Remove the mirror on Disk1, replace the disk, and add back the mirror to the new Disk 1. B. Just replace the disk. C. Just break and recreate the mirror. D. Remove the mirror on Disk1, format both drives, and add the mirror to the Disk 1. E. Remove the mirror and create a stripe set.

288 Chapter 5 1. Your application writes a large number of temporary files to a single directory on your Windows 2000 Server. You add three new 150-GB SCSI disks to hold the temporary files, and you want the application to use all 450 GB of space using a single drive letter, using the fastest performance while writing to the disks. What is the best way to do this? *A. Convert all three disks to dynamic disks. *B. Create a striped volume. C. Create a mirrored volume. D. Create a spanned volume. E. Convert all three disks to dynamic disks. Explanation: In order to combine multiple drives to logically appear as one, you should first convert each to a dynamic disk. You can then create a striped volume that contains all of the physical hard drives.

2. Your boot volume is installed on volume C on your Windows 2000 Server, and volume C is mirrored on dynamic Disk 1. Later, you find that volume C shows Failed Redundancy, and Disk 1 says Missing. You attempt to reactivate Disk1, and the status of volume C does not return to Healthy after. What is the best way to do this? *A. Remove the mirror on Disk1, replace the disk, and add back the mirror to the new Disk 1. B. Just replace the disk. C. Just break and recreate the mirror. D. Remove the mirror on Disk1, format both drives, and add the mirror to the Disk 1. E. Remove the mirror and create a stripe set. Explanation: Drive1 has experienced an error and should be completely replaced. Before replacing it, however, the mirror to Disk1 should be removed. After the drive is replaced, then the mirror to Disk1 should be added again.

Storage Use 289 3. After upgrading a Windows NT Server 4.0 computer to Windows 2000 Server, Disk 1 fails. The computer has two hard disks, and the system and boot partitions are located on two primary partitions on Disk 0. Both partitions are mirrored on Disk 1. You replace the failed disk with another from a different Windows 2000 computer, but you find that the Repair Volume option is unavailable when you try to repair the fault-tolerant volumes. How should you repair the mirror set?

A. Delete all volumes on Disk 1. B. Break the mirror set. C. Create a mirror on Disk 1. D. Create a stripe set on Disk 1. E. Format Disk 1.

4. You have installed the boot volume D on your Windows 2000 Server computer on dynamic Disk 0, with a mirror on dynamic Disk 1. Later, you find the status of volume D is Failed Redundancy, and the status of Disk 1 is Online (Errors). What is the best way to correct this?

A. Break the mirror, delete the volume on Disk 1, and re-create the mirror. B. Reactivate the mirror on Disk 1. C. Break the mirror and re-create the mirror. D. Format Disk 1. E. Replace Disk 1.

290 Chapter 5 3. After upgrading a Windows NT Server 4.0 computer to Windows 2000 Server, Disk 1 fails. The computer has two hard disks, and the system and boot partitions are located on two primary partitions on Disk 0. Both partitions are mirrored on Disk 1. You replace the failed disk with another from a different Windows 2000 computer, but you find that the Repair Volume option is unavailable when you try to repair the fault-tolerant volumes. How should you repair the mirror set? *A. Delete all volumes on Disk 1. *B. Break the mirror set. *C. Create a mirror on Disk 1. D. Create a stripe set on Disk 1. E. Format Disk 1. Explanation:

4. You have installed the boot volume D on your Windows 2000 Server computer on dynamic Disk 0, with a mirror on dynamic Disk 1. Later, you find the status of volume D is Failed Redundancy, and the status of Disk 1 is Online (Errors). What is the best way to correct this? *A. Break the mirror, delete the volume on Disk 1, and re-create the mirror. *B. Reactivate the mirror on Disk 1. C. Break the mirror and re-create the mirror. D. Format Disk 1. E. Replace Disk 1. Explanation: By breaking the mirror, you can then delete the volume contained on Disk 1. You can then re-create the mirror to ensure future redundancy. Another option would be too reactive the mirror on Disk 1.

Storage Use 291 5. Your Windows 2000 Server computer has a single hard disk with two partitions. One of your applications creates a large log file in the Systemroot\Temp folder. Your disk does not contain enough free space to accommodate the log file. What is the best way to do this?

A. Add a second hard disk. B. Delete the contents of the Systemroot\Temp folder. C. Create and format a partition. D. Mount the partition as the Systemroot\Temp folder. E. Move the Temp folder to a different drive.

6. You convert the stripe set with parity to a dynamic RAID-5 volume on your Windows 2000 Server computer that contains a stripe set with parity on a four-disk array. Users then report that disk access on the server is slow. The status of the third disk in the array shows Missing. What should you do first to recover the failed RAID-5 volume?

A. Ensure that the third disk is attached to the server and has power. B. Use Disk Management to reactivate the disk. C. Replace the disk. D. Break the failed RAID-5 volume. E. Recreate the RAID-5 volume.

292 Chapter 5 5. Your Windows 2000 Server computer has a single hard disk with two partitions. One of your applications creates a large log file in the Systemroot\Temp folder. Your disk does not contain enough free space to accommodate the log file. What is the best way to do this? *A. Add a second hard disk. *B. Delete the contents of the Systemroot\Temp folder. *C. Create and format a partition. *D. Mount the partition as the Systemroot\Temp folder. E. Move the Temp folder to a different drive. Explanation: A temporary fix to this problem would be to delete the content of the Systemroot\Temp directory. A more permanent way to address the problem would be to add a second hard drive to the server, create and format a partition on it, and then mount the drive as the Systemroot\Temp directory. This would allow the log files to be contained on a separate hard drive.

6. You convert the stripe set with parity to a dynamic RAID-5 volume on your Windows 2000 Server computer that contains a stripe set with parity on a four-disk array. Users then report that disk access on the server is slow. The status of the third disk in the array shows Missing. What should you do first to recover the failed RAID-5 volume? *A. Ensure that the third disk is attached to the server and has power. *B. Use Disk Management to reactivate the disk. C. Replace the disk. D. Break the failed RAID-5 volume. E. Recreate the RAID-5 volume. Explanation: The problem could be due to a lack of power to the drive. Ensure that proper power is connected. You should then try using Disk Management to reactivate the disk.

Storage Use 293 7. You share a folder on your Windows 2000 Server that contains multiple subfolders. Some of these subfolders are compressed, and some are not. How do you move files from one uncompressed folder to a compressed folder, and ensure the files are compressed when you move them, without compressing the remaining files in the original uncompressed folder?

A. Copy the files from the uncompressed folder to the compressed folder, and then delete the original files. B. Move the files from the uncompressed folder to the compressed folder. C. Copy the files from the uncompressed folder to the compressed folder. D. Delete the files. E. Move the compressed files, and copy the uncompressed files.

8. You have configured your Windows 2000 Server, which utilizes a large NTFS volume, to have disk quotas for the NTFS volume. All users have a default limit of 100 MB, and the option to deny space to users who exceed their limit has been enabled. A user complains that they are receiving the error message "The disk is full or too many files are open". What should the user do?

A. Remove files until the total uncompressed file size is less than 100 MB. B. Remove files until the total compressed file size is less than 100 MB. C. Compress existing files. D. Remove files until the total uncompressed file size is less than 100.5 MB. E. Decompress existing files.

294 Chapter 5 7. You share a folder on your Windows 2000 Server that contains multiple subfolders. Some of these subfolders are compressed, and some are not. How do you move files from one uncompressed folder to a compressed folder, and ensure the files are compressed when you move them, without compressing the remaining files in the original uncompressed folder? *A. Copy the files from the uncompressed folder to the compressed folder, and then delete the original files. B. Move the files from the uncompressed folder to the compressed folder. C. Copy the files from the uncompressed folder to the compressed folder. D. Delete the files. E. Move the compressed files, and copy the uncompressed files. Explanation: By copying files to a compressed folder, the system will automatically compress them for you. In this instance, you should copy the uncompressed files to the compressed folder (thereby compressing them) and then you should delete the original files.

8. You have configured your Windows 2000 Server, which utilizes a large NTFS volume, to have disk quotas for the NTFS volume. All users have a default limit of 100 MB, and the option to deny space to users who exceed their limit has been enabled. A user complains that they are receiving the error message "The disk is full or too many files are open". What should the user do? *A. Remove files until the total uncompressed file size is less than 100 MB. B. Remove files until the total compressed file size is less than 100 MB. C. Compress existing files. D. Remove files until the total uncompressed file size is less than 100.5 MB. E. Decompress existing files. Explanation: Disk quotas are based on the uncompressed size of files. Without changing the disk quotas, you should instruct the user to remove files from the volume until their uncompressed space is less than 100 MB.

Storage Use 295 9. You have a 12 GB primary partition formatted as FAT32 on your Windows 2000 Server computer. Users then begin to report that the server does not retrieve files as fast as when the server was first installed, even though the number of users and average size of files remains constant. What is the best way to do this?

A. Defragment the disk. B. Reformat the disk. C. Reinstall Windows 2000. D. Replace the drive. E. Format the drive NTFS.

10. After installing a new tape device on your Windows 2000 Server, you receive the error: "IRQL_NOT_LESS_OR_EQUAL" on boot. How do you bring the server back online as quickly as possible?

A. Restart the computer by using the Recovery Console. B. Disable the driver. C. Restart the computer. D. Remove the driver. E. Start the computer to a Command Prompt only.

296 Chapter 5 9. You have a 12 GB primary partition formatted as FAT32 on your Windows 2000 Server computer. Users then begin to report that the server does not retrieve files as fast as when the server was first installed, even though the number of users and average size of files remains constant. What is the best way to do this? *A. Defragment the disk. B. Reformat the disk. C. Reinstall Windows 2000. D. Replace the drive. E. Format the drive NTFS. Explanation: Slowing file access is often caused by file fragmentation. Use disk defragmenter to defragment the files for faster access.

10. After installing a new tape device on your Windows 2000 Server, you receive the error: "IRQL_NOT_LESS_OR_EQUAL" on boot. How do you bring the server back online as quickly as possible? *A. Restart the computer by using the Recovery Console. *B. Disable the driver. *C. Restart the computer. *D. Remove the driver. E. Start the computer to a Command Prompt only. Explanation: Removal of the driver will allow the computer to be operational quickly.

Storage Use 297 11. You share a folder on your Windows 2000 Server that contains multiple subfolders. Some of these subfolders are compressed, and some are not. The Marketing folder is compressed. You want to delete it, but want to keep all the files in the folder. You want to copy all the files to the Admin folder before deleting the Marketing folder. You want the files to remain compressed, but do not want to compress any files in the Admin folder. What is the best way to do this?

A. Move all the files from the Marketing folder to the Admin folder. B. Copy all the files from the Marketing folder to the Admin folder. C. Copy and delete all the files from the Marketing folder to the Admin folder. D. First, compress the Admin folder. E. First, decompress the Marketing folder.

12. Your Windows 2000 Server computer has a spanned volume that consists of areas on three disks. The disks support hot swapping. One of the disks fails. You replace the disk with a new, non-partitioned disk. How should you recover the spanned volume and its data as quickly as possible?

A. Rescan the disks. B. Remove the spanned volume and create a new spanned volume that includes the new disk. C. Format the spanned volume. D. Use Windows Backup to restore the data. E. Use Disk Management to rebuild the spanned volume.

298 Chapter 5 11. You share a folder on your Windows 2000 Server that contains multiple subfolders. Some of these subfolders are compressed, and some are not. The Marketing folder is compressed. You want to delete it, but want to keep all the files in the folder. You want to copy all the files to the Admin folder before deleting the Marketing folder. You want the files to remain compressed, but do not want to compress any files in the Admin folder. What is the best way to do this? *A. Move all the files from the Marketing folder to the Admin folder. B. Copy all the files from the Marketing folder to the Admin folder. C. Copy and delete all the files from the Marketing folder to the Admin folder. D. First, compress the Admin folder. E. First, decompress the Marketing folder. Explanation: Moving the files will retain the compression attribute.

12. Your Windows 2000 Server computer has a spanned volume that consists of areas on three disks. The disks support hot swapping. One of the disks fails. You replace the disk with a new, non-partitioned disk. How should you recover the spanned volume and its data as quickly as possible? *A. Rescan the disks. *B. Remove the spanned volume and create a new spanned volume that includes the new disk. *C. Format the spanned volume. *D. Use Windows Backup to restore the data. E. Use Disk Management to rebuild the spanned volume. Explanation: Spanned volumes are not fault-tolerant, so the files must be restored from a backup.

Storage Use 299 13. Your Windows 2000 Server has a RAID-5 controller. The RAID array is configured as two partitions. Drive C is a 2 GB partition that holds the operating system and paging file. Drive D is a 30 GB partition that holds the home folders. Engineering employees use a data capture application that generates files that can be larger than 100 MB. You want to implement disk quotas. Normal users can be allowed to store a maximum of 75 MB. Quotas should not limit engineers. What is the best way to do this?

A. Enable quota management on drive D. B. Select the Deny disk space to users exceeding quota limit check box. C. Set the default quota limit to 75 MB. D. Create a new quota entry for the Engineers' user accounts. E. Select 'Do not limit disk usage for this entry.'

14. Your Windows 2000 Server contains two hard disks. Each disk is partitioned as a single primary partition. The first disk is formatted as FAT32, the second as NTFS. You compress shared folders on the second disk. When users move compressed files from a shared folder on the second disk to a shared folder on the first disk, the files lose their compression. What two actions should you take to ensure that all files moved from folders on the second disk to shared folders on the first disk remain compressed?

A. Convert the first disk to NTFS. B. Compress the shared folders on the first disk. C. Convert the first disk to FAT. D. Convert the second disk to FAT32. E. Decompress the shared folders on the second disk.

300 Chapter 5 13. Your Windows 2000 Server has a RAID-5 controller. The RAID array is configured as two partitions. Drive C is a 2 GB partition that holds the operating system and paging file. Drive D is a 30 GB partition that holds the home folders. Engineering employees use a data capture application that generates files that can be larger than 100 MB. You want to implement disk quotas. Normal users can be allowed to store a maximum of 75 MB. Quotas should not limit engineers. What is the best way to do this? *A. Enable quota management on drive D. *B. Select the Deny disk space to users exceeding quota limit check box. *C. Set the default quota limit to 75 MB. *D. Create a new quota entry for the Engineers' user accounts. *E. Select 'Do not limit disk usage for this entry.' Explanation: Creating new quota entries for the engineers will give them separate privileges.

14. Your Windows 2000 Server contains two hard disks. Each disk is partitioned as a single primary partition. The first disk is formatted as FAT32, the second as NTFS. You compress shared folders on the second disk. When users move compressed files from a shared folder on the second disk to a shared folder on the first disk, the files lose their compression. What two actions should you take to ensure that all files moved from folders on the second disk to shared folders on the first disk remain compressed? *A. Convert the first disk to NTFS. *B. Compress the shared folders on the first disk. C. Convert the first disk to FAT. D. Convert the second disk to FAT32. E. Decompress the shared folders on the second disk. Explanation: The disk must be formatted NTFS for the compression attribute to be retained when moving files.

Storage Use 301 15. You have two Windows 2000 Servers, Srv1 and Srv2. Srv1 has a spanned volume over three physical disks. These disks support hot swapping. The drive letter that the spanned volume uses on Srv1 is not currently in use on Srv2. You want to move the three disks to Srv2, using the same drive letter as Srv1. You back up the spanned volume. What should you do next?

A. Move the disks from Srv1 to Srv2. B. On Srv1, rescan the disks. C. On Srv2, rescan the disks. D. On Srv1, remove the drive letter assignment. E. On Srv2, assign the drive letter.

16. Your Windows 2000 Server has two NTFS partitions. Windows 2000 Server is installed on drive D. After a power failure, you receive the error message: "NTLDR is missing. Press any key to restart". What is the best way to do this?

A. Start the computer by using the Windows 2000 Server CD-ROM and choose to repair the installation. B. Select the Recovery Console. C. Start the computer by using the Windows 2000 Server CD-ROM and choose to reinstall the installation. D. Copy the NTLDR file on the CD-ROM to the root of the system partition. E. Delete the NTLDR file on the root of the system partition.

302 Chapter 5 15. You have two Windows 2000 Servers, Srv1 and Srv2. Srv1 has a spanned volume over three physical disks. These disks support hot swapping. The drive letter that the spanned volume uses on Srv1 is not currently in use on Srv2. You want to move the three disks to Srv2, using the same drive letter as Srv1. You back up the spanned volume. What should you do next? *A. Move the disks from Srv1 to Srv2. *B. On Srv1, rescan the disks. *C. On Srv2, rescan the disks. D. On Srv1, remove the drive letter assignment. E. On Srv2, assign the drive letter. Explanation: Once the drives are removed, rescan the disks on both servers.

16. Your Windows 2000 Server has two NTFS partitions. Windows 2000 Server is installed on drive D. After a power failure, you receive the error message: "NTLDR is missing. Press any key to restart". What is the best way to do this? *A. Start the computer by using the Windows 2000 Server CD-ROM and choose to repair the installation. *B. Select the Recovery Console. C. Start the computer by using the Windows 2000 Server CD-ROM and choose to reinstall the installation. D. Copy the NTLDR file on the CD-ROM to the root of the system partition. E. Delete the NTLDR file on the root of the system partition. Explanation: The recovery console is useful to repair damaged Windows 2000 installations.

Storage Use 303 17. A disk with the ARC path multi(1)disk(0)rdisk(1)partition(1) is not responding. Which disk should you replace?

A. Click Controller 1, Disk number 2. B. Click Controller 1, Disk number 1. C. Click Controller 2, Disk number 1. D. Click Controller 2, Disk number 2. E. Click Controller 1, Disk number 3.

18. You add a new SCSI disk controller that has six new disks attached to your Windows 2000 Server that has two disks attached to an EIDE disk controller. The new controller is not included in the HCL. When you restart your computer, Windows does not detect the new controller. What is the best way to do this?

A. Use the Add/Remove Hardware Wizard to add a new SCSI and RAID controller. B. Use the manufacturer's setup program to install the SCSI driver. C. Use the Recovery Console. D. Boot into Safe Mode. E. Delete the driver for the EIDE controller.

304 Chapter 5 17. A disk with the ARC path multi(1)disk(0)rdisk(1)partition(1) is not responding. Which disk should you replace? *A. Click Controller 1, Disk number 2. B. Click Controller 1, Disk number 1. C. Click Controller 2, Disk number 1. D. Click Controller 2, Disk number 2. E. Click Controller 1, Disk number 3. Explanation: Controller 1, Disk 2 multi(1)disk(0)rdisk(1)partition(1).

is

designated

by

the

ARC

path

18. You add a new SCSI disk controller that has six new disks attached to your Windows 2000 Server that has two disks attached to an EIDE disk controller. The new controller is not included in the HCL. When you restart your computer, Windows does not detect the new controller. What is the best way to do this? *A. Use the Add/Remove Hardware Wizard to add a new SCSI and RAID controller. *B. Use the manufacturer's setup program to install the SCSI driver. C. Use the Recovery Console. D. Boot into Safe Mode. E. Delete the driver for the EIDE controller. Explanation: Drivers should either be installed through the Add/Remove Hardware Wizard, or through the manufacturer's setup program.

Storage Use 305 19. You are logged on to a Windows 2000 Server computer as a member of the Backup Operators group. You try to configure the software for a tape backup device, but the configuration fails. You must update the driver. What is the best way to do this?

A. Instruct a domain administrator to run the 'runas' command using the domain administrator's user name and password. B. Click the Update Driver button on the Driver tab for the tape backup device. C. Instruct a domain administrator to run the 'run' command using the domain administrator's user name and password. D. Click the Update Driver button on the Advanced tab for the tape backup device. E. Click the Update Driver button on the Advanced tab for the tape backup device.

20. You are upgrading a Windows NT Server 4.0 computer to Windows 2000 Server. The system partition uses FAT. After starting the Setup program from the Windows 2000 Server CD-ROM you receive an error message: "You chose to install Windows 2000 on a partition that contains another operating system. Installing Windows 2000 on this partition might cause the operating system to function improperly". What is the best way to do this?

A. Restart the computer. B. Run WINNT32.EXE from the Windows NT Server environment. C. Run WINNT.EXE from the Windows NT Server environment. D. Run WINNT.EXE from a command prompt. E. Run WINNT32.EXE from a command prompt.

306 Chapter 5 19. You are logged on to a Windows 2000 Server computer as a member of the Backup Operators group. You try to configure the software for a tape backup device, but the configuration fails. You must update the driver. What is the best way to do this? *A. Instruct a domain administrator to run the 'runas' command using the domain administrator's user name and password. *B. Click the Update Driver button on the Driver tab for the tape backup device. C. Instruct a domain administrator to run the 'run' command using the domain administrator's user name and password. D. Click the Update Driver button on the Advanced tab for the tape backup device. E. Click the Update Driver button on the Advanced tab for the tape backup device. Explanation: A domain administrator's privileges must be used for the configuration.

20. You are upgrading a Windows NT Server 4.0 computer to Windows 2000 Server. The system partition uses FAT. After starting the Setup program from the Windows 2000 Server CD-ROM you receive an error message: "You chose to install Windows 2000 on a partition that contains another operating system. Installing Windows 2000 on this partition might cause the operating system to function improperly". What is the best way to do this? *A. Restart the computer. *B. Run WINNT32.EXE from the Windows NT Server environment. C. Run WINNT.EXE from the Windows NT Server environment. D. Run WINNT.EXE from a command prompt. E. Run WINNT32.EXE from a command prompt. Explanation: By running Windows 2000 Setup from inside Windows NT Server, a dualboot configuration will be established.

Storage Use 307 21. Your computer has three 100 GB hard disks without any partitions defined. You want as much space on Disk 0 as possible for the partition on which Windows 2000 Server is to be installed. You want as much disk space as possible across all three disks to be accessible by using a single drive letter. What is the best way to do this?

A. Install Windows 2000 Server on a 100 GB NTFS partition Disk 0. B. After Setup is complete, create a 100 GB partition on Disk 1 and Disk 2. C. Mount the partition on Disk 1 and Disk 2 as subdirectories on the Disk 0 partition. D. Create a stripe set including partitions 0, 1, and 2. Install Windows 2000 Server on the stripe set. E. Create a stripe set with parity including partitions 0, 1, and 2. Install Windows 2000 Server on the stripe set.

22. Your network consists of Windows 2000 Servers. Each has separate system partitions and separate boot partitions formatted as NTFS. After you shut down one of the servers and restart, you receive the error message: "NTLDR is missing. Press any key to restart". You do not want to lose any settings you made since the original installation. How can you install a new NTLDR file on the server?

A. Start the computer by using the Windows 2000 Server CD-ROM and choose to repair the installation. B. Select the Recovery Console and copy the NTLDR file on the CD-ROM to the root of the system partition. C. Start the computer by using the Windows 2000 Server CD-ROM and choose to reinstall the installation. D. Select the Recovery Console and copy the ntdetect.exe file on the CD-ROM to the root of the system partition. E. Use the Last Good Known Menu.

308 Chapter 5 21. Your computer has three 100 GB hard disks without any partitions defined. You want as much space on Disk 0 as possible for the partition on which Windows 2000 Server is to be installed. You want as much disk space as possible across all three disks to be accessible by using a single drive letter. What is the best way to do this? *A. Install Windows 2000 Server on a 100 GB NTFS partition Disk 0. *B. After Setup is complete, create a 100 GB partition on Disk 1 and Disk 2. *C. Mount the partition on Disk 1 and Disk 2 as subdirectories on the Disk 0 partition. D. Create a stripe set including partitions 0, 1, and 2. Install Windows 2000 Server on the stripe set. E. Create a stripe set with parity including partitions 0, 1, and 2. Install Windows 2000 Server on the stripe set. Explanation: A stripe set cannot be used for the boot or system partition, and a stripe set with parity does not allow you to use 100% of the disk space.

22. Your network consists of Windows 2000 Servers. Each has separate system partitions and separate boot partitions formatted as NTFS. After you shut down one of the servers and restart, you receive the error message: "NTLDR is missing. Press any key to restart". You do not want to lose any settings you made since the original installation. How can you install a new NTLDR file on the server? *A. Start the computer by using the Windows 2000 Server CD-ROM and choose to repair the installation. *B. Select the Recovery Console and copy the NTLDR file on the CD-ROM to the root of the system partition. C. Start the computer by using the Windows 2000 Server CD-ROM and choose to reinstall the installation. D. Select the Recovery Console and copy the ntdetect.exe file on the CD-ROM to the root of the system partition. E. Use the Last Good Known Menu. Explanation: The Recovery Console can be used to repair most boot problems.

Storage Use 309 23. Your network consists of Windows 2000 Server computers and Windows 98 computers. You are installing Windows 2000 Server on a new computer that has one 20 GB hard disk with no partitions defined. The Windows 2000 Server CD-ROM is unavailable, so you are installing Windows 2000 Server from files on a server on the network. You want the entire hard disk of the new computer to be used for the system partition. What is the best way to do this?

A. Start the new computer by using a Windows 98 network boot disk. B. Create and format a single FAT32 partition. C. Connect to the network server. D. Run WINNT.EXE. E. Run WINNT32.EXE.

24. Your Windows 2000 Server has five hard disks. Four 100 GB disks are configured as a single striped volume. You want to reconfigure these so that the volume is faulttolerant and has as much space as possible. Using only the existing hardware, what is the best way to do this?

A. Backup the data on the striped volume, then delete the striped volume. B. Create a RAID-5 volume from the four disks. C. Restore the data to the new RAID-5 volume. D. Create a spanned volume from the four disks. E. Create a mirrored volume from the four disks.

310 Chapter 5 23. Your network consists of Windows 2000 Server computers and Windows 98 computers. You are installing Windows 2000 Server on a new computer that has one 20 GB hard disk with no partitions defined. The Windows 2000 Server CD-ROM is unavailable, so you are installing Windows 2000 Server from files on a server on the network. You want the entire hard disk of the new computer to be used for the system partition. What is the best way to do this? .

*A. Start the new computer by using a Windows 98 network boot disk. *B. Create and format a single FAT32 partition. *C. Connect to the network server. *D. Run WINNT.EXE. E. Run WINNT32.EXE. Explanation: You should set up the partition to be used, and run WINNT.EXE while connected to the network server.

24. Your Windows 2000 Server has five hard disks. Four 100 GB disks are configured as a single striped volume. You want to reconfigure these so that the volume is faulttolerant and has as much space as possible. Using only the existing hardware, what is the best way to do this? *A. Backup the data on the striped volume, then delete the striped volume. *B. Create a RAID-5 volume from the four disks. *C. Restore the data to the new RAID-5 volume. D. Create a spanned volume from the four disks. E. Create a mirrored volume from the four disks. Explanation: The data on the striped volume will be lost when you remove the stripe set.

Storage Use 311 25. To provide redundancy for all data stored on your RAID-5 disk, you install a second RAID-5 disk array. When you right-click the free space on the new array in Disk Management, you see no option to create a new volume or mirrored volume. What should you do before you create a mirrored volume on the new array?

A. Convert both arrays to dynamic disks. B. Convert the first array to a dynamic disk. C. Convert the second array to a dynamic disk. D. Remove and recreate the first array. E. Create a volume set first.

26. On your Windows 2000 Active Directory domain controller, you are backing up the system boot files, the registry, the COM+ class registration database, the Certificate Server database, the Active Directory Services database, and the SYSVOL directory. Your domain controller is a Pentium 200 MHz with a RAID 5 array with ten 3-GB partitions. Minimizing backup time, how can you backup these files?

A. Use Windows Backup to back up the System State data. B. Copy these files to a network server. C. Dedicate a hard drive to backup only. D. Use RAID Level 1. E. Backup the entire server onto magnetic tape.

312 Chapter 5 25. To provide redundancy for all data stored on your RAID-5 disk, you install a second RAID-5 disk array. When you right-click the free space on the new array in Disk Management, you see no option to create a new volume or mirrored volume. What should you do before you create a mirrored volume on the new array? *A. Convert both arrays to dynamic disks. B. Convert the first array to a dynamic disk. C. Convert the second array to a dynamic disk. D. Remove and recreate the first array. E. Create a volume set first. Explanation: Before creating a mirror, you should convert both arrays to dynamic disks.

26. On your Windows 2000 Active Directory domain controller, you are backing up the system boot files, the registry, the COM+ class registration database, the Certificate Server database, the Active Directory Services database, and the SYSVOL directory. Your domain controller is a Pentium 200 MHz with a RAID 5 array with ten 3-GB partitions. Minimizing backup time, how can you backup these files? *A. Use Windows Backup to back up the System State data. B. Copy these files to a network server. C. Dedicate a hard drive to backup only. D. Use RAID Level 1. E. Backup the entire server onto magnetic tape. Explanation: These files are included in the System State Data.

Storage Use 313 27. You are backing up all of the data on a computer on your network using the following strategy.

On Friday at 2:15 PM, you experience a hard drive failure on the computer. How can you restore your data?

A. Restore data from Saturday, then Thursday. B. Restore data from Thursday, then Saturday. C. Restore data from Saturday, then Friday, then Thursday. D. Restore data from Saturday, then Sunday, then Monday, then Tuesday, then Wednesday, then Thursday. E. Restore data from Thursday.

28. You have a hard disk fail in your Windows 2000 server. The disk was part of a RAID level 1 configuration. You replace the hard disk with an identical disk. How can you restore the RAID 1 volume?

A. Reactivate the disk B. Recreate the volume C. No action is necessary D. Scan the volume for changes E. Delete the volume.

314 Chapter 5 27. You are backing up all of the data on a computer on your network using the following strategy.

On Friday at 2:15 PM, you experience a hard drive failure on the computer. How can you restore your data? *A. Restore data from Saturday, then Thursday. B. Restore data from Thursday, then Saturday. C. Restore data from Saturday, then Friday, then Thursday. D. Restore data from Saturday, then Sunday, then Monday, then Tuesday, then Wednesday, then Thursday. E. Restore data from Thursday. Explanation: Thursday's backup will contain the data that changed since Saturday. Saturday's backup will contain all data prior to Saturday.

28. You have a hard disk fail in your Windows 2000 server. The disk was part of a RAID level 1 configuration. You replace the hard disk with an identical disk. How can you restore the RAID 1 volume? A. Reactivate the disk *B. Recreate the volume C. No action is necessary D. Scan the volume for changes E. Delete the volume. Explanation: When you replace the disk, you will have to recreate the volume.

Storage Use 315 29. You must back up the registry and all user data on a Windows 2000 Active Directory domain controller. How can you back up the appropriate files while minimizing the time the backup requires?

A. Use Windows Backup to back up the System State Data B. Use Windows Backup to perform a full system back up C. Use Windows Backup to create a differential back up D. Use Windows Backup to create a backup of specified folders E. Use Windows Backup to create an incremental back up

30. A hard disk fails in your Windows 2000 server. The disk was part of a RAID level 5 configuration. You replace the hard disk with an identical disk. How can you restore the RAID 5 volume?

A. Reactivate the disk B. Recreate the volume C. No action is necessary D. Scan the volume for changes E. Delete the volume

316 Chapter 5 29. You must back up the registry and all user data on a Windows 2000 Active Directory domain controller. How can you back up the appropriate files while minimizing the time the backup requires? A. Use Windows Backup to back up the System State Data B. Use Windows Backup to perform a full system back up C. Use Windows Backup to create a differential back up *D. Use Windows Backup to create a backup of specified folders E. Use Windows Backup to create an incremental back up Explanation: A Specific folders backup will reduce backup time.

30. A hard disk fails in your Windows 2000 server. The disk was part of a RAID level 5 configuration. You replace the hard disk with an identical disk. How can you restore the RAID 5 volume? *A. Reactivate the disk B. Recreate the volume C. No action is necessary D. Scan the volume for changes E. Delete the volume Explanation: You must reactivate a RAID-5 configuration, but recreate a RAID-1 configuration.

Storage Use 317

Notes:

318 Chapter 5 31. As the Windows 2000 Server administrator, you must configure the server's hard drive configuration. The Pentium III 500 MHz server with 256 MB of RAM has two 10-GB hard drives and a 1.6 GB hard drive. The hard drive configuration is as follows: C:\- 2-GB FAT RAID Level 1 partition D:\- 999-MB NTFS RAID Level 5 partition E:\- CD-ROM F:\- 500-MB FAT32 striped set G:\- 13.66-GB FAT32 spanned volume You must store all user data on the drive configuration that can recover if any single disk in the computer fails. You must store the paging file on the disk configuration with the fastest write access. You must store accounting data on the hard drive that can recover if either Disk 0 or Disk 1 fails. You must store confidential data on the hard drive configuration that prevents unauthorized users from accessing information locally even though they have local access to the server. The RAID configuration is shown in the Graphic: You take the following actions: You store the user data on drive D:. You store the paging file on drive G:. You store the accounting data on drive C:. You store the confidential data on drive D:. Which data is properly stored on the computer by the actions?

A. User Data B. Paging File C. Accounting Data D. Confidential Data E. System Data

Storage Use 319

320 Chapter 5 31. As the Windows 2000 Server administrator, you must configure the server's hard drive configuration. The Pentium III 500 MHz server with 256 MB of RAM has two 10-GB hard drives and a 1.6 GB hard drive. The hard drive configuration is as follows: C:\- 2-GB FAT RAID Level 1 partition D:\- 999-MB NTFS RAID Level 5 partition E:\- CD-ROM F:\- 500-MB FAT32 striped set G:\- 13.66-GB FAT32 spanned volume You must store all user data on the drive configuration that can recover if any single disk in the computer fails. You must store the paging file on the disk configuration with the fastest write access. You must store accounting data on the hard drive that can recover if either Disk 0 or Disk 1 fails. You must store confidential data on the hard drive configuration that prevents unauthorized users from accessing information locally even though they have local access to the server. You take the following actions: You store the user data on drive D:. You store the paging file on drive G:. You store the accounting data on drive C:. You store the confidential data on drive D:. Which data is properly stored on the computer by the actions? *A. User Data B. Paging File *C. Accounting Data *D. Confidential Data E. System Data Explanation: The paging file and system data are not correctly placed.

Storage Use 321

Notes:

322 Chapter 5 33. You are the Windows 2000 network administrator for a stock brokerage firm. The 65 stockbrokers on site use Windows 2000 Professional computers as their workstations, and there are two Windows 2000 domain controllers that serve these clients. Due to the sensitive nature of the information, your company policy requires all trade information to be stored on one of the two domain controllers. Each domain controller has five 10-GB hard drives on it. The user information is stored on a striped set of four of the hard drives, and the system uses the other hard drive. The striped set is backed up every evening. You must configure disk quotas as follows: You must limit disk storage space to 300 MB. An event must be logged when the users approach 95% of their used space. You must allow the user to exceed the quota limit. An event must be logged when the users exceed their specified quota limit. Which requirements are met by the quota configuration?

A. Users can exceed their quota limit B. User disk space quota limits are 300 MB C. An event is logged when the user exceeds their quota limit D. An event is logged when the user exceeds 95% of their quota E. User disk space quota limits are 285 MB

Storage Use 323

324 Chapter 5 33. You are the Windows 2000 network administrator for a stock brokerage firm. The 65 stockbrokers on site use Windows 2000 Professional computers as their workstations, and there are two Windows 2000 domain controllers that serve these clients. Due to the sensitive nature of the information, your company policy requires all trade information to be stored on one of the two domain controllers. Each domain controller has five 10-GB hard drives on it. The user information is stored on a striped set of four of the hard drives, and the system uses the other hard drive. The striped set is backed up every evening. You must configure disk quotas as follows: You must limit disk storage space to 300 MB. An event must be logged when the users approach 95% of their used space. You must allow the user to exceed the quota limit. An event must be logged when the users exceed their specified quota limit. You take the following actions: You configure the quota as shown below: Which requirements are met by the quota configuration? *A. Users can exceed their quota limit *B. User disk space quota limits are 300 MB *C. An event is logged when the user exceeds their quota limit *D. An event is logged when the user exceeds 95% of their quota E. User disk space quota limits are 285 MB Explanation: All of the quota requirements are met with the quota configuration.

