Question 1

0 out of 1 points  

How many processors does the 64-bit version of Windows Server 2003 Datacenter Edition support?

Selected Answer:    64

Correct Answer:    32

Feedback: The 64-bit version of Windows Server 2003 Datacenter Edition supports up to 64 processors. (Discussion starts on page 7.)

   Question 2

1 out of 1 points  

Which of the following is not an edition of Windows Server 2003?

Selected Answer:    Corporate

Correct Answer:    Corporate

Feedback: Windows Server 2003 is available in Standard, Enterprise, Datacenter, and Web editions. It is not available in a Corporate edition. (Discussion starts on page 4.)

   Question 3

1 out of 1 points  

What is the maximum amount of RAM supported by the 32-bit version of Windows Server 2003 Datacenter Edition?

Selected Answer:    64 GB

Correct Answer:    64 GB

Feedback: The 32-bit version of Windows Server 2003 Datacenter Edition supports 64 GB of RAM. (Discussion starts on page 7.)

   Question 4

1 out of 1 points  

Which of the following is not an organizational element of Active Directory?

Selected Answer:    Branch

Correct Answer:    Branch

Feedback: A branch is not an organizational element of Active Directory. Trees, organizational units, and domains are all organizational elements of Active Directory. (Discussion starts on page 27.)

   Question 5

1 out of 1 points  

True or False: Before you create a domain controller, a DNS server must be available on the network.

Selected Answer:  False

Correct Answer:  False

Feedback: A DNS server is required to complete the installation of a domain controller, but it need not be present before the installation is started. If, during the installation process, Windows Server 2003 does not find a DNS server, you will be prompted to install DNS on the system. (Discussion starts on page 20.)

   Question 6

1 out of 1 points  

Why is it common practice to implement more than one domain controller per domain?

Selected Answer:    To provide fault tolerance

Correct Answer:    To provide fault tolerance

Feedback: One reason to implement more than one domain controller per domain is to provide fault tolerance. When more than one domain controller is used per domain, each still holds a complete copy of the Active Directory database. The domain database is not split up. The use of multiple administrators is not related to how many domain controllers are in use. When more than one domain controller is used per domain, each still holds a complete copy of the Active Directory database. Therefore, using multiple controllers will not reduce the number of objects stored in the database on each domain controller. (Discussion starts on page 28.)

   Question 7

1 out of 1 points  

You are installing an application that requires the Active Directory schema to be extended. The application itself does not extend the schema, but the documentation included with the application specifies that each user account must have a property for the personal employer ID code. What steps would you take to achieve this?

Selected Answer:

   Using the Active Directory Schema snap-in, add an attribute to the user account property for Employer ID Code.

Correct Answer:

   Using the Active Directory Schema snap-in, add an attribute to the user account property for Employer ID Code.

Feedback: To provide an additional property for a user account, you would use the Active Directory Schema snap-in to add an attribute to the user account property. You would not create a new object calledEmployer ID Code–it is a new property that is required. (Discussion starts on page 30.)

   Question 8

1 out of 1 points  

You are setting up a new server to provide file and print services for the corporate accounting department of your company. The accounting department has 78 users and four printers. The server assigned to the accounting department is an eight-processor system with 2 GB of RAM. The server used to be a corporate database server, but a recent upgrade has made the system available. What edition of Windows Server 2003 are you most likely to install on the server?

Selected Answer:    Enterprise

Correct Answer:    Enterprise

Feedback: Windows Server 2003 Enterprise Edition supports up to eight processors. Windows Server 2003 Web Edition supports only 10 inbound SMB connections, making it unsuitable for supporting the file and print requirements of 78 users. Additionally, the Web Edition supports only up to two processors. Windows Server 2002 Datacenter Edition can be purchased only preinstalled on qualified hardware. Windows Server 2003 Standard Edition supports only up to four processors. (Discussion starts on page 4.)