Storage Use 325 34. You are the administrator of your Windows NT 4.0 network, and you must migrate the network to Windows 2000. The network has four Windows NT 4.0 servers. The servers have the configurations shown below: Server_1 is a Pentium 200 MHz computer with 256 MB of RAM and a 2-GB FAT partition. Server_2 is a Pentium III 350 MHz computer with 64 MB of RAM and a 10-GB NTFS partition. Server_3 is a Pentium 100 MHz computer with 512 MB of RAM and a 6-GB NTFS partition. Server_4 is a Pentium III 650 MHz computer with 2 GB of RAM and a 2-GB FAT partition. You take the following actions to migrate to Windows 2000: You type the Winnt32.exe command from the Run line of Server_1, Server_2, and Server_4. You upgrade the processor of Server_3 to a Pentium 133 MHz processor and type the Winnt32.exe command from the Run line on the server. Which computers will the actions upgrade properly?

A. Server_1 B. Server_2 C. Server_3 D. Server_4 E. Server_5

326 Chapter 5 34. You are the administrator of your Windows NT 4.0 network, and you must migrate the network to Windows 2000. The network has four Windows NT 4.0 servers. The servers have the configurations shown below: Server_1 is a Pentium 200 MHz computer with 256 MB of RAM and a 2-GB FAT partition. Server_2 is a Pentium III 350 MHz computer with 64 MB of RAM and a 10-GB NTFS partition. Server_3 is a Pentium 100 MHz computer with 512 MB of RAM and a 6-GB NTFS partition. Server_4 is a Pentium III 650 MHz computer with 2 GB of RAM and a 2-GB FAT partition. You take the following actions to migrate to Windows 2000: You type the Winnt32.exe command from the Run line of Server_1, Server_2, and Server_4. You upgrade the processor of Server_3 to a Pentium 133 MHz processor and type the Winnt32.exe command from the Run line on the server. Which computers will the actions upgrade properly? *A. Server_1 *B. Server_2 *C. Server_3 *D. Server_4 E. Server_5 Explanation: All servers (1-4) will upgrade properly

Storage Use 327

Notes:

328 Chapter 5 35. As the Windows 2000 network administrator, you must properly configure the domain controller's hard drive. You have just deleted a spanned volume on the Windows 2000 server, and the current drive configuration is below: You are required to take this free space and configure it as follows: You must create 3 GB of storage for a mission critical application and allow the entire 3 GB to be mirrored in case either Disk 0 or Disk 1 fails in the domain controller. You must create a RAID level 5 configuration so there are 2 GB of space available for storage. You must back up all volumes that are not fault tolerant. You must use all remaining free space in a single volume. You take the following actions: You create a 3-GB RAID level 1 configuration using Disk 0 and Disk 1. You create a RAID 5 volume using 1 GB of space on Disk 0, Disk 1, and Disk 3. You back up disk F and implement a scheduled backup plan for it. You use all the remaining free space on the disks to create a spanned volume. Which requirements do the actions meet?

A. The 3 GB mirrored volume is properly configured B. All remaining free space is used in a single volume C. All volumes that are not fault tolerant are backed up D. The RAID level 5 configuration is properly configured E. The RAID level 5 configuration is not properly configured

Storage Use 329

330 Chapter 5 35. As the Windows 2000 network administrator, you must properly configure the domain controller's hard drive. You have just deleted a spanned volume on the Windows 2000 server, and the current drive configuration is below: You are required to take this free space and configure it as follows: You must create 3 GB of storage for a mission critical application and allow the entire 3 GB to be mirrored in case either Disk 0 or Disk 1 fails in the domain controller. You must create a RAID level 5 configuration so there are 2 GB of space available for storage. You must back up all volumes that are not fault tolerant. You must use all remaining free space in a single volume. You take the following actions: You create a 3-GB RAID level 1 configuration using Disk 0 and Disk 1. You create a RAID 5 volume using 1 GB of space on Disk 0, Disk 1, and Disk 3. You back up disk F and implement a scheduled backup plan for it. You use all the remaining free space on the disks to create a spanned volume. Which requirements do the actions meet? *A. The 3 GB mirrored volume is properly configured *B. All remaining free space is used in a single volume *C. All volumes that are not fault tolerant are backed up *D. The RAID level 5 configuration is properly configured E. The RAID level 5 configuration is not properly configured Explanation: All of the data is protected from loss, and all available drive space is used.

Storage Use 331 36. You have four 10-GB disks in your Windows 2000 server. You are trying to provide the maximum usable space while still providing for redundancy in case a single disk in the drive fails. How should you configure the hard drives to meet these requirements?

A. Create two Raid Level 1 volumes B. Create two Raid Level 5 volumes C. Use all four disks to create a single RAID level 5 volume D. Use all four disks to create a single RAID level 1 volume E. Create two Raid Level 0 volumes

32. You must install Windows 2000 on a new computer. The computer has four 20-GB disks. You must configure the system partition to be as large as possible on this Pentium III 667 MHz computer with 512 MB of RAM. For the remainder of the drive configuration, you want a single drive letter assigned to all the existing space. You do not want to implement any type of RAID configuration on the computer. How should you configure the system partition during the setup phase of Windows 2000?

A. Configure the system partition as a 4-GB partition B. Configure the system partition as a 2-GB partition C. Configure the system partition as a 20-GB partition D. Configure the system partition as a 7.8-GB partition E. Configure the system partition as a 24-GB partition

332 Chapter 5 36. You have four 10-GB disks in your Windows 2000 server. You are trying to provide the maximum usable space while still providing for redundancy in case a single disk in the drive fails. How should you configure the hard drives to meet these requirements? A. Create two Raid Level 1 volumes B. Create two Raid Level 5 volumes *C. Use all four disks to create a single RAID level 5 volume D. Use all four disks to create a single RAID level 1 volume E. Create two Raid Level 0 volumes Explanation: A RAID-5 configuration allows a larger percentage of usable space than RAID-1, while still providing fault tolerance.

32. You must install Windows 2000 on a new computer. The computer has four 20-GB disks. You must configure the system partition to be as large as possible on this Pentium III 667 MHz computer with 512 MB of RAM. For the remainder of the drive configuration, you want a single drive letter assigned to all the existing space. You do not want to implement any type of RAID configuration on the computer. How should you configure the system partition during the setup phase of Windows 2000? A. Configure the system partition as a 4-GB partition B. Configure the system partition as a 2-GB partition C. Configure the system partition as a 20-GB partition *D. Configure the system partition as a 7.8-GB partition E. Configure the system partition as a 24-GB partition Explanation: A 7.8-GB partition would give you the maximum system drive size.

Storage Use 333 37. You must upgrade a Windows NT 4.0 Workstation computer to the Windows 2000 Server operating system. Once the upgrade is complete, you must implement a RAID level 5 configuration and you must provide support on the upgraded server so all distributed applications can use the HTTP protocol to communicate through Internet Information Services (IIS). How can you configure the server so Windows 2000 Server is the only operating system on the computer?

A. Install Windows 2000 Server by connecting to the shared CD-ROM using the F:\i386\Winnt32.exe command. Then implement RAID level 5 on the server. B. On the Windows 2000 server, install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy. C. On the Windows 2000 server, install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy Internet Information Services (IIS). D. Format the hard drive of the workstation. Install a client so you can obtain access to a network shared CD-ROM; install Windows 2000 Server by connecting to a shared CD-ROM using the F:\i386\Winnt.exe command. Then, implement a RAID level 5 configuration on the server. E. On the Windows 2000 server, install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy

334 Chapter 5 37. You must upgrade a Windows NT 4.0 Workstation computer to the Windows 2000 Server operating system. Once the upgrade is complete, you must implement a RAID level 5 configuration and you must provide support on the upgraded server so all distributed applications can use the HTTP protocol to communicate through Internet Information Services (IIS). How can you configure the server so Windows 2000 Server is the only operating system on the computer? A. Install Windows 2000 Server by connecting to the shared CD-ROM using the F:\i386\Winnt32.exe command. Then implement RAID level 5 on the server. B. On the Windows 2000 server, install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy. *C. On the Windows 2000 server, install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy Internet Information Services (IIS). *D. Format the hard drive of the workstation. Install a client so you can obtain access to a network shared CD-ROM; install Windows 2000 Server by connecting to a shared CD-ROM using the F:\i386\Winnt.exe command. Then, implement a RAID level 5 configuration on the server. E. On the Windows 2000 server, install the following optional components: All Management and Monitoring tools Microsoft Script Debugger Remote Installation Services Remote Storage Networking Services- COM Internet Services Proxy Explanation: WINNT.EXE is used to install from a Network Installation.

Storage Use 335 38. Your Windows 2000 server has 2 IDE 15-GB hard drives in it. Each drive has 3 partitions on it. The system partition is the first partition on the first hard drive and it is replicated to the second partition on the second drive using a RAID level 1 configuration. The first hard drive fails and you must edit the Boot.ini file so the system partition uses the replication on the second disk. How should you configure the ARC path?

A. multi(0)disk(0)rdisk(1)partition(2)\WINNT="Windows 2000 Server" B. multi(0)disk(0)rdisk(2)partition(2)\WINNT="Windows 2000 Server" C. multi(0)disk(0)rdisk(2)partition(3)\WINNT="Windows 2000 Server" D. multi(0)disk(0)rdisk(1)partition(3)\WINNT="Windows 2000 Server" E. multi(0)disk(0)rdisk(1)partition(4)\WINNT="Windows 2000 Server"

39. As the Windows 2000 network administrator, you must optimize disk space on your Windows 2000 domain controller. There are some folders that must be compressed. You must compress the C:\Operations folder and the D:\Aged Accounts folder. The C: partition is an NTFS partition and the D: partition is a FAT32 partition. How can you compress the folders?

A. Right-click on the C:\Operations folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". B. Right-click on the D:\Aged Accounts folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". C. Convert the D: partition to NTFS, right-click on the D:\Aged Accounts folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". D. Format the D: partition, restore the folder from backup, right-click on the D:\Aged Accounts folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". E. Convert both partitions to FAT.

336 Chapter 5 38. Your Windows 2000 server has 2 IDE 15-GB hard drives in it. Each drive has 3 partitions on it. The system partition is the first partition on the first hard drive and it is replicated to the second partition on the second drive using a RAID level 1 configuration. The first hard drive fails and you must edit the Boot.ini file so the system partition uses the replication on the second disk. How should you configure the ARC path? *A. multi(0)disk(0)rdisk(1)partition(2)\WINNT="Windows 2000 Server" B. multi(0)disk(0)rdisk(2)partition(2)\WINNT="Windows 2000 Server" C. multi(0)disk(0)rdisk(2)partition(3)\WINNT="Windows 2000 Server" D. multi(0)disk(0)rdisk(1)partition(3)\WINNT="Windows 2000 Server" E. multi(0)disk(0)rdisk(1)partition(4)\WINNT="Windows 2000 Server" Explanation: multi(0)disk(0)rdisk(1)partition(2)\WINNT="Windows 2000 Server" will change the disk configuration to allow the system to boot from the mirror.

39. As the Windows 2000 network administrator, you must optimize disk space on your Windows 2000 domain controller. There are some folders that must be compressed. You must compress the C:\Operations folder and the D:\Aged Accounts folder. The C: partition is an NTFS partition and the D: partition is a FAT32 partition. How can you compress the folders? *A. Right-click on the C:\Operations folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". B. Right-click on the D:\Aged Accounts folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". *C. Convert the D: partition to NTFS, right-click on the D:\Aged Accounts folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". D. Format the D: partition, restore the folder from backup, right-click on the D:\Aged Accounts folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". E. Convert both partitions to FAT. Explanation: The compression option is found in Advanced in the folders' properties.

Storage Use 337

Notes:

338 Chapter 5 40. You are the administrator of your Windows 2000 domain controller. The domain controller's hard drive configuration is shown below: You must configure the hard drives in the server as follows: You must protect the system partition by creating an exact duplicate of it so if one of the hard drives fails; the system information is still protected. You must create a disk configuration that has approximately 6 GB of usable hard disk space, and can recover in the event one of the hard drives fails. You must create a 3-GB disk configuration where you can allow the fastest Read access to the drive possible. You must create 2 GB of usable space in a RAID level 1 configuration. You take the following actions: You mirror the system partition using 2 GB of space from Disk 1. You create a RAID level 5 configuration using 2 GB of disk space from Disk 0, Disk 1, and Disk 2. You create a striped set using 1 GB from Disk 0, Disk 1, and Disk 3. You create a mirrored set using 1 GB of space from Disk 0 and Disk 1. Which requirements do the actions meet?

A. A disk configuration is created so 2 GB of usable space is used in a RAID level 1 configuration B. A 3-GB disk configuration is created where you can allow the fastest write access to the drive possible C. A disk configuration is created that has approximately 6 GB of usable hard disk space and can recover in the event one of the hard drives fails D. The system partition is protected by creating an exact duplicate of its self so if one hard drive fails the system information will still be protected E. A 6-GB disk configuration is created where you can allow the fastest write access to the drive possible

Storage Use 339

340 Chapter 5 40. You are the administrator of your Windows 2000 domain controller. The domain controller's hard drive configuration is shown below: You must configure the hard drives in the server as follows: You must protect the system partition by creating an exact duplicate of it so if one of the hard drives fails; the system information is still protected. You must create a disk configuration that has approximately 6 GB of usable hard disk space, and can recover in the event one of the hard drives fails. You must create a 3-GB disk configuration where you can allow the fastest Read access to the drive possible. You must create 2 GB of usable space in a RAID level 1 configuration. You take the following actions: You mirror the system partition using 2 GB of space from Disk 1. You create a RAID level 5 configuration using 2 GB of disk space from Disk 0, Disk 1, and Disk 2. You create a striped set using 1 GB from Disk 0, Disk 1, and Disk 3. You create a mirrored set using 1 GB of space from Disk 0 and Disk 1. Which requirements do the actions meet? A. A disk configuration is created so 2 GB of usable space is used in a RAID level 1 configuration *B. A 3-GB disk configuration is created where you can allow the fastest write access to the drive possible C. A disk configuration is created that has approximately 6 GB of usable hard disk space and can recover in the event one of the hard drives fails *D. The system partition is protected by creating an exact duplicate of its self so if one hard drive fails the system information will still be protected E. A 6-GB disk configuration is created where you can allow the fastest write access to the drive possible Explanation: A RAID-0 partition provides faster access to drives. A RAID-1 partition provides an identical copy for fault tolerance.

Storage Use 341

Notes:

342 Chapter 5 41. As the network administrator of a Windows 2000 network, you must optimize disk performance on five Windows 2000 domain controllers. Each domain controller has five 6-GB SCSI hard drives in them. In addition to the five domain controllers, there are 600 Windows 2000 Professional computers on the network. Your network is a 100BaseT network. You must optimize the domain controllers as follows: You must implement a plan for optimizing the data on the hard drives at the recommended Microsoft interval so application initialization is optimized. You must compress all user store information that is located in the main D:\User_info folder. You must provide fast searching capabilities for the D:\Data and E:\Marketing folders. You must prevent users from exceeding 50 MB of storage on any single disk in a domain controller. You take the following actions: You implement a defragmentation plan the first Sunday of the month on all domain controllers. You configure the folder compression as shown below: You configure the searching capabilities on the two folders as shown above, except you clear the "Compress contents to save disk space" check box, and you select the "For faster searching allow Indexing Service to Index the folder." You implement disk quotas as below with Local Disk (D:) Properties at the top on all the disks in all the domain controllers. Which requirements do the actions meet?

A. All user store information located in the main D:\User_info folder is compressed B. The Microsoft recommended plain is implemented to optimize application initialization time C. Fast searching capabilities for the D:\Data and E:\Marketing folders are properly provided D. Users are prevented from exceeding 50 MB of storage on any single disk in a domain controller E. Fast searching capabilities for the D:\ and E:\ folders are properly provided

Storage Use 343

344 Chapter 5

Storage Use 345 41. As the network administrator of a Windows 2000 network, you must optimize disk performance on five Windows 2000 domain controllers. Each domain controller has five 6-GB SCSI hard drives in them. In addition to the five domain controllers, there are 600 Windows 2000 Professional computers on the network. Your network is a 100BaseT network. You must optimize the domain controllers as follows: You must implement a plan for optimizing the data on the hard drives at the recommended Microsoft interval so application initialization is optimized. You must compress all user store information that is located in the main D:\User_info folder. You must provide fast searching capabilities for the D:\Data and E:\Marketing folders. You must prevent users from exceeding 50 MB of storage on any single disk in a domain controller. You take the following actions: You implement a defragmentation plan the first Sunday of the month on all domain controllers. You configure the folder compression as shown below: You configure the searching capabilities on the two folders as shown above, except you clear the "Compress contents to save disk space" check box, and you select the "For faster searching allow Indexing Service to Index the folder." You implement disk quotas as below with Local Disk (D:) Properties at the top on all the disks in all the domain controllers. Which requirements do the actions meet? *A. All user store information located in the main D:\User_info folder is compressed *B. The Microsoft recommended plain is implemented to optimize application initialization time *C. Fast searching capabilities for the D:\Data and E:\Marketing folders are properly provided D. Users are prevented from exceeding 50 MB of storage on any single disk in a domain controller E. Fast searching capabilities for the D:\ and E:\ folders are properly provided Explanation: To prevent users from exceeding 50 MB of storage on any single disk in a domain controller, disk quotas must be used.

346 Chapter 5 42. As the Windows 2000 network administrator, you must optimize disk space on your Windows 2000 domain controller. There are some folders that must be encrypted. The C: volume in the domain controller is an NTFS volume and is fault tolerant. You must configure the C:\Accounting, C:\Marketing, C:\Downloads, and C:\My Documents folder as follows: You must compress the C:\Downloads folder so it requires less disk space. You must compress and encrypt the C:\Marketing folder. You must encrypt the C:\My Documents folder. You must encrypt the C:\Accounting folder. You take the following actions: You right-click on the C:\Downloads folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". You right-click on the C:\Marketing folder in Explorer and select Properties. On the General Tab, you select Advanced; you select the check box to "Compress contents to save disk space", and the check box to "Encrypt contents to secure data". You right-click on the C:\My Documents folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Encrypt contents to secure data". You right-click on the C:\Accounting folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Encrypt contents to secure data". Which folders are properly configured?

A. C:\Downloads B. C:\Marketing C. C:\Accounting D. C:\My Documents E. C:\

Storage Use 347 42. As the Windows 2000 network administrator, you must optimize disk space on your Windows 2000 domain controller. There are some folders that must be encrypted. The C: volume in the domain controller is an NTFS volume and is fault tolerant. You must configure the C:\Accounting, C:\Marketing, C:\Downloads, and C:\My Documents folder as follows: You must compress the C:\Downloads folder so it requires less disk space. You must compress and encrypt the C:\Marketing folder. You must encrypt the C:\My Documents folder. You must encrypt the C:\Accounting folder. You take the following actions: You right-click on the C:\Downloads folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Compress contents to save disk space". You right-click on the C:\Marketing folder in Explorer and select Properties. On the General Tab, you select Advanced; you select the check box to "Compress contents to save disk space", and the check box to "Encrypt contents to secure data". You right-click on the C:\My Documents folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Encrypt contents to secure data". You right-click on the C:\Accounting folder in Explorer and select Properties. On the General Tab, you select Advanced, then you select the check box to "Encrypt contents to secure data". Which folders are properly configured? *A. C:\Downloads B. C:\Marketing *C. C:\Accounting *D. C:\My Documents E. C:\ Explanation: You cannot compress and encrypt at the same time.

348 Chapter 5

Notes:

Storage Use 349 43. You are the administrator of a Windows 2000 network. The network has 5 Windows 2000 domain controllers, 17 Windows NT 4.0 servers, 6 NetWare 5.1 servers, and 3 UNIX servers. It also has 600 Windows 95 workstations, 800 Windows 98 workstations, 200 Windows 2000 Professional workstations, and 1500 Windows NT 4.0 workstations. The network uses Microsoft Exchange as its e-mail server and all clients use outlook 98 as the e-mail client. You have installed Microsoft Exchange on one of the Windows 2000 domain controllers in the volume of the server that provides the best overall performance. Your Exchange server crashes and you look at the domain controller's drive configuration: You must meet the following requirements: You must restore the Exchange information and get the server back up immediately. You must restore the information on the other hard drive configuration that has failed. You must replace the failed hard drives. You must put the server back in the original working order. You take the following actions: You install a 1.19-GB hard disk and a 1.51-GB hard disk into the server. You remove the striped volume and the spanned volume. You recreate the striped volume and spanned volume exactly as they were originally. You restore the Exchange backup to the spanned volume. You restore the backup from the spanned volume into the new spanned volume. Which requirements do the actions meet?

A. The failed hard drives are replaced B. The information on the other hard drive is successfully restored C. The server is back in the original working order after the actions D. The Exchange information is successfully restored to its original location E. All data is lost.

350 Chapter 5

Storage Use 351 43. You are the administrator of a Windows 2000 network. The network has 5 Windows 2000 domain controllers, 17 Windows NT 4.0 servers, 6 NetWare 5.1 servers, and 3 UNIX servers. It also has 600 Windows 95 workstations, 800 Windows 98 workstations, 200 Windows 2000 Professional workstations, and 1500 Windows NT 4.0 workstations. The network uses Microsoft Exchange as its e-mail server and all clients use outlook 98 as the e-mail client. You have installed Microsoft Exchange on one of the Windows 2000 domain controllers in the volume of the server that provides the best overall performance. Your Exchange server crashes and you look at the domain controller's drive configuration: You must meet the following requirements: You must restore the Exchange information and get the server back up immediately. You must restore the information on the other hard drive configuration that has failed. You must replace the failed hard drives. You must put the server back in the original working order. You take the following actions: You install a 1.19-GB hard disk and a 1.51-GB hard disk into the server. You remove the striped volume and the spanned volume. You recreate the striped volume and spanned volume exactly as they were originally. You restore the Exchange backup to the spanned volume. You restore the backup from the spanned volume into the new spanned volume. Which requirements do the actions meet? *A. The failed hard drives are replaced *B. The information on the other hard drive is successfully restored C. The server is back in the original working order after the actions D. The Exchange information is successfully restored to its original location E. All data is lost. Explanation: The striped volume is still empty.

352 Chapter 5 44. As the network administrator of a Windows 2000 network, you must optimize disk space on a domain controller. The domain controller has a 6-GB SCSI hard drive in it that is a single NTFS partition. You must compress all archive information that is in the C:\Archive folder. How can you compress the folder?

A. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Archiving" box is selected. B. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Encrypt contents to secure data" selection box is selected. C. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Compress contents to save disk space" selection box is selected. D. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "For faster searching allow Indexing Service to Index the folder" box is selected. E. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Compression" box is selected.

Storage Use 353 44. As the network administrator of a Windows 2000 network, you must optimize disk space on a domain controller. The domain controller has a 6-GB SCSI hard drive in it that is a single NTFS partition. You must compress all archive information that is in the C:\Archive folder. How can you compress the folder? A. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Archiving" box is selected. B. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Encrypt contents to secure data" selection box is selected. *C. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Compress contents to save disk space" selection box is selected. D. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "For faster searching allow Indexing Service to Index the folder" box is selected. E. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Compression" box is selected. Explanation: The compression option is found under advanced in the folder's properties.

354 Chapter 5

Notes:

Storage Use 355 45. You are the administrator of your Windows 2000 network. The domain controller on the network had a hard drive fail in it. The disk configuration is shown below: You must meet the following requirements: You must replace the missing hard drive. You must recreate all volumes that were affected by the missing hard drive. You must restore the data to its original state. You take the following actions: You replace the hard drive with a 10-GB hard drive. You make the new hard drive Dynamic. You recreate the spanned volume allocating 1.19 GB of space for Disk 3 and all the other free space on the other 3 hard drives. You restore the data from backup. Which requirements do the actions meet?

A. The missing hard drive is replaced B. The data is restored to its original state C. The actions do not meet any of the requirements D. All volumes affected by the missing hard drive are replaced E. The Domain Controller is demoted.

356 Chapter 5

Storage Use 357 45. You are the administrator of your Windows 2000 network. The domain controller on the network had a hard drive fail in it. The disk configuration is shown below: You must meet the following requirements: You must replace the missing hard drive. You must recreate all volumes that were affected by the missing hard drive. You must restore the data to its original state. You take the following actions: You replace the hard drive with a 10-GB hard drive. You make the new hard drive Dynamic. You recreate the spanned volume allocating 1.19 GB of space for Disk 3 and all the other free space on the other 3 hard drives. You restore the data from backup. Which requirements do the actions meet? A. The missing hard drive is replaced B. The data is restored to its original state C. The actions do not meet any of the requirements *D. All volumes affected by the missing hard drive are replaced E. The Domain Controller is demoted. Explanation: The volumes have been replaced, but the data from the backup is not as current as the actual data.

358 Chapter 5 46. You are configuring your Windows 2000 server and must configure certain information on a fault tolerant volume. You must store the entire Exchange database and all customer information so a single failed disk in the drive will not lose any information. The partitions in the drive are as follows: C:\- 2-GB FAT RAID Level 1 partition D:\- 6-GB NTFS RAID Level 5 partition F:\- 2-GB FAT32 striped set G:\- 13-GB FAT32 spanned volume On which partition could you store the information if you needed to encrypt the files?

A. C: B. D: C. F: D. G: E. H:

Storage Use 359 46. You are configuring your Windows 2000 server and must configure certain information on a fault tolerant volume. You must store the entire Exchange database and all customer information so a single failed disk in the drive will not lose any information. The partitions in the drive are as follows: C:\- 2-GB FAT RAID Level 1 partition D:\- 6-GB NTFS RAID Level 5 partition F:\- 2-GB FAT32 striped set G:\- 13-GB FAT32 spanned volume On which partition could you store the information if you needed to encrypt the files? A. C: *B. D: C. F: D. G: E. H: Explanation: Drive D: is large enough, and is fault tolerant. You can also encrypt the files on it.

360 Chapter 5 47. You are the administrator of your company's Windows 2000 domain controller. The domain controller contains three 5-GB hard drives. They are configured as follows: The system partition is a 2-GB NTFS partition and is assigned the C: drive letter. There is a RAID 5 volume that is composed of 2 GB from each drive and is assigned the D: drive letter. There is a 1-GB FAT partition on DISK 0 that is assigned the E: drive letter. There are two 3-GB FAT32 partitions that fill the remaining space on the other two drives. They are assigned letters F: and G: respectively. You must optimize the disk space on the drives to meet the following requirements: You must check all volumes for errors. You must optimize the speed with which your applications initialize. You must ensure all files are arranged on the volumes in a contiguous manner. You must ensure the RAID volume is adequately prepared to minimize install time and initialization time of the program. You take the following actions: You use the Check Disk tool on all the drives. You use Disk Defragmenter to analyze and defragment all volumes. Which requirements are met by the actions?

A. All volumes are checked for errors B. All files are arranged on each volume in a contiguous manner C. The speed with which your applications initialize is optimized D. The RAID volume is adequately prepared to minimize install time and initialization time of applications E. The disks are compressed.

Storage Use 361 47. You are the administrator of your company's Windows 2000 domain controller. The domain controller contains three 5-GB hard drives. They are configured as follows: The system partition is a 2-GB NTFS partition and is assigned the C: drive letter. There is a RAID 5 volume that is composed of 2 GB from each drive and is assigned the D: drive letter. There is a 1-GB FAT partition on DISK 0 that is assigned the E: drive letter. There are two 3-GB FAT32 partitions that fill the remaining space on the other two drives. They are assigned letters F: and G: respectively. You must optimize the disk space on the drives to meet the following requirements: You must check all volumes for errors. You must optimize the speed with which your applications initialize. You must ensure all files are arranged on the volumes in a contiguous manner. You must ensure the RAID volume is adequately prepared to minimize install time and initialization time of the program. You take the following actions: You use the Check Disk tool on all the drives. You use Disk Defragmenter to analyze and defragment all volumes. Which requirements are met by the actions? *A. All volumes are checked for errors *B. All files are arranged on each volume in a contiguous manner *C. The speed with which your applications initialize is optimized *D. The RAID volume is adequately prepared to minimize install time and initialization time of applications E. The disks are compressed. Explanation: All requested objectives have been met.

362 Chapter 5 48. You have two disks in your Windows 2000 server. You must protect the system partition by creating an exact duplicate of it so if one of the hard drives fails; the system information is still protected. How should you configure the computer's hard disks?

A. As a striped set B. As a spanned volume C. As a RAID level 1 configuration D. As a RAID level 5 configuration E. As a RAID level 2 configuration

Storage Use 363 48. You have two disks in your Windows 2000 server. You must protect the system partition by creating an exact duplicate of it so if one of the hard drives fails; the system information is still protected. How should you configure the computer's hard disks? A. As a striped set B. As a spanned volume *C. As a RAID level 1 configuration D. As a RAID level 5 configuration E. As a RAID level 2 configuration Explanation: A RAID level 1 configuration will create an identical copy.

364 Chapter 5 49. Your Windows 2000 Server is configured as follows: Component Size or Type Additional Description Processor Intel Pentium II 350 MHz Disk 0 1 partition FAT32 file system Disk 1 1 partition FAT16 file system Paging file Initial size 128 MB Located on Disk 0 Maximum size 256 MB NIC 3 COM 10/100 Ethernet A new corporate policy has dictated that all systems have file encryption and user level security enabled. You want to lose as little data as possible in making this conversion. Which of the following must be completed on your system to meet the requirement?

A. Disk 0 must be converted to NTFS B. Disk 0 must be reformatted to NTFS C. Disk 1 must be converted to FAT32 D. Disk 1 must be reformatted to NTFS E. Disk 1 must be converted to NTFS

Storage Use 365 49. Your Windows 2000 Server is configured as follows: Component Size or Type Additional Description Processor Intel Pentium II 350 MHz Disk 0 1 partition FAT32 file system Disk 1 1 partition FAT16 file system Paging file Initial size 128 MB Located on Disk 0 Maximum size 256 MB NIC 3 COM 10/100 Ethernet A new corporate policy has dictated that all systems have file encryption and user level security enabled. You want to lose as little data as possible in making this conversion. Which of the following must be completed on your system to meet the requirement? *A. Disk 0 must be converted to NTFS B. Disk 0 must be reformatted to NTFS C. Disk 1 must be converted to FAT32 D. Disk 1 must be reformatted to NTFS *E. Disk 1 must be converted to NTFS Explanation: There is no need to reformat your partitions; you can simply convert them to NTFS. Since NTFS is the only file system that can support user-level security and file encryption, you must upgrade to NTFS. The other options are not necessary, so they should not have been selected. The option that mentions converting Disk 1 to FAT32 wouldn't work, even if you did it. The options to reformat would work, but they are not necessary because you can convert your partitions. Reformatting would cause you to lose any data on the existing partitions.

366 Chapter 5 50. Using dynamic storage, what is the limit of volumes you can create on one disk?

A. You cannot create volumes using dynamic storage B. 1 Volume C. 16 Volumes D. 32 Volumes E. unlimited Volumes

51. A simple volume and a partition seem to represent similar use of disk space. What are the differences?

A. A simple volume does not have the size limitations of a partition. B. A simple volume can be formatted FAT 32, while a partition cannot C. A simple volume can span multiple disks, a partition cannot D. A simple volume is fault tolerant, a partition is not

Storage Use 367 50. Using dynamic storage, what is the limit of volumes you can create on one disk? A. You cannot create volumes using dynamic storage B. 1 Volume C. 16 Volumes D. 32 Volumes *E. unlimited Volumes Explanation: There is no limit to how many volumes you can create on one disk. Reference: Implementing Microsoft Windows 2000 Professional and Server. Exam Category: Managing, Configuring and Troubleshooting Storage Usage

51. A simple volume and a partition seem to represent similar use of disk space. What are the differences? *A. A simple volume does not have the size limitations of a partition. B. A simple volume can be formatted FAT 32, while a partition cannot C. A simple volume can span multiple disks, a partition cannot D. A simple volume is fault tolerant, a partition is not Explanation: A simple volume, by definition, is a disk space on a single disk. It appears to have the same function as a partition, but has some advantages. It does not have the size limitations of a partition, there is no limitation to the number of volumes you can have on a single disk, and you can later extend the volume if necessary. Reference: Implementing Microsoft Windows 2000 Professional and Server Exam Category: Managing, Configuring and Troubleshooting Storage Usage

368 Chapter 5 52. Which file formatting system or systems will allow you to extend a simple volume?

A. NTFS B. FAT C. FAT32 D. VFAT E. HPFS

53. What is the maximum number of disks that can be used when creating a spanned volume?

A. 1 Disk B. 16 Disks C. 32 Disks D. Unlimited Disks E. 8 Disks

Storage Use 369 52. Which file formatting system or systems will allow you to extend a simple volume? *A. NTFS B. FAT C. FAT32 D. VFAT E. HPFS Explanation: A simple volume can be extended only if it has been formatted NTFS. Reference: Implementing Microsoft Windows 2000 Professional and Server. Exam Category: Managing, Configuring and Troubleshooting Storage Usage

53. What is the maximum number of disks that can be used when creating a spanned volume? A. 1 Disk B. 16 Disks *C. 32 Disks D. Unlimited Disks E. 8 Disks Explanation: A spanned volume can be created on 2 to 32 disks. However, if one hard disk is lost, the entire volume is lost. Reference: Implementing Microsoft Windows 2000 Professional and Server. Exam Category: Managing, Configuring and Troubleshooting Storage Usage

370 Chapter 5 54. When you migrate a server from Windows NT 4.0 to Windows 2000, what happens to the volume sets created on Windows NT 4.0?

A. They are converted to volume sets on basic disks. B. They are converted to volume sets on dynamic disks. C. They are converted to partitions to basic disks. D. They are not retained and must be restored from backup.

55. If a user has reached his disk quota allowance, and the disk quota is set to prevent further disk space, what must he or she do to obtain more space?

A. Delete some files. B. Compress some files. C. Have another user take ownership of some files. D. Have the administrator increase the quota allowance.

Storage Use 371 54. When you migrate a server from Windows NT 4.0 to Windows 2000, what happens to the volume sets created on Windows NT 4.0? *A. They are converted to volume sets on basic disks. B. They are converted to volume sets on dynamic disks. C. They are converted to partitions to basic disks. D. They are not retained and must be restored from backup. Explanation: They are converted to volume sets on basic disks. There is limited support for volume sets on basic disks on Windows 2000. They are retained, but no new volume sets can be created on basic disks. Reference: Implementing Microsoft Windows 2000 Professional and Server. Exam Category: Managing, Configuring and Troubleshooting Storage Usage

55. If a user has reached his disk quota allowance, and the disk quota is set to prevent further disk space, what must he or she do to obtain more space? *A. Delete some files. B. Compress some files. *C. Have another user take ownership of some files. *D. Have the administrator increase the quota allowance. Explanation: When a user has reached his quota limit, he can either delete some files, have another user take ownership of some files or have the administrator increase his quota allowance. Compressing files will have no effect, as disk quotas are based on the actual size of the files, and not the compressed size. However, a user is charged only with the space used by files he or she owns, so if another user takes ownership of a file, the space that file uses is assigned to the new owner. Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Configuring and Troubleshooting Storage Use.

372 Chapter 5 56. A user is running a machine that is set to dual boot between Windows NT 4.0 and Windows 2000. He has reached his disk quota limit for data storage. What effect will this have when he boots under Windows NT 4.0?

A. He will be unable to boot into Windows NT 4.0 because there is insufficient disk space. B. He will be unable to see the files, as NTFS is different under NT 4.0. C. He will be able to exceed the disk quota limit. D. It will have no effect whatsoever.

57. The administrator has set up the disk quota state as "disk quota tracked." What effect does this have?

A. This is the default state; disk quotas do not affect performance. B. Quota usage changes are tracked, but quota limits are not enforced. C. Quota usage changes are tracked and quota limits are enforced. D. Quote usage changes are tracked, quota limits are enforced, and users are notified when they are reaching quota limits.

Storage Use 373 56. A user is running a machine that is set to dual boot between Windows NT 4.0 and Windows 2000. He has reached his disk quota limit for data storage. What effect will this have when he boots under Windows NT 4.0? A. He will be unable to boot into Windows NT 4.0 because there is insufficient disk space. B. He will be unable to see the files, as NTFS is different under NT 4.0. *C. He will be able to exceed the disk quota limit. D. It will have no effect whatsoever. Explanation: He will be able to exceed the disk quota limit when running under Windows NT 4.0. Disk quotas are new under Windows 2000 and are not recognized by NT 4.0. Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Configuring and Troubleshooting Storage Use

57. The administrator has set up the disk quota state as "disk quota tracked." What effect does this have? A. This is the default state; disk quotas do not affect performance. *B. Quota usage changes are tracked, but quota limits are not enforced. C. Quota usage changes are tracked and quota limits are enforced. D. Quote usage changes are tracked, quota limits are enforced, and users are notified when they are reaching quota limits. Explanation: When the disk quota state is "disk quota tracked," quota usage changes are tracked, but quota limits are not enforced. No violation events are generated to Event Viewer, and no operations are caused to fail because of disk quotas. The default state of disk quota is "Quota disabled." Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Configuring and Troubleshooting Storage Use

374 Chapter 5 58. You have a 1GB drive and 100 users. You wish to allocate 100mb of space to each user under disk quotas. What happens?

A. You are unable to do this. B. You modify the registry under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control. C. You run the command diskall.exe -d. D. Disk quotas do not prevent the administrator from allocating more than the actual space.

59. How are disk quotas tracked under Windows 2000?

A. Per user, total disk space allowed B. Per group membership, total disk space allowed C. Per user, total disk space per volume D. Per group membership, total disk space per volume

Storage Use 375 58. You have a 1GB drive and 100 users. You wish to allocate 100mb of space to each user under disk quotas. What happens? A. You are unable to do this. B. You modify the registry under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control. C. You run the command diskall.exe -d. *D. Disk quotas do not prevent the administrator from allocating more than the actual space. Explanation: Disk quotas do not prevent administrators from allocating more space than is available on the disk. Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Configuring and Troubleshooting Storage Use

59. How are disk quotas tracked under Windows 2000? A. Per user, total disk space allowed B. Per group membership, total disk space allowed *C. Per user, total disk space per volume D. Per group membership, total disk space per volume Explanation: Disk quotas are tracked on a per-user, per-volume basis. Users are responsible only for the files they own. Reference: Windows 2000 Server Operations Guide. Exam Category: Managing, Configuring and Troubleshooting Storage Use.

376 Chapter 5 60. On the D partition of a Windows 2000 server, you have assigned 100MB disk quotas via the Windows 2000 quota management service to all of the users of your department. Recently, your backup administrator moved some large files from the C drive for a user and placed them in the user's personal folder on D:. At the time she moved the files into user's folder, the folder had 80 MB of files. You just checked the size of the folder and found that it shows that it contains 150MB of files. If your backup administrator did not report any problems when adding the files to the folder, and you are sure the quota system is configured not to allow users to exceed the 100MB limit, why does the folder contain 150 MB of files?

A. The user is not the owner of the files you moved B. The user's personal directory is exempt from the disk quota C. The files you moved were from a FAT partition D. The files are compressed E. Files moved from another partition do not count toward the quota

63. An application exception has occurred and Dr. Watson has generated a log file. How can you view the file?

A. The application log B. The system log C. The security log D. The event log

Storage Use 377 60. On the D partition of a Windows 2000 server, you have assigned 100MB disk quotas via the Windows 2000 quota management service to all of the users of your department. Recently, your backup administrator moved some large files from the C drive for a user and placed them in the user's personal folder on D:. At the time she moved the files into user's folder, the folder had 80 MB of files. You just checked the size of the folder and found that it shows that it contains 150MB of files. If your backup administrator did not report any problems when adding the files to the folder, and you are sure the quota system is configured not to allow users to exceed the 100MB limit, why does the folder contain 150 MB of files? *A. The user is not the owner of the files you moved B. The user's personal directory is exempt from the disk quota C. The files you moved were from a FAT partition D. The files are compressed E. Files moved from another partition do not count toward the quota Explanation: Administrators are exempt from disk quotas. When the backup administrator moved the files from the C drive into the user's personal folder, the exemption carried over to the files copied into that folder, which allowed it to exceed the 100MB disk quota. Compression does not affect disk quota limits - file sizes are calculated based on their uncompressed size. Quotas cannot be set at the directory level, only the volume level, and quota limits do apply to all of the files that belong to a user, no matter if they were moved from another partition and regardless of the files system that another partition is using.

63. An application exception has occurred and Dr. Watson has generated a log file. How can you view the file? *A. The application log B. The system log C. The security log D. The event log Explanation: Dr. Watson is a program error debugger that generates its own log file when an application exception or program error occurs. This is saved to drwtsn32.log. This file can be viewed in the application log of Event Viewer.

378 Chapter 5 61. One of your Windows 2000 Server's hard drives has crashed. The crash didn't affect the system files, but the server, named appsrv1.domx.com, was hosting several shared applications for your network. There is another Windows 2000 Server named filesrv2.domx.com on the network that is being used as an application server and also as a file storage location for users in your graphics design department. The graphics design users had file storage limits of 500MB each and all other users were limited to 2MB because they were expected to store their files on appsrv1.domx.com. You decide to move the graphics design files from the D drive to the C drive of filesrv2.domx.com. You then move the hard disk with partition D from filesrv2.domx.com to appsrv1.domx.com. Finally, you replace the D drive in filesrv2.com with a smaller drive that still has ample room for the graphics design users. Soon you find that many users cannot save files on appsrv1.domx.com and the graphics design users are exceeding their space limits. What happened?

A. the disk quotas stored in the registry became corrupted B. the disk quotas stored on the file system moved with the hard disks C. in moving the hard drive from one system to the other the system became the owner of all files D. the quotas set on the previous hard drive do not limit the new volume installed in filesrv2.domx.com E. disk quotas do not apply on application servers

Storage Use 379 61. One of your Windows 2000 Server's hard drives has crashed. The crash didn't affect the system files, but the server, named appsrv1.domx.com, was hosting several shared applications for your network. There is another Windows 2000 Server named filesrv2.domx.com on the network that is being used as an application server and also as a file storage location for users in your graphics design department. The graphics design users had file storage limits of 500MB each and all other users were limited to 2MB because they were expected to store their files on appsrv1.domx.com. You decide to move the graphics design files from the D drive to the C drive of filesrv2.domx.com. You then move the hard disk with partition D from filesrv2.domx.com to appsrv1.domx.com. Finally, you replace the D drive in filesrv2.com with a smaller drive that still has ample room for the graphics design users. Soon you find that many users cannot save files on appsrv1.domx.com and the graphics design users are exceeding their space limits. What happened? A. the disk quotas stored in the registry became corrupted *B. the disk quotas stored on the file system moved with the hard disks C. in moving the hard drive from one system to the other the system became the owner of all files *D. the quotas set on the previous hard drive do not limit the new volume installed in filesrv2.domx.com E. disk quotas do not apply on application servers Explanation: Disk quotas are stored on the file system, not the registry. Therefore, the disk quotas set on the filesrv2.domx.com moved with the hard drive and now apply to users of appsrv1.domx.com. Physically moving a drive from one system to another does not change file ownership. Quotas apply on a file system level and are not limited by the type of services that the server is providing.

380 Chapter 5

Notes:

Storage Use 381 62. You have configured a 100MB disk quota limit for all of the users in your network for your Windows 2000 Server system. Many of your networking users are using Windows 2000 Professional, but a few are on Windows 2000 Server systems. Bob, a network user who logs on from both Windows 2000 Professional and Windows 2000 Server systems, has called to tell you that he is having trouble with the disk quotas. He says he only has 50MB of files on the server and he is already being warned that he is running out of disk space. You check the quota settings to verify the limitations, which are shown in the figure. Which of the following is potential explanation for Bob receiving the warning message when he only has 50MB of files on the C: drive?

A. The quota warning is a result of the files Bob has on the C partition as well as another partition. B. The quota warning is set at 50%. C. Bob's files are compressed. D. Another user owns some of Bob's files. E. Bob is seeing an administrative alert.

382 Chapter 5

Storage Use 383 62. You have configured a 100MB disk quota limit for all of the users in your network for your Windows 2000 Server system. Many of your networking users are using Windows 2000 Professional, but a few are on Windows 2000 Server systems. Bob, a network user who logs on from both Windows 2000 Professional and Windows 2000 Server systems, has called to tell you that he is having trouble with the disk quotas. He says he only has 50MB of files on the server and he is already being warned that he is running out of disk space. You check the quota settings to verify the limitations, which are shown in the figure. Which of the following is potential explanation for Bob receiving the warning message when he only has 50MB of files on the C: drive? A. The quota warning is a result of the files Bob has on the C partition as well as another partition. B. The quota warning is set at 50%. *C. Bob's files are compressed. D. Another user owns some of Bob's files. E. Bob is seeing an administrative alert. Explanation: Quotas are based on uncompressed file size, which explains how Bob may only be using 50MB, but could have 90MB of used space according to quota management. The other explanations don't work. If some of Bob's files were actually owned by another user, then Bob wouldn't be running out of space. The quota warning is set to 10MB, not 50%. Quotas are set on the partition, so the warning would not include files that have been stored on another system. Whether Bob is seeing an administrative alert or not, it doesn't explain the message.

384 Chapter 5 64. You wish to view the changes you have made to the drive letters in Disk Management. Which command do you use to do this?

A. Commit Changes Now B. Refresh C. Rescan Disks D. Confirm and View

65. You wish to convert your disk from basic to dynamic. How do you do this?

A. By using the "convert" command at the command prompt. B. By using the "covert now" command in the Disk Administrator. C. By using the "upgrade to dynamic disk" command in Disk Administrator. D. By using the "upgrade" command at the command prompt.

Storage Use 385 64. You wish to view the changes you have made to the drive letters in Disk Management. Which command do you use to do this? A. Commit Changes Now *B. Refresh C. Rescan Disks D. Confirm and View Explanation: The Refresh command updates drive letters, file system, volume and removable media information. Reference: Implementing Microsoft Windows 2000 Professional and Server.

65. You wish to convert your disk from basic to dynamic. How do you do this? A. By using the "convert" command at the command prompt. B. By using the "covert now" command in the Disk Administrator. *C. By using the "upgrade to dynamic disk" command in Disk Administrator. D. By using the "upgrade" command at the command prompt. Explanation: Using the "Upgrade to Dynamic Disk" command in Disk Administrator will convert your disk from basic to dynamic. There is no path available to reverse this process while maintaining data. Reference: Implementing Microsoft Windows 2000 Professional and Server.

386 Chapter 5 66. You wish to covert your drive back to basic form from dynamic, while retaining all information on the disk. How do you do this?

A. Use the "revert" command at the command prompt. B. Use the "revert to basic disk" command in Disk Administrator. C. Back up all information, use the "revert to basic disk" command in Disk Administrator, and restore the information after completion. D. There is no practical way to revert to basic after converting to dynamic.

67. Under Windows 2000, what is the maximum partition size for a FAT16 volume?

A. 1024MB B. 2048MB C. 4095MB D. No limitation

Storage Use 387 66. You wish to covert your drive back to basic form from dynamic, while retaining all information on the disk. How do you do this? A. Use the "revert" command at the command prompt. B. Use the "revert to basic disk" command in Disk Administrator. C. Back up all information, use the "revert to basic disk" command in Disk Administrator, and restore the information after completion. *D. There is no practical way to revert to basic after converting to dynamic. Explanation: All volumes must be deleted on the drive before using the "revert to basic disk" command in Disk Administrator. To retain the data on the drive, you must back up the information, perform the revert command, and then restore the data. Reference: Implementing Microsoft Windows 2000 Professional and Server.

67. Under Windows 2000, what is the maximum partition size for a FAT16 volume? A. 1024MB B. 2048MB *C. 4095MB D. No limitation Explanation: FAT16 is supported under Windows 2000 for backward compatibility. As with Windows NT 4.0, the maximum partition size for FAT16 is 4095MB. Reference: Windows 2000 Server Operations Guide.

388 Chapter 5 68. On a volume with fewer than 32,680 sectors, using the format command under disk administrator, how is it formatted?

A. FAT12 B. FAT16 C. FAT32 D. NTFS

69. You have configured a central Windows 2000 Server that is servicing 500 clients. The Windows 2000 Server maintains home directories for the users. The hard disk that you have been using in the system is a 4GB IDE drive (basic disk) that is formatted with the NTFS5 file system. Although the drive has plenty of space for the users home directories because disk quotas limit the size of each user's space on the drive, you need to add space to the drive. However, the drive is completely out of disk space. If you add a second physical disk (4GB) to the Windows 2000 Server, how can you increase the available space on the drive maintaining the home directories?

A. format the drive, mount the drive to a new folder created on the first drive B. do not format the drive and extend the first drive with the partition of the second drive C. format the drive and extend the first drive with the partition of the second. D. partition the new drive with NTFS and then format it to NTFS, then extend the first drive

Storage Use 389 68. On a volume with fewer than 32,680 sectors, using the format command under disk administrator, how is it formatted? *A. FAT12 B. FAT16 C. FAT32 D. NTFS Explanation: This is one of the old time " got ya " questions. On a volume with fewer than 32,680 sectors (a drive usually smaller than 16MB, like a floppy drive), it is usually formatted FAT12. FAT12 is the original implementation of FAT. It is intended for very small media, as the file allocation table for FAT12 is smaller than the file allocation table for FAT16 and FAT32. It uses less space for each entry. Reference: Windows 2000 Server Operations Guide.

69. You have configured a central Windows 2000 Server that is servicing 500 clients. The Windows 2000 Server maintains home directories for the users. The hard disk that you have been using in the system is a 4GB IDE drive (basic disk) that is formatted with the NTFS5 file system. Although the drive has plenty of space for the users home directories because disk quotas limit the size of each user's space on the drive, you need to add space to the drive. However, the drive is completely out of disk space. If you add a second physical disk (4GB) to the Windows 2000 Server, how can you increase the available space on the drive maintaining the home directories? *A. format the drive, mount the drive to a new folder created on the first drive B. do not format the drive and extend the first drive with the partition of the second drive C. format the drive and extend the first drive with the partition of the second. D. partition the new drive with NTFS and then format it to NTFS, then extend the first drive Explanation: You can only extend an NTFS partition of a dynamic disk. If you have a basic disk, you cannot extend it. However, you can create a new folder on a drive and map it to another partition. Therefore, the solution to this problem is to create a folder on the first computer that will essentially contain the 4GB of the second drive.

390 Chapter 5 70. You are running a consulting service for a large multinational bank. The bank has real-time bit-by-bit backup systems for mission-critical information. You are running configuring a small group of Web servers for online banking information for customers. The company wants you to configure systems that respond to customer queries quickly, but also have a level of fault tolerance to protect data locally - even though the data is also backed up. You want to provide both fault tolerance and rapid disk read access for your network clients, which of the following is the best option?

A. RAID 5 B. Disk Mirroring C. Disk Duplexing D. Disk Striping E. Disk duplication

Storage Use 391 70. You are running a consulting service for a large multinational bank. The bank has real-time bit-by-bit backup systems for mission-critical information. You are running configuring a small group of Web servers for online banking information for customers. The company wants you to configure systems that respond to customer queries quickly, but also have a level of fault tolerance to protect data locally - even though the data is also backed up. You want to provide both fault tolerance and rapid disk read access for your network clients, which of the following is the best option? *A. RAID 5 B. Disk Mirroring C. Disk Duplexing D. Disk Striping E. Disk duplication Explanation: RAID 5 or disk striping with parity allows you to configure you disks for fast access because three or more disks can be used to simultaneously provide data faster than a single disk. The disks also provide data redundancy so that if one disk fails, the other disks can continue to provide the data until the failed disk is restored. Disk mirroring does provide fault tolerance, but it doesn't provide the speed of read access that a RAID 5 configuration provides. Disk duplexing is the same as disk mirroring, but with an extra hard disk controller, but it still doesn't provide as fast access as a RAID 5 configuration. Disk duplication isn't typically used for fault tolerance; it's used for installing multiple disks with the same hardware on multiple systems. Disk striping is not fault tolerant, but it provides fastest disk access.

392 Chapter 5 71. You have configured 75 Windows 2000 Servers in the last two weeks. Each Windows 2000 Server has a fault tolerant implementation of the system and boot partitions via disk mirroring through the operating system. The disk mirror is between Disk0 and Disk1 on each server. Disk0 is the primary active partition and contains the original installation of the operating system. Just as you finished the 75th server, you receive a report that the first server you installed has a failed drive. The administrator of that system has called to say he didn't notice the problem until he tried to restart the system. He received the error message upon reboot. Assuming that Disk1 is still operational, what will you require in order to recover the failed disk mirror?

A. the Windows 2000 Server CD-ROM B. a new hard disk similar to the one that failed C. tape backups D. two new hard disks to replace the failed mirror E. a fault tolerance boot disk

Storage Use 393 71. You have configured 75 Windows 2000 Servers in the last two weeks. Each Windows 2000 Server has a fault tolerant implementation of the system and boot partitions via disk mirroring through the operating system. The disk mirror is between Disk0 and Disk1 on each server. Disk0 is the primary active partition and contains the original installation of the operating system. Just as you finished the 75th server, you receive a report that the first server you installed has a failed drive. The administrator of that system has called to say he didn't notice the problem until he tried to restart the system. He received the error message upon reboot. Assuming that Disk1 is still operational, what will you require in order to recover the failed disk mirror? A. the Windows 2000 Server CD-ROM *B. a new hard disk similar to the one that failed C. tape backups D. two new hard disks to replace the failed mirror *E. a fault tolerance boot disk Explanation: To recover a failed mirror, when the failed drive contains your system partition, you will need a fault tolerance boot disk and a drive to replace the one that failed. The fault tolerance boot floppy allows you to boot the operating system from the mirrored hard disk. You can then break the mirror, replace the drive, and reestablish the mirror.

394 Chapter 5 72. You installed two Web servers for a company that provides pay-for-content Web services. The company wanted to ensure that each server had fault tolerance in the event that a hard disk failed on the system. They installed five hard disks on each computer, and you configured a disk mirror on Disk0 and Disk1, then you created a stripe set with parity using the remaining three hard disks (Disk2, Disk3, and Disk4). Several months after installing these systems you receive a call that one of the hard disks has failed on Web_1, which was the first Web server you installed. The Web developer who reports the problem says that it is Disk4 that failed. He says that he didn't notice it immediately, until he did a system review and saw that the memory utilization was far above normal for the amount of traffic that the Web server was receiving. Then, he noticed that Disk4 had failed and called you. What will you need in order to correct the problem?

A. the Windows 2000 Server CD-ROM B. a new hard disk similar to the one that failed C. tape backups D. three new hard disks to replace the failed set E. a fault tolerance boot disk

Storage Use 395 72. You installed two Web servers for a company that provides pay-for-content Web services. The company wanted to ensure that each server had fault tolerance in the event that a hard disk failed on the system. They installed five hard disks on each computer, and you configured a disk mirror on Disk0 and Disk1, then you created a stripe set with parity using the remaining three hard disks (Disk2, Disk3, and Disk4). Several months after installing these systems you receive a call that one of the hard disks has failed on Web_1, which was the first Web server you installed. The Web developer who reports the problem says that it is Disk4 that failed. He says that he didn't notice it immediately, until he did a system review and saw that the memory utilization was far above normal for the amount of traffic that the Web server was receiving. Then, he noticed that Disk4 had failed and called you. What will you need in order to correct the problem? A. the Windows 2000 Server CD-ROM *B. a new hard disk similar to the one that failed C. tape backups D. three new hard disks to replace the failed set E. a fault tolerance boot disk Explanation: You cannot place a Windows 2000 stripe set on the system or boot partitions, so you will never require a fault tolerance boot disk in order to repair such an implementation. Since stripe sets do require that you have equal partition sizes, you must replace the failed drive with a similar drive. Most network administrators recommend that you use an identical drive when repairing a stripe set. You shouldn't need any other items to repair this installation. You can go to the Disk Administrator and regenerate the stripe once you have replaced the disk. When a disk fails in a stripe set with parity (RAID 5) the missing information is created from the remaining disks and parity information in memory, which is why the memory consumption jumped when the disk failed.

396 Chapter 5 73. You have migrated your mirror sets from Windows NT 4.0 to Windows 2000. What tasks can you perform with mirror sets on basic drives under Windows 2000?

A. Create a new mirror set B. Repair a mirror set C. Resynchronize a mirror set D. Delete a mirror set

Storage Use 397 73. You have migrated your mirror sets from Windows NT 4.0 to Windows 2000. What tasks can you perform with mirror sets on basic drives under Windows 2000? A. Create a new mirror set *B. Repair a mirror set *C. Resynchronize a mirror set *D. Delete a mirror set Explanation: On a basic disk, you can migrate your mirror sets from Windows NT 4.0 to Windows 2000. You can also repair, resynchronize, break and delete a mirror set. You cannot create a new mirror set on a basic disk in Windows 2000. Reference: Implementing Microsoft Windows 2000 Professional and Server.

398 Chapter 5 74. The mirror set that you have migrated from Windows NT 4.0 to Windows 2000 has failed. Because it was migrated, it is on a basic disk. The status of the mirror set is "Failed Redundancy" and the status of the disk is "online." What should you do?

A. Replace the failed basic disk with a dynamic disk and use Repair Volume. B. Replace the failed basic disk with another basic disk and use Repair Volume. C. If the status does not change to "Healthy," replace both disks and restore from backup. D. If the status does not change to "Healthy," choose "Regenerate Mirror."

Storage Use 399 74. The mirror set that you have migrated from Windows NT 4.0 to Windows 2000 has failed. Because it was migrated, it is on a basic disk. The status of the mirror set is "Failed Redundancy" and the status of the disk is "online." What should you do? A. Replace the failed basic disk with a dynamic disk and use Repair Volume. *B. Replace the failed basic disk with another basic disk and use Repair Volume. C. If the status does not change to "Healthy," replace both disks and restore from backup. D. If the status does not change to "Healthy," choose "Regenerate Mirror." Explanation: On a mirror set on a basic disk, the failed disk cannot be replaced with a dynamic disk. It must be replaced with a basic disk. If no basic disk is available, the Repair Volume option will not appear, and the mirror set cannot be repaired. The status will change to "regenerating" and then "healthy." If the status does NOT appear as healthy, choose "Resynchronize Mirror." Reference: Implementing Microsoft Windows 2000 Professional and Server.

400 Chapter 5 75. A consulting firm that you are not affiliated with has established a network backup plan that involves a series of incremental, differential, and full backups. The plan the consulting firm created is shown in the table below Sunday Differential Monday Incremental Tuesday Differential Wednesday Full Thursday Differential Friday Incremental Saturday Differential Today is Sunday and the company that is using that backup plan just called. They inform you that the network crashed one hour ago and they need to restore their data from backup. The Sunday backup has not been run yet. You had them fax the backup schedule and you have determined that it will take a total of ________ tapes to restore their system.

A. 1 Tape B. 2 Tapes C. 3 Tapes D. 4 Tapes E. 5 Tapes

Storage Use 401 75. A consulting firm that you are not affiliated with has established a network backup plan that involves a series of incremental, differential, and full backups. The plan the consulting firm created is shown in the table below Sunday Differential Monday Incremental Tuesday Differential Wednesday Full Thursday Differential Friday Incremental Saturday Differential Today is Sunday and the company that is using that backup plan just called. They inform you that the network crashed one hour ago and they need to restore their data from backup. The Sunday backup has not been run yet. You had them fax the backup schedule and you have determined that it will take a total of ________ tapes to restore their system. A. 1 Tape B. 2 Tapes *C. 3 Tapes D. 4 Tapes E. 5 Tapes Explanation: Incremental backups will mark files as backed up. Differential backups do not mark files as backed up, which means that an incremental backup will contain the information backed up on Thursday. You will be able to recover everything as of the Saturday backup by using the Saturday backup tape, the Friday incremental tape, and the last full backup from Wednesday.

402 Chapter 5 76. Listed below are a series of potential file system conversion paths. The goal is to perform a conversion from one file system to another, without losing any of the data already present on the partition to be converted. Which of the following file system conversion paths will accomplish this goal?

A. Use "convert.exe c: /fs:ntfs" to convert from FAT to NTFS B. Use "convert.exe c: /fs:fat32" to convert from FAT to FAT32 C. Use "convert.exe c: /fs:fat" to convert from NTFS to FAT D. Use "convert.exe c: /fs:ntfs" to convert from FAT32 to NTFS

77. What are the two types of disks in Windows 2000?

A. Basic Disks B. Primary Disks C. Extended Disks D. Dynamic Disks

Storage Use 403 76. Listed below are a series of potential file system conversion paths. The goal is to perform a conversion from one file system to another, without losing any of the data already present on the partition to be converted. Which of the following file system conversion paths will accomplish this goal? *A. Use "convert.exe c: /fs:ntfs" to convert from FAT to NTFS B. Use "convert.exe c: /fs:fat32" to convert from FAT to FAT32 C. Use "convert.exe c: /fs:fat" to convert from NTFS to FAT *D. Use "convert.exe c: /fs:ntfs" to convert from FAT32 to NTFS Explanation: Remember for the exam that you cannot convert from FAT to FAT32 and you cannot convert from NTFS to FAT or FAT32. To convert a partition, you simply use the convert.exe command line utility, specify the drive letter, and then specify the file system you wish to convert to by using the /fs switch. Windows 2000 can only convert to NTFS partitions.

77. What are the two types of disks in Windows 2000? *A. Basic Disks B. Primary Disks C. Extended Disks *D. Dynamic Disks Explanation: Windows 2000 supports the creation of either basic or dynamic disks. Basic disk are used to create primary and extended partitions and logical drives, and are useful mainly on workstations. Basic disks cannot support fault-tolerant solutions in Windows 2000 like RAID level-5. Dynamic disks are used to create volumes, striped volumes, spanned volumes, mirrored volumes and RAID-5 volumes.

404 Chapter 5 78. You have been receiving error messages about low disk space on your Windows 2000 server's C drive which has been formatted as a volume. There is unformatted space available, so you have decided to upgrade the disk from a basic disk to a dynamic disk so that you can extend the volume to include the free space, but you are unable to convert the disk from a basic to a dynamic disk. Why will the disk conversion not work?

A. Your Windows 2000 server was upgraded from a Windows NT 4,0 server, and the C: drive is no longer a volume. B. Your C: drive was formatted with NTFS, but the volume was created as a static volume. C. Your C: drive must have at least 1Mb of free space for the drive conversion to succeed. D. Your Windows 2000 server's C: drive was formatted with NTFS and NTFS volumes cannot be extended.

79. What is the name of the fault tolerance driver in Windows 2000 that enables mirroring of drives?

A. mdisk.exe B. ftdisk.exe C. mdisk.dll D. ftdisk.dll

Storage Use 405 78. You have been receiving error messages about low disk space on your Windows 2000 server's C drive which has been formatted as a volume. There is unformatted space available, so you have decided to upgrade the disk from a basic disk to a dynamic disk so that you can extend the volume to include the free space, but you are unable to convert the disk from a basic to a dynamic disk. Why will the disk conversion not work? A. Your Windows 2000 server was upgraded from a Windows NT 4,0 server, and the C: drive is no longer a volume. B. Your C: drive was formatted with NTFS, but the volume was created as a static volume. *C. Your C: drive must have at least 1Mb of free space for the drive conversion to succeed. D. Your Windows 2000 server's C: drive was formatted with NTFS and NTFS volumes cannot be extended. Explanation: A basic disk can be converted to a dynamic disk providing the disk has at least 1 MB of free space. All file system types can be converted, and data will be preserved. Reverting back from a dynamic disk to a basic disk, however, cannot be done without loss of the data on the disk.

79. What is the name of the fault tolerance driver in Windows 2000 that enables mirroring of drives? A. mdisk.exe *B. ftdisk.exe C. mdisk.dll D. ftdisk.dll Explanation: Windows 2000 supports RAID level 0, striped volumes; level 1, mirrored volumes; and level 5, striping with parity. Additionally, hardware implementations of RAID 5 are actually invisible to Windows 2000, and so are fully compatible. Hardware implementations, while generally more expensive, are generally faster, have better features (such as hot swappable drives) and perform better because of bus-mastering and caching done on the SCSI controller. Mirroring is provided via the fault tolerance driver ftdisk.exe, which allows the operating system to write to more than a single drive at a time.

406 Chapter 5 80. Your Windows 2000 server has a single 20 Gb drive. To ensure fault tolerance, you have created two volumes of 10 Gb each, formatted them with FAT, and mirrored the volumes. Why will this mirrored set not provide fault tolerance?

A. FAT volumes cannot be used as mirror sets in Windows 2000. B. In creating the two volumes, you have failed to leave at least 1 MB of free space. C. This will not provide fault tolerance, since a failure of this drive will result in the loss of both of the volumes in the mirror set. D. This configuration will provide fault tolerance.

81. When a mirror fails, what are the three states that the surviving member can report?

A. Failed Redundancy B. Offline C. Missing D. Online

Storage Use 407 80. Your Windows 2000 server has a single 20 Gb drive. To ensure fault tolerance, you have created two volumes of 10 Gb each, formatted them with FAT, and mirrored the volumes. Why will this mirrored set not provide fault tolerance? A. FAT volumes cannot be used as mirror sets in Windows 2000. B. In creating the two volumes, you have failed to leave at least 1 MB of free space. *C. This will not provide fault tolerance, since a failure of this drive will result in the loss of both of the volumes in the mirror set. D. This configuration will provide fault tolerance. Explanation: Windows 2000 supports RAID level 0, striped volumes; level 1, mirrored volumes; and level 5, striping with parity. Additionally, hardware implementations of RAID 5 are actually invisible to Windows 2000, and so are fully compatible. Hardware implementations, while generally more expensive, are generally faster, have better features (such as hot swappable drives) and perform better because of bus-mastering and caching done on the SCSI controller. Mirroring is provided via the fault tolerance driver ftdisk.exe, which allows the operating system to write to more than a single drive at a time. It makes no sense to attempt to create a mirror set on a single drive, since it is the potential failure of the drive we are trying to safeguard against.

81. When a mirror fails, what are the three states that the surviving member can report? A. Failed Redundancy *B. Offline *C. Missing *D. Online Explanation: RAID 1 is mirroring, in which two volumes on separate drives are used to create a mirror set. When a write occurs, it is done on both volumes simultaneously. In the event of a disk failure, the remaining disk can provide access to the data on the remaining mirror. If one of the drives fails, then the missing member of the mirror set will be reported as Failed Redundancy, while the remaining member will be shown as Offline, Missing or Online. The method of recovery is dependant upon the state of the remaining member of the mirror set.

408 Chapter 6

The objective of this chapter is to provide the reader with an understanding of the following: 1.

Install, configure, and troubleshoot shared access.

2.

Install, configure, and troubleshoot a virtual private network (VPN).

3.

Install, configure, and troubleshoot network protocols.

4.

Install and configure network services.

5.

Configure, monitor, and troubleshoot remote access.

6.

Configure inbound connections.

7.

Create a remote access policy.

8.

Configure a remote access profile.

9.

Install, configure, monitor, and troubleshoot Terminal Services.

10. Remotely administer servers by using Terminal Services. 11. Configure Terminal Services for application sharing. 12. Configure applications for use with Terminal Services. 13. Install, configure, and troubleshoot network adapters and drivers.

Windows 2000 Network Connections 409

Chapter 6: Windows 2000 Network Connections 1. Sales users in your network have access to the Internet through a Windows 2000 Server running Microsoft Proxy Server. They must enter their proxy server user names and passwords to connect to the proxy server, to the Internet, and to the intranet server. Users who do not access the Internet do not have accounts on the proxy server, but they still need to be able to connect to the intranet server. What can you do to allow this?

A. Configure each client computer to bypass the proxy server for local addresses. B. Configure each client computer to use the proxy server for local addresses. C. Configure each client computer to bypass the proxy server for remote addresses. D. Configure each client computer to use the proxy server for remote addresses. E. Configure each client computer to use administrative permissions for the proxy server.

2. You have NetWare 4.0 servers in your network, and you install Client Service for NetWare on your Windows 2000 Professional computers and Gateway Service for NetWare on your Windows 2000 server computers. After adding a new Windows 2000 Server computer, you install Gateway Service for NetWare on it, but it is unable to connect to any of your NetWare servers. What is the best way to do this?

A. Configure the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol to use the correct Ethernet frame type. B. Install Gateway Service for NetWare. C. Reinstall Gateway Service for NetWare. D. Install the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. E. Remove the TCP/IP Protocol.

410 Chapter 6 1. Sales users in your network have access to the Internet through a Windows 2000 Server running Microsoft Proxy Server. They must enter their proxy server user names and passwords to connect to the proxy server, to the Internet, and to the intranet server. Users who do not access the Internet do not have accounts on the proxy server, but they still need to be able to connect to the intranet server. What can you do to allow this? *A. Configure each client computer to bypass the proxy server for local addresses. B. Configure each client computer to use the proxy server for local addresses. C. Configure each client computer to bypass the proxy server for remote addresses. D. Configure each client computer to use the proxy server for remote addresses. E. Configure each client computer to use administrative permissions for the proxy server. Explanation: Because an intranet server is one that is located on an internal network, the user should be able to reach it without using the proxy server. By using the "bypass the proxy server for local addresses" option, users can access the intranet server directly.

2. You have NetWare 4.0 servers in your network, and you install Client Service for NetWare on your Windows 2000 Professional computers and Gateway Service for NetWare on your Windows 2000 server computers. After adding a new Windows 2000 Server computer, you install Gateway Service for NetWare on it, but it is unable to connect to any of your NetWare servers. What is the best way to do this? *A. Configure the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol to use the correct Ethernet frame type. B. Install Gateway Service for NetWare. C. Reinstall Gateway Service for NetWare. D. Install the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. E. Remove the TCP/IP Protocol. Explanation: If the incorrect Ethernet frame type is selected, then communication between the NetWare and Windows 2000 servers will be unsuccessful.

Windows 2000 Network Connections 411 3. Your routed Windows 2000 network includes 25 Windows 2000 Server computers. You want to install a new Windows 2000 Server computer as the first computer on a new routed segment. You configure the existing DHCP server with a scope that is valid for the new segment, and specify that the server should obtain its IP address from an existing DHCP server, but after you complete the installation, you can only see the new server in My Network Places. When you run ipconfig, you find that your IP address is 169.254.1.200, with a 16-bit subnet mask and no default gateway address. What is the best way to do this?

A. Configure all of the routers to route BOOTP broadcast frames. B. Add a DHCP Relay Agent computer to the new routed segment. C. Configure all of the routers to block BOOTP broadcast frames. D. Add a DHCP Relay Agent computer to the segment with the Windows 2000 Server. E. Configure all of the routers to block DHCP broadcast frames

4. What three things can you do to help diagnose why users cannot connect to a second modem configured with Routing and Remote Access on your Windows 2000 Server?

A. Use the Diagnostics tab on the Phone and Modem Options. B. Use Device Manager to identify any port resource conflicts. C. Use the Routing and Remote Access snap-in to find out whether the ports are operational. D. Use the Diagnostics tab in Device Manager. E. Use the area code configuration utility.

412 Chapter 6 3. Your routed Windows 2000 network includes 25 Windows 2000 Server computers. You want to install a new Windows 2000 Server computer as the first computer on a new routed segment. You configure the existing DHCP server with a scope that is valid for the new segment, and specify that the server should obtain its IP address from an existing DHCP server, but after you complete the installation, you can only see the new server in My Network Places. When you run ipconfig, you find that your IP address is 169.254.1.200, with a 16-bit subnet mask and no default gateway address. What is the best way to do this? *A. Configure all of the routers to route BOOTP broadcast frames. *B. Add a DHCP Relay Agent computer to the new routed segment. C. Configure all of the routers to block BOOTP broadcast frames. D. Add a DHCP Relay Agent computer to the segment with the Windows 2000 Server. E. Configure all of the routers to block DHCP broadcast frames Explanation: The IP address that was found using IPCONFIG is in the autoconfiguration range. This means that the network segment is likely not receiving the BOOTP broadcast frames. This can be solved by modifying the router configuration to include support of BOOTP broadcast frames, or you could add a DHCP Relay Agent computer to the new routed segment.

4. What three things can you do to help diagnose why users cannot connect to a second modem configured with Routing and Remote Access on your Windows 2000 Server? *A. Use the Diagnostics tab on the Phone and Modem Options. *B. Use Device Manager to identify any port resource conflicts. *C. Use the Routing and Remote Access snap-in to find out whether the ports are operational. D. Use the Diagnostics tab in Device Manager. E. Use the area code configuration utility. Explanation: When users cannot connect to a second modem, it is most likely a hardware configuration problem.

Windows 2000 Network Connections 413 5. Your network is not directly connected to the Internet, and uses the private IP address range of 192.168.0.0. You install Routing and Remote access. You can successfully dial into the server, but cannot access any resources. The ipconfig command shows the dial-up connection has been given the IP address of 169.254.75.182, and when you ping the server, you receive a "Request timed out" message. What is the best way to do this?