   Question 9

1 out of 1 points  

Which of the following is a disadvantage of using answer files to automate the installation of Windows Server 2003 on multiple systems?

Selected Answer:

   Certain parameters in the file must be changed for each installation.

Correct Answer:    Certain parameters in the file must be changed for each installation.

Feedback: The main drawback of using answer files for a mass operating system deployment is that each computer requires its own file. This is because some of the settings supplied during the installation must be unique, such as the computer name and IP address. There are no restrictions on how many copies of the answer file can be used at once. Answer files can be used with any edition of Windows Server 2003. Answer files do not need to have RIS installed and available on the network in order to work. (Discussion starts on page 9.)

   Question 10

1 out of 1 points  

Which of the following statements about Windows Server 2003 Web Edition is true?

Selected Answer:

   The standard Client Access License (CAL) model does not apply to computers running the Web Edition.

Correct Answer:

   The standard Client Access License (CAL) model does not apply to computers running the Web Edition.

Feedback: The standard CAL model does not apply to computers running the Web Edition. The operating system supports an unlimited number of Web connections, but it is limited to 10 simultaneous Server Message Block (SMB) connections. A computer running the Web Edition can be a member of an Active Directory domain, but it cannot function as a domain controller. The ICF and ICS features are not included with the Web Edition, preventing the computer from functioning as an Internet gateway. A computer running the Web Edition cannot function as a DHCP server. (Discussion starts on page 5.)

   Question 11

1 out of 1 points  

You have assigned a junior member of your team the task of producing a specification for upgrading a mission-critical server from Windows 2000 to Windows Server 2003. No additional budget is available for server hardware, so one major consideration is that you cannot upgrade hardware. The existing server is a four-processor system with 64 GB of RAM and fault-tolerant storage and network

subsystems. The junior team member has reviewed the technical specs and requirements and has suggested that the most appropriate choice for the server is Windows Server 2003 Datacenter Edition. What issues, if any, can you see with this proposal?

Selected Answer:

   The Datacenter Edition is available only preinstalled on OEM equipment. It cannot be purchased separately.

Correct Answer:

   The Datacenter Edition is available only preinstalled on OEM equipment. It cannot be purchased separately.

Feedback: The Datacenter Edition can be purchased only preinstalled on a system. Therefore, an existing system cannot be upgraded to the Datacenter Edition. The Datacenter Edition supports 64 GB of RAM in the 32-bit version and 512 GB of RAM in the 64-bit version. The Datacenter Edition supports up to 64-way symmetric multiprocessing (SMP) in the 64-bit version and 32-way SMP in the 32-bit version. It cannot be installed on a system incapable of at least eight processors. (Discussion starts on page 7.)

   Question 12

1 out of 1 points  

You have been asked to recommend a server for a small programming team that develops enterprise-level data warehousing applications. The team sometimes uses testing processes that can diminish network performance, so it will be placed on a separate network from the rest of the organization.To create an environment similar to the one in which the applications they develop will be used, you intend to purchase a four-processor Intel Itanium system with 32 GB of RAM for their exclusive use. Aside from the operating system, you want to avoid purchasing any additional software. They will need automatic IP address allocation, secure Internet access, and remote administration capabilities. Which of the following solutions would you recommend?

Selected Answer:

   Buy a system with Windows Server 2003 Enterprise Edition and enable ICF, ICS, DHCP, and Terminal Services.

Correct Answer:

   Buy a system with Windows Server 2003 Enterprise Edition and enable ICF, ICS, DHCP, and Terminal Services.

Feedback: Windows Server 2003 Enterprise Edition provides support for 64-bit Intel Itanium processors, ICF, ICS, and DHCP. It also supports Terminal Services, which provides the required remote administration functionality. Windows Server 2003 Datacenter Edition does not support ICF or ICS. Windows Server 2003 Standard Edition is not available in a 64-bit version. Windows Server 2003 Web Edition does not support 64-bit hardware or the ICF or ICS. It also does not support any more than 2 GB RAM. (Discussion starts on page 7.)