A. Ensure that the remote access server is able to connect to a DHCP server that has a scope for its subnet. B. Ensure that the remote access server is able to connect to a DNS server. C. Ensure that the remote access server is able to connect to a WINS server. D. Disable APIPA. E. Set up the DHCP server with a scope on a different network.

6. Your TCP/IP only network consists of ten subnets, 10 Windows 2000 domain controllers, 10 Windows 2000 member servers, and numerous Windows 2000 client computers. Two of the domain controllers are DNS servers, and you want client computers to be able to register and resolve addresses if a server fails. How should you configure the DNS servers so that all computers can resolve the address of all other computers by using DNS?

A. Configure at least two servers with Active Directory integrated primary zones for the domain. B. Configure at least two servers with Primary DNS zones for the domain. C. Configure at least two servers with Secondary DNS zones for the domain. D. Configure at least two servers with WINS. E. Put the DNS server on the same subnet as the Windows 2000 servers.

414 Chapter 6 5. Your network is not directly connected to the Internet, and uses the private IP address range of 192.168.0.0. You install Routing and Remote access. You can successfully dial into the server, but cannot access any resources. The ipconfig command shows the dial-up connection has been given the IP address of 169.254.75.182, and when you ping the server, you receive a "Request timed out" message. What is the best way to do this? *A. Ensure that the remote access server is able to connect to a DHCP server that has a scope for its subnet. B. Ensure that the remote access server is able to connect to a DNS server. C. Ensure that the remote access server is able to connect to a WINS server. D. Disable APIPA. E. Set up the DHCP server with a scope on a different network. Explanation: The 169.254.xx.xx IP range is APIPA, which is used when there is not a DHCP server present.

6. Your TCP/IP only network consists of ten subnets, 10 Windows 2000 domain controllers, 10 Windows 2000 member servers, and numerous Windows 2000 client computers. Two of the domain controllers are DNS servers, and you want client computers to be able to register and resolve addresses if a server fails. How should you configure the DNS servers so that all computers can resolve the address of all other computers by using DNS? *A. Configure at least two servers with Active Directory integrated primary zones for the domain. B. Configure at least two servers with Primary DNS zones for the domain. C. Configure at least two servers with Secondary DNS zones for the domain. D. Configure at least two servers with WINS. E. Put the DNS server on the same subnet as the Windows 2000 servers. Explanation: To allow DNS to function if a server fails, install 2 Active Directory primary zones.

Windows 2000 Network Connections 415 7. How do you configure a Group Policy so that future changes to the Group Policy will be applied within 15 minutes to any computers that are logged onto the network?

A. Enable and configure the Group Policy refresh interval for computers. B. Enable and configure the Group Policy refresh interval for OU's. C. Enable and configure the Group Policy refresh interval for domains. D. Enable and configure the refresh interval on each computer. E. All computers must be rebooted for changes to take effect.

8. Your network uses the TCP/IP protocol for its Windows 2000 Professional and Windows NT computers. You have one server that acts as both a WINS server and a DNS server. All the client computers are configured to use this server for DNS and WINS. Users of Windows NT Workstation cannot connect to a file server, but Windows 2000 Professional users can. This server has a static address of 192.168.1.11. How can you allow the Windows NT Workstation computer to connect to the file server?

A. Select Enable NetBIOS over TCP/IP. B. Add the WINS address used by the Windows NT Workstation computers. C. Select Disable NetBIOS over TCP/IP. D. Add the DNS address used by the Windows NT Workstation computers. E. Add the WINS address used by the Windows 2000 Professional computers.

416 Chapter 6 7. How do you configure a Group Policy so that future changes to the Group Policy will be applied within 15 minutes to any computers that are logged onto the network? *A. Enable and configure the Group Policy refresh interval for computers. B. Enable and configure the Group Policy refresh interval for OU's. C. Enable and configure the Group Policy refresh interval for domains. D. Enable and configure the refresh interval on each computer. E. All computers must be rebooted for changes to take effect. Explanation: The refresh interval will tell logged on computers to refresh their group policy.

8. Your network uses the TCP/IP protocol for its Windows 2000 Professional and Windows NT computers. You have one server that acts as both a WINS server and a DNS server. All the client computers are configured to use this server for DNS and WINS. Users of Windows NT Workstation cannot connect to a file server, but Windows 2000 Professional users can. This server has a static address of 192.168.1.11. How can you allow the Windows NT Workstation computer to connect to the file server? *A. Select Enable NetBIOS over TCP/IP. *B. Add the WINS address used by the Windows NT Workstation computers. C. Select Disable NetBIOS over TCP/IP. D. Add the DNS address used by the Windows NT Workstation computers. E. Add the WINS address used by the Windows 2000 Professional computers. Explanation: NetBIOS over TCP/IP should be enabled to allow NT Workstation computers to connect to the file server.

Windows 2000 Network Connections 417 9. Both of your domains are Active Directory domains that run in native mode. How can you see a list that shows which users are allowed to use remote access to your network?

A. Create a group named RAS_USERS. B. Add users who are permitted to dial in to the network to the RAS_USERS group. C. Create a remote access policy that allows only the RAS_USERS group to use the remote access server. D. Display the members of the RAS_USERS group. E. Create a remote access policy that allows all users to use the remote access server.

10. Your network is routed and uses TCP/IP as its only protocol. You have a single domain with Windows 2000 Professional and Windows NT Workstation computers. You install Gateway Service for NetWare on a Windows 2000 Server computer. You install a second network adapter on the gateway server. You want to configure the first adapter for communications to and from your Windows-based client computers exclusively. Which of the following should you select in the Local Area Connection Properties dialog box?

A. Client for Microsoft Networks B. File and Printer Sharing for Microsoft Networks C. Internet Protocol (TCP/IP) D. Gateway Service for NetWare E. IPX/SPX Transport Protocol

418 Chapter 6 9. Both of your domains are Active Directory domains that run in native mode. How can you see a list that shows which users are allowed to use remote access to your network? *A. Create a group named RAS_USERS. *B. Add users who are permitted to dial in to the network to the RAS_USERS group. *C. Create a remote access policy that allows only the RAS_USERS group to use the remote access server. *D. Display the members of the RAS_USERS group. E. Create a remote access policy that allows all users to use the remote access server. Explanation: Administration of RAS Users can be simplified with the use of a group to control access.

10. Your network is routed and uses TCP/IP as its only protocol. You have a single domain with Windows 2000 Professional and Windows NT Workstation computers. You install Gateway Service for NetWare on a Windows 2000 Server computer. You install a second network adapter on the gateway server. You want to configure the first adapter for communications to and from your Windows-based client computers exclusively. Which of the following should you select in the Local Area Connection Properties dialog box? *A. Client for Microsoft Networks *B. File and Printer Sharing for Microsoft Networks *C. Internet Protocol (TCP/IP) D. Gateway Service for NetWare E. IPX/SPX Transport Protocol Explanation: Client for Microsoft Networks, File and Printer Sharing for Microsoft Networks, and the TCP/IP protocol are all needed to connect to Windows-based client computers.

Windows 2000 Network Connections 419 11. You configure an HP JetDirect device with an IP address of 10.4.20.200/16. You want to create and share a printer at a domain controller with an IP address of 10.5.20.50/16 that is connected to the TCP/IP port of the print device. When you enter the IP address of the device, you receive an error message. What is the best way to do this?

A. Change the IP address of the print device to 10.5.20.200. B. Change the IP address of the print device to 10.4.20.200. C. Change the IP address of the print server to 10.5.20.20. D. Change the IP address of the print server to 10.4.20.200. E. Change the subnet mask to 255.0.0.0

12. You configure a remote access server on your TCP/IP network. When users connect to the server, they receive the error message: "IPX/SPX compatible CUSTOMIZED PACKAGE OF INTERNET EXPLORER reported error 733: The PPP control network protocol for the network protocol is not available". If the users allow the connection to continue, they are able to connect to services that use TCP/IP. How should you prevent this message from being displayed?

A. Configure the client computers to use only TCP/IP for the connection to the remote access server. B. Configure the client computers to use only IPX/SPX for the connection to the remote access server. C. Configure the client computers to use only NetBIOS for the connection to the remote access server. D. Configure the client computers to use both IPX/SPX and TCP/IP for the connection to the remote access server. E. Configure the client computers to use both TCP/IP and NetBIOS for the connection to the remote access server.

420 Chapter 6 11. You configure an HP JetDirect device with an IP address of 10.4.20.200/16. You want to create and share a printer at a domain controller with an IP address of 10.5.20.50/16 that is connected to the TCP/IP port of the print device. When you enter the IP address of the device, you receive an error message. What is the best way to do this? *A. Change the IP address of the print device to 10.5.20.200. B. Change the IP address of the print device to 10.4.20.200. C. Change the IP address of the print server to 10.5.20.20. D. Change the IP address of the print server to 10.4.20.200. E. Change the subnet mask to 255.0.0.0 Explanation: The IP Address of the device should be on the same subnet.

12. You configure a remote access server on your TCP/IP network. When users connect to the server, they receive the error message: "IPX/SPX compatible CUSTOMIZED PACKAGE OF INTERNET EXPLORER reported error 733: The PPP control network protocol for the network protocol is not available". If the users allow the connection to continue, they are able to connect to services that use TCP/IP. How should you prevent this message from being displayed? *A. Configure the client computers to use only TCP/IP for the connection to the remote access server. B. Configure the client computers to use only IPX/SPX for the connection to the remote access server. C. Configure the client computers to use only NetBIOS for the connection to the remote access server. D. Configure the client computers to use both IPX/SPX and TCP/IP for the connection to the remote access server. E. Configure the client computers to use both TCP/IP and NetBIOS for the connection to the remote access server. Explanation: Since TCP/IP is the only protocol you use, you should remove IPX/SPX from the remote access server.

Windows 2000 Network Connections 421 13. Your company consists of a main office and several branch offices. Each branch office has a private network with a 56-Kbps connection to the Internet. To provide each office with access to the Internet, you will use Network Address Translation. After configuration, you discover that connections cannot be made to sites by using the FQDN, but connections can be made by their IP address. What is the best way to do this?

A. Configure the computers on each of the branch office networks with the address of a DNS server on the Internet. B. Configure the computers on each of the branch office networks with the address of a DNS server on the Intranet. C. Configure the computers on each of the branch office networks with the address of a NAT server on the Internet. D. Configure the computers on each of the branch office networks with the address of a WINS server on the Internet. E. Configure the computers on each of the branch office networks with the address of the NAT server.

14. You are implementing a 140-node network. It should be divided into 10 subnets. Each subnet must be able to accommodate up to 14 nodes. How should you configure the IP addressing structure if your company's IP address is 194.194.194.0?

A. 194.194.194.0/28. B. 194.194.194.0/16. C. 194.194.194.0/32. D. 194.194.0.0/64. E. 194.194.0.0/14.

422 Chapter 6 13. Your company consists of a main office and several branch offices. Each branch office has a private network with a 56-Kbps connection to the Internet. To provide each office with access to the Internet, you will use Network Address Translation. After configuration, you discover that connections cannot be made to sites by using the FQDN, but connections can be made by their IP address. What is the best way to do this? *A. Configure the computers on each of the branch office networks with the address of a DNS server on the Internet. B. Configure the computers on each of the branch office networks with the address of a DNS server on the Intranet. C. Configure the computers on each of the branch office networks with the address of a NAT server on the Internet. D. Configure the computers on each of the branch office networks with the address of a WINS server on the Internet. E. Configure the computers on each of the branch office networks with the address of the NAT server. Explanation: Internet DNS Server addresses are needed to connect to the Internet.

14. You are implementing a 140-node network. It should be divided into 10 subnets. Each subnet must be able to accommodate up to 14 nodes. How should you configure the IP addressing structure if your company's IP address is 194.194.194.0? *A. 194.194.194.0/28. B. 194.194.194.0/16. C. 194.194.194.0/32. D. 194.194.0.0/64. E. 194.194.0.0/14. Explanation: 194.194.194.0/28 will accommodate the number of subnets and nodes you need.

Windows 2000 Network Connections 423 15. All subnets on your network use a /24 subnet addressing scheme. Your router that connects a subnet to the network has an IP address of 158.25.64.1. The next router in line has an IP address of 158.23.65.2. Which subnet mask and default gateway should you use to configure the client computer?

A. 255.255.255.0 158.25.64.1 B. 255.255.0.0 158.25.64.1 C. 255.255.255.0 158.23.65.2 D. 255.255.255.0 158.23.65.2 E. 255.0.0.0 158.25.64.1

16. Your network contains two routed subnets: Subnet A and Subnet B. Subnet B contains a Windows 2000 server configured as a DHCP server. This server has scopes created for both Subnet A and Subnet B. Subnet A does not contain a DHCP server. The clients on Subnet A are not receiving IP addresses from the DHCP server. What can you do to enable clients in Subnet A to receive dynamically assigned IP addresses?

A. Configure an RFC 1542-compliant router to forward BOOTP messaging between subnets. B. Configure an RFC 1560-compliant router to pass all UDP traffic on ports 2151, 2152, 2153 and 2154. C. Configure a DHCP relay agent on Subnet A to forward DHCP messages to Subnet B. D. Configure an RFC 1560-compliant router to pass all UDP traffic on ports 3151, 3152, 3153 and 3154. E. Configure a DHCP relay agent on Subnet B to forward DHCP messages to Subnet A.

424 Chapter 6 15. All subnets on your network use a /24 subnet addressing scheme. Your router that connects a subnet to the network has an IP address of 158.25.64.1. The next router in line has an IP address of 158.23.65.2. Which subnet mask and default gateway should you use to configure the client computer? *A. 255.255.255.0 158.25.64.1 B. 255.255.0.0 158.25.64.1 C. 255.255.255.0 158.23.65.2 D. 255.255.255.0 158.23.65.2 E. 255.0.0.0 158.25.64.1 Explanation: Based on the subnet

16. Your network contains two routed subnets: Subnet A and Subnet B. Subnet B contains a Windows 2000 server configured as a DHCP server. This server has scopes created for both Subnet A and Subnet B. Subnet A does not contain a DHCP server. The clients on Subnet A are not receiving IP addresses from the DHCP server. What can you do to enable clients in Subnet A to receive dynamically assigned IP addresses? *A. Configure an RFC 1542-compliant router to forward BOOTP messaging between subnets. *B. Configure an RFC 1560-compliant router to pass all UDP traffic on ports 2151, 2152, 2153 and 2154. *C. Configure a DHCP relay agent on Subnet A to forward DHCP messages to Subnet B. D. Configure an RFC 1560-compliant router to pass all UDP traffic on ports 3151, 3152, 3153 and 3154. E. Configure a DHCP relay agent on Subnet B to forward DHCP messages to Subnet A. Explanation: Either the router must pass BOOTP packets (UDP 2151 - 2154), or a DHCP relay agent must be installed on Subnet A.

Windows 2000 Network Connections 425 17. You use Network Address Translation to provide Internet access for the client machines on your network. You have a Windows 2000 Professional machine that you would like to use to establish a secure Virtual Private Networking session with another Windows 2000 machine at a remote office using L2TP. You are unable to establish an L2TP connection with the remote office, but are successful when you try to connect to another machine in the same office. Why are you unable to connect to the remote office?

A. You cannot establish a L2TP session behind a device performing NAT. B. The L2TP session fails because the IP Security packets have become corrupted. C. Your TCP/IP stack has become corrupted. Reinstall TCP/IP. D. Your computer is dropping packets. Check your network connections. E. The files your computer uses for security and encryption are missing. Reinstall the Security Pack.

426 Chapter 6 17. You use Network Address Translation to provide Internet access for the client machines on your network. You have a Windows 2000 Professional machine that you would like to use to establish a secure Virtual Private Networking session with another Windows 2000 machine at a remote office using L2TP. You are unable to establish an L2TP connection with the remote office, but are successful when you try to connect to another machine in the same office. Why are you unable to connect to the remote office? *A. You cannot establish a L2TP session behind a device performing NAT. *B. The L2TP session fails because the IP Security packets have become corrupted. C. Your TCP/IP stack has become corrupted. Reinstall TCP/IP. D. Your computer is dropping packets. Check your network connections. E. The files your computer uses for security and encryption are missing. Reinstall the Security Pack. Explanation: PPTP is the only protocol available to use for VPN through NAT.

Windows 2000 Network Connections 427 18. You must properly configure Internet Information Service (IIS) ports on your Windows 2000 server to meet the following requirements: You must configure the proper port so you can control a router via Telnet. You must configure the proper port so all clients can connect to a secure HTTP server. You must prevent users from accessing newsgroups. You must configure the proper port for HTTP service to all clients. You take the following actions: You open port 21 on the IIS server. You open port 80 on the IIS server. You block port 119 on the IIS server. You open port 23 on the IIS server. You open port 443 on the IIS server. Which requirements do the actions meet?

A. The IIS service is configured properly so all clients can use HTTP B. The IIS service is configured so the router can be configured via Telnet C. The IIS service is configured so all clients can connect to a secure HTTP server D. The IIS service is configured properly so all clients are prevented from accessing newsgroups E. The IIS service is configured so FTP is blocked.

428 Chapter 6 18. You must properly configure Internet Information Service (IIS) ports on your Windows 2000 server to meet the following requirements: You must configure the proper port so you can control a router via Telnet. You must configure the proper port so all clients can connect to a secure HTTP server. You must prevent users from accessing newsgroups. You must configure the proper port for HTTP service to all clients. You take the following actions: You open port 21 on the IIS server. You open port 80 on the IIS server. You block port 119 on the IIS server. You open port 23 on the IIS server. You open port 443 on the IIS server. Which requirements do the actions meet? *A. The IIS service is configured properly so all clients can use HTTP *B. The IIS service is configured so the router can be configured via Telnet *C. The IIS service is configured so all clients can connect to a secure HTTP server *D. The IIS service is configured properly so all clients are prevented from accessing newsgroups E. The IIS service is configured so FTP is blocked. Explanation: Port 21 is used for FTP. Port 23 is used for Telnet. Port 80 is used for HTTP. Port 119 is used for Newsgroups. Port 443 is used for Secure HTTP.

Windows 2000 Network Connections 429 19. You must implement a 140-node network. You must divide the network into 10 subnets and each subnet must be able to accommodate up to 14 nodes. How should you configure the IP addressing structure to allow for this configuration if the company's IP address is 194.194.194.0?

A. 194.194.194.0/25 B. 194.194.194.0/26 C. 194.194.194.0/27 D. 194.194.194.0/28 E. 194.194.194.0/24

20. You are the administrator for your company's Windows 2000 domain. You have several Windows 2000 Server computers that have the Windows Internet Name Service (WINS) installed. Your WINS servers have both dynamic and static mappings. Recently your NetBIOS name requests have experienced some problems. Upon investigation, you discover that some static WINS entries are causing problems for some dynamic entries. In the Replication Partners Properties dialog box, you check the Enable Migrate box. Which result does this action achieve?

A. It scavenges the WINS database B. It enables WINS to overwrite static records with dynamic records C. It deletes all dynamic mappings and allows only static mappings from this point forward D. It deletes all static mappings and allows only dynamic mappings from this point forward E. It enables WINS to overwrite dynamic records with static records

430 Chapter 6 19. You must implement a 140-node network. You must divide the network into 10 subnets and each subnet must be able to accommodate up to 14 nodes. How should you configure the IP addressing structure to allow for this configuration if the company's IP address is 194.194.194.0? A. 194.194.194.0/25 B. 194.194.194.0/26 C. 194.194.194.0/27 *D. 194.194.194.0/28 E. 194.194.194.0/24 Explanation: 194.194.194.0/28 will give you the number of subnets and nodes that you need.

20. You are the administrator for your company's Windows 2000 domain. You have several Windows 2000 Server computers that have the Windows Internet Name Service (WINS) installed. Your WINS servers have both dynamic and static mappings. Recently your NetBIOS name requests have experienced some problems. Upon investigation, you discover that some static WINS entries are causing problems for some dynamic entries. In the Replication Partners Properties dialog box, you check the Enable Migrate box. Which result does this action achieve? A. It scavenges the WINS database *B. It enables WINS to overwrite static records with dynamic records C. It deletes all dynamic mappings and allows only static mappings from this point forward D. It deletes all static mappings and allows only dynamic mappings from this point forward E. It enables WINS to overwrite dynamic records with static records Explanation: "Enable Migrate" allows WINS to overwrite static records with dynamic records.

Windows 2000 Network Connections 431 21. You are the administrator for a Windows 2000 network that is configured for remote access (RAS), Active Directory, and Group Policies. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. You are making configuration changes to the user account properties. You decide to set the Always Callback To option in the Properties dialog box. Why did you make this change?

A. To enable dial-in settings B. To disable dial-in settings C. To specify the telephone number that the user must dial in to D. To specify that the RAS server calls back the user to a specified telephone number E. To disable call back.

432 Chapter 6 21. You are the administrator for a Windows 2000 network that is configured for remote access (RAS), Active Directory, and Group Policies. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. You are making configuration changes to the user account properties. You decide to set the Always Callback To option in the Properties dialog box. Why did you make this change? A. To enable dial-in settings B. To disable dial-in settings C. To specify the telephone number that the user must dial in to *D. To specify that the RAS server calls back the user to a specified telephone number E. To disable call back. Explanation: The Always callback to forces the RAS server to call the user back at the same number. This is more secure.

Windows 2000 Network Connections 433 22. Your company has its central headquarters in downtown Los Angeles. It also has a small satellite office in the San Fernando Valley about thirty miles away. The satellite office only accepts payments. The main office has a Windows 2000 domain controller, two Windows 2000 member servers, and 75 Windows 2000 Professional workstations. The accounting software for the company runs completely on the domain controller. The satellite office has a single Windows 2000 Professional computer. You must configure the following functionality on the network: The employee in the satellite office must post payments only on the corporate network's accounting software. The connection to the corporate office from the satellite office must be very inexpensive. The satellite office must connect to the network through the Internet. Entire IP datagrams transferred from the satellite office to the corporate network must be encapsulated and encrypted to ensure data security. You take the following actions: You implement a Virtual Private Network (VPN) connection between the Windows 2000 domain controller and the Windows 2000 Professional workstation. You assign the satellite office user the appropriate permissions to connect and use the accounting software. You implement the VPN with the IPSec protocol using the ESP Tunnel Mode. You use a dial-up ISP to form the connections on both sides. Which requirements do the actions meet?

A. The satellite office connects to the network through the Intranet B. Entire IP datagrams are encapsulated and encrypted to ensure data security C. The connection to the corporate office from the satellite office is inexpensive D. The employee in the satellite office can post payments on the corporate network's accounting software E. The satellite office connects to the network through the Internet

434 Chapter 6 22. Your company has its central headquarters in downtown Los Angeles. It also has a small satellite office in the San Fernando Valley about thirty miles away. The satellite office only accepts payments. The main office has a Windows 2000 domain controller, two Windows 2000 member servers, and 75 Windows 2000 Professional workstations. The accounting software for the company runs completely on the domain controller. The satellite office has a single Windows 2000 Professional computer. You must configure the following functionality on the network: The employee in the satellite office must post payments only on the corporate network's accounting software. The connection to the corporate office from the satellite office must be very inexpensive. The satellite office must connect to the network through the Internet. Entire IP datagrams transferred from the satellite office to the corporate network must be encapsulated and encrypted to ensure data security. You take the following actions: You implement a Virtual Private Network (VPN) connection between the Windows 2000 domain controller and the Windows 2000 Professional workstation. You assign the satellite office user the appropriate permissions to connect and use the accounting software. You implement the VPN with the IPSec protocol using the ESP Tunnel Mode. You use a dial-up ISP to form the connections on both sides. Which requirements do the actions meet? A. The satellite office connects to the network through the Intranet *B. Entire IP datagrams are encapsulated and encrypted to ensure data security *C. The connection to the corporate office from the satellite office is inexpensive *D. The employee in the satellite office can post payments on the corporate network's accounting software *E. The satellite office connects to the network through the Internet Explanation: All given requirements have been met.

Windows 2000 Network Connections 435 23. You are the administrator for a Windows 2000 Server network. The network contains a Windows 2000 native-mode domain. The server is set to use the default remote access policy. You are setting up new user accounts on the domain. You want the Remote Access Permissions for the user accounts to be set to automatically allow access. How can you ensure this setting?

A. Do nothing. Allow access is the default setting B. Change the setting from Deny access to Allow access C. Change the setting from Deny remote access permission policy to Allow access D. Change the setting from Control access through Remote Access Policy to Allow access E. Change the setting to Change Access

24. You must implement a 17,000-node network. The network will consist of forty Windows 2000 domain controllers, twenty Windows 2000 servers, 60 Hewlett Packard 5SI printers, and 17,000 Windows 2000 Professional workstations. Your company has been assigned an IP address of 136.18.32.0. You expect the network to double in size to approximately 34 subnets with 1000 nodes per subnet in the next two years. How should you configure the IP addressing structure to allow for this configuration?

A. 136.18.32.0/20 B. 136.18.32.0/22 C. 136.18.32.0/24 D. 136.18.32.0/26 E. 136.18.32.0/28

436 Chapter 6 23. You are the administrator for a Windows 2000 Server network. The network contains a Windows 2000 native-mode domain. The server is set to use the default remote access policy. You are setting up new user accounts on the domain. You want the Remote Access Permissions for the user accounts to be set to automatically allow access. How can you ensure this setting? A. Do nothing. Allow access is the default setting B. Change the setting from Deny access to Allow access C. Change the setting from Deny remote access permission policy to Allow access *D. Change the setting from Control access through Remote Access Policy to Allow access E. Change the setting to Change Access Explanation: "Allow Access" will allow all new user accounts to be allowed access by default.

24. You must implement a 17,000-node network. The network will consist of forty Windows 2000 domain controllers, twenty Windows 2000 servers, 60 Hewlett Packard 5SI printers, and 17,000 Windows 2000 Professional workstations. Your company has been assigned an IP address of 136.18.32.0. You expect the network to double in size to approximately 34 subnets with 1000 nodes per subnet in the next two years. How should you configure the IP addressing structure to allow for this configuration? A. 136.18.32.0/20 *B. 136.18.32.0/22 C. 136.18.32.0/24 D. 136.18.32.0/26 E. 136.18.32.0/28 Explanation: 136.18.32.0/22 will give you the number of nodes and subnets you will need for your planned growth.

Windows 2000 Network Connections 437 25. You must add 4 Windows 2000 Server computers to your existing network. The network currently has 1 UNIX server, 25 Windows NT 4.0 servers, and 3 NetWare servers. There are 365 Windows 2000 Professional workstations, 400 Windows NT 4.0 Workstation computers, 600 Windows 98 computers, and 500 Windows 2000 laptop computers. You must configure the servers with the following requirements: You must allow the UNIX server to print to a printer controlled by one of the Windows 2000 servers. You must allow all client computers to access information on the NetWare servers. You must configure the Windows 2000 servers so the laptop users can dial in to the network. You must configure the Windows 2000 domain so it can still use the Windows NT 4.0 BDC's. You take the following actions: On all client computers, you install TCP/IP and NWLink. On the UNIX server, you install an RFC-compliant Line Printer Remote (LPR) service. On the Windows 2000 servers, you install Print Services for UNIX, the TCP/IP and NWLink protocols, and Gateway Services for NetWare (GSNW). In addition, you install Routing and Remote Access and configure it accordingly. You configure the Windows 2000 servers to run in mixed mode. Which requirements are met by the actions?

A. The Windows 2000 domain can still use the Windows NT 4.0 BDC's B. The UNIX server can print to the Windows 2000 servers' printers C. All client computers can access information on the NetWare servers D. The laptop users can dial in to the network via the Windows 2000 servers E. All client computers can access information on the Macintosh servers

438 Chapter 6 25. You must add 4 Windows 2000 Server computers to your existing network. The network currently has 1 UNIX server, 25 Windows NT 4.0 servers, and 3 NetWare servers. There are 365 Windows 2000 Professional workstations, 400 Windows NT 4.0 Workstation computers, 600 Windows 98 computers, and 500 Windows 2000 laptop computers. You must configure the servers with the following requirements: You must allow the UNIX server to print to a printer controlled by one of the Windows 2000 servers. You must allow all client computers to access information on the NetWare servers. You must configure the Windows 2000 servers so the laptop users can dial in to the network. You must configure the Windows 2000 domain so it can still use the Windows NT 4.0 BDC's. You take the following actions: On all client computers, you install TCP/IP and NWLink. On the UNIX server, you install an RFC-compliant Line Printer Remote (LPR) service. On the Windows 2000 servers, you install Print Services for UNIX, the TCP/IP and NWLink protocols, and Gateway Services for NetWare (GSNW). In addition, you install Routing and Remote Access and configure it accordingly. You configure the Windows 2000 servers to run in mixed mode. Which requirements are met by the actions? *A. The Windows 2000 domain can still use the Windows NT 4.0 BDC's *B. The UNIX server can print to the Windows 2000 servers' printers *C. All client computers can access information on the NetWare servers *D. The laptop users can dial in to the network via the Windows 2000 servers E. All client computers can access information on the Macintosh servers Explanation:

Windows 2000 Network Connections 439 26. Your existing TCP/IP network has an address of 194.194.194.0. The network consists of 2 subnets with 60 nodes on one segment and 40 nodes on the other segment. All nodes are either Windows 2000 servers, Windows 2000 Professional computers, or HP 8000 printers using JetDirect cards. There are 3 Windows 2000 domain controllers. You must configure the network as follows: You must properly subnet your network address. You must configure the Windows 2000 Professional computers so they are automatically configured with a valid IP address. You must minimize human error when configuring the computers with the networking information. You must configure the client computers so they can be moved to another subnet without any modifications. You take the following actions: You use the subnet of 194.194.194.0/26. You configure all Windows 2000 Professional computers as WINS clients. You configure all Windows 2000 domain controllers as WINS servers and properly configure them. Which requirements do the actions meet?

A. The network is properly subnetted B. The client computer can be moved to another subnet without any modifications C. Human error is minimized when configuring the computers with the networking information D. The Windows 2000 Professional client computers are automatically configured with a valid IP address E. None of the requirements are met

440 Chapter 6 26. Your existing TCP/IP network has an address of 194.194.194.0. The network consists of 2 subnets with 60 nodes on one segment and 40 nodes on the other segment. All nodes are either Windows 2000 servers, Windows 2000 Professional computers, or HP 8000 printers using JetDirect cards. There are 3 Windows 2000 domain controllers. You must configure the network as follows: You must properly subnet your network address. You must configure the Windows 2000 Professional computers so they are automatically configured with a valid IP address. You must minimize human error when configuring the computers with the networking information. You must configure the client computers so they can be moved to another subnet without any modifications. You take the following actions: You use the subnet of 194.194.194.0/26. You configure all Windows 2000 Professional computers as WINS clients. You configure all Windows 2000 domain controllers as WINS servers and properly configure them. Which requirements do the actions meet? *A. The network is properly subnetted B. The client computer can be moved to another subnet without any modifications C. Human error is minimized when configuring the computers with the networking information D. The Windows 2000 Professional client computers are automatically configured with a valid IP address E. None of the requirements are met Explanation: The subnetting of the network is the only requirement that is met.

Windows 2000 Network Connections 441 27. You are administering a Windows 2000 network. The network uses a DHCP server. The network contains Windows 2000 Server and Windows 2000 Professional computers. You are implementing DHCP leasing on new client computers. While testing the configurations, TCP/IP is initialized for the first time. This starts the DHCP lease process. What is the first step in this process?

A. DHCPACK B. DHCPNACK C. DHCPOFFER D. DHCPREQUEST E. DHCPDISCOVER

442 Chapter 6 27. You are administering a Windows 2000 network. The network uses a DHCP server. The network contains Windows 2000 Server and Windows 2000 Professional computers. You are implementing DHCP leasing on new client computers. While testing the configurations, TCP/IP is initialized for the first time. This starts the DHCP lease process. What is the first step in this process? A. DHCPACK B. DHCPNACK C. DHCPOFFER D. DHCPREQUEST *E. DHCPDISCOVER Explanation: DHCPDISCOVER discovers a DNS Server.

Windows 2000 Network Connections 443 28. You must configure a client's subnet mask and default gateway. All subnets on the network use a /24 subnet addressing scheme. The router that connects the subnet to the network has an IP address of 158.25.64.1. The next router in line has an IP address of 158.23.65.2. Which subnet mask and default gateway should you use to configure the client computer?

A. 255.255.0.0 158.25.64.1 B. 255.255.0.0 158.23.65.2 C. 255.255.255.0 158.25.64.1 D. 255.255.255.0 158.23.65.2 E. 255.255.255.0 158.24.65.2

444 Chapter 6 28. You must configure a client's subnet mask and default gateway. All subnets on the network use a /24 subnet addressing scheme. The router that connects the subnet to the network has an IP address of 158.25.64.1. The next router in line has an IP address of 158.23.65.2. Which subnet mask and default gateway should you use to configure the client computer? A. 255.255.0.0 158.25.64.1 B. 255.255.0.0 158.23.65.2 *C. 255.255.255.0 158.25.64.1 D. 255.255.255.0 158.23.65.2 E. 255.255.255.0 158.24.65.2 Explanation: The /24 subnet gives a subnet mask of 255.255.255.0, and the first router from the client is 158.25.64.1.

Windows 2000 Network Connections 445 29. You are the administrator for your company's Windows 2000 domain. Your network consists of a Windows 2000 Server Primary Domain Controller (PDC) and 200 Windows 2000 Professional client computers. The network uses static IP addresses. The network connects to the Internet over a T1 line, as shown below: You set up a Routing and Remote Access Server, named R1, on your domain to allow access to your Virtual Private Network (VPN) resources. Your company's salesmen use laptop computers while on the road. One of the salesmen can connect to the Internet through a local ISP and wants to connect to the company VPN. After configuring all of the appropriate components, he informs you that he cannot communicate with the VPN. From a Windows 2000 Professional client computer on the domain, you ping R1 and receive a reply. You then discover that another computer on the domain has the same IP address as R1. How might you have discovered this problem?

A. By using the RSH utility B. By using the Netsh utility C. By using the Telnet utility D. By using the IPCONFIG utility E. By using the TRACERT utility

446 Chapter 6 29. You are the administrator for your company's Windows 2000 domain. Your network consists of a Windows 2000 Server Primary Domain Controller (PDC) and 200 Windows 2000 Professional client computers. The network uses static IP addresses. The network connects to the Internet over a T1 line, as shown below: You set up a Routing and Remote Access Server, named R1, on your domain to allow access to your Virtual Private Network (VPN) resources. Your company's salesmen use laptop computers while on the road. One of the salesmen can connect to the Internet through a local ISP and wants to connect to the company VPN. After configuring all of the appropriate components, he informs you that he cannot communicate with the VPN. From a Windows 2000 Professional client computer on the domain, you ping R1 and receive a reply. You then discover that another computer on the domain has the same IP address as R1. How might you have discovered this problem? A. By using the RSH utility B. By using the Netsh utility C. By using the Telnet utility *D. By using the IPCONFIG utility E. By using the TRACERT utility Explanation: The IPCONFIG utility will identify this problem.

Windows 2000 Network Connections 447 30. You must implement a 250-node network. You must divide the network into 2 subnets and each subnet must not exceed 125 nodes. How should you configure the IP addressing structure to allow for this configuration if the company's IP address is 194.194.194.0?

A. 194.194.194.0/25 B. 194.194.194.0/26 C. 194.194.194.0/27 D. 194.194.194.0/28 E. 194.194.194.0/24

31. You are the administrator for a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network also uses a DHCP server. You are testing the DHCP lease process between the DHCP clients and the server. You receive a broadcast of a DHCPNACK on the DHCP client. When does this broadcast take place?

A. After the DHCPOFFER message is broadcast B. After the DHCPREQUEST message is broadcast C. When a client attempts to lease its previous IP address and the IP address is not longer available D. When the IP address is invalid because the client computer was moved to a different location within the subnet E. After the DHCPRENEW message is broadcast

448 Chapter 6 30. You must implement a 250-node network. You must divide the network into 2 subnets and each subnet must not exceed 125 nodes. How should you configure the IP addressing structure to allow for this configuration if the company's IP address is 194.194.194.0? *A. 194.194.194.0/25 B. 194.194.194.0/26 C. 194.194.194.0/27 D. 194.194.194.0/28 E. 194.194.194.0/24 Explanation: 194.194.194.0/25 will give you 2 subnets, not exceeding 125 nodes.

31. You are the administrator for a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network also uses a DHCP server. You are testing the DHCP lease process between the DHCP clients and the server. You receive a broadcast of a DHCPNACK on the DHCP client. When does this broadcast take place? A. After the DHCPOFFER message is broadcast B. After the DHCPREQUEST message is broadcast *C. When a client attempts to lease its previous IP address and the IP address is not longer available D. When the IP address is invalid because the client computer was moved to a different location within the subnet E. After the DHCPRENEW message is broadcast Explanation: The DHCPNACK broadcast occurs when the DHCP client can no longer use its previous IP address.

Windows 2000 Network Connections 449 32. You administer a domain on a Windows 2000 network. The network uses Active Directory, and contains a DNS server. The network consists of all Windows 2000 Server computers and Windows 2000 Professional client computers. You have decided to implement roaming user profiles. You came to this conclusion based on numerous complaints from users that wanted to access their files and folders from different computers. Which steps must you take to accomplish this task?

A. Create a shared folder on a server B. Create a read-only folder on a server C. Create a non-shared folder on a server D. From the Profile tab in the Properties dialog box of the user accounts, enter the path to a shared folder E. From the Profile tab in the Properties dialog box of the user accounts, enter the pat to a read-only folder

33. Your network has a Windows 2000 Active Directory server and a UNIX server. You must allow the UNIX server to print to a printer connected to the Active Directory server. How must you configure the network adapter on the LAN connection so this functionality is allowed on the Active Directory server?

A. Install the DLC protocol B. Install Print Services for UNIX C. Install TCP/IP D. Install Client for Microsoft Networks E. Install File and Print Sharing for Microsoft Networks

450 Chapter 6 32. You administer a domain on a Windows 2000 network. The network uses Active Directory, and contains a DNS server. The network consists of all Windows 2000 Server computers and Windows 2000 Professional client computers. You have decided to implement roaming user profiles. You came to this conclusion based on numerous complaints from users that wanted to access their files and folders from different computers. Which steps must you take to accomplish this task? *A. Create a shared folder on a server B. Create a read-only folder on a server C. Create a non-shared folder on a server *D. From the Profile tab in the Properties dialog box of the user accounts, enter the path to a shared folder E. From the Profile tab in the Properties dialog box of the user accounts, enter the pat to a read-only folder Explanation: Roaming Profiles require a shared folder on a server to be specified in the user's profile properties.

33. Your network has a Windows 2000 Active Directory server and a UNIX server. You must allow the UNIX server to print to a printer connected to the Active Directory server. How must you configure the network adapter on the LAN connection so this functionality is allowed on the Active Directory server? A. Install the DLC protocol *B. Install Print Services for UNIX *C. Install TCP/IP D. Install Client for Microsoft Networks E. Install File and Print Sharing for Microsoft Networks Explanation: Install IPX/SPX

Windows 2000 Network Connections 451 34. Your company has recently hired you to be the Windows 2000 network administrator. The network uses a DHCP server and Terminal Services. You must install a new network card in one of the Windows 2000 Server computers. You must then configure properties and settings after installing the device and the device drivers. What is the best way to accomplish this task?

A. Use the Installation CD B. Manually configure the settings C. Allow Windows 2000 to configure the settings D. Copy the settings from another network adapter E. Remove Terminal Services.

35. You are the administrator for a Windows 2000 network. The network is configured for Active Directory and Group Policies. You want to implement auditing on the network. You have enabled access to Active Directory objects. You now need to enable auditing for specific Active Directory objects. What must you access to enable these objects?

A. Event Viewer snap-in B. Security Configuration and Analysis snap-in C. Active Directory Sites and Services snap-in D. Active Directory Users and Computers snap-in E. Active Directory Domains and Trusts snap-in

452 Chapter 6 34. Your company has recently hired you to be the Windows 2000 network administrator. The network uses a DHCP server and Terminal Services. You must install a new network card in one of the Windows 2000 Server computers. You must then configure properties and settings after installing the device and the device drivers. What is the best way to accomplish this task? A. Use the Installation CD B. Manually configure the settings *C. Allow Windows 2000 to configure the settings D. Copy the settings from another network adapter E. Remove Terminal Services. Explanation: The best way to install new hardware is to allow Windows 2000 to configure the settings.

35. You are the administrator for a Windows 2000 network. The network is configured for Active Directory and Group Policies. You want to implement auditing on the network. You have enabled access to Active Directory objects. You now need to enable auditing for specific Active Directory objects. What must you access to enable these objects? A. Event Viewer snap-in B. Security Configuration and Analysis snap-in C. Active Directory Sites and Services snap-in *D. Active Directory Users and Computers snap-in E. Active Directory Domains and Trusts snap-in Explanation: The Active Directory Users and Computers snap-in would be used to implement auditing.

Windows 2000 Network Connections 453 36. You must connect a satellite office to the main office network using the Internet. At the main office, you will connect to a Windows 2000 server using a Windows 2000 Professional computer from the satellite office. How should you make the connection using the most secure method over the Internet?

A. Implement a VPN connection with the IP in IP (IP-IP) protocol B. Implement a VPN connection with the Point-to-Point Tunneling Protocol C. Implement a VPN connection with the Layer 2 Tunneling Protocol D. Implement a VPN connection with the PPTP protocol using IPSec Encapsulating Security payload Tunnel Mode E. Implement a VPN connection with the IPX/SPX Protocol

37. You must implement a 200-node network. You must divide the network into 4 subnets and each subnet must not exceed 60 nodes. How should you configure the IP addressing structure to allow for this configuration if the company's IP address is 194.194.194.0?

A. 194.194.194.0/25 B. 194.194.194.0/26 C. 194.194.194.0/27 D. 194.194.194.0/28 E. 194.194.194.0/24

454 Chapter 6 36. You must connect a satellite office to the main office network using the Internet. At the main office, you will connect to a Windows 2000 server using a Windows 2000 Professional computer from the satellite office. How should you make the connection using the most secure method over the Internet? A. Implement a VPN connection with the IP in IP (IP-IP) protocol B. Implement a VPN connection with the Point-to-Point Tunneling Protocol C. Implement a VPN connection with the Layer 2 Tunneling Protocol *D. Implement a VPN connection with the PPTP protocol using IPSec Encapsulating Security payload Tunnel Mode E. Implement a VPN connection with the IPX/SPX Protocol Explanation: PPTP using IPSec Encapsulating Security payload Tunnel Mode would be the most secure method.

37. You must implement a 200-node network. You must divide the network into 4 subnets and each subnet must not exceed 60 nodes. How should you configure the IP addressing structure to allow for this configuration if the company's IP address is 194.194.194.0? A. 194.194.194.0/25 *B. 194.194.194.0/26 C. 194.194.194.0/27 D. 194.194.194.0/28 E. 194.194.194.0/24 Explanation: 194.194.194.0/26 will allow 4 subnets with less than 60 nodes.

Windows 2000 Network Connections 455 38. You must implement a 1000-node network. The network will consist of four Windows 2000 domain controllers, two Windows 2000 servers, 3 Hewlett Packard 5SI printers, and 995 Windows 2000 Professional workstations. Your company has been assigned an IP address of 136.18.32.0. You expect the network to double in size to approximately 8 subnets with 250 nodes per subnet in the next two years. How should you configure the IP addressing structure to allow for this configuration so that no single subnet can have more than 300 nodes, but can accommodate at least 250 nodes?

A. 136.18.32.0/20 B. 136.18.32.0/22 C. 136.18.32.0/24 D. 136.18.32.0/26 E. 136.18.32.0/28

456 Chapter 6 38. You must implement a 1000-node network. The network will consist of four Windows 2000 domain controllers, two Windows 2000 servers, 3 Hewlett Packard 5SI printers, and 995 Windows 2000 Professional workstations. Your company has been assigned an IP address of 136.18.32.0. You expect the network to double in size to approximately 8 subnets with 250 nodes per subnet in the next two years. How should you configure the IP addressing structure to allow for this configuration so that no single subnet can have more than 300 nodes, but can accommodate at least 250 nodes? A. 136.18.32.0/20 B. 136.18.32.0/22 *C. 136.18.32.0/24 D. 136.18.32.0/26 E. 136.18.32.0/28 Explanation: 136.18.32.0/24 will allow between 250 and 300 nodes.

Windows 2000 Network Connections 457 39. You are the administrator for a Windows 2000 network. The company consists of the corporate office located in Miami, Florida, and branch offices located in Daytona, Florida and Mobile, Alabama. The Miami office recently added a new Windows 2000 Server computer with remote access enabled and 40 Windows 2000 Professional client computers. The Daytona office houses 1 Windows NT 3.51 remote access enabled server computer and 20 Windows 98 client computers. The Mobile office houses 1 Windows NT 3.51 remote access enabled server computer and 10 Windows 98 client computers. From the Miami office, you attempt a Point-to-Point Protocol (PPP) conversation with the server at the Daytona office. You receive no response. You attempt the same PPP conversation with the server at the Mobile office. Again, you receive no response. What may be the problem?

A. The servers at the Miami and Mobile offices are not configured to use PPP B. The servers at the Daytona and Mobile offices are not configured to use PPP C. The PPP conversations are not configured to access the servers at the Daytona and Miami offices D. The PPP conversations do not support conversations with the operating systems on the servers at the Miami and Mobile offices E. The servers at the Daytona and Mobile offices are not configured to use IPX/SPX

458 Chapter 6 39. You are the administrator for a Windows 2000 network. The company consists of the corporate office located in Miami, Florida, and branch offices located in Daytona, Florida and Mobile, Alabama. The Miami office recently added a new Windows 2000 Server computer with remote access enabled and 40 Windows 2000 Professional client computers. The Daytona office houses 1 Windows NT 3.51 remote access enabled server computer and 20 Windows 98 client computers. The Mobile office houses 1 Windows NT 3.51 remote access enabled server computer and 10 Windows 98 client computers. From the Miami office, you attempt a Point-to-Point Protocol (PPP) conversation with the server at the Daytona office. You receive no response. You attempt the same PPP conversation with the server at the Mobile office. Again, you receive no response. What may be the problem? A. The servers at the Miami and Mobile offices are not configured to use PPP *B. The servers at the Daytona and Mobile offices are not configured to use PPP C. The PPP conversations are not configured to access the servers at the Daytona and Miami offices D. The PPP conversations do not support conversations with the operating systems on the servers at the Miami and Mobile offices E. The servers at the Daytona and Mobile offices are not configured to use IPX/SPX Explanation: PPP must be configured on the servers.

Windows 2000 Network Connections 459

Notes:

460 Chapter 6 40. You must share the C:\user data folder on a Windows 2000 server. The C: partition of the Windows 2000 drive is an NTFS partition. The name of the Windows 2000 server is Server1. You have created three Windows 2000 groups on the server named Employees, Board Members, and IT Staff. John is a member of the Users group and the IT Staff group. Mark is a member of the Board Members group. Max is a member of the Employees group and the Users group. Bob is a member of the IT Staff group and the Board Members group. You must share the folder and file so the following users have access to the share: Mark must have read-only access to the folder when he accesses the folder remotely. Max must be able to modify the contents of the folder when he accesses the folder remotely. John must be able to take ownership of the folder when he is logged on to the server. Bob must be able to add files to the folder when he accesses the folder remotely. The permissions for each group are shown below: Which users have appropriate access to the folder?

A. Max B. Bob C. John D. Mark E. None of the users will have the appropriate access

Windows 2000 Network Connections 461

462 Chapter 6 40. You must share the C:\user data folder on a Windows 2000 server. The C: partition of the Windows 2000 drive is an NTFS partition. The name of the Windows 2000 server is Server1. You have created three Windows 2000 groups on the server named Employees, Board Members, and IT Staff. John is a member of the Users group and the IT Staff group. Mark is a member of the Board Members group. Max is a member of the Employees group and the Users group. Bob is a member of the IT Staff group and the Board Members group. You must share the folder and file so the following users have access to the share: Mark must have read-only access to the folder when he accesses the folder remotely. Max must be able to modify the contents of the folder when he accesses the folder remotely. John must be able to take ownership of the folder when he is logged on to the server. Bob must be able to add files to the folder when he accesses the folder remotely. The permissions for each group are shown below: Which users have appropriate access to the folder? A. Max *B. Bob *C. John *D. Mark E. None of the users will have the appropriate access Explanation: Max will not have Change access to the folder.

Windows 2000 Network Connections 463 41. You have configured your local network with IP addresses from 10.0.0.1 through 10.40.0.1. You want to give your internal clients Internet access via NAT. Your Windows 2000 Server has an internal and external adapter with a demand-dial connection and RRAS. Which of the following must still be completed in order to enable NAT on the Server?

A. reassign all internal addresses to a private IP range B. load the NAT protocol C. associate NAT with the local interface D. associate NAT with the Internet interface E. bind a second IP address to the Server's interface and configure one IP address as internal and the other as external

464 Chapter 6 41. You have configured your local network with IP addresses from 10.0.0.1 through 10.40.0.1. You want to give your internal clients Internet access via NAT. Your Windows 2000 Server has an internal and external adapter with a demand-dial connection and RRAS. Which of the following must still be completed in order to enable NAT on the Server? A. reassign all internal addresses to a private IP range *B. load the NAT protocol *C. associate NAT with the local interface *D. associate NAT with the Internet interface E. bind a second IP address to the Server's interface and configure one IP address as internal and the other as external Explanation: You must load NAT and bind it to the internal and external adapters. Although you must use a private IP range for internal clients, IP addresses in the 10.x.x.x range are already private. Answer "reassign all internal addresses to a private IP range", therefore, is incorrect. You cannot use a single network adapter with two IP addresses for NAT, so answer "bind a second IP address to the Server's interface and configure one IP address as internal and the other as external" is incorrect.

Windows 2000 Network Connections 465 42. You are configuring a Windows 2000 Server with NAT via ICS. The clients on the network are all running Windows 2000 Professional. The network you are working on uses an IP address range of 172.16.0.1 through 172.16.0.254, which were manually assigned. After ICS is installed, none of the internal clients can access the Windows 2000 Server. Which of the following is the most likely problem?

A. a private IP address range must be used. B. the server must be upgraded to a domain controller. C. the DNS proxy services cannot contact the ISP. D. the Windows 2000 Server with NAT is no longer on the same network as the internal clients. E. AUTODHCP has failed.

466 Chapter 6 42. You are configuring a Windows 2000 Server with NAT via ICS. The clients on the network are all running Windows 2000 Professional. The network you are working on uses an IP address range of 172.16.0.1 through 172.16.0.254, which were manually assigned. After ICS is installed, none of the internal clients can access the Windows 2000 Server. Which of the following is the most likely problem? A. a private IP address range must be used. B. the server must be upgraded to a domain controller. C. the DNS proxy services cannot contact the ISP. *D. the Windows 2000 Server with NAT is no longer on the same network as the internal clients. E. AUTODHCP has failed. Explanation: When you install NAT via ICSb the internal LAN adapter is automatically changed to an IP address of 192.168.0.1. Therefore, no internal clients (using 172.16.0.x addresses) will be able to communicate with the server. The proposed solution is to change all internal clients to the 192.168.0.x network. Answer "a private IP address range must be used" doesn't address the problem, and both 172.16.0.x and 192.168.0.x are within private ranges. You should not use a domain controller for NAT, so answer "the server must be upgraded to a domain controller" is incorrect. Communications between the ISP and Windows 2000 DNS proxy are not relevant to an internal communication problem between the clients and server, so answer "the DNS proxy services cannot contact the ISP" is incorrect. AUTODHCP doesn't apply to this problem because it is stated that clients are using a set range of addresses that were manually assigned.

Windows 2000 Network Connections 467 43. Your LAN has 75 internal clients and 25 external clients. Some of the external clients must make secure connections across a VPN. The clients have already been configured to support VPN communications and the internal Windows 2000 Server has been configured to support that VPN. Which of the following types of encryption and encapsulation does Windows 2000 support?

A. MD4 B. RC4 with EAP-TLS C. PGP D. GRE E. L2TP over IPSec

468 Chapter 6 43. Your LAN has 75 internal clients and 25 external clients. Some of the external clients must make secure connections across a VPN. The clients have already been configured to support VPN communications and the internal Windows 2000 Server has been configured to support that VPN. Which of the following types of encryption and encapsulation does Windows 2000 support? *A. MD4 *B. RC4 with EAP-TLS C. PGP *D. GRE *E. L2TP over IPSec Explanation: Windows 2000 uses RC4 streaming cipher encryption, which employs the MD4 algorithm. Extensible Authentication Protocol-Transport Level Security (EAPTLS) is an addition to the Windows 2000 VPN support, which allows for certificates. The Generic Routing Encapsulation (GRE) protocol is used by the Point-to-Point Tunneling Protocol (PPTP) to encapsulate encrypted communications into PPP frames for VPN connections. L2TP over IPSec is another VPN protocol that encrypts/decrypts packets. The PGP (pretty good privacy) algorithm is not part of the VPN supported encryption techniques of Windows 2000.

Windows 2000 Network Connections 469 44. Your network security group is discussing a WAN link between a host in Atlanta, GA with IP address 192.168.1.1 and a host in New York, NY with IP address 192.168.1.79. The clients are connected via a T1 line through a telephone carrier. Your group is considering several security options, including PPTP. There seems to be confusion over the types of encryption that a Windows 2000 PPTP connection can support. Which of the following types of encryption are available in Windows 2000 for PPTP connections?

A. 40-bit RC4 cipher B. 64-bit RC4 cipher C. 128-bit RC4 cipher D. CIFS E. SMB

470 Chapter 6 44. Your network security group is discussing a WAN link between a host in Atlanta, GA with IP address 192.168.1.1 and a host in New York, NY with IP address 192.168.1.79. The clients are connected via a T1 line through a telephone carrier. Your group is considering several security options, including PPTP. There seems to be confusion over the types of encryption that a Windows 2000 PPTP connection can support. Which of the following types of encryption are available in Windows 2000 for PPTP connections? *A. 40-bit RC4 cipher B. 64-bit RC4 cipher *C. 128-bit RC4 cipher D. CIFS E. SMB Explanation: PPTP connections allow for 40- or 128-bit RC4 cipher encryption. The 128-bit is allowed in North America and the 40-bit is for other international locations. Thus far a 64-bit RC4 is not available. The Common Internet File System (CIFS) doesn't support encryption and neither does the Server Message Block (SMB) protocol.

Windows 2000 Network Connections 471 45. The network you are working on uses a private IP address 192.168.1.0 with a 27-bit subnet mask. The Windows 2000 server you are troubleshooting has two network cards. One is using the IP address of 192.168.1.33, connected to three UNIX systems, and the other is using 192.168.1.65, connected to three Windows 2000 Professional systems. The Windows 2000 system is unable to communicate with two of the UNIX systems to which it connects with the 192.168.1.33 network card. The first UNIX host is using IP address 192.168.1.32 with mask 255.255.255.224 and the second is using IP address 192.168.1.63 with mask 255.255.255.224. Both UNIX hosts are using 192.168.1.33 as their default gateway. Why is the Windows 2000 Server unable to communicate with these two systems?

A. DNS name resolution is not configured correctly B. the UNIX hosts are using an incorrect subnet mask C. the UNIX hosts are using invalid IP addresses D. the Windows 2000 Server is using an invalid IP address E. the default gateways are set incorrectly

472 Chapter 6 45. The network you are working on uses a private IP address 192.168.1.0 with a 27-bit subnet mask. The Windows 2000 server you are troubleshooting has two network cards. One is using the IP address of 192.168.1.33, connected to three UNIX systems, and the other is using 192.168.1.65, connected to three Windows 2000 Professional systems. The Windows 2000 system is unable to communicate with two of the UNIX systems to which it connects with the 192.168.1.33 network card. The first UNIX host is using IP address 192.168.1.32 with mask 255.255.255.224 and the second is using IP address 192.168.1.63 with mask 255.255.255.224. Both UNIX hosts are using 192.168.1.33 as their default gateway. Why is the Windows 2000 Server unable to communicate with these two systems? A. DNS name resolution is not configured correctly B. the UNIX hosts are using an incorrect subnet mask *C. the UNIX hosts are using invalid IP addresses D. the Windows 2000 Server is using an invalid IP address E. the default gateways are set incorrectly Explanation: All hosts are using a 27-bit subnet mask, which is 255.255.255.224 in decimal format. The valid ranges for a 27-bit mask go in 32-bit increments, but you cannot use the bottom or top of the range for host IP addresses. Therefore, on the subnet 192.168.1.32 the valid ranges are 192.168.1.33 through 192.168.1.62, which means that 192.168.1.32 and 192.168.1.63 are invalid addresses. There is nothing incorrect about the implementation of a 27-bit subnet mask and there isn't enough information to determine whether name resolution is a problem at this point. Give the configuration of the network; the UNIX hosts should be using the Windows 2000 Server's 192.168.1.33 network card as their default gateway. In order to answer this question, you must understand IP subnet masking.

Windows 2000 Network Connections 473 46. A network administration team is installing five new Windows 2000 Servers to support users on your network. The existing network uses DHCP to configure client addresses, but all servers must have statically configured addresses according to company policy. Review the network configuration as shown in the table below: Network Router Interface Number of hosts 192.168.1.16/28 192.168.1.17 13 192.168.1.32/28 192.168.1.33 10 192.168.1.48/28 192.168.1.49 13 192.168.1.64/28 192.168.1.65 12 The network administration team decides to install two Windows 2000 Servers on 192.168.0.48, which is the most heavily used subnet. The team also decides to add one Windows 2000 Server on each of the rest of the subnets. The Windows 2000 Server configurations that the team has agreed upon are as follows: Server Name On network Default Gateway spec1.corp.net 192.168.1.16 192.168.1.17 spec2.corp.net 192.168.1.32 192.168.1.33 spec3.corp.net 192.168.1.48 192.168.1.49 spec4.corp.net 192.168.1.48 192.168.1.65 spec5.corp.net 192.168.1.64 192.168.1.65 Based on the implementation plan, which of the following problems will the team encounter?

A. incorrect default gateway for spec5.corp.net B. incorrect default gateway for spec4.corp.net C. incorrect IP address on subnet 192.168.1.16 D. incorrect IP address on subnet 192.168.1.32 E. incorrect IP address on subnet 192.168.1.48

474 Chapter 6 46. A network administration team is installing five new Windows 2000 Servers to support users on your network. The existing network uses DHCP to configure client addresses, but all servers must have statically configured addresses according to company policy. Review the network configuration as shown in the table below: Network Router Interface Number of hosts 192.168.1.16/28 192.168.1.17 13 192.168.1.32/28 192.168.1.33 10 192.168.1.48/28 192.168.1.49 13 192.168.1.64/28 192.168.1.65 12 The network administration team decides to install two Windows 2000 Servers on 192.168.0.48, which is the most heavily used subnet. The team also decides to add one Windows 2000 Server on each of the rest of the subnets. The Windows 2000 Server configurations that the team has agreed upon are as follows: Server Name On network Default Gateway spec1.corp.net 192.168.1.16 192.168.1.17 spec2.corp.net 192.168.1.32 192.168.1.33 spec3.corp.net 192.168.1.48 192.168.1.49 spec4.corp.net 192.168.1.48 192.168.1.65 spec5.corp.net 192.168.1.64 192.168.1.65 Based on the implementation plan, which of the following problems will the team encounter? A. incorrect default gateway for spec5.corp.net *B. incorrect default gateway for spec4.corp.net C. incorrect IP address on subnet 192.168.1.16 D. incorrect IP address on subnet 192.168.1.32 *E. incorrect IP address on subnet 192.168.1.48 Explanation: The network administration team is planning to place two servers on a subnet (192.168.1.48) that has only one more valid IP address available, so it is likely that the team will see an IP address error on that subnet. The team has also mistakenly configured spec4.corp.net with an incorrect default gateway. The address of the default gateway should be 192.168.1.49 for that host. The rest of the configuration plan should work correctly.

Windows 2000 Network Connections 475 47. Your mail server can send mail to the Internet, but it cannot receive inbound mail. The network uses a NAT server with a dial-up connection to your ISP. You check the DNS A records and MX records for your mail server and they are configured with the mail server's IP address. Which of the following would correct the problem?

A. promote the NAT server to a domain controller B. change the NAT server's dial-up connection to remain active C. change the Internet DNS records for the mail server to reflect the IP address of the NAT server D. change the IP address of the mail server to be the same as the NAT server E. change the IP address of the NAT server to be the same as the mail server

48. Your VPN connection is configured to utilize L2TP over IPSec encryption. A firewall is used between the connection points of the VPN to protect the internal network. The VPN doesn't seem to be functioning through the firewall and you suspect that necessary ports are being filtered by the firewall. Which port should be enabled to allow L2TP over IPSec communications?

A. Port 21 B. Port 1701 C. Port 1723 D. Port 23 E. Port 53

476 Chapter 6 47. Your mail server can send mail to the Internet, but it cannot receive inbound mail. The network uses a NAT server with a dial-up connection to your ISP. You check the DNS A records and MX records for your mail server and they are configured with the mail server's IP address. Which of the following would correct the problem? A. promote the NAT server to a domain controller B. change the NAT server's dial-up connection to remain active *C. change the Internet DNS records for the mail server to reflect the IP address of the NAT server D. change the IP address of the mail server to be the same as the NAT server E. change the IP address of the NAT server to be the same as the mail server Explanation: The NAT server is sending mail on behalf of the mail server. The NAT server should also receive mail on behalf of the mail server. The NAT server is most likely preventing the packets from entering the network. Since the NAT is working on behalf of the mail server, you can modify the Internet DNS address of your mail server to reflect the NAT address so that mail will be sent to that server. Then, the NAT server can receive and forward the mail through the mail server. You should not place NAT and domain controller functions on the same server. You also should not make two different IP hosts have the same IP address on the network or communication problems will occur. Also, making the dial-up connection continuous will not solve the IP addressing problem that is occurring.

48. Your VPN connection is configured to utilize L2TP over IPSec encryption. A firewall is used between the connection points of the VPN to protect the internal network. The VPN doesn't seem to be functioning through the firewall and you suspect that necessary ports are being filtered by the firewall. Which port should be enabled to allow L2TP over IPSec communications? A. Port 21 *B. Port 1701 C. Port 1723 D. Port 23 E. Port 53 Explanation: UDP port 1701 is used for L2TP over IPSec communications. Port 21 is for FTP communications. Port 1723 is used for PPTP communications. Port 23 is for Telnet communications. Port 53 is for DNS communications.

Windows 2000 Network Connections 477 49. You are configuring a NAT server, and you are about to configure the static inbound ports. You have an internal NNTP, SMTP, POP3, and Web server that you want external clients and servers to be able to contact. For which well known ports must you configure UDP/TCP port and IP address pairs?

A. Port 25 B. Port 110 C. Port 119 D. Port 23 E. Port 80

50. You have just installed a new DHCP server on a Windows 2000 member server to provide addresses on the network. You notice that clients are not able to lease addresses from the server, even though it has the proper scope configurations for the network. You can ping the DHCP server by IP address and server name from each segment on the network and the routers are RFC 1542 compliant. What is the most likely problem?

A. Routers are filtering communications over Port 23 B. WINS records are incorrect C. DNS records are incorrect D. You have not authorized the DHCP server E. The exclusion range has not been set

478 Chapter 6 49. You are configuring a NAT server, and you are about to configure the static inbound ports. You have an internal NNTP, SMTP, POP3, and Web server that you want external clients and servers to be able to contact. For which well known ports must you configure UDP/TCP port and IP address pairs? *A. Port 25 *B. Port 110 *C. Port 119 D. Port 23 *E. Port 80 Explanation: The well-known port numbers are as follows: NNTP: 119, POP3: 110, SMTP: 25, and HTTP (Web): 80. Port 23 is the well-known port number for telnet.

50. You have just installed a new DHCP server on a Windows 2000 member server to provide addresses on the network. You notice that clients are not able to lease addresses from the server, even though it has the proper scope configurations for the network. You can ping the DHCP server by IP address and server name from each segment on the network and the routers are RFC 1542 compliant. What is the most likely problem? A. Routers are filtering communications over Port 23 B. WINS records are incorrect C. DNS records are incorrect *D. You have not authorized the DHCP server E. The exclusion range has not been set Explanation: To prevent rogue DHCP servers from disrupting your network, Windows 2000 requires you to "authorize" your DHCP server on the network. You can do so via the Active Directory Sites and Services application by right-clicking the server and then selecting Authorize from the resulting context menu. Port 23 is for telnet communications. Name resolution problems such as DNS or WINS would not affect the DHCP leasing process. Exclusion ranges limit DHCP addressing and would not be a way to fix this problem.

Windows 2000 Network Connections 479 51. Your network originally had 250 IP hosts with dynamically assigned IP addresses. These clients are using IP addresses from 192.168.1.1 - 192.168.1.254 with subnet mask 255.255.255.0. Recently, another group of systems had to be added to your physical network, but they were to have different IP addresses from 192.168.2.1 through 192.168.2.254. The two logical networks do not need to communicate, but you want to be able to use a single DHCP server to service both sets of clients. How should you configure the DHCP server to handle this configuration?

A. create a scope with addresses 192.168.1.0 and another with 192.168.2.0 B. create a superscope with addresses 192.168.1.0 and 192.168.2.0 C. create a multicast scope D. create a scope with addresses 192.168.1.0 and exclude addresses with 192.168.2.0 E. create a scope with address 192.168.0.0 and exclude addresses of 192.168.1.0 and 192.168.2.0

480 Chapter 6 51. Your network originally had 250 IP hosts with dynamically assigned IP addresses. These clients are using IP addresses from 192.168.1.1 - 192.168.1.254 with subnet mask 255.255.255.0. Recently, another group of systems had to be added to your physical network, but they were to have different IP addresses from 192.168.2.1 through 192.168.2.254. The two logical networks do not need to communicate, but you want to be able to use a single DHCP server to service both sets of clients. How should you configure the DHCP server to handle this configuration? A. create a scope with addresses 192.168.1.0 and another with 192.168.2.0 *B. create a superscope with addresses 192.168.1.0 and 192.168.2.0 C. create a multicast scope D. create a scope with addresses 192.168.1.0 and exclude addresses with 192.168.2.0 E. create a scope with address 192.168.0.0 and exclude addresses of 192.168.1.0 and 192.168.2.0 Explanation: A superscope is used to combine different subnets into a single scope that can be serviced by a DHCP server. A scope is for addresses that conform to the same subnet. It wouldn't be possible to create a scope for one subnet and then exclude addresses from the other. Furthermore, excluding addresses means that they will be excluded from the lease process. Multicasts scopes are for addresses between 224.0.0.0 and 239.255.255.255.

Windows 2000 Network Connections 481 52. You run a network with 1500 clients. On that network there are three UNIX servers running DNS. Your DNS administrators do not want to abandon the DNS servers, but they have agreed to use the DNS servers as a backup to your Windows 2000 DNS server. You have just installed a DHCP server on another Windows 2000 Server, but you haven't configured that system yet. Goals To integrate the Windows 2000 DNS Server and UNIX DNS servers To allow the DHCP Server to update DNS server To allow Windows 2000 clients to update the DNS server To prevent unauthorized clients from updating the server Proposed Solution Install DNS on the Windows 2000 Server. Configure the DNS server with a Standard Primary zone. Enable dynamic updates. Configure the Windows 2000 DNS to send secondary zone updates to the UNIX DNS servers. Which of the following will be provided by the proposed solution?

A. To integrate the Windows 2000 DNS Server and UNIX DNS servers B. To allow the DHCP Server to update DNS server C. To allow Windows 2000 clients to update the DNS server D. To prevent unauthorized clients from updating the server

482 Chapter 6 52. You run a network with 1500 clients. On that network there are three UNIX servers running DNS. Your DNS administrators do not want to abandon the DNS servers, but they have agreed to use the DNS servers as a backup to your Windows 2000 DNS server. You have just installed a DHCP server on another Windows 2000 Server, but you haven't configured that system yet. Goals To integrate the Windows 2000 DNS Server and UNIX DNS servers To allow the DHCP Server to update DNS server To allow Windows 2000 clients to update the DNS server To prevent unauthorized clients from updating the server Proposed Solution Install DNS on the Windows 2000 Server. Configure the DNS server with a Standard Primary zone. Enable dynamic updates. Configure the Windows 2000 DNS to send secondary zone updates to the UNIX DNS servers. Which of the following will be provided by the proposed solution? *A. To integrate the Windows 2000 DNS Server and UNIX DNS servers B. To allow the DHCP Server to update DNS server *C. To allow Windows 2000 clients to update the DNS server D. To prevent unauthorized clients from updating the server Explanation: If you configure the UNIX systems as secondary servers to the Windows 2000 Server, you have integrated them. If you allow dynamic updates, you are allowing Windows 2000 clients to update the DNS server. There was no mention of authorizing the DHCP server, which would have allowed the DHCP server to update the DNS server. There was also no mention of enabling secure updates, which would have prevented unauthorized clients from updating the server.

Windows 2000 Network Connections 483 53. You are enabling an internal Web site for users to visit. You are using HTTP because all systems have Web browsers, but not all can use NetBIOS share syntax. You want to make it possible for clients to see your files and folders for shares on which you don't have a default document. Which of the following types of access must you enable to allow this?

A. Script source access B. Write C. Directory browsing D. Read E. Execute

54. You are running a mixed network of Windows 2000 and Windows NT systems. The Windows NT PDC has been replaced with a Windows 2000 domain controller and all of the necessary trust relationships have been configured. However, your clients do not support dynamic update, so you have installed a DHCP server to provide updates on behalf of your legacy clients. You are currently using a Standard Primary DNS domain with dynamic updates enabled. You want to enable Secure Dynamic Updates to increase security, but still allow your legacy clients to register their resource records in DNS. Which of the following tasks must you complete to ensure that your clients will be able to register their names and you will be able to enable secure dynamic updates?

A. Upgrade all of your clients to Windows 2000 B. Authorize your DHCP server C. Change your zone to Active Directory integrated D. Create a standard secondary zone E. Enable Updates for DNS Clients that Do Not Support Dynamic Updates on the DHCP server

484 Chapter 6 53. You are enabling an internal Web site for users to visit. You are using HTTP because all systems have Web browsers, but not all can use NetBIOS share syntax. You want to make it possible for clients to see your files and folders for shares on which you don't have a default document. Which of the following types of access must you enable to allow this? A. Script source access B. Write *C. Directory browsing D. Read E. Execute Explanation: If you enable directory browsing, Web users will be able to see your directory structure if there is no default document on your shared folder. For external clients you typically do not want to enable this option because it could give potential hackers information to help them compromise your Web share.

54. You are running a mixed network of Windows 2000 and Windows NT systems. The Windows NT PDC has been replaced with a Windows 2000 domain controller and all of the necessary trust relationships have been configured. However, your clients do not support dynamic update, so you have installed a DHCP server to provide updates on behalf of your legacy clients. You are currently using a Standard Primary DNS domain with dynamic updates enabled. You want to enable Secure Dynamic Updates to increase security, but still allow your legacy clients to register their resource records in DNS. Which of the following tasks must you complete to ensure that your clients will be able to register their names and you will be able to enable secure dynamic updates? A. Upgrade all of your clients to Windows 2000 *B. Authorize your DHCP server *C. Change your zone to Active Directory integrated D. Create a standard secondary zone *E. Enable Updates for DNS Clients that Do Not Support Dynamic Updates on the DHCP server Explanation: You can only enable secure dynamic updates on a system running an Active Directory integrated zone. You can then enable the DHCP server to enable updates for your legacy clients. Also, your DHCP server must be authorized in Active Directory in order to function properly. Installing a standard secondary zone will not help and upgrading all clients to Windows 2000 is not required.

Windows 2000 Network Connections 485 55. You are running IIS services on your Windows 2000 Server for five different companies. Each company has its own IP address and domain name registered on the Internet. Your Windows 2000 Server is connected to the Internet via a DSL link. Your client companies and their domain names are shown in the table below. Company Web Address XCorp xraysite.net YCorp yescorp.org ZCorp zsite.com SCorp thespot.com QCorp qcorp.com Although all Web sites are actually loaded on your single Windows 2000 Server, your clients want their businesses to be accessed separately. They are sharing your companies IP address on the Internet. How could you provide separate identities for all of these companies on your single Web server?