   Question 13

1 out of 1 points  

You are the systems administrator for a college with more than 700 students on a single campus. You have two servers, one running Windows Server 2003 Enterprise Edition and the other running the Standard Edition. The college has two libraries, one for business students and another for arts students. Both libraries run a client management application from the Enterprise Edition server over Terminal Services. The library manager for the arts library calls to tell you that he is experiencing performance problems with the client management application. You call the manager of the business library, who tells you that she has been running a client inventory program for over an hour and has had no performance problems.

Upon investigation, you determine that when the business library manager is running the inventory program, the performance of the arts library application is affected. Which of the following tools would you use to manage this issue?

Selected Answer:    WSRM

Correct Answer:    WSRM

Feedback: The Windows System Resource Manager (WSRM) can be used to restrict the amount of system resources that can be used by a Terminal Server user at any one time. Microsoft Metadirectory Services (MMS) is a means of integrating multiple information sources into a single, unified directory. MMS makes it possible to combine Active Directory information with other directory services and to create a unified view of all available information about a given resource. The Internet Connection Firewall (ICF) provides protection for Internet connections. Network Load Balancing (NLB) allows network traffic to be distributed among multiple network interfaces in a single system. (Discussion starts on page 7.)

   Question 14

1 out of 1 points  

You are the network administrator for a customs brokerage in Columbus, Ohio. You have been asked to recommend a server operating system to support your company's new intranet site. The server assigned for the purpose is a dual-processor system with 512 MB of RAM. In addition to providing support for the intranet site, the server will also act as a departmental server for the 17-person Web development team. Which of the following editions of Windows Server 2003 are you most likely to recommend?

Selected Answer:    Standard Edition

Correct Answer:    Standard Edition

Feedback: The best solution is most likely the Standard Edition because it includes the functionality of Microsoft Internet Information Services (IIS) 6, it supports the available hardware, and it can provide file and print services for the 17 members of the Web development team. Although the Web Edition might seem like the most obvious choice in this situation, there is an issue with the fact that the 17-person development team also needs to access the server. The Web Edition accommodates only 10 inbound connections for the purposes of file access, so it would not be suitable. There is no Corporate Edition of Windows Server 2003. While the Enterprise Edition would meet the needs for your intranet, your needs do not justify its purchase over the Standard Edition. (Discussion starts on page 5.)

 Question 1

1 out of 1 points  

What TCP/IP port number is used by Terminal Services?

Selected Answer:    3389

Correct Answer:    3389

Feedback: Terminal Services uses TCP/IP port 3389. TCP/IP port 110 is used by the POP3 protocol. TCP/IP port 80 is used by the HTTP protocol.

TCP/IP port 1863 is used by Windows Messenger. (Discussion starts on page 54.)

   Question 2

1 out of 1 points  

By default, members of which groups are assigned remote access permission?

Selected Answer:    Administrators

Correct Answer:    Administrators

Feedback: By default, only members of the Administrators group are granted remote access permission. (Discussion starts on page 47.)

   Question 3

1 out of 1 points  

Which of the following folders would you share out to make the Remote Desktop Connection client software available to users?

Selected Answer:    Systemroot\System32\Clients\Tsclient\Win32

Correct Answer:    Systemroot\System32\Clients\Tsclient\Win32

Feedback: Windows Server 2003 includes the Remote Desktop Connection files on the installation CD and also copies them to the Systemroot\System32\Clients\Tsclient\Win32 folder. It must be shared out to make the files in this folder available to users. (Discussion starts on page 51.)

   Question 4

1 out of 1 points  

You are the network administrator for a large finance house. You have a user who wants to create an invitation for you to provide him with Remote Assistance. Which of the following is the best way for the user to supply you with the invitation and the password for the invitation?

Selected Answer:

   E-mail the invitation to you as an attachment, and then call you with the password.

Correct Answer:

   E-mail the invitation to you as an attachment, and then call you with the password.

Feedback: Although there are no specific rules about the communication of invitations and corresponding passwords, best practice dictates that you instruct users to supply the expert with the password using a different medium from the one they are using to send the invitation. (Discussion starts on page 55.)

   Question 5

1 out of 1 points  

You are the senior network administrator for an insurance company in Lincoln, NE. You want to create some customized MMC consoles for a junior administrator who has recently joined the company. You want to prevent him from opening new windows or accessing a portion of the console tree, and you want to allow him to view only one window in the console. Which of the following modes would you configure for the custom MMC console?

Selected Answer:    User Mode: Limited Access, Single Window

Correct Answer:    User Mode: Limited Access, Single Window

Feedback: User Mode: Limited Access, Single Window prevents users from opening new windows or accessing a portion of the console tree, and it allows them to view only one window in the console. User Mode: Limited Access, Multiple Windows prevents users from opening new windows or accessing a portion of the console tree, but it allows them to view multiple windows in the console. There is no console mode called User Mode: Limited Access, Single Window, No Open. There is also no console mode called User Mode: Full Access, Single Window. (Discussion starts on page 44.)

   Question 6

1 out of 1 points  

Under what circumstances can you use Remote Assistance to connect to an unattended computer?

Selected Answer:

   You cannot connect to an unattended computer using Remote Assistance.

Correct Answer:

   You cannot connect to an unattended computer using Remote Assistance.

Feedback: For a Remote Assistance session to be started, a user must be present at the client console to grant the expert access. You cannot use Remote Assistance to connect to an unattended computer.The answer “If you are logged in as an administrator” is incorrect. Being logged in as administrator does not allow you to open a Remote Assistance session on an unattended computer.The answer “If the password to the administrator account on the unattended computer is the same as the administrator account on your system” is also incorrect. Password synchronization between systems is not a requirement of Remote Assistance.The answer “If you have a valid invitation issued from that computer” is incorrect because a valid invitation is required to connect to a remote computer. If the computer is unattended, a Remote Assistance session cannot be started. (Discussion starts on page 57.)

   Question 7

1 out of 1 points  

On a computer running Windows Server 2003, which of the following procedures would you follow to issue an invitation for Remote Assistance?

Selected Answer:

   Select Help And Support from the Start menu to open the Help And Support Center window, and then click the Remote Assistance hyperlink

Correct Answer:

   Select Help And Support from the Start menu to open the Help And Support Center window, and then click the Remote Assistance hyperlink

Feedback: To issue an invitation for Remote Assistance, you would Select Help And Support from the Start menu to open the Help And Support Center window and then click the Remote Assistance hyperlink.The answer “Select Help And Support from the Start Menu to open the Help And Support Center window, click the Get Help hyperlink, and

then select Remote Assistance” is incorrect. There is no Get Help hyperlink in the Help And Support Center window. Help And Support Center is not found in Control Panel. (Discussion starts on page 55.)

   Question 8

1 out of 1 points  

You are the network administrator for a property management firm with its head office in Boulder, CO. The company has 16 offices across the United States. Each site has a Windows Server 2003 system and 4 to 16 Windows XP Professional client computers. Each site is linked via an ISDN line, and even though this creates a private WAN, you are implementing firewalls at each location to provide security. You are designing the specifications for the firewall, and you decide to provide Remote Assistance to users on the remote sites. You also decide to allow users to send invitations for Remote Assistance to the technical support department in Boulder over Windows Messenger. How would you configure the firewall to accommodate this configuration?

Selected Answer:    Open ports 3389 and 1863

Correct Answer:    Open ports 3389 and 1863

Feedback: You must have port 3389 open on the firewall to provide remote desktop functionality. Port 1863 must be open on the firewall for invitations to be sent via Windows Messenger. Opening ports 2289 and 1863 would allow Windows Messenger traffic to pass through the firewall, but Remote Assistance traffic would not be allowed through. Opening ports 2058 and 1863 would allow Windows Messenger traffic to pass through the firewall, but Remote Assistance traffic would not be allowed through. Opening ports 3389 and 2058 would allow Terminal Services traffic through the firewall but would not allow Windows Messenger traffic through. (Discussion starts on page 57.)