A. You cannot do this because each site would require a separate IP address B. Create one site for all of the .com addresses and separate sites for the .net and .org C. Add five network adapters to your system D. Configure five different dial-up connections over your T1 E. Create virtual sites for each company

486 Chapter 6 55. You are running IIS services on your Windows 2000 Server for five different companies. Each company has its own IP address and domain name registered on the Internet. Your Windows 2000 Server is connected to the Internet via a DSL link. Your client companies and their domain names are shown in the table below. Company Web Address XCorp xraysite.net YCorp yescorp.org ZCorp zsite.com SCorp thespot.com QCorp qcorp.com Although all Web sites are actually loaded on your single Windows 2000 Server, your clients want their businesses to be accessed separately. They are sharing your companies IP address on the Internet. How could you provide separate identities for all of these companies on your single Web server? A. You cannot do this because each site would require a separate IP address B. Create one site for all of the .com addresses and separate sites for the .net and .org C. Add five network adapters to your system D. Configure five different dial-up connections over your T1 *E. Create virtual sites for each company Explanation: In the situation described above, you can create five different virtual sites one for each company. You would then be sure to register their domain names with your Web server and have the DNS records for those Web addresses pointed at your server. Web requests over the HTTP 1.1 protocol allow your IIS system to determine which site to load when the client Web browsers send their requests. Based on the domain name that is contained in the Web address, the appropriate Web site will be loaded.

Windows 2000 Network Connections 487 56. You are configuring a separate domain tree in your forest. A DNS standard primary zone is installed on your forest root domain controller named server1.domain1.com. You are attempting to load server2 as a separate domain controller for a domain tree named domain2.local. You want to install that domain tree into the forest created by domain1.com. Server2 is running as a secondary DNS to server1. You have tested to see that you can ping from server2 to domain1.com and server1.domain1.com and vice versa and everything appears to be working properly. However, you continue to see an error message that tells you the domain controller for domain1.com cannot be located as you are trying to install Active Directory. Which of the following is the most likely problem?

A. a domain tree cannot be installed in an existing forest B. netlogon.dns doesn't exist C. the service locator records are not in DNS D. you must configure a WINS server E. the cache.dns file is missing

488 Chapter 6 56. You are configuring a separate domain tree in your forest. A DNS standard primary zone is installed on your forest root domain controller named server1.domain1.com. You are attempting to load server2 as a separate domain controller for a domain tree named domain2.local. You want to install that domain tree into the forest created by domain1.com. Server2 is running as a secondary DNS to server1. You have tested to see that you can ping from server2 to domain1.com and server1.domain1.com and vice versa and everything appears to be working properly. However, you continue to see an error message that tells you the domain controller for domain1.com cannot be located as you are trying to install Active Directory. Which of the following is the most likely problem? A. a domain tree cannot be installed in an existing forest B. netlogon.dns doesn't exist *C. the service locator records are not in DNS D. you must configure a WINS server E. the cache.dns file is missing Explanation: You must absolutely have the service locator (SRV) records in DNS when you are trying to install a domain controller into another domain tree or forest. The necessary entries exist in the netlogon.dns file, but you must ensure those records are added to the DNS server. If you are using a standard primary or secondary zone, DNS is not automatically configured for dynamic updates, so the records from netlogon.dns will not be loaded unless you either manually enter then or enable dynamic updates on your DNS server. WINS has nothing to do with this situation. The cache.dns file is used for querying Internet domain names. You can install domain trees in existing forests.

Windows 2000 Network Connections 489 57. You have installed two network cards on your Windows 2000 Server. You don't want external users to be able to resolve names of your internal clients, but you do want your internal clients to be able to use your DNS server. One of your network cards is attached to the internal network and the other is routed to the Internet. The internal IP address is 192.168.1.1/24 and the external is 12.39.139.188/24. What can you do to prevent your server from resolving names for external clients?

A. remove your default gateway from both NICs B. configure the DNS server to listen on all IP addresses C. configure the DNS server to allow only secure updates D. configure PPTP E. configure your DNS server to listen on 192.168.1.1

58. As the network administrator, you have successfully installed a new member server running Windows 2000 Server in the nwtraders.msft domain. You now want to make this server a standard secondary DNS server for the nwtraders.msft zone. What would be the best method to do so?

A. Run Dcpromo then use the Network applet in Control Panel to install the DNS service. B. Use Add/Remove Programs in Control Panel to add the DNS service and add the nwtraders.msft zone as a standard secondary zone. C. Run Dcpromo, and then use Add/Remove Programs in Control Panel to add the DNS service and add the nwtraders.msft zone as standard secondary zone. D. Use Add/Remove Programs in Control Panel to add the DNS service, then reboot the machine and add the nwtraders.msft zone as a standard secondary zone.

490 Chapter 6 57. You have installed two network cards on your Windows 2000 Server. You don't want external users to be able to resolve names of your internal clients, but you do want your internal clients to be able to use your DNS server. One of your network cards is attached to the internal network and the other is routed to the Internet. The internal IP address is 192.168.1.1/24 and the external is 12.39.139.188/24. What can you do to prevent your server from resolving names for external clients? A. remove your default gateway from both NICs B. configure the DNS server to listen on all IP addresses C. configure the DNS server to allow only secure updates D. configure PPTP *E. configure your DNS server to listen on 192.168.1.1 Explanation: If you configure your DNS server to listen on a specific IP address, it will not listen on other IP addresses. Therefore, your DNS server will not answer queries on 12.39.139.188 if it is configured to listen on 192.168.1.1. By default the configuration is to listen on all IP addresses. Removing the default gateway will only cause your system routing trouble. Configuring your system for secure updates won't help because that is for Dynamic DNS, not DNS queries. Enabling PPTP doesn't have anything to do with disabling DNS services on an external adapter.

58. As the network administrator, you have successfully installed a new member server running Windows 2000 Server in the nwtraders.msft domain. You now want to make this server a standard secondary DNS server for the nwtraders.msft zone. What would be the best method to do so? A. Run Dcpromo then use the Network applet in Control Panel to install the DNS service. *B. Use Add/Remove Programs in Control Panel to add the DNS service and add the nwtraders.msft zone as a standard secondary zone. C. Run Dcpromo, and then use Add/Remove Programs in Control Panel to add the DNS service and add the nwtraders.msft zone as standard secondary zone. D. Use Add/Remove Programs in Control Panel to add the DNS service, then reboot the machine and add the nwtraders.msft zone as a standard secondary zone. Explanation: The DNS server does not have to be a domain controller unless it will hold an Active Directory integrated zone. You don't have to reboot the server when you add the DNS server service. Windows 2000 Advanced Server help files: DNS servers, installing.

Windows 2000 Network Connections 491 59. RADIUS is used to create distributed dial-up networks that are vendor-independent. Which of the following statements is true?

A. Windows 2000 can be a RADIUS client but not a RADIUS server. B. Windows 2000 can be a RADIUS server but not a RADIUS client. C. Windows 2000 can be both a RADIUS server and client. D. Windows 2000 can be neither a RADIUS server nor client.

60. L2TP is similar to PPTP in that it is designed to create an encrypted tunnel through an untrusted network. How does L2TP differ from PPTP?

A. PPTP provides tunneling and encryption, L2TP provides encryption but relies on other technologies to provide the tunnel. B. PPTP provides tunneling and encryption, L2TP provides tunneling but relies on other technologies to provide the encryption. C. L2TP provides tunneling and encryption, PPTP provides encryption but relies on other technologies to provide the tunnel. D. L2TP provides tunneling and encryption, PPTP provides tunneling but relies on other technologies to provide the encryption

492 Chapter 6 59. RADIUS is used to create distributed dial-up networks that are vendor-independent. Which of the following statements is true? A. Windows 2000 can be a RADIUS client but not a RADIUS server. B. Windows 2000 can be a RADIUS server but not a RADIUS client. *C. Windows 2000 can be both a RADIUS server and client. D. Windows 2000 can be neither a RADIUS server nor client. Explanation: A computer running Windows 2000 can be configured to be a RADIUS client or a RADIUS server, or both. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Configuring and Troubleshooting Windows 2000 Network Connections.

60. L2TP is similar to PPTP in that it is designed to create an encrypted tunnel through an untrusted network. How does L2TP differ from PPTP? A. PPTP provides tunneling and encryption, L2TP provides encryption but relies on other technologies to provide the tunnel. *B. PPTP provides tunneling and encryption, L2TP provides tunneling but relies on other technologies to provide the encryption. C. L2TP provides tunneling and encryption, PPTP provides encryption but relies on other technologies to provide the tunnel. D. L2TP provides tunneling and encryption, PPTP provides tunneling but relies on other technologies to provide the encryption Explanation: L2TP provides tunneling but not encryption. It relies on other encryption technologies, such as IPSec, to provide the security on the tunnel. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Configuring and Troubleshooting Windows 2000 Network Connections.

Windows 2000 Network Connections 493 61. When examining the key differences between PPTP and L2TP, which of the following statements are true?

A. L2TP supports header compression, PPTP does not. B. L2TP supports tunnel authentication, PPTP does not. C. L2TP can use IPSec for encryption, PPTP does not. D. L2TP requires an IP based transit network, PPTP does not.

62. What is the maximum number of characters a callback number can have on a server in a domain in native mode?

A. 12 Characters B. 15 Characters C. 128 Characters D. unlimited Characters E. 8 Characters

494 Chapter 6 61. When examining the key differences between PPTP and L2TP, which of the following statements are true? *A. L2TP supports header compression, PPTP does not. *B. L2TP supports tunnel authentication, PPTP does not. C. L2TP can use IPSec for encryption, PPTP does not. D. L2TP requires an IP based transit network, PPTP does not. Explanation: PPTP requires an IP-based network. L2TP requires that the tunnel support packet-oriented, point-to-point connectivity. It does not need to be IP-based. PPTP does not support header compression, while L2TP does. Not only that, but with header compression enabled, L2TP carries a smaller overhead than PPTP (four bytes for L2TP, six for PPTP). L2TP supports tunnel authentication and uses IPSec for encryption. PPTP uses PPP encryption and does not support tunnel authentication. However, it is important to note that PPTP can use IPSec simultaneously with PPP for encryption. This will allow IPSec to provide tunnel authentication. However, note that performance will be dramatically negatively affected.

62. What is the maximum number of characters a callback number can have on a server in a domain in native mode? A. 12 Characters B. 15 Characters C. 128 Characters *D. unlimited Characters E. 8 Characters Explanation: If the RAS server is a member of a domain in native mode, a callback number can have unlimited characters. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Configuring and Troubleshooting Windows 2000 Network Connections

Windows 2000 Network Connections 495 63. What is the maximum number of characters a callback number can have on a server in a domain running in mixed mode?

A. 12 Characters B. 15 Characters C. 128 Characters D. unlimited Characters E. 8 Characters

64. Which of the following conditions does Remote Access Policy cover?

A. Multilink B. Windows Groups C. Day and Time Restrictions D. Authentication

496 Chapter 6 63. What is the maximum number of characters a callback number can have on a server in a domain running in mixed mode? A. 12 Characters B. 15 Characters *C. 128 Characters D. unlimited Characters E. 8 Characters Explanation: If the RAS server is a member of a domain running in mixed mode, a callback number can have no more than 128 characters. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Configuring and Troubleshooting Windows 2000 Network Connections

64. Which of the following conditions does Remote Access Policy cover? A. Multilink *B. Windows Groups *C. Day and Time Restrictions D. Authentication Explanation: There are a number of conditions that can be set by Remote Access Policy. If you set more than one condition, all conditions must be met by the connection for the connection to be allowed. Included in these conditions are Windows Groups, but not individual users, the service type, the framed protocol, and day and time restrictions. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Configuring and Troubleshooting Windows 2000 Network Connections

Windows 2000 Network Connections 497 65. When a user logs on remotely for the first time using a smart card or other vendorsupplied authentication method, how should this process be done?

A. The user should log onto the computer locally and then use a dial-in connection to gain access to the domain controller. B. The user should use a pre-configured dial-in connection from the logon dialog box. C. The user should log onto the computer locally, use a dial-in connection to authenticate the vendor-supplied method, and then use a separate dial-in connection to establish access to the server. D. The user should use a pre-configured dial-in connection from the logon dialog box to authenticate to the vendor-supplied method. After logon, the user should use a dial-in connection to authenticate to the server.

66. Under which of the following conditions can a smart card not be used?

A. When a user is joining his computer to a domain. B. When a user is changing desktop or other environment settings. C. When a user is promoting a server to a domain controller. D. When a user is configuring a remote access connection.

498 Chapter 6 65. When a user logs on remotely for the first time using a smart card or other vendorsupplied authentication method, how should this process be done? A. The user should log onto the computer locally and then use a dial-in connection to gain access to the domain controller. *B. The user should use a pre-configured dial-in connection from the logon dialog box. C. The user should log onto the computer locally, use a dial-in connection to authenticate the vendor-supplied method, and then use a separate dial-in connection to establish access to the server. D. The user should use a pre-configured dial-in connection from the logon dialog box to authenticate to the vendor-supplied method. After logon, the user should use a dial-in connection to authenticate to the server. Explanation: The user should use a pre-configured dial-in connection from the logon dialog box. This will enable domain policy to be applied. Otherwise, with no domain policy, the connection will be refused. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Implementing, Monitoring and Troubleshooting Security

66. Under which of the following conditions can a smart card not be used? *A. When a user is joining his computer to a domain. B. When a user is changing desktop or other environment settings. *C. When a user is promoting a server to a domain controller. *D. When a user is configuring a remote access connection. Explanation: A smart card cannot be used when a user is joining his or her computer to a domain, when a user is performing administrative tasks, such as promoting a server to a domain controller, or when a user is configuring a remote access connection. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000. Exam Category: Implementing, Monitoring and Troubleshooting Security

Windows 2000 Network Connections 499 67. Which of the following authentication protocols are used for network authentication in and between Windows 2000 domains?

A. L2TP B. BAP C. IPSec D. Kerberos v5 E. NTLM

68. You have configured an RRAS server for your network. Several users have begun to use the RRAS server. One of your remote users, Ted, told you that he has two laptops configured for dial-in access. Each laptop has his account name and password stored locally. Ted tells you that he had to send one of those laptops in for repairs. Ted has stated that no one should be dialing into the RRAS server using his laptop from anywhere but his house. Ted also has a custom application that you connect to periodically via IP for diagnostics. You want to make it so Ted can only establish a remote session from his home phone number and ensure that you don't have to check Ted's IP address every time you have to run diagnostics. Which options must you configure?

A. Verify Caller-ID B. No Callback C. Set by Caller D. Always Callback to E. Assign a Static IP Address

500 Chapter 6 67. Which of the following authentication protocols are used for network authentication in and between Windows 2000 domains? A. L2TP B. BAP C. IPSec *D. Kerberos v5 *E. NTLM Explanation: There are only two choices for authentication in a network situation with Windows 2000 - Kerberos v5 (which is the default for Windows 2000) and NTLM (which was the default for Windows NT 4.0). Reference: Microsoft Windows 2000 Server Resource Kit. Exam Category: Implementing, Monitoring and Troubleshooting Security

68. You have configured an RRAS server for your network. Several users have begun to use the RRAS server. One of your remote users, Ted, told you that he has two laptops configured for dial-in access. Each laptop has his account name and password stored locally. Ted tells you that he had to send one of those laptops in for repairs. Ted has stated that no one should be dialing into the RRAS server using his laptop from anywhere but his house. Ted also has a custom application that you connect to periodically via IP for diagnostics. You want to make it so Ted can only establish a remote session from his home phone number and ensure that you don't have to check Ted's IP address every time you have to run diagnostics. Which options must you configure? *A. Verify Caller-ID B. No Callback C. Set by Caller D. Always Callback to *E. Assign a Static IP Address Explanation: The verify caller-ID option allows you to set a specific number from which a user can connect. If you select assign a static IP address, you can be sure that a dial-in client receives the same IP address whenever that client dials-in. You only need the callback or set by caller options if your RAS server is expected to disconnect the client and then call the client back, which was not mentioned in the question.

Windows 2000 Network Connections 501 69. When running in safe mode, which of the following components are not available under System Information?

A. System Summary B. Hardware Resources C. Components D. Software Environment E. Internet Explorer 5

70. You have configured an RRAS server to handle your client requests for remote access. You have also enabled IAS and configured your Windows 2000 to support RADIUS. You know that using IAS gives you a larger selection of options in the Remote Access Policy. Which of the following Remote Access Policy conditions should only be used if you have a Windows 2000 Server with IAS installed and functioning as a RADIUS server?

A. Client-IP-Address B. Day-and-Time Restrictions C. Called-Station ID D. NAS-IP-Address E. Client-Friendly-Name

502 Chapter 6 69. When running in safe mode, which of the following components are not available under System Information? A. System Summary *B. Hardware Resources C. Components D. Software Environment E. Internet Explorer 5 Explanation: When running in safe mode, hardware information is not available. Information is limited to components and software information. Reference: Microsoft Windows 2000 Server Resource Kit.

70. You have configured an RRAS server to handle your client requests for remote access. You have also enabled IAS and configured your Windows 2000 to support RADIUS. You know that using IAS gives you a larger selection of options in the Remote Access Policy. Which of the following Remote Access Policy conditions should only be used if you have a Windows 2000 Server with IAS installed and functioning as a RADIUS server? *A. Client-IP-Address B. Day-and-Time Restrictions C. Called-Station ID *D. NAS-IP-Address *E. Client-Friendly-Name Explanation: All NAS options are related to IAS, which is the Windows 2000 implementation of RADIUS. Client-IP-Address and Client-Friendly-Name options are also related to IAS and they indicate the required IAS client IP address and friendly name.

Windows 2000 Network Connections 503 71. You are running a RRAS server to provide remote access to your Windows 2000 Professional clients that dial in. Most of the users are sales associates that dial-in from the U.S. and Canada. You have configured the RRAS server to obtain IP addresses from the DHCP server, which has been working quite well. The IP addresses that are used on the network are part of the 199.124.55.0 network. However, recently the DHCP server was offline for a couple of days due to a hardware problem. Several clients have called to tell you that their IP addresses no longer allow them to connect to the Internet. You check the IP addresses that were assigned to these clients and see that they are from the Windows 2000 automatic private IP address range. How did this happen?

A. the RRAS server was offline B. the routing table of the RRAS server is incorrectly configured C. the DHCP server scope is corrupted D. when the DHCP server was offline, the RRAS server leased those addresses E. RRAS does not integrate with DHCP

72. Which of the following new protocols supported by Windows 2000 allows for the client and server to negotiate the authentication method they will use to connect remotely?

A. EAP B. RADIUS C. L2TP D. BAP

504 Chapter 6 71. You are running a RRAS server to provide remote access to your Windows 2000 Professional clients that dial in. Most of the users are sales associates that dial-in from the U.S. and Canada. You have configured the RRAS server to obtain IP addresses from the DHCP server, which has been working quite well. The IP addresses that are used on the network are part of the 199.124.55.0 network. However, recently the DHCP server was offline for a couple of days due to a hardware problem. Several clients have called to tell you that their IP addresses no longer allow them to connect to the Internet. You check the IP addresses that were assigned to these clients and see that they are from the Windows 2000 automatic private IP address range. How did this happen? A. the RRAS server was offline B. the routing table of the RRAS server is incorrectly configured C. the DHCP server scope is corrupted *D. when the DHCP server was offline, the RRAS server leased those addresses E. RRAS does not integrate with DHCP Explanation: If an RRAS server is supposed to call a DHCP server to obtain addresses for its clients, but the server cannot contact the DHCP server, then addresses from the automatic private range are used instead. While the DHCP server was offline, the RRAS still had to lease addresses, so it used automatic private addressing. RRAS does integrate with DHCP. There is no specific evidence that the DHCP scope is corrupted or that the RRAS has incorrect routing table entries. If the RRAS server was offline, the dial-in clients wouldn't have been able to connect.

72. Which of the following new protocols supported by Windows 2000 allows for the client and server to negotiate the authentication method they will use to connect remotely? *A. EAP B. RADIUS C. L2TP D. BAP Explanation: EAP (Extensible Authentication Protocol) allows the client and the remote access server to negotiate the authentication method that will be used. EAP supports authentication by using generic token cards, MD5-CHAP and TLS (Transport Layer Security). Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000.

Windows 2000 Network Connections 505 73. The default Remote Access Policy is set to deny remote access permission. If you delete the default policy and do not implement any policy, what is the effect on remote users?

A. All users will be able to dial into the server, regardless of whether or not their individual dial-in permission is set to allow access. B. Only users with dial-in permission will be allowed access. C. Only domain members with dial-in permission will be allowed access. Users from trusted domains will be denied access. D. All users will be denied access, regardless of whether or not their individual dialin permission allows it.

74. In a mixed mode environment, what happens with the default remote access policy?

A. Default policy overrides dial-in permission. B. Default policy is applied prior to dial-in permission. C. Default policy is overridden by dial-in permission. D. There is no default policy in mixed mode.

506 Chapter 6 73. The default Remote Access Policy is set to deny remote access permission. If you delete the default policy and do not implement any policy, what is the effect on remote users? A. All users will be able to dial into the server, regardless of whether or not their individual dial-in permission is set to allow access. B. Only users with dial-in permission will be allowed access. C. Only domain members with dial-in permission will be allowed access. Users from trusted domains will be denied access. *D. All users will be denied access, regardless of whether or not their individual dial-in permission allows it. Explanation: RRAS requires that the conditions of at least one policy be met. If there is no policy in place, all connections will be refused, whether or not the individual has dial-in permissions. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000.

74. In a mixed mode environment, what happens with the default remote access policy? A. Default policy overrides dial-in permission. B. Default policy is applied prior to dial-in permission. *C. Default policy is overridden by dial-in permission. D. There is no default policy in mixed mode. Explanation: Default policy is overridden by dial-in permission in a mixed mode environment. This is because the option "Control Access through Remote Access Policy," is not available in mixed mode. However, it is important to note that if a policy has been configured for RAS, it will still be applied to users. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000.

Windows 2000 Network Connections 507 75. When configuring applications for terminal services, when do you use the "change user" command?

A. When a single-user application is going to be used in conjunction with terminal services. B. When installing the application uses another method than a setup program. C. When the user-specific registry settings are not being propagated as needed. D. When a single-user application has to be used in a multi-user environment.

76. Which of the following statements are true regarding applications in a Terminal Services environment?

A. Applications that do not run on Windows 2000 will not run in a multi-user environment on Terminal server. B. Windows-based 32-bit applications run more efficiently than 16-bit applications. C. Applications that normally would not run on Windows 2000 may be configured to run on Terminal server. D. 16-bit applications can reduce the number of users supported by as much as 40%.

508 Chapter 6 75. When configuring applications for terminal services, when do you use the "change user" command? A. When a single-user application is going to be used in conjunction with terminal services. *B. When installing the application uses another method than a setup program. C. When the user-specific registry settings are not being propagated as needed. D. When a single-user application has to be used in a multi-user environment. Explanation: The "change user" command is used only when an application is being installed using a method other than running a setup program. An example of this is when Internet Explorer prompts installation of an add-on application. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000.

76. Which of the following statements are true regarding applications in a Terminal Services environment? *A. Applications that do not run on Windows 2000 will not run in a multi-user environment on Terminal server. *B. Windows-based 32-bit applications run more efficiently than 16-bit applications. C. Applications that normally would not run on Windows 2000 may be configured to run on Terminal server. *D. 16-bit applications can reduce the number of users supported by as much as 40%. Explanation: Applications that will not run on Windows 2000 will not run on Terminal Services either. 32-bit applications will run more efficiently than 16-bit applications because they will take advantage of 32-bit hardware and operating systems. 16-bit applications can impact the performance of the terminal server by reducing the number of users that the processor can support by as much as 40%, and increase memory usage by user by as much as 50%. Reference: Microsoft Official Curriculum 1560 Updating Support Skills From Microsoft Windows NT to Microsoft Windows 2000.

Windows 2000 Network Connections 509 77. You have installed a Windows 2000 Server and are using it to run Terminal Services. Fifteen Windows 2000 Professional clients are connected to your server as terminal clients. These clients must have access to a NetWare 4.11 server for file and printer sharing. The NetWare system is not running IP. The Windows 2000 Server and all of its clients are running TCP/IP. Goals Ensure that the terminal clients can connect to the NetWare Server Minimize the installation of software on the client systems Minimize the installation of software on the NetWare server Minimize administrative configuration Proposed Solution Install NWLink on your Windows 2000 Server running Terminal Services and configure IPX/SPX with an 802.2 frame type. Install the client for NetWare networks on the Windows 2000 Server and each client. Ensure that at least 15 additional licenses exist on the NetWare system. Which of your goals were met?

A. Ensure that the terminal clients can connect to the NetWare Server B. Minimize the installation of software on the client systems C. Minimize the installation of software on the NetWare server D. Minimize administrative configuration of client systems

510 Chapter 6 77. You have installed a Windows 2000 Server and are using it to run Terminal Services. Fifteen Windows 2000 Professional clients are connected to your server as terminal clients. These clients must have access to a NetWare 4.11 server for file and printer sharing. The NetWare system is not running IP. The Windows 2000 Server and all of its clients are running TCP/IP. Goals Ensure that the terminal clients can connect to the NetWare Server Minimize the installation of software on the client systems Minimize the installation of software on the NetWare server Minimize administrative configuration Proposed Solution Install NWLink on your Windows 2000 Server running Terminal Services and configure IPX/SPX with an 802.2 frame type. Install the client for NetWare networks on the Windows 2000 Server and each client. Ensure that at least 15 additional licenses exist on the NetWare system. Which of your goals were met? *A. Ensure that the terminal clients can connect to the NetWare Server B. Minimize the installation of software on the client systems *C. Minimize the installation of software on the NetWare server D. Minimize administrative configuration of client systems Explanation: There was no need to install the NetWare client on the Terminal Services client systems. Installing the NetWare client on the Windows 2000 Server running Terminal Services would have been enough. Therefore, the proposed solution didn't minimize installation or administrative configuration of the client systems. If the proposed solution read, "do nothing to the client systems," then those goals would have been met. There was no need to install additional items on the NetWare server and nothing was done to the NetWare server in the proposed solution, so the goal to minimize installation of software to the NetWare server was met. Installing NWLink and configuring the proper frame type and then installing the NetWare client on the Windows 2000 Server means that the Windows 2000 Server running Terminal Services and its clients will be able to connect to the NetWare 4.11 server.

Windows 2000 Network Connections 511 78. What is an application compatibility script used for?

A. To configure a single-user application to run in multi-user mode. B. To make an application that normally would not run on Windows 2000 run with Windows 2000 Terminal Services. C. To modify an application to function better in a multi-user environment. D. To test the compatibility of an application in a terminal services environment.

79. You are considering which of the Remote Access Protocols that can be used with Windows 2000 to implement on your network. Which of the following statements about the various Remote Access Protocols are true?

A. PPTP supports header compression. B. L2TP uses MPPE encryption. C. PPP supports tunnel authentication. D. SLIP transmits authentication passwords only as clear text.

512 Chapter 6 78. What is an application compatibility script used for? A. To configure a single-user application to run in multi-user mode. B. To make an application that normally would not run on Windows 2000 run with Windows 2000 Terminal Services. *C. To modify an application to function better in a multi-user environment. D. To test the compatibility of an application in a terminal services environment. Explanation: Application compatibility scripts, included with Terminal Services, modify applications to function better in a multi-user environment by modifying global registry settings and disabling functions that might decrease system performance.

79. You are considering which of the Remote Access Protocols that can be used with Windows 2000 to implement on your network. Which of the following statements about the various Remote Access Protocols are true? *A. PPTP supports header compression. B. L2TP uses MPPE encryption. C. PPP supports tunnel authentication. *D. SLIP transmits authentication passwords only as clear text. Explanation:

Windows 2000 Network Connections 513 80. You are the Remote-User Network Support engineer for BDG Company. The Chief Executive Officer has purchased a new laptop that he uses when on the road and has a docking station with a Network Interface Adapter and ZIP drive attached when he works in his office. The laptop is running Windows 2000 Professional. You must configure two separate hardware profiles in order to support the docked and undocked states of the Windows 2000 Professional laptop. You log on to the Windows 2000 Professional laptop, as an administrator, while the machine is undocked. You then proceed to open Control Panel, launch the System configuration tool, and open the Hardware Profiles configuration window. You copy the existing hardware profile to a new profile. After changing the new hardware profile to reflect a "docked" setting, you close out of the Hardware Profiles configuration Window and immediately use Device Manager to Disable the Modem and built-in Network Interface Adapter of the Windows 2000 Professional laptop. You then log off of the Windows 2000 Professional laptop and return it to the CEO. Later in the day, the CEO calls you from home to report that he is neither able to dial into the company network nor connect his laptop to the small Local Area Network he has at home. You confirm that he had selected the "Undocked" option during system power up. What do you believe is causing the problem?

A. When you made changes in the state of the Modem and Network Interface Adapter with Device Manager, you accidentally disabled them from running in the Undocked Hardware Profile. B. You configured the Docked Profile to reflect an "undocked" setting. C. The CEO did not shut down and restart his machine to update the Windows 2000 Professional registry. D. The CEO did not provide the correct user name and password when he dialed the RAS Server of BDG Company.

514 Chapter 6 80. You are the Remote-User Network Support engineer for BDG Company. The Chief Executive Officer has purchased a new laptop that he uses when on the road and has a docking station with a Network Interface Adapter and ZIP drive attached when he works in his office. The laptop is running Windows 2000 Professional. You must configure two separate hardware profiles in order to support the docked and undocked states of the Windows 2000 Professional laptop. You log on to the Windows 2000 Professional laptop, as an administrator, while the machine is undocked. You then proceed to open Control Panel, launch the System configuration tool, and open the Hardware Profiles configuration window. You copy the existing hardware profile to a new profile. After changing the new hardware profile to reflect a "docked" setting, you close out of the Hardware Profiles configuration Window and immediately use Device Manager to Disable the Modem and built-in Network Interface Adapter of the Windows 2000 Professional laptop. You then log off of the Windows 2000 Professional laptop and return it to the CEO. Later in the day, the CEO calls you from home to report that he is neither able to dial into the company network nor connect his laptop to the small Local Area Network he has at home. You confirm that he had selected the "Undocked" option during system power up. What do you believe is causing the problem? *A. When you made changes in the state of the Modem and Network Interface Adapter with Device Manager, you accidentally disabled them from running in the Undocked Hardware Profile. B. You configured the Docked Profile to reflect an "undocked" setting. C. The CEO did not shut down and restart his machine to update the Windows 2000 Professional registry. D. The CEO did not provide the correct user name and password when he dialed the RAS Server of BDG Company. Explanation: In order to continue modifying a Hardware Profile as an administrator (or other user with administrator privileges), you must shut down and restart the machine under the newly created hardware profile, and then configure additional hardware settings by using the Device Manager MMC Snap-in.

Windows 2000 Network Connections 515 81. What are two protocols necessary to support Windows 2000 terminal services on a Windows 2000 client?

A. NetMeeting B. TCP/IP C. IPX/SPX Compatible Protocol D. RDP E. DLC

82. You have been asked to deploy Terminal Services in your company's network with as little additional cost as possible. You have 4 Windows 2000 servers, 235 Windows 2000 Professional workstations, 3 UNIX servers and 175 Pentium 120 MHz PCs running UNIX. Since Terminal Services does not support non-Windows clients, what solution would you propose for this implementation to minimize costs?

A. Actually, Terminal Services does support UNIX, so you can simply proceed with the implementation with no additional costs. B. You will need to purchase 175 licenses for Windows 2000 Professional and using RIS, deploy Professional across all of the UNIX PCs. C. You will recommend installing Citrix MetaFrame on top of Terminal Services, providing support for both the Windows 2000 Professional clients and the UNIX clients. D. You simply need to contact the UNIX vendor and procure their Terminal Services client for the 175 UNIX workstations.

516 Chapter 6 81. What are two protocols necessary to support Windows 2000 terminal services on a Windows 2000 client? A. NetMeeting *B. TCP/IP C. IPX/SPX Compatible Protocol *D. RDP E. DLC Explanation: Windows 2000 Terminal Services allows a Windows 2000 computer to host applications, and run the applications for remote users, transferring only mouse movement, keystrokes and graphical screens between the client and server. The client can be running Windows 2000 Professional, Windows NT, Windows 95/98, and Windows for Workgroups or even Windows CE. Clients must be running both TCP/IP and the Remote Desktop Protocol (RDP).

82. You have been asked to deploy Terminal Services in your company's network with as little additional cost as possible. You have 4 Windows 2000 servers, 235 Windows 2000 Professional workstations, 3 UNIX servers and 175 Pentium 120 MHz PCs running UNIX. Since Terminal Services does not support non-Windows clients, what solution would you propose for this implementation to minimize costs? A. Actually, Terminal Services does support UNIX, so you can simply proceed with the implementation with no additional costs. B. You will need to purchase 175 licenses for Windows 2000 Professional and using RIS, deploy Professional across all of the UNIX PCs. *C. You will recommend installing Citrix MetaFrame on top of Terminal Services, providing support for both the Windows 2000 Professional clients and the UNIX clients. D. You simply need to contact the UNIX vendor and procure their Terminal Services client for the 175 UNIX workstations. Explanation: The client operating system can be running Windows 2000 Professional, Windows NT, Windows 95/98, and Windows for Workgroups or even Windows CE. Clients must be running both TCP/IP and the Remote Desktop Protocol (RDP). The PC itself requires very little in terms of hardware requirements, since the terminal server will do all of the processing for the client. For non-windows operating systems, Citrix MetaFrame extends Terminal Services, and then provides enterpriselevel support for large multi-location network implementations.

Notes:

518 Chapter 7

The objective of this chapter is to provide the reader with an understanding of the following: 1.

Encrypt data on a hard disk by using Encrypting File System (EFS).

2.

Implement, configure, manage, and troubleshoot policies in a Windows 2000 environment.

3.

Implement, configure, manage, and troubleshoot Local Policy in a Windows 2000 environment.

4.

Implement, configure, manage, and troubleshoot System Policy in a Windows 2000 environment.

5.

Implement, configure, manage, and troubleshoot auditing.

6.

Implement, configure, manage, and troubleshoot local accounts.

7.

Implement, configure, manage, and troubleshoot Account Policy.

8.

Implement, configure, manage, and troubleshoot security by using the Security Configuration Tool Set.

Security 519

Chapter 7: Security 1. How can you allow your manager to access the confidential files he uses from any location, while maintaining the security of the files?

A. Configure the manager's account to have a roaming user profile B. Instruct the manager to use folder properties to set the encryption attribute for his folder. C. Tell him to take ownership of the folder. D. Have him save his files on floppy disks. E. Have him save his files on a FAT32 hard drive.

2. An employee at your company used encryption to secure files in a shared folder. This employee has left the company and now these files must be made available to a new employee. What is the best way to do this?

A. Log on as an administrator and remove the encryption attribute from the files. B. Configure the new employee's account to be an Encrypted Data Recovery Agent. C. Configure your account to be an Encrypted Data Recovery Agent. D. Log on as an administrator and encrypt the files. E. Delete the files.

520 Chapter 7 1. How can you allow your manager to access the confidential files he uses from any location, while maintaining the security of the files? *A. Configure the manager's account to have a roaming user profile *B. Instruct the manager to use folder properties to set the encryption attribute for his folder. C. Tell him to take ownership of the folder. D. Have him save his files on floppy disks. E. Have him save his files on a FAT32 hard drive. Explanation: By using a roaming profile, a user will have similar access regardless of the machine signed onto. Using the encryption feature can also ensure that the files are kept confidential. Taking ownership of the files would not make them more secure, nor would saving them to floppy disks. FAT32 does NOT support file security, and as such, should not be used in environments where security is vital.

2. An employee at your company used encryption to secure files in a shared folder. This employee has left the company and now these files must be made available to a new employee. What is the best way to do this? *A. Log on as an administrator and remove the encryption attribute from the files. *B. Configure the new employee's account to be an Encrypted Data Recovery Agent. C. Configure your account to be an Encrypted Data Recovery Agent. D. Log on as an administrator and encrypt the files. E. Delete the files. Explanation: When data is encrypted by a user, the only way to decrypt it is to be of a member of the "Administrators" or "Encrypted Data Recovery Agents" groups. This allows the user access to files encrypted by other users.

Security 521 3. An employee has created a file where he lists himself as the only person in the access control list. You must now remove the file. Using the minimum amount of authority necessary, how would you delete this file without modifying any of the permissions for the other files in the folder?

A. Take ownership of the file. B. Grant yourself Modify permission for the file. C. Delete the file. D. Reset the user's password and log on as the user to delete the file. E. Log on as a Recovery Agent.

522 Chapter 7 3. An employee has created a file where he lists himself as the only person in the access control list. You must now remove the file. Using the minimum amount of authority necessary, how would you delete this file without modifying any of the permissions for the other files in the folder? *A. Take ownership of the file. *B. Grant yourself Modify permission for the file. *C. Delete the file. D. Reset the user's password and log on as the user to delete the file. E. Log on as a Recovery Agent. Explanation: In order to modify security settings for a file on which you do not have access specified, you must take ownership of the file. Now you will have access to change its permissions. You must then add yourself a user with Modify (or simply Delete) permission, and then you can delete the file.

Security 523 4. You have the following share and NTFS permissions for a Distributed file system root Public. You add a shared folder named Files as a DFS node under the root.

Folder

Share Permissions

NTFS Permissions

Public

Everyone:

Read

Everyone:

Read

Files

Users:

Read

Sales

Full Control

Domain Admins:

Full Control

Domain Admins:

Full Control

A user name Sharon is a member of the Sales group. When saving a file to the Public\Files folder, she receives an access denied message. How can you allow Sharon to be able to change and delete files in the folder without giving her more permission that necessary?

A. Set the share permissions for the Files folder to grant Sharon Change permission. B. Set the share permissions for the Files folder to grant Sharon Full Access. C. Set the share permissions for the Files folder to grant Sharon Read permission. D. Set the NTFS permissions for the Files folder to grant Sharon Change permission. E. Set the NTFS permissions for the Files folder to grant Sharon Full Access.

524 Chapter 7 4. You have the following share and NTFS permissions for a Distributed file system root Public. You add a shared folder named Files as a DFS node under the root.

Folder

Share Permissions

NTFS Permissions

Public

Everyone:

Read

Everyone:

Read

Files

Users:

Read

Sales

Full Control

Domain Admins:

Full Control

Domain Admins:

Full Control

A user name Sharon is a member of the Sales group. When saving a file to the Public\Files folder, she receives an access denied message. How can you allow Sharon to be able to change and delete files in the folder without giving her more permission that necessary? *A. Set the share permissions for the Files folder to grant Sharon Change permission. B. Set the share permissions for the Files folder to grant Sharon Full Access. C. Set the share permissions for the Files folder to grant Sharon Read permission. D. Set the NTFS permissions for the Files folder to grant Sharon Change permission. E. Set the NTFS permissions for the Files folder to grant Sharon Full Access. Explanation: In this situation, the user has Full Control under the NTFS permissions. However, the user only has Read permissions according to the share permissions. Share permissions take precedence over NTFS permissions if they are more restrictive.

Security 525 5. You have two employees. One is a member of the Administration group, and the other is a member of the Intern group. Both groups are in the same domain. On the intranet server, the Administration group is placed in the Security group, and the Intern group is placed in the non-security group. The Security group is granted Full Control permission for the Sales virtual directory. The member of the non-security group needs to update new financial information that is located on the Sales virtual directory. What is the best way to do this?

A. Make the non-security group employee a member of the security group and remove him from the non-security group. B. Make the security group employee a member of the non-security group and remove him from the security group. C. Add the non-security group to the security group. D. Add the security group to the non-security group. E. Add the non-security group employee to the Administration group.

6. You work with confidential files that are kept in a Private folder located in your home folder. You use numerous computers to access these folders. How can you maximize security of the Private folder, and still allow access from remote computers?

A. Configure your account to use a roaming user profile. B. Use the properties of the Private folder to set the encryption attribute. C. Configure your account to use a mandatory user profile. D. Use the properties of the Private folder to set the compression attribute. E. Use the properties of the Private folder to set the hidden attribute.

526 Chapter 7 5. You have two employees. One is a member of the Administration group, and the other is a member of the Intern group. Both groups are in the same domain. On the intranet server, the Administration group is placed in the Security group, and the Intern group is placed in the non-security group. The Security group is granted Full Control permission for the Sales virtual directory. The member of the non-security group needs to update new financial information that is located on the Sales virtual directory. What is the best way to do this? *A. Make the non-security group employee a member of the security group and remove him from the non-security group. B. Make the security group employee a member of the non-security group and remove him from the security group. C. Add the non-security group to the security group. D. Add the security group to the non-security group. E. Add the non-security group employee to the Administration group. Explanation: Because other users could later be added to the Interns group, you should add the user and not the group to the Security group. By granting the user access the Security group, he will be able to modify data in the Sales virtual directory.

6. You work with confidential files that are kept in a Private folder located in your home folder. You use numerous computers to access these folders. How can you maximize security of the Private folder, and still allow access from remote computers? *A. Configure your account to use a roaming user profile. *B. Use the properties of the Private folder to set the encryption attribute. C. Configure your account to use a mandatory user profile. D. Use the properties of the Private folder to set the compression attribute. E. Use the properties of the Private folder to set the hidden attribute. Explanation: A roaming encrypted folder is the most secure way to access files from anywhere.

Security 527 7. Your Windows 2000 Active Directory network consists of Windows 2000 Professional computers and Windows NT Workstation computers. Users of the Windows 2000 Professional computers cannot change their desktops or the display settings on their computers. Users of the Windows NT Workstation computers can change all display settings. How can you restrict all users of Windows NT Workstation computers from changing their desktop settings?

A. Configure a Windows NT policy file and place it in the proper folder on the PDC emulator. B. Configure a Windows 2000 policy file and place it in the proper folder on the PDC emulator. C. Configure a Windows NT policy file and place it in the proper folder on each workstation. D. Configure a Windows 2000 policy file and place it in the proper folder on each workstation. E. You must upgrade all workstations to Windows 2000.

8. Your Windows 2000 network consists of Windows 2000 Servers that were upgraded from Windows NT, Windows 2000 Professional computers, and Windows NT Workstation computers. After you implement GPOs for each ou, you find that the GPOs only apply to users of the Windows 2000 Professional computers. How can you also restrict users of the Windows NT Workstation computers from accessing registry-editing tools?

A. Create a Windows NT system policy file on a Windows 2000 domain controller. B. Configure the NT policy so that it restricts default users from accessing registry editing tools. C. Create a Windows 2000 system policy file on a Windows 2000 domain controller. D. Configure the Windows 2000 policy so that it restricts default users from accessing registry editing tools. E. You must upgrade all workstations to Windows 2000 Professional.

528 Chapter 7 7. Your Windows 2000 Active Directory network consists of Windows 2000 Professional computers and Windows NT Workstation computers. Users of the Windows 2000 Professional computers cannot change their desktops or the display settings on their computers. Users of the Windows NT Workstation computers can change all display settings. How can you restrict all users of Windows NT Workstation computers from changing their desktop settings? *A. Configure a Windows NT policy file and place it in the proper folder on the PDC emulator. B. Configure a Windows 2000 policy file and place it in the proper folder on the PDC emulator. C. Configure a Windows NT policy file and place it in the proper folder on each workstation. D. Configure a Windows 2000 policy file and place it in the proper folder on each workstation. E. You must upgrade all workstations to Windows 2000. Explanation: The Windows NT policy must be created separately from the Windows 2000 policy.

8. Your Windows 2000 network consists of Windows 2000 Servers that were upgraded from Windows NT, Windows 2000 Professional computers, and Windows NT Workstation computers. After you implement GPOs for each ou, you find that the GPOs only apply to users of the Windows 2000 Professional computers. How can you also restrict users of the Windows NT Workstation computers from accessing registry-editing tools? *A. Create a Windows NT system policy file on a Windows 2000 domain controller. B. Configure the NT policy so that it restricts default users from accessing registry editing tools. C. Create a Windows 2000 system policy file on a Windows 2000 domain controller. D. Configure the Windows 2000 policy so that it restricts default users from accessing registry editing tools. E. You must upgrade all workstations to Windows 2000 Professional. Explanation: The Windows NT policy must be created separately from the Windows 2000 policy.

Security 529 9. You have created a GPO for the Finance OU in your network. You want to prevent users in the Finance OU from accessing My Network and running the System applet in Control Panel. However, you want the Managers Domain Local group to be able to access My Network, yet not run System in Control Panel. What is the best way to do this?

A. Create a second GPO in the ou. Add the Manager's group to the ACL of the GPO. B. Allow the Manager's group to apply the Group Policy. C. Disable the permission of the Authenticated Users group to read and apply the Group Policy. Configure the new GPO to allow access to My Network Places. D. Give the new GPO a higher priority than the original GPO. E. Give the new GPO a lower priority than the original GPO.

10. Your network consists of two domains: bfq.local and tech.bfq.local. It has Windows 2000 Professional computers and Windows 2000 Server computers. You enable auditing in the domain policy object for bfq.local to audit the success and failure of object access. After installing a printer on a domain controller, you configure auditing on this printer to monitor printing successes and failures. When you review the security log later, no events have been written to the log, even though you know the printer has been used. How can you log all successes and failures of printing for the printer?

A. Configure auditing of successes and failures of object access in the Default Domain B. Controllers Policy object in the Domain Controllers OU of the tech.bfq.local domain. C. Configure auditing of successes and failures of object access in the tech.bfq.local Domain D. Configure auditing of successes and failures of object access in the bfq.local Domain E. Controllers Policy object in the Printers OU of the Default domain.

530 Chapter 7 9. You have created a GPO for the Finance OU in your network. You want to prevent users in the Finance OU from accessing My Network and running the System applet in Control Panel. However, you want the Managers Domain Local group to be able to access My Network, yet not run System in Control Panel. What is the best way to do this? *A. Create a second GPO in the ou. Add the Manager's group to the ACL of the GPO. *B. Allow the Manager's group to apply the Group Policy. *C. Disable the permission of the Authenticated Users group to read and apply the Group Policy. Configure the new GPO to allow access to My Network Places. *D. Give the new GPO a higher priority than the original GPO. E. Give the new GPO a lower priority than the original GPO. Explanation: GPO priorities specify which policies take precedence.

10. Your network consists of two domains: bfq.local and tech.bfq.local. It has Windows 2000 Professional computers and Windows 2000 Server computers. You enable auditing in the domain policy object for bfq.local to audit the success and failure of object access. After installing a printer on a domain controller, you configure auditing on this printer to monitor printing successes and failures. When you review the security log later, no events have been written to the log, even though you know the printer has been used. How can you log all successes and failures of printing for the printer? *A. Configure auditing of successes and failures of object access in the Default Domain *B. Controllers Policy object in the Domain Controllers OU of the tech.bfq.local domain. C. Configure auditing of successes and failures of object access in the tech.bfq.local Domain D. Configure auditing of successes and failures of object access in the bfq.local Domain E. Controllers Policy object in the Printers OU of the Default domain. Explanation: Auditing must be enabled in the domain.

Security 531 11. You configure a new Windows 2000 Server as an intranet server. You configure a sales Web site and a Finance virtual directory in the Departments Web site. Users report that they can only see .htm, and .asp files. For security, you need to disable the users' ability to view the files of all Web sites in the form of a list. What is the best way to do this?

A. Clear the Directory Browsing checkbox for the server properties. B. Apply the settings to the child web sites. C. Disable .asp files. D. Disable .htm files E. Apply the settings to the current web site only.

12. Permissions for a shared folder on your NTFS partition are as follows: Users are connected to this folder. You have an immediate need to prevent ten of the files in this folder from being modified. What two actions have the smallest possible effect on users who are using other files on the server?

A. Modify the NTFS permission for the ten files. B. Disconnect the users from the Data folder. C. Modify the share permission for the ten files. D. Disconnect users from all folders. E. Disable file caching.

532 Chapter 7 11. You configure a new Windows 2000 Server as an intranet server. You configure a sales Web site and a Finance virtual directory in the Departments Web site. Users report that they can only see .htm, and .asp files. For security, you need to disable the users' ability to view the files of all Web sites in the form of a list. What is the best way to do this? *A. Clear the Directory Browsing checkbox for the server properties. *B. Apply the settings to the child web sites. C. Disable .asp files. D. Disable .htm files E. Apply the settings to the current web site only. Explanation: Directory browsing allows a user to view a list of files if a default page is not specified or not found.

12. Permissions for a shared folder on your NTFS partition are as follows: Users are connected to this folder. You have an immediate need to prevent ten of the files in this folder from being modified. What two actions have the smallest possible effect on users who are using other files on the server? *A. Modify the NTFS permission for the ten files. *B. Disconnect the users from the Data folder. C. Modify the share permission for the ten files. D. Disconnect users from all folders. E. Disable file caching. Explanation: Once you set permissions on the files, you will need to disconnect users from the share.

Security 533 13. You suspect someone is trying to log onto your domain by guessing user account names and passwords. How can you find out which computers are being used for this?

A. Edit the Default Domain Policy object to audit account logon failures. B. Edit the Default Domain Policy object to audit account logon successes. C. Edit the Domain Policy object to audit account logon failures. D. Edit the Domain Policy object to audit account logon successes. E. Clear the event logs.

14. Your Windows 2000 domain trusts each of your two Windows NT domains, and the Windows NT domains trust the Windows 2000 domain. A Windows 2000 domain controller is configured to use the highly secure domain controller security template. Windows NT users report they cannot access resources on this domain controller. What is the best way to do this?

A. Apply a less restrictive custom security template to the domain controller. B. Apply a more restrictive custom security template to the domain controller. C. Loosen permissions on the domain controller. D. Tighten permissions on the domain controller. E. Upgrade all computers to Windows NT.

534 Chapter 7 13. You suspect someone is trying to log onto your domain by guessing user account names and passwords. How can you find out which computers are being used for this? *A. Edit the Default Domain Policy object to audit account logon failures. B. Edit the Default Domain Policy object to audit account logon successes. C. Edit the Domain Policy object to audit account logon failures. D. Edit the Domain Policy object to audit account logon successes. E. Clear the event logs. Explanation: The Account Logon Failure audit policy will log guessing of user account names and passwords.

14. Your Windows 2000 domain trusts each of your two Windows NT domains, and the Windows NT domains trust the Windows 2000 domain. A Windows 2000 domain controller is configured to use the highly secure domain controller security template. Windows NT users report they cannot access resources on this domain controller. What is the best way to do this? *A. Apply a less restrictive custom security template to the domain controller. B. Apply a more restrictive custom security template to the domain controller. C. Loosen permissions on the domain controller. D. Tighten permissions on the domain controller. E. Upgrade all computers to Windows NT. Explanation: A less restrictive security template will help access denied problems.

Security 535 15. You are the administrator of the bfq.local domain. You configure the Local Security Options and other options for the Default Domain Policy object. You delegate administration of the New York and Connecticut OUs. How can you prevent those administrators from creating any other Group Policy objects that conflict with those you configured?

A. From the Group Policy options for the bfq.local domain, set the option not to override. B. From the Group Policy options for the bfq.local domain, set the option to override. C. From the Group Policy options for the New York ou, set the option not to override. D. From the Group Policy options for the Connecticut ou, set the option not to override. E. Deny the other administrators access to the Local Security Options.

16. Your Active Directory single domain consists of Windows NT workstation clients and Windows 2000 Professional computers. You create a Windows NT default user policy on the Windows 2000 Server computer that is configured as a PDC emulator. It denies access to Network Neighborhood. You install Terminal Services on one of the servers, and Terminal Services Client on the NT Workstation client computers. Users of the Terminal server can still browse the network when they open My Network Places. How can you prevent all default users from browsing the network?

A. Create a Windows 2000 Group Policy that denies user access to My Network Places. B. Create a Windows NT Policy that denies user access to My Network Places. C. Create a Policy on each computer that denies user access to My Network Places. D. Create a Policy that denies user access to My Network Places through Terminal Server. E. Create a Windows 2000 Group Policy that removes My Network Places.

536 Chapter 7 15. You are the administrator of the bfq.local domain. You configure the Local Security Options and other options for the Default Domain Policy object. You delegate administration of the New York and Connecticut OUs. How can you prevent those administrators from creating any other Group Policy objects that conflict with those you configured? *A. From the Group Policy options for the bfq.local domain, set the option not to override. B. From the Group Policy options for the bfq.local domain, set the option to override. C. From the Group Policy options for the New York ou, set the option not to override. D. From the Group Policy options for the Connecticut ou, set the option not to override. E. Deny the other administrators access to the Local Security Options. Explanation: By setting the option not to override, the bfq.local domain policies will take precedence.

16. Your Active Directory single domain consists of Windows NT workstation clients and Windows 2000 Professional computers. You create a Windows NT default user policy on the Windows 2000 Server computer that is configured as a PDC emulator. It denies access to Network Neighborhood. You install Terminal Services on one of the servers, and Terminal Services Client on the NT Workstation client computers. Users of the Terminal server can still browse the network when they open My Network Places. How can you prevent all default users from browsing the network? *A. Create a Windows 2000 Group Policy that denies user access to My Network Places. B. Create a Windows NT Policy that denies user access to My Network Places. C. Create a Policy on each computer that denies user access to My Network Places. D. Create a Policy that denies user access to My Network Places through Terminal Server. E. Create a Windows 2000 Group Policy that removes My Network Places. Explanation: A group policy can deny access through Terminal Server also.

Security 537 17. Your network uses the Encrypting File System (EFS) to encrypt data. You are installing a new server that has a 6 GB NTFS partition. You want to move numerous EFS folders to a new server. These folders must maintain their encryption. What is the best way to do this?

A. Backup the folder using the Backup utility in Windows 2000. B. Copy the files to the new folder. C. Move the files to the new folder. D. Copy the files and delete the original files. E. Copy the files, and then re-encrypt them.

18. Your Windows 2000 domain operates in native mode. The server uses the default remote access policy. You want the remote access permissions for new user accounts to automatically allow access. What is the best way to do this?

A. Change the setting from Control Access through Remote Access Policy to Allow Access. B. Change the setting from Control Access through Remote Access Policy to Deny Access. C. Change the setting from Secure Access through Remote Access Policy to Allow Access. D. Change the setting from Control Access through Remote Access Policy to Secure Access. E. Add the Everyone group to the Remote Access group.

538 Chapter 7 17. Your network uses the Encrypting File System (EFS) to encrypt data. You are installing a new server that has a 6 GB NTFS partition. You want to move numerous EFS folders to a new server. These folders must maintain their encryption. What is the best way to do this? *A. Backup the folder using the Backup utility in Windows 2000. B. Copy the files to the new folder. C. Move the files to the new folder. D. Copy the files and delete the original files. E. Copy the files, and then re-encrypt them. Explanation: The backup utility will maintain encryption.

18. Your Windows 2000 domain operates in native mode. The server uses the default remote access policy. You want the remote access permissions for new user accounts to automatically allow access. What is the best way to do this? *A. Change the setting from Control Access through Remote Access Policy to Allow Access. B. Change the setting from Control Access through Remote Access Policy to Deny Access. C. Change the setting from Secure Access through Remote Access Policy to Allow Access. D. Change the setting from Control Access through Remote Access Policy to Secure Access. E. Add the Everyone group to the Remote Access group. Explanation: The Allow Access option will allow access for new users.

Security 539 19. Your Windows 2000 network is configured with Active Directory and Group Policies. You create a Group Policy object linked to an Organizational Unit. You do not want the GPO to use any policies from the domain. What is the best way to do this?

A. Check the "Block Inheritance" box in the main screen of the OU's Group Policy editor. B. Check the "Allow Inheritance" box in the main screen of the OU's Group Policy editor. C. Check the "Default Inheritance" box in the main screen of the OU's Group Policy editor. D. Check the "Independent" box in the main screen of the OU's Group Policy editor. E. Create a root level ou.

20. You are concerned that someone is accessing confidential data files on a Windows 2000 Professional computer. You would like to configure the system so that all attempts to access those files, whether successful or failed, are tracked. What is the best way to do this?

A. Right-click on the files to be audited. From the Security tab, click Advanced. B. In the Local Computer Policy, choose Audit Policy and select the checkboxes for "Success" and "Failure" under "Audit process tracking". C. From the Auditing tab click Add and select the user or group whose actions you want to audit. D. In the Local Computer Policy, choose Audit Policy and select the checkboxes for "Success" and "Failure" under "Audit object access". E. In the Local Computer Policy, choose Audit Policy and select the checkboxes for "Success" and "Failure" under "Audit privilege use".

540 Chapter 7 19. Your Windows 2000 network is configured with Active Directory and Group Policies. You create a Group Policy object linked to an Organizational Unit. You do not want the GPO to use any policies from the domain. What is the best way to do this? *A. Check the "Block Inheritance" box in the main screen of the OU's Group Policy editor. B. Check the "Allow Inheritance" box in the main screen of the OU's Group Policy editor. C. Check the "Default Inheritance" box in the main screen of the OU's Group Policy editor. D. Check the "Independent" box in the main screen of the OU's Group Policy editor. E. Create a root level ou. Explanation: Block inheritance will make the OU independent of the domain.

20. You are concerned that someone is accessing confidential data files on a Windows 2000 Professional computer. You would like to configure the system so that all attempts to access those files, whether successful or failed, are tracked. What is the best way to do this? *A. Right-click on the files to be audited. From the Security tab, click Advanced. *B. In the Local Computer Policy, choose Audit Policy and select the checkboxes for "Success" and "Failure" under "Audit process tracking". *C. From the Auditing tab click Add and select the user or group whose actions you want to audit. *D. In the Local Computer Policy, choose Audit Policy and select the checkboxes for "Success" and "Failure" under "Audit object access". E. In the Local Computer Policy, choose Audit Policy and select the checkboxes for "Success" and "Failure" under "Audit privilege use". Explanation: The audit policy must be defined as well as the auditing on specific resources before login will occur.

Security 541 21. You have been instructed to implement auditing for the domain of which you are the administrator. The domain is on a network that uses a Windows 2000 Server computer and Windows 2000 Professional client computers. After determining the best way to implement auditing for the domain, you determine you need to create an audit policy. How will you implement the audit policy?

A. Create a separate audit policy for each domain controller in the domain B. Create a separate group policy for each domain controller in the domain C. Create a group policy that will apply to all domain controllers in the domain D. Create an audit policy that will apply to all domain controllers in the domain E. Create a log policy that will apply to all domain controllers in the domain

22. You administer a Windows 2000 network that uses the Encrypting File System (EFS) to encrypt data. You are installing a new server that has a 6-GB NTFS partition. You want to move several EFS folders to a new server and preserve encryption throughout the migration. What is the best way to accomplish this task?

A. Compress the folder by enabling file compression B. Decrypt, move, and re-encrypt the folder using EFS C. Back up the folder using the Backup utility in Windows 2000 D. Decrypt the folder and compress the folder by enabling file compression E. Decrypt the folder and back up the folder using the Backup utility in Windows 2000

542 Chapter 7 21. You have been instructed to implement auditing for the domain of which you are the administrator. The domain is on a network that uses a Windows 2000 Server computer and Windows 2000 Professional client computers. After determining the best way to implement auditing for the domain, you determine you need to create an audit policy. How will you implement the audit policy? A. Create a separate audit policy for each domain controller in the domain B. Create a separate group policy for each domain controller in the domain *C. Create a group policy that will apply to all domain controllers in the domain D. Create an audit policy that will apply to all domain controllers in the domain E. Create a log policy that will apply to all domain controllers in the domain Explanation: Applying a policy to a group of computers is more effective and easier to manage than a group policy for individual computers.

22. You administer a Windows 2000 network that uses the Encrypting File System (EFS) to encrypt data. You are installing a new server that has a 6-GB NTFS partition. You want to move several EFS folders to a new server and preserve encryption throughout the migration. What is the best way to accomplish this task? A. Compress the folder by enabling file compression B. Decrypt, move, and re-encrypt the folder using EFS *C. Back up the folder using the Backup utility in Windows 2000 D. Decrypt the folder and compress the folder by enabling file compression E. Decrypt the folder and back up the folder using the Backup utility in Windows 2000 Explanation: The Windows Backup utility will preserve encryption.

Security 543 23. You are the administrator for a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network uses Active Directory with Group Policies. You want to begin the implementation of the Encrypting File System (EFS) on the network and client computers to encrypt all data files stored on the network. You decide to use the Cipher command-line utility from a command prompt to encrypt a folder on one of the client computers. From the client computer, you open a command prompt screen. You want to encrypt the Administrator's My Documents folder on the C: drive of the client computer. Which line will encrypt the folder?

A. Cipher /x "C:\Documents and Settings\Administrator\My Documents" B. Cipher /a "C:\Documents and Settings\Administrator\My Documents" C. Cipher /h "C:\Documents and Settings\Administrator\My Documents" D. Cipher /k "C:\Documents and Settings\Administrator\My Documents" E. Cipher /e "C:\Documents and Settings\Administrator\My Documents"

24. You administer a Windows 2000 network that uses Active Directory and Group Policies. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. The network also uses the Encrypted File System (EFS) to encrypt and protect files and folders. You perform routine maintenance on some of the client computers. You need to ensure that the users are using file encryption properly. You want to display the encryption state of the files in the directory you are currently accessing. How can you accomplish this using the Cipher command-line utility?

A. Cipher B. Cipher /s C. Cipher /h * D. Cipher /h *.* E. Cipher *.*

544 Chapter 7 23. You are the administrator for a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network uses Active Directory with Group Policies. You want to begin the implementation of the Encrypting File System (EFS) on the network and client computers to encrypt all data files stored on the network. You decide to use the Cipher command-line utility from a command prompt to encrypt a folder on one of the client computers. From the client computer, you open a command prompt screen. You want to encrypt the Administrator's My Documents folder on the C: drive of the client computer. Which line will encrypt the folder? A. Cipher /x "C:\Documents and Settings\Administrator\My Documents" *B. Cipher /a "C:\Documents and Settings\Administrator\My Documents" C. Cipher /h "C:\Documents and Settings\Administrator\My Documents" D. Cipher /k "C:\Documents and Settings\Administrator\My Documents" E. Cipher /e "C:\Documents and Settings\Administrator\My Documents" Explanation: The /a switch will encrypt files with the cipher command.

24. You administer a Windows 2000 network that uses Active Directory and Group Policies. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. The network also uses the Encrypted File System (EFS) to encrypt and protect files and folders. You perform routine maintenance on some of the client computers. You need to ensure that the users are using file encryption properly. You want to display the encryption state of the files in the directory you are currently accessing. How can you accomplish this using the Cipher command-line utility? *A. Cipher B. Cipher /s C. Cipher /h * D. Cipher /h *.* E. Cipher *.* Explanation: The cipher command without parameters will show you the encryption state of the files in the current directory.

Security 545 25. As the network administrator of a Windows 2000 network, you must secure the E:\Confidential folder on your Windows 2000 domain controller. The domain controller has three 10-GB SCSI hard drives in it. The partitions are composed of a 10-GB NTFS partition (C:), a 5-GB RAID level 1 configuration (D:), and two 5-GB FAT32 partitions (E: and F:). You must encrypt all information in the E:\Confidential folder. How can you encrypt the folder?

A. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Archiving" box is selected B. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Encrypt contents to secure data" selection box is selected C. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "For faster searching allow Indexing Service to Index the folder" box is selected D. Convert the drive to an NTFS partition. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Encrypt contents to secure data" selection box is selected E. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Compression" box is selected

546 Chapter 7 25. As the network administrator of a Windows 2000 network, you must secure the E:\Confidential folder on your Windows 2000 domain controller. The domain controller has three 10-GB SCSI hard drives in it. The partitions are composed of a 10-GB NTFS partition (C:), a 5-GB RAID level 1 configuration (D:), and two 5-GB FAT32 partitions (E: and F:). You must encrypt all information in the E:\Confidential folder. How can you encrypt the folder? A. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Archiving" box is selected B. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Encrypt contents to secure data" selection box is selected C. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "For faster searching allow Indexing Service to Index the folder" box is selected *D. Convert the drive to an NTFS partition. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Encrypt contents to secure data" selection box is selected E. Right-click on the folder, select Properties, select Advanced from the General Tab, and ensure the "Folder is ready for Compression" box is selected Explanation: The drive must be converted to NTFS to use encryption.

Security 547 26. You are the administrator for a Windows 2000 network that uses Active Directory and Group Policies. The network consists of a DNS server. In addition, auditing is used to track events. You are making configuration changes to the audit policy. You have decided to audit access to all files and folders on the C: drive. How can you implement this change?

A. Enable the Audit Object Access policy B. In the audit policy, enable Audit Directory Service Access C. Enable auditing for all the files and folders on the C: drive D. Add an audit policy from the server for the computer containing the specific files and folders E. Enable auditing for all the files and folders on the D: drive

27. You are the administrator for a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network is configured to use Active Directory and auditing. You perform regular maintenance on the network. You like to periodically use the Event Viewer to check the success or failure of events that have auditing enabled. What do you use to monitor these events?

A. System log B. DNS Server C. Security log D. Application log E. Directory Service

548 Chapter 7 26. You are the administrator for a Windows 2000 network that uses Active Directory and Group Policies. The network consists of a DNS server. In addition, auditing is used to track events. You are making configuration changes to the audit policy. You have decided to audit access to all files and folders on the C: drive. How can you implement this change? *A. Enable the Audit Object Access policy B. In the audit policy, enable Audit Directory Service Access *C. Enable auditing for all the files and folders on the C: drive D. Add an audit policy from the server for the computer containing the specific files and folders E. Enable auditing for all the files and folders on the D: drive Explanation: The audit policy must be defined as well as the auditing for individual files.

27. You are the administrator for a Windows 2000 network. The network consists of Windows 2000 Server computers and Windows 2000 Professional client computers. The network is configured to use Active Directory and auditing. You perform regular maintenance on the network. You like to periodically use the Event Viewer to check the success or failure of events that have auditing enabled. What do you use to monitor these events? A. System log B. DNS Server *C. Security log D. Application log E. Directory Service Explanation: Auditing occurs in the security log.

Security 549

Notes:

550 Chapter 7 28. You are the administrator for a Windows 2000 network. The network consists of all Windows 2000 Server and Windows 2000 Professional computers. You need to perform auditing maintenance. You want to accomplish the following goals: Track successful attempts to create folders. Track failed attempts to create files. Track successful attempts to write attributes. Track failed attempts to read folder permissions. You perform the following actions: Open the Properties dialog box for a specific folder. Select the Security tab and click the Advanced button. Select the Auditing tab and add an entry with permissions set as indicated below: Which goal or goals are accomplished by these actions?

A. Track failed attempts to create files B. Track failed attempts to create folders C. Track successful attempts to write attributes D. Track failed attempts to read folder permissions E. Track logons and logoffs

Security 551

552 Chapter 7 28. You are the administrator for a Windows 2000 network. The network consists of all Windows 2000 Server and Windows 2000 Professional computers. You need to perform auditing maintenance. You want to accomplish the following goals: Track successful attempts to create folders. Track failed attempts to create files. Track successful attempts to write attributes. Track failed attempts to read folder permissions. You perform the following actions: Open the Properties dialog box for a specific folder. Select the Security tab and click the Advanced button. Select the Auditing tab and add an entry with permissions set as indicated below: Which goal or goals are accomplished by these actions? *A. Track failed attempts to create files *B. Track failed attempts to create folders C. Track successful attempts to write attributes *D. Track failed attempts to read folder permissions E. Track logons and logoffs Explanation: No successful attempts are logged in this audit policy.

Security 553 29. As the Windows 2000 network administrator, you must enforce quota limits on disk storage space on the Windows 2000 domain controller. The domain controller has 3 GB of space for user storage, and there are only about 15 users that store information on the server. You must meet the following requirements: You must enforce disk quota limits on your account, but you must still be able to install applications on the server without this space being added to your disk quota limit. You need to be able to monitor usage of the free space so you can know when you need to modify the server's hardware configuration. In monitoring this, you must not prevent any user from saving data. You must delete several users from the volume since they are no longer employed by your company. You must log an event when a user exceeds their quota limit. You take the following actions: In your day-to-day activities, you use your user account, but when you add applications to the server, you log on as the administrator. You ensure the "Deny Disk Space to Users Exceeding Quota Limit" check box is cleared. You delete or transfer ownership to another user for all files owned by the former employees and then delete their quota entries. Which requirements do the actions meet?

A. An event is logged when a user exceeds their quota B. You successfully delete the former employees' quotas C. Applications installed using the Administrator account will not be charged to your quota limit D. You can monitor the usage of free space so you can plan for hardware modification without preventing users from saving data E. An event is logged when a user approaches their quota

554 Chapter 7 29. As the Windows 2000 network administrator, you must enforce quota limits on disk storage space on the Windows 2000 domain controller. The domain controller has 3 GB of space for user storage, and there are only about 15 users that store information on the server. You must meet the following requirements: You must enforce disk quota limits on your account, but you must still be able to install applications on the server without this space being added to your disk quota limit. You need to be able to monitor usage of the free space so you can know when you need to modify the server's hardware configuration. In monitoring this, you must not prevent any user from saving data. You must delete several users from the volume since they are no longer employed by your company. You must log an event when a user exceeds their quota limit. You take the following actions: In your day-to-day activities, you use your user account, but when you add applications to the server, you log on as the administrator. You ensure the "Deny Disk Space to Users Exceeding Quota Limit" check box is cleared. You delete or transfer ownership to another user for all files owned by the former employees and then delete their quota entries. Which requirements do the actions meet? A. An event is logged when a user exceeds their quota *B. You successfully delete the former employees' quotas *C. Applications installed using the Administrator account will not be charged to your quota limit *D. You can monitor the usage of free space so you can plan for hardware modification without preventing users from saving data E. An event is logged when a user approaches their quota Explanation: Quotas can be used to plan for hardware upgrades without blocking users.

Security 555 30. You are the administrator for a Windows 2000 network that uses only Windows 2000 Server computers and Windows 2000 Professional client computers. Your company uses the Encrypted File System (EFS) to encrypt files and folders on the network. You have just installed a new Windows 2000 Professional client computer for a new employee. You need to create a new file encryption certificate on the computer. Using the Cipher command-line utility, which line will accomplish this task?

A. Cipher /k B. Cipher /f C. Cipher /e D. Cipher /f /q E. Cipher /x

556 Chapter 7 30. You are the administrator for a Windows 2000 network that uses only Windows 2000 Server computers and Windows 2000 Professional client computers. Your company uses the Encrypted File System (EFS) to encrypt files and folders on the network. You have just installed a new Windows 2000 Professional client computer for a new employee. You need to create a new file encryption certificate on the computer. Using the Cipher command-line utility, which line will accomplish this task? *A. Cipher /k B. Cipher /f C. Cipher /e D. Cipher /f /q E. Cipher /x Explanation: Cipher /k creates a new encryption certificate.

Security 557 31. While administering a Windows 2000 network, you and your co-workers decide to implement roaming user profiles for all users on the network. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. In addition to implementing the roaming user profiles, you have decided to implement home folders on the network for the users. When creating the home folders, which permission change is required?

A. The permissions on the folder must be changed from Full Control for the Everyone group to Full Control for the Users group. B. The permissions on the folder must be changed from Full Control for the Users group to Full Control for the Everyone group. C. The permissions on the folder must be changed from Write Permissions for the Everyone group to Write Permissions for the Users group. D. The permissions on the folder must be changed from Write Permissions for the Users group to Write Permissions for the Everyone group. E. The permissions on the folder must be changed from Write Permissions for the Users group to No Access Permissions for the Everyone group.

558 Chapter 7 31. While administering a Windows 2000 network, you and your co-workers decide to implement roaming user profiles for all users on the network. The network uses only Windows 2000 Server computers and Windows 2000 Professional client computers. In addition to implementing the roaming user profiles, you have decided to implement home folders on the network for the users. When creating the home folders, which permission change is required? *A. The permissions on the folder must be changed from Full Control for the Everyone group to Full Control for the Users group. B. The permissions on the folder must be changed from Full Control for the Users group to Full Control for the Everyone group. C. The permissions on the folder must be changed from Write Permissions for the Everyone group to Write Permissions for the Users group. D. The permissions on the folder must be changed from Write Permissions for the Users group to Write Permissions for the Everyone group. E. The permissions on the folder must be changed from Write Permissions for the Users group to No Access Permissions for the Everyone group. Explanation: Everyone should not be given full access to the folder.

Security 559 32. You add a printer to a Windows 2000 Server domain controller. This printer is intended for use only by the top ten executives in the company. They are all members of the Executives group, but there are 75 other executives that are also members of this group. The executives are also members of the Domain Users Group, the Everyone Group, and the Board Members group. The Board Members group contains the 20 board members of the company. You want to configure the printer so only these 10 members can access the printer. How can you perform this function?