  Question 1

1 out of 1 points  

Which of the Windows Server 2003 event logs contains information about events generated by components such as services and device drivers?

Selected Answer:    System

Correct Answer:    System

Feedback: The System log contains information about events generated by Windows Server 2003 components such as services and device drivers. The answer "Security" is incorrect. The Security log contains information about security-related events, such as failed logons, attempts to access protected resources, such as shares and file system elements, and success or failure of audited events. The answer "Devices" is incorrect. There is no Devices log in Windows Server 2003. The answer "Application" is also incorrect. The Application log contains information about specific programs running on the computer, as determined by the application developer. (Discussion starts on page 66.)

   Question 1 out of 1 points  

2

Which of the following methods can be used to start the Task Manager?

Selected Answer:    Pressing Ctrl+Alt+Del

Correct Answer:    Pressing Ctrl+Alt+Del

Feedback: Task Manager can be started by pressing Ctrl+Alt+Del and clicking Task Manager. None of the other answers are ways by which you can start Task Manager. (Discussion starts on page 71.)

   Question 3

1 out of 1 points  

What does the Server: Bytes Total/Sec Performance console counter reflect?

Selected Answer:

   The amount of data sent and received by the server over all of its network interfaces

Correct Answer:

   The amount of data sent and received by the server over all of its network interfaces

Feedback: The Server: Bytes Total/Sec Performance console counter reflects the amount of data sent and received by the server over all of its network interfaces. The answer "The amount of data that is being written to the page file every second" is incorrect. The amount of data that is being written to the page file per second is reflected by the Memory: Pages/Sec counter. The answer "The amount of data that is being processed by the server service each second" is incorrect. There is no counter that specifically reflects the amount of data being processed by the server service each second. The answer "The amount of data being written to disk each second" is incorrect. The amount of data being written to disk each second is reflected by the PhysicalDisk: Disk Bytes/sec counter. (Discussion starts on page 85.)

   Question 4

1 out of 1 points  

In a default configuration, members of which group(s) are permitted to view entries in the Security log?

Selected Answer:    Administrators

Correct Answer:    Administrators

Feedback: By default, only members of the Administrators group are allowed to view the Security log. All of the other answers are incorrect. (Discussion starts on page 66.)

   Question 5

1 out of 1 points  

In Task Manager, what tab allows you to view which of the current user's processes are running on the computer?

Selected Answer:    Processes

Correct Answer:    Processes

Feedback: The Processes tab lists all of the current user's processes running on the computer. The answer "Users" is incorrect. The Users tab lists all of the users who are currently logged on to the computer. The answer "Performance" is incorrect. The Performance tab displays a real-time view of the computer's processor and memory utilization. The answer "Applications" is incorrect. The Applications tab shows the status of the user-level programs currently running on the computer. (Discussion starts on page 73.)

   Question 6

1 out of 1 points  

If you have configured an event log retention setting of Do Not Overwrite Events (Clear Log Manually), what happens when the maximum log file size is reached?

Selected Answer:    Events are no longer written to the file.

Correct Answer:    Events are no longer written to the file.

Feedback: If an event log retention setting is configured for Do Not Overwrite Events (Clear Log Manually), when the maximum file size is reached events will no longer be written to the file. The answer "A new file is created with an EV1 extension" is incorrect. There is only ever one log file per event log. The answer "The original file is copied to a BK1 file and a new log file is started" is incorrect. There is only ever one log file per event log. The answer "Events continue to be written to the file but an alert is sent to the administrator prompting him or her to clear the log manually" is incorrect. The Event Viewer does not send alerts to the administrator when the log file is full. (Discussion starts on page 68.)

   Question 7

1 out of 1 points  

You are concerned that an unauthorized person has been logging into the system with a username and password from another user, but when you check the Security log in Event Viewer there are no events of any type recorded. What could be the cause of this problem?

Selected Answer:    Auditing has not been enabled.

Correct Answer:    Auditing has not been enabled.

Feedback: For events to be logged into the Security log, auditing must be enabled on the system. The answer "The Security log file is full" is incorrect. If the Security log file is full, it can still be viewed. The answer "Only failed logon attempts are recorded in the Security log" is incorrect. Both success and failure events can be written to the Security log file. The answer "The system is not a domain controller and so logon and logoff events are not recorded" is incorrect. The status of the server as a domain controller does not affect the ability to record logon security events. (Discussion starts on page 66.)

   Question 8

1 out of 1 points  

You are reconfiguring a SQL Server database application on a member server. The reconfigurations seem to go smoothly, but after you have finished, a user calls you to report that they are having an issue accessing certain records in the database. In which of the following places are you most likely to look for events related to this problem?

Selected Answer:    In the Application log of Event Viewer

Correct Answer:    In the Application log of Event Viewer

Feedback: Applications such as SQL Server write events to the Application log. The answer "In the System log of Event Viewer" is incorrect. The System log contains information about events generated by Windows Server 2003 components, such as services and device drivers. It would not contain events created by an application such as SQL Server. The answer "In the Database log of Event Viewer" is incorrect. Event Viewer does not have a Database log. The answer "In the Security log of Event Viewer" is incorrect. The Security log contains information about security-related events, such as failed logons, attempts to access protected resources, such as shares and file system elements, and success or failure of audited events. (Discussion starts on page 66.)

   Question 9

1 out of 1 points  

In Event Viewer, you are configuring a filter that will display events that describe the successful operation of an application, driver, or service, and events that relate to significant problems, such as loss of data or loss of functionality. Which of the following events would you include in the filter?

Selected Answer:    Error, Information

Correct Answer:    Error, Information

Feedback: Error events represent a significant problem, such as loss of data or loss of functionality. Information events describe the successful operation of an application, driver, or service. None of the other answers are correct. (Discussion starts on page 67.)

   Question 10

1 out of 1 points  

You are troubleshooting a problem with a Windows Server 2003 system whereby users cannot connect to the server. The server itself appears to be running, but you notice that there is no link light on the port of the hub into which the server is connected. As a result, you suspect that the network card in the server may have failed. Where would you look to see events related to the network card?

Selected Answer:    The System log of Event Viewer

Correct Answer:    The System log of Event Viewer

Feedback: The system log contains information about events generated by Windows Server 2003 components, such as services and device

drivers. In this case, if the network card driver failed to load because the card had failed, the failure of the driver to load during system startup would be recorded in the System log. The answer "The Network log of Event Viewer" is incorrect. There is no Network log for Event Viewer on Windows Server 2003. The answers "The Application log of Event Viewer" and "The Security log of Event Viewer" are incorrect. Events related to the network card would not be recorded in the Application log or Security log of Event Viewer. (Discussion starts on page 66.)

   Question 11

1 out of 1 points  

You are working on a Windows Server 2003 system that has just been installed by another administrator. The administrator completed the installation but did not make any configuration changes following the installation. While checking the maximum log sizes in Event Viewer, you notice that the maximum size of the Security log is 16 MB. What does this tell you about the system?

Selected Answer:    That the system is not a domain controller

Correct Answer:    That the system is not a domain controller

Feedback: The default maximum file size for a Security log on a Windows Server 2003 computer that is not a domain controller is 16 MB. The answer "That Auditing has been enabled" is incorrect. The status of auditing on the server does not affect the default size of the Security log file. The answer "That the system is running either the DNS or DHCP service" is incorrect. Whether DHCP or DNS is running on the server does not influence the maximum size of the Security log file. The answer "That the system is a domain controller" is incorrect. On a server that is a domain controller, the size of the Security log is 128 MB. (Discussion starts on page 68.)