A. Allow Print permissions to the Executives group and deny access to the printer for all the other groups. B. Allow Full Control permission to the Executives group and deny access to the printer for all the other groups. C. Clear all access to all groups and add the 10 executives to the printer's ACL with Print permissions assigned to each one of them. D. Deny access to all groups and add the 10 executives to the printer's access control list (ACL) with Full Control permissions assigned to each one of them. E. Allow Read permission to the Executives group and deny access to the printer for all the other groups.

560 Chapter 7 32. You add a printer to a Windows 2000 Server domain controller. This printer is intended for use only by the top ten executives in the company. They are all members of the Executives group, but there are 75 other executives that are also members of this group. The executives are also members of the Domain Users Group, the Everyone Group, and the Board Members group. The Board Members group contains the 20 board members of the company. You want to configure the printer so only these 10 members can access the printer. How can you perform this function? A. Allow Print permissions to the Executives group and deny access to the printer for all the other groups. B. Allow Full Control permission to the Executives group and deny access to the printer for all the other groups. *C. Clear all access to all groups and add the 10 executives to the printer's ACL with Print permissions assigned to each one of them. D. Deny access to all groups and add the 10 executives to the printer's access control list (ACL) with Full Control permissions assigned to each one of them. E. Allow Read permission to the Executives group and deny access to the printer for all the other groups. Explanation: Each executive will need to be added individually.

Security 561 33. You are running a single domain mixed network of Windows 2000 Servers, Windows 2000 Professional systems, Windows NT Workstations, Windows 98, and Windows 95 client systems. Recently, a network consulting team to Windows 2000 Server upgraded your network PDC. Your new domain name is domain1.com. The person who upgraded the systems removed all of the old system policies thinking that they would not work with Windows 2000 systems. Once you found out about this you restored the ntconfig.pol and config.pol files to your desktop. Now you need to place these files in the appropriate location on the network. Goals Ensure that the Windows 95 policies are operational Ensure that the Windows 98 policies are operational Ensure that the Windows NT policies are operational Configure policies for the Windows 2000 systems Proposed Solution Locate the Windows 2000 PDC emulator(s) on your network. Copy the config.pol and ntconfig.pol files to the %systemroot%\sysvol\sysvol\domain1.com\scripts folder. Use POLEDIT.EXE to create system policies for your Windows 2000 systems and save the file as NT5config.pol. Which of the goals were accomplished by the proposed solution?

A. Ensure that the Windows 95 policies are operational B. Ensure that the Windows 98 policies are operational C. Ensure that the Windows NT policies are operational D. Configure policies for the Windows 2000 systems

562 Chapter 7 33. You are running a single domain mixed network of Windows 2000 Servers, Windows 2000 Professional systems, Windows NT Workstations, Windows 98, and Windows 95 client systems. Recently, a network consulting team to Windows 2000 Server upgraded your network PDC. Your new domain name is domain1.com. The person who upgraded the systems removed all of the old system policies thinking that they would not work with Windows 2000 systems. Once you found out about this you restored the ntconfig.pol and config.pol files to your desktop. Now you need to place these files in the appropriate location on the network. Goals Ensure that the Windows 95 policies are operational Ensure that the Windows 98 policies are operational Ensure that the Windows NT policies are operational Configure policies for the Windows 2000 systems Proposed Solution Locate the Windows 2000 PDC emulator(s) on your network. Copy the config.pol and ntconfig.pol files to the %systemroot%\sysvol\sysvol\domain1.com\scripts folder. Use POLEDIT.EXE to create system policies for your Windows 2000 systems and save the file as NT5config.pol. Which of the goals were accomplished by the proposed solution? *A. Ensure that the Windows 95 policies are operational *B. Ensure that the Windows 98 policies are operational *C. Ensure that the Windows NT policies are operational D. Configure policies for the Windows 2000 systems Explanation: Windows 2000 uses group policies, not system policies. You would have to configure group policies for the Windows 2000 systems. The rest of the proposed solution is correct and will allow the Windows 9x and Windows NT systems to maintain their policies. The Windows 9x policy files are stored in a single file named config.pol and the Windows NT policy files are stored in ntconfig.pol. The %systemroot%\sysvol\sysvol\\scripts is shared as netlogon on the domain controller. Both of those policy files must be copied to a domain controller and will be propagated to all other domain controllers via the file replication system. The netlogon share is the location where the files must be copied.

Security 563 34. You have a complex network configuration with Group Policy settings for the computer and user accounts in addition to logon scripts assigned to the computer and user. In what order are Group Policy settings applied? Arrange the items below in the correct sequential order. (Assume that the computer has just been powered on and the user logs on as soon as possible.) 1. GPO computer specific startup scripts are run 2. User profile is loaded and user GPO settings are applied 3. GPO computer settings are applied 4. GPO user specific logon scripts are run 5. User account assigned logon scripts are run

A. 3, 5, 1, 2, 4 B. 3, 1, 2, 4, 5 C. 5, 3, 4, 2, 1 D. 3, 1, 4, 2, 5 E. 3, 5, 2, 4, 1

564 Chapter 7 34. You have a complex network configuration with Group Policy settings for the computer and user accounts in addition to logon scripts assigned to the computer and user. In what order are Group Policy settings applied? Arrange the items below in the correct sequential order. (Assume that the computer has just been powered on and the user logs on as soon as possible.) 1. GPO computer specific startup scripts are run 2. User profile is loaded and user GPO settings are applied 3. GPO computer settings are applied 4. GPO user specific logon scripts are run 5. User account assigned logon scripts are run A. 3, 5, 1, 2, 4 *B. 3, 1, 2, 4, 5 C. 5, 3, 4, 2, 1 D. 3, 1, 4, 2, 5 E. 3, 5, 2, 4, 1 Explanation: Computer settings are processed before user settings, prior to user logon. The Group Policy (GPO) computer settings are applied before any logon scripts are run. Therefore, logon scripts assigned to a computer, run after GPO computer settings. Also, the user profile with GPO settings is applied before logon scripts are run. If a logon script is specified in a GPO, it runs before a logon script specified in a user account.

Security 565 35. Fran, one the network administrators on your team, asked users to compress their when storing them on your Windows 2000 Server about two weeks ago. As far as you know, all of the users complied with the request because you checked on it last week and the file space in use dropped considerably. A few days ago, you asked several users to encrypt their sensitive files. Today, Fran told you that several of the users did not have all of their files compressed and she asked you to verify this with the users. You notice that the list of names includes all of the users that you asked to encrypt their sensitive files. Which of the following explains this event?

A. users accidentally decompressed their files during encryption B. encrypted files cannot be compressed C. disk quotas are enabled D. the files are on a FAT16 partition E. the files are on a FAT32 partition

566 Chapter 7 35. Fran, one the network administrators on your team, asked users to compress their when storing them on your Windows 2000 Server about two weeks ago. As far as you know, all of the users complied with the request because you checked on it last week and the file space in use dropped considerably. A few days ago, you asked several users to encrypt their sensitive files. Today, Fran told you that several of the users did not have all of their files compressed and she asked you to verify this with the users. You notice that the list of names includes all of the users that you asked to encrypt their sensitive files. Which of the following explains this event? A. users accidentally decompressed their files during encryption *B. encrypted files cannot be compressed C. disk quotas are enabled D. the files are on a FAT16 partition E. the files are on a FAT32 partition Explanation: Files cannot be both encrypted and compressed. When the users checked the "Encrypt contents to secure data" checkbox, the "Compress contents to save disk space" was automatically unchecked. It wasn't an accident on the user's part because it isn't possible to do one without the other. Neither disk quotas enabled/disabled nor FAT16/FAT32 partitions addresses the problem presented here.

Security 567 36. Several of the users on your network need to have security set on their files. Each Windows 2000 user stores their sensitive files locally and the systems are physically secured. However, you want to ensure that they are able to encrypt their files on their local system. Each user's system is identical and has the following configuration: Partition Type FAT32 RAM 64MB File Compression Enabled for all sensitive files Processor Intel Pentium II / 350 Network interface 3Com 10/100 adapters Which of the following must you do to ensure that these systems will be able to protect their sensitive data with EFS?

A. upgrade RAM B. change partitions to NTFS C. upgrade processors D. disable file compression on encrypted files E. replace network adapter

568 Chapter 7 36. Several of the users on your network need to have security set on their files. Each Windows 2000 user stores their sensitive files locally and the systems are physically secured. However, you want to ensure that they are able to encrypt their files on their local system. Each user's system is identical and has the following configuration: Partition Type FAT32 RAM 64MB File Compression Enabled for all sensitive files Processor Intel Pentium II / 350 Network interface 3Com 10/100 adapters Which of the following must you do to ensure that these systems will be able to protect their sensitive data with EFS? A. upgrade RAM *B. change partitions to NTFS C. upgrade processors *D. disable file compression on encrypted files E. replace network adapter Explanation: EFS does not work with file compression and it will only work on NTFS 5.0 partitions. There is no need to change the network adapter, upgrade the RAM, or change the processors because these components shouldn't prevent EFS from working on the local systems.

Security 569 37. You have configured 25 folders for users in your department on your local Windows 2000 Server. All of your clients have compressed their folders. A few days ago, you added a new hard drive to your Windows 2000 Server and you would like to move the user's folders to the other drive. The new drive is formatted with the NTFS file system. You create a new parent directory called home, but you do not configure any special options or enable compression. However, all of the user files you are moving to the new drive are compressed. After you transfer the files to the new partition, you discover that they are all uncompressed. Why did this happen?

A. you transferred the files with CSVDE B. you transferred the files with movetree C. you transferred the files with LDIFDE D. whenever you copy or move files between partitions, they inherit their security and compression attributes E. whenever you move files, the compression attribute changes to the opposite setting.

570 Chapter 7 37. You have configured 25 folders for users in your department on your local Windows 2000 Server. All of your clients have compressed their folders. A few days ago, you added a new hard drive to your Windows 2000 Server and you would like to move the user's folders to the other drive. The new drive is formatted with the NTFS file system. You create a new parent directory called home, but you do not configure any special options or enable compression. However, all of the user files you are moving to the new drive are compressed. After you transfer the files to the new partition, you discover that they are all uncompressed. Why did this happen? A. you transferred the files with CSVDE B. you transferred the files with movetree C. you transferred the files with LDIFDE *D. whenever you copy or move files between partitions, they inherit their security and compression attributes E. whenever you move files, the compression attribute changes to the opposite setting. Explanation: Movetree, CSVDE, and LDIFDE are all directory utilities and are not used for transferring files and directories between systems. If you copy or move files between partitions, the settings of the parent folder will be inherited by default. The compression attribute does not toggle back and forth each time there is a move or copy operation. If you move files on the same partition, the compression and security attributes are retained by the file, instead of being replaced by the settings of the new parent container.

Security 571 38. You are the network administrator of a 30,000-node multi-regional network. Many of your subordinate network administrators are now using EFS after installing Windows 2000 on all of their systems. Several users have also installed Windows 2000, and they are using EFS to store their sensitive data. Many of the network administrators on your network are administering OUs and should not have access to administer the domain, domain tree, or forest. However, the number of support requests related to EFS has increased considerably. In order to spread the workload to other administrators, you would like to allow additional people to handle EFS Recovery Agent duties. Which of the following must you do to add your colleagues as an EFS Recovery Agent?

A. your colleagues must become domain administrators B. your colleagues must have an EFS Recovery Agent Certificate C. your colleagues must log on to domain controllers D. your colleagues must be designated as EFS Recovery in the GPO E. your colleagues must become enterprise administrators

572 Chapter 7 38. You are the network administrator of a 30,000-node multi-regional network. Many of your subordinate network administrators are now using EFS after installing Windows 2000 on all of their systems. Several users have also installed Windows 2000, and they are using EFS to store their sensitive data. Many of the network administrators on your network are administering OUs and should not have access to administer the domain, domain tree, or forest. However, the number of support requests related to EFS has increased considerably. In order to spread the workload to other administrators, you would like to allow additional people to handle EFS Recovery Agent duties. Which of the following must you do to add your colleagues as an EFS Recovery Agent? A. your colleagues must become domain administrators *B. your colleagues must have an EFS Recovery Agent Certificate C. your colleagues must log on to domain controllers *D. your colleagues must be designated as EFS Recovery in the GPO E. your colleagues must become enterprise administrators Explanation: People who need to fulfill the role of EFS Recovery Agent must have an EFS Recovery Agent Certificate and they must be designated for as EFS Recovery Agents in the Group Policy (GPO). If those two conditions are met, there is no need for them to be part of the domain or enterprise administration. It also does not matter if they log on from a domain controller or not.

Security 573 39. You are the administrator for an OU named Flagstaff in the domain2.local domain. You want complete control over your GPO settings, so you have configured the Block Policy Inheritance setting on your container. You have configured your group policies as shown in the figure. You have noticed that the users on your domain are able to access the Shutdown command. Which of the following conditions must be true in order for your users to have access to the shutdown option?

A. block inheritance in set on domain2.local B. disable logoff on the start menu must be "disabled" at domain2.local C. disable logoff on the start menu must be "not configured" at domain2.local D. no override is configured on domain2.local E. remove run from start menu must be "disabled" at domain2.local

574 Chapter 7 39. You are the administrator for an OU named Flagstaff in the domain2.local domain. You want complete control over your GPO settings, so you have configured the Block Policy Inheritance setting on your container. You have configured your group policies as shown in the figure. You have noticed that the users on your domain are able to access the Shutdown command. Which of the following conditions must be true in order for your users to have access to the shutdown option? A. block inheritance in set on domain2.local *B. disable logoff on the start menu must be "disabled" at domain2.local *C. disable logoff on the start menu must be "not configured" at domain2.local D. no override is configured on domain2.local E. remove run from start menu must be "disabled" at domain2.local Explanation: No override means that a policy will be applied from a higher-level container to a lower-level container even if Block policy inheritance is configured at the lower level. If the higher-level container has specified that the "disable logoff on the start menu" option should be disabled (meaning that the users will have the shutdown option) and the no override setting is enabled, then your management of the lower-level container cannot change that setting. Not configured means that there is no preference for a setting at the higher-level container. Block inheritance at a higher-level container doesn't force any settings on lower-level containers. The "remove run from start menu" setting doesn't involve the shutdown command.

Security 575 40. The managers in your company have just completed their quarterly evaluations. These evaluations are stored in a hidden share called EVAL$ on your Windows 2000 Server named xfile1.corpx.local. You have overheard that several users are trying to break into the folder where the evaluations are kept to read their promotion test scores. This is strictly against company policy and your manager has asked you to track users that are trying to gain unauthorized access to the share. You access the shared folder and configure auditing on that folder for the Everyone group. A couple of days later your manager asks you why you haven't reported any hacker attempts on the folder. You check the Security Log of the Event View and see zero instances. Your manager attempts to log on to the folder and receives an access denied message. She then asks you why your security log doesn't show that she just tried to gain access to the folder. What else must you do?

A. enable auditing of logon events B. enable auditing of object access C. remove the $ from the share D. enable system event auditing E. enable directory service access auditing

576 Chapter 7 40. The managers in your company have just completed their quarterly evaluations. These evaluations are stored in a hidden share called EVAL$ on your Windows 2000 Server named xfile1.corpx.local. You have overheard that several users are trying to break into the folder where the evaluations are kept to read their promotion test scores. This is strictly against company policy and your manager has asked you to track users that are trying to gain unauthorized access to the share. You access the shared folder and configure auditing on that folder for the Everyone group. A couple of days later your manager asks you why you haven't reported any hacker attempts on the folder. You check the Security Log of the Event View and see zero instances. Your manager attempts to log on to the folder and receives an access denied message. She then asks you why your security log doesn't show that she just tried to gain access to the folder. What else must you do? A. enable auditing of logon events *B. enable auditing of object access C. remove the $ from the share D. enable system event auditing E. enable directory service access auditing Explanation: You must also enable Audit object access in the Audit Policy for your system. This will active the auditing that you configured on the shared folder. The $ will not affect the auditing of the file and the other options do not apply to tracking files, folders, and printers.

Security 577 41. Your company has a color laser printer that is only to be used for special projects. However, the special projects that are going on in your company changes from week to week, so you cannot narrow down which users need access to the printer. Users are expected to only use the printer for designated special projects that are controlled by your manager. Recently, your manager was walking through the halls and noticed that several people had color prints of various unauthorized photos that looked to have been printed by the company's color laser printer. She has asked you to give her a list of users that have utilized the color printer at the end of the week. Which of the following will help you create this list?

A. enable privilege use auditing B. save the log file in CSV format and export to a spreadsheet C. configure auditing on the color laser printer for the Everyone group D. enable object access auditing E. configure the log file to reset every 24 hours

578 Chapter 7 41. Your company has a color laser printer that is only to be used for special projects. However, the special projects that are going on in your company changes from week to week, so you cannot narrow down which users need access to the printer. Users are expected to only use the printer for designated special projects that are controlled by your manager. Recently, your manager was walking through the halls and noticed that several people had color prints of various unauthorized photos that looked to have been printed by the company's color laser printer. She has asked you to give her a list of users that have utilized the color printer at the end of the week. Which of the following will help you create this list? A. enable privilege use auditing *B. save the log file in CSV format and export to a spreadsheet *C. configure auditing on the color laser printer for the Everyone group *D. enable object access auditing E. configure the log file to reset every 24 hours Explanation: Printers can be audited only if object access auditing is enabled. You must also configure auditing on the printer in order to get a usage report. If you saved the log file in CSV (comma separated value) format, you could export it to a spreadsheet for your manager. If you have the log file reset every 24 hours, you will not have a week's worth of data, so that is not a good option. You do not need to enable privilege use auditing to monitor a printer.

Security 579 42. Which two methods can you use to analyze security on your Windows 2000 system?

A. The Security Configuration and Analysis Snap-in Tool in the MMC B. The Security Configuration and Analysis option in System Monitor C. The command prompt using secedit.exe D. The Active Directory Security and Configuration option in Properties

43. What is the name of the basic security template for a Windows 2000 Domain controller?

A. Basic.inf B. Basicwk.inf C. Basicsv.inf D. Basicdc.inf

580 Chapter 7 42. Which two methods can you use to analyze security on your Windows 2000 system? *A. The Security Configuration and Analysis Snap-in Tool in the MMC B. The Security Configuration and Analysis option in System Monitor *C. The command prompt using secedit.exe D. The Active Directory Security and Configuration option in Properties Explanation: You can analyze security on Windows 2000 by using the Security Configuration and Analysis Snap-in Tool in the MMC as well as using "secedit.exe" at the command prompt. Reference: Implementing Microsoft Windows 2000 Professional and Server.

43. What is the name of the basic security template for a Windows 2000 Domain controller? A. Basic.inf B. Basicwk.inf C. Basicsv.inf *D. Basicdc.inf Explanation: There are three basic security templates provided with Windows 2000. Basicwk.inf is for Windows 2000 Professional, Basicksv.inf is for Windows 2000 Server, and Basicdc.inf is for Windows 2000 Servers running as domain controllers. There are additional incremental security templates that can be combined with these basic templates to provide additional security, or you can define your own. Reference: Implementing Microsoft Windows 2000 Professional and Server.

Security 581 44. What are the four different predefined security templates provided in Windows 2000 to simplify the enabling of security for administrators?

A. Basic B. Compatible C. Power D. Secure E. High

45. What are two tools for performing security configuration and analysis in a Windows 2000 network?

A. Secure.exe B. Secedit.exe C. Active Directory Users and Computers D. Security Configuration & Analysis snap-in for MMC

582 Chapter 7 44. What are the four different predefined security templates provided in Windows 2000 to simplify the enabling of security for administrators? *A. Basic *B. Compatible C. Power *D. Secure *E. High Explanation: Rather than create a security policy "from scratch" in Windows 2000, Microsoft has provided four predefined templates from which the administrator can then add or remove setting based upon their specific circumstances to arrive at a suitable security policy. The four templates are basic, compatible, secure and high, in order of increasing levels of security. Templates do not install default security settings for Windows 2000 computers, rather, they modify the security parameters based upon the template chosen and the settings therein. Templates can be applied to individual computers when the computer is not part of the domain. For computers that are part of the domain, import the security template into a Group Policy object in Active Directory. All computers affected by the Group Policy object will then have the template applied.

45. What are two tools for performing security configuration and analysis in a Windows 2000 network? A. Secure.exe *B. Secedit.exe C. Active Directory Users and Computers *D. Security Configuration & Analysis snap-in for MMC Explanation: To configure and to perform analysis of your existing security policies, add the Security Configuration & Analysis snap-in to the MMC. You can then add templates, customize settings and perform analysis of the security in your domain. Configuration and analysis can also be done using the command-line utility Secedit.exe and switches like /analyze, /configure, /export, /refreshpoicy, /validate, and /areas.

Security 583 46. Stephanie is the administrator for a Windows 2000 network at BFQ, Inc. The company only has personnel in the facilities from 7:30 AM until 6 PM Monday through Friday. Evenings and weekends, the facility is only secured by a password-enabled alarm system. Stephanie is concerned that the alarm system password may not be secure, and so she wishes to set the intruder lockout interval to three days in the event that someone should try to "hack" into the network. Where in Windows 2000 security should Stephanie go to set the account lockout duration in the event of an intrusion attempt?

A. Account Policies B. Security Policies C. Local Policies D. System Policies E. IP Security Policies

584 Chapter 7 46. Stephanie is the administrator for a Windows 2000 network at BFQ, Inc. The company only has personnel in the facilities from 7:30 AM until 6 PM Monday through Friday. Evenings and weekends, the facility is only secured by a password-enabled alarm system. Stephanie is concerned that the alarm system password may not be secure, and so she wishes to set the intruder lockout interval to three days in the event that someone should try to "hack" into the network. Where in Windows 2000 security should Stephanie go to set the account lockout duration in the event of an intrusion attempt? *A. Account Policies B. Security Policies C. Local Policies D. System Policies E. IP Security Policies Explanation: Account Policies in Windows 2000 works much the same as it did in Windows NT 4.0, controlling password settings, intruder detection and account lockout settings, and adding control for Kerberos V5. Whether using Local Security Policy or Group Policies in Active Directory, administrators have numerous areas of control in Windows 2000. Settings in Windows 2000 security include: Account policies for password, Account lockout, and Kerberos V5; Local policies including: Auditing, user rights, etc; Public key policies to configure encrypted data recovery agents, trusted certificate authorities, etc; IP Security policies used mainly for configuring IPSec; Additional settings available in Group Policies, including event log policies to configure the settings for application, security and system log files; Restricted group policies for management of built-in groups; System services policies to configure startup and security settings for services running on the computer; Registry policies for setting security on Windows 2000 registry and finally file system policies for configuring security on specific file paths.

Security 585 47. What security setting in Windows 2000 controls auditing on the local computer?

A. System Services Policies B. Event Log Policies C. Account Policies D. Local Policies

586 Chapter 7 47. What security setting in Windows 2000 controls auditing on the local computer? A. System Services Policies B. Event Log Policies C. Account Policies *D. Local Policies Explanation: While Event Log Policies do allow control of the actual log file built during auditing, enabling auditing and specifying the various settings for auditing are all controlled through the Local Policies. Whether using Local Security Policy or Group Policies in Active Directory, administrators have numerous areas of control in Windows 2000. Settings in Windows 2000 security include account policies, for password, account lockout and Kerberos V5; Whether using Local Security Policy or Group Policies in Active Directory, administrators have numerous areas of control in Windows 2000. Settings in Windows 2000 security include: Account policies for password, Account lockout, and Kerberos V5; Local policies including: Auditing, user rights, etc; Public key policies to configure encrypted data recovery agents, trusted certificate authorities, etc; IP Security policies used mainly for configuring IPSec; Additional settings available in Group Policies, including event log policies to configure the settings for application, security and system log files; Restricted group policies for management of built-in groups; System services policies to configure startup and security settings for services running on the computer; Registry policies for setting security on Windows 2000 registry and finally file system policies for configuring security on specific file paths.

Security 587 48. You have just been hired as the administrator for the Windows 2000 network in a large regional banking firm. Your manager is concerned about security in the network. What are some of the areas of control in network security that you can convey to your manager to set his mind at ease?

A. Computer Policies B. IPSec Policies C. Account Policies D. Local Policies E. System Policies

588 Chapter 7 48. You have just been hired as the administrator for the Windows 2000 network in a large regional banking firm. Your manager is concerned about security in the network. What are some of the areas of control in network security that you can convey to your manager to set his mind at ease? A. Computer Policies *B. IPSec Policies *C. Account Policies *D. Local Policies *E. System Policies Explanation: Whether using Local Security Policy or Group Policies in Active Directory, administrators have numerous areas of control in Windows 2000. Settings in Windows 2000 security include account policies, for password, account lockout and Kerberos V5; Whether using Local Security Policy or Group Policies in Active Directory, administrators have numerous areas of control in Windows 2000. Settings in Windows 2000 security include: Account policies for password, Account lockout, and Kerberos V5; Local policies including: Auditing, user rights, etc; Public key policies to configure encrypted data recovery agents, trusted certificate authorities, etc; IP Security policies used mainly for configuring IPSec; Additional settings available in Group Policies, including event log policies to configure the settings for application, security and system log files; Restricted group policies for management of built-in groups; System services policies to configure startup and security settings for services running on the computer; Registry policies for setting security on Windows 2000 registry and finally file system policies for configuring security on specific file paths.

Security 589 49. You are the back up administrator for a company called XYZ Aircraft. Ralph, the primary administrator, is on vacation for the next week and has asked you to provide coverage in his absence. XYZ Aircraft uses a Windows 2000 Network comprised of two Windows 2000 Server Domain Controllers configured for a Domain called XYZAircraft.org. Ralph has ensured that you have the User Right to "Manage auditing and security" on the Windows 2000 Server Domain Controllers and for the "Users" container. Also, Ralph has enabled "Account Object Access" to include both "Audit successful attempts" and "Audit failed attempts" to the users container. Over the next week, Ralph has assigned you the responsibility to monitor the security logs for success and failures of the "Read All Properties" permission to user objects in the Active Directory database. On the first day, even though users are logging onto the Windows 2000 Network and accessing resources successfully, you do not observe any "Read All Properties" success messages in Event Viewer. In the "Auditing Entry for Users" dialog box, which entries should you select for auditing?

A. List Contents Failed B. Read All Properties Failed C. List Contents Successful D. Read All Properties Successful

590 Chapter 7 49. You are the back up administrator for a company called XYZ Aircraft. Ralph, the primary administrator, is on vacation for the next week and has asked you to provide coverage in his absence. XYZ Aircraft uses a Windows 2000 Network comprised of two Windows 2000 Server Domain Controllers configured for a Domain called XYZAircraft.org. Ralph has ensured that you have the User Right to "Manage auditing and security" on the Windows 2000 Server Domain Controllers and for the "Users" container. Also, Ralph has enabled "Account Object Access" to include both "Audit successful attempts" and "Audit failed attempts" to the users container. Over the next week, Ralph has assigned you the responsibility to monitor the security logs for success and failures of the "Read All Properties" permission to user objects in the Active Directory database. On the first day, even though users are logging onto the Windows 2000 Network and accessing resources successfully, you do not observe any "Read All Properties" success messages in Event Viewer. In the "Auditing Entry for Users" dialog box, which entries should you select for auditing? A. List Contents Failed *B. Read All Properties Failed C. List Contents Successful *D. Read All Properties Successful Explanation: Read Permissions Successful/Failed does not refer to a user viewing/reading their user account properties, but rather the permissions they and other users have to the users object. List Contents was not part of the auditing instructions from Ralph.

Security 591 50. ABC Company has over 250 remote users who gain access to both public and private company information via the Internet. As the IT Security Specialist for ABC Company, you are concerned that the number of remote users is creating unacceptable security risks to the ABC Company's networks. Your plans are to provide secure remote access to network resources while minimizing the costs of implementation. You decide to implement Virtual Private Network connections on all laptops using the L2TP protocol. What is the benefit(s) of implementing the L2TP protocol?

A. You can solely focus your efforts on IP Internetwork communications. B. You do not have to worry about L2TP protocol support on the part of your Internet Service Provider. C. L2TP VPNs will allow your remote users to securely gain access to network resource across the Internet, regardless of those resources being "served up" on TCP/IP, IPX/SPX, or NetBEUI machines. D. You are able to ensure data integrity through the use of IP Security encryption and MPPE encryption.

592 Chapter 7 50. ABC Company has over 250 remote users who gain access to both public and private company information via the Internet. As the IT Security Specialist for ABC Company, you are concerned that the number of remote users is creating unacceptable security risks to the ABC Company's networks. Your plans are to provide secure remote access to network resources while minimizing the costs of implementation. You decide to implement Virtual Private Network connections on all laptops using the L2TP protocol. What is the benefit(s) of implementing the L2TP protocol? A. You can solely focus your efforts on IP Internetwork communications. *B. You do not have to worry about L2TP protocol support on the part of your Internet Service Provider. *C. L2TP VPNs will allow your remote users to securely gain access to network resource across the Internet, regardless of those resources being "served up" on TCP/IP, IPX/SPX, or NetBEUI machines. D. You are able to ensure data integrity through the use of IP Security encryption and MPPE encryption. Explanation: One of the benefits of using L2TP is that it works over the standard TCP/IP protocol, thus you do not have to worry about ISP support. Another benefit is that L2TP can include other protocols in the TCP/IP tunnel packet and you are not just limited to TCP/IP data being sent and received.

Security 593

Notes:

594 Chapter 7 51. You are the Active Directory Administrator for a company named XYZ Consulting. The company network has been configured with one Windows 2000 Server Domain Controller, named SOHOServer that will maintain all user, group, and computer accounts. The Domain name is Australia.com. There are 25 Windows 2000 Professional workstations in this Domain that are used by XYZ Consulting company's employees for network access to shared resources on SOHOServer. To ensure that you are the only user with Full Control to all objects in the Active Directory database, you to decide implement an audit policy to monitor the success or failure of using this Active Directory permission. Using the MMC-Active Directory Users and Computers for the Australia.com Domain, you modify the Default Domain Policy by editing its properties. Specifically, you navigate to the Group Policy tab in the Australia.com properties dialog box, modify the property "Computer Configuration\Windows Settings\Local Policies\Audit Policy\Audit Account Management," and clear the "Exclude this setting from configuration" checkbox. You also select the "Audit successful attempts" and "Audit failed attempts" checkbox. Three days later, you are reviewing the Security Log using Event Viewer and observe success and failures messages for Modify, Write, and Read Permissions for all users. However, there are no success or failure messages for any of the changes you have made to the Active Directory Service Database with Full Control permissions.

Security 595 What is the reason for these results? Select all correct answers.

A. The security log default filter settings do not display any Success of Failure Audit messages. B. The default auditing permissions for the user account Active Directory container does not have Full Control "Successful" or "Failed" selected for inclusion in the auditing policy. C. The Default Domain Controllers Policy does not allow the auditing of successes and failures. D. The Default Domain Policy, User Rights settings do not grant the administrators the "Manage auditing and security log" right.

596 Chapter 7 51. You are the Active Directory Administrator for a company named XYZ Consulting. The company network has been configured with one Windows 2000 Server Domain Controller, named SOHOServer that will maintain all user, group, and computer accounts. The Domain name is Australia.com. There are 25 Windows 2000 Professional workstations in this Domain that are used by XYZ Consulting company's employees for network access to shared resources on SOHOServer. To ensure that you are the only user with Full Control to all objects in the Active Directory database, you to decide implement an audit policy to monitor the success or failure of using this Active Directory permission. Using the MMC-Active Directory Users and Computers for the Australia.com Domain, you modify the Default Domain Policy by editing its properties. Specifically, you navigate to the Group Policy tab in the Australia.com properties dialog box, modify the property "Computer Configuration\Windows Settings\Local Policies\Audit Policy\Audit Account Management," and clear the "Exclude this setting from configuration" checkbox. You also select the "Audit successful attempts" and "Audit failed attempts" checkbox. Three days later, you are reviewing the Security Log using Event Viewer and observe success and failures messages for Modify, Write, and Read Permissions for all users. However, there are no success or failure messages for any of the changes you have made to the Active Directory Service Database with Full Control permissions.

Security 597 What is the reason for these results? Select all correct answers. A. The security log default filter settings do not display any Success of Failure Audit messages. *B. The default auditing permissions for the user account Active Directory container does not have Full Control "Successful" or "Failed" selected for inclusion in the auditing policy. *C. The Default Domain Controllers Policy does not allow the auditing of successes and failures. D. The Default Domain Policy, User Rights settings do not grant the administrators the "Manage auditing and security log" right. Explanation: "The Default Domain Controllers Policy does not allow the auditing of successes and failures." is correct, because the Default Domain Controllers Policy has the "Exclude this setting from configuration", "Audit successful attempts," and "Audit failed attempts" checkbox cleared by default. Windows 2000 will process both the Default Domain Policy and Default Domain Controllers Policy and determine that neither success or failure audits will be tracked on the SOHOServer Windows 2000 Server Domain Controller. This is because the GPO setting closest to the Domain Controller Object will be enforced by default, and overrides any previous settings. "The default auditing permissions for the user account Active Directory container does not have Full Control "Successful" or "Failed" selected for inclusion in the auditing policy." is also correct because, by default, the group everyone is selected for inclusion in the auditing policy. However, Full Control is not one of the default permissions tracked by the auditing policy established via the Default Domain Policy and Default Domain Controllers Policy.

598 Other Microsoft Books

Other Microsoft Certification books by TotalRecall Publications ExamWise For MCP / MCSE Certification: Exam 70-210 Managing Microsoft Windows 2000 Professional ExamWise For MCP / MCSE Certification: Exam 70-216 Implementing and Administering a Microsoft Windows 2000 Network Infrastructure ExamWise For MCP / MCSE Certification: Exam 70-217 Managing a Microsoft Directory Services Infrastructure ExamWise For MCP / MCSE Certification: Exam 70-218 Managing a Microsoft Windows 2000 Network Environment ExamWise For MCP / MCSE Certification: Exam 70-219 Designing a Windows 2000 Directory Services Infrastructure ExamWise For MCP / MCSE Certification: Exam 70-220 Designing Security for a Microsoft Windows 2000 Network ExamWise For MCP / MCSE Certification: Exam 70-221 Designing a Microsoft Windows 2000 Network Infrastructure ExamWise For MCP / MCSE Certification: Exam 70-227 Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition ExamWise For MCP / MCSE Certification: Microsoft Windows XP Professional

Exam 70-270

Money Back Book Guarantee 599

Money Back Book Guarantee This guarantee applies only to books published by TotalRecallPress.com! We are so confident in our products, we are prepared to offer the following guarantee to YOU our valued customer: If you do not pass your certification exam after two attempts, we will give money back! Visit www.TotalRecallPress.com Select “Money Back Book Guarantee” for details. Registered book purchasers will receive 1. Receive a 50% cash refund of purchase price OR 2. Receive a free TotalRecallPress.com book of less or equal value. To qualify for this TotalRecallPress Guarantee you must meet these requirements and perform the following tasks: 1. Register your purchase at www.TotalRecallPress.com web site before taking the Real Exam. 2. Fail the corresponding exam twice ( No time Limit ) 3. Contact TotalRecall for the RMA # and to claim this guarantee 4. Send a notification email to [email protected] 5. Subject must contain your Membership # or Registration # Ship the following to claim your refund. • 1. RMA # from returned email • 2. Documents of exam scores (Copy) for both failed attempts • 3. Return the Book to the following address

TotalRecall Publications Attn: Corby Tate 1103 Middlecreek Friendswood, TX 77546 888-992-3131 [email protected] 281-992-3131 http://www.BFQOnline.com 281-482-5390 Fax

http://www.bfq.com

It's a Passing day here at the BeachFront. Thank you for using the TotalRecallPress.com Success Program. Bruce Moran President

70-215 CD-ROM Instructions

70-215 CD-ROM Instructions BeachFrontQuizzer Inc. (BFQ) version 4.0 With the purchase of this book you qualify for a Free 30 DAY Beachfront Quizzer, Inc. Online Practice exam Visit www.TotalRecallPress.com for details. Register your book purchase at www.TotalRecallPress.com Your Registration Code is: = EW-03215-2000 System Requirements: Internet connection:

Call: 281-992-3131

Good Luck with your certification! Your Book Registration Number is EW-03215-2000 You cannot go wrong with this book because it is GUARANTEED: See details at www.TotalRecallPress.com