   Question 12

1 out of 1 points  

You have configured the Security log so that it must be cleared manually. One day, while reviewing the log prior to archiving, you notice that there were a large number of unsuccessful object accesses the previous night. You decide to save the file so that it can be examined in Event Viewer by another administrator. Which of the following file type(s) would you save the file as?

Selected Answer:    .evt

Correct Answer:    .evt

Feedback: The only file format that is recognized for viewing files in Event Viewer is .evt. The answer ".evt, .txt" is incorrect. Although Event Viewer can export files in a .txt format, these files then cannot be viewed in Event Viewer. The answer ".evt, .txt, .csv" is incorrect. Although Event Viewer can export files in a .txt or .csv format, these files then cannot be viewed in Event Viewer. The answer ".evt, .csv" is incorrect. Although Event Viewer can export files in a .csv format, these files then cannot be viewed in Event Viewer. (Discussion starts on page 71.)

   Question 13

1 out of 1 points  

You are the network administrator for a car dealership in Lexington, KY. You have a single Windows Server 2003 system that is a domain controller, a DHCP and DNS server, a file and print server, and the company e-mail server. The server also hosts the company dealership database and sales and parts order processing system. Early one morning, a user calls to report that the server appears to be running very slowly. Using System Monitor, you examine some of the performance counters for the server and make the following observations:Server Work Queues: Queue Length = 9Memory: Page Faults/Sec = 3PhysicalDisk: % Disk Time = 45Network Interface: Output Queue Length = 1Which of the following system components are you most likely to examine for a problem?

Selected Answer:    Processor

Correct Answer:    Processor

Feedback: The Server Work Queues: Queue Length counter specifies the number of requests waiting to use a particular processor. This value should be as low as possible, with values less than 4 being acceptable. If the value is too high, upgrade the processor or add another processor. The answer "Memory" is incorrect. The Memory: Page Faults/Sec counter specifies the number of times per second that the code or data needed for processing is not found in memory. This value should be as low as possible, with values below 5 being acceptable. The answer Network Interfaces is incorrect. The Network Interface: Output Queue Length counter specifies the number of packets waiting to be transmitted by the network interface adapter. This value should be as low as possible, and preferably 0, although values of 2 or less are acceptable. The answer "Hard Disk" is incorrect. PhysicalDisk: % Disk Time counter specifies the percentage of time that the disk drive is busy. This value should be as low as possible, with values less than 50 percent being acceptable. (Discussion starts on page 81.)

   Question 14

1 out of 1 points  

You are the network administrator for a publishing company in Portland, OR. The network is comprised of 4 Windows Server 2003 systems and 122 workstation systems, which are a mix of Windows XP Professional and Windows 2000 Professional systems. One morning, a user calls to report that the server seems very slow. No changes to the server configuration have been made recently, but the user reports that they are performing a daily database re-index. Upon inspection, you notice that the PhysicalDisk: % Disk Time counter is 92 percent. Which of the following would you do next?

Selected Answer:    Examine memory-related counters.

Correct Answer:    Examine memory-related counters.

Feedback: Before replacing disks or upgrading the disk subsystem, you should

first determine whether a lack of memory is causing the operating system to access the disk too frequently. The answer "Install a larger hard disk" is incorrect. Installing a larger hard disk would likely not improve the situation. The PhysicalDisk: % Disk Time counter relates to how much time the disk is in use, rather than the amount of data that is stored on the disk. The answer "Install a faster hard disk" is incorrect. Installing a faster hard disk may alleviate the problem, but you would first determine why the PhysicalDisk: % Disk Time counter is so high. The answer "Replace standalone drives with a RAID array" is incorrect. Installing a RAID array may alleviate the problem, but you would first determine why the PhysicalDisk: % Disk Time counter is so high. (Discussion starts on page 81.)

   Question 15

1 out of 1 points  

You are one of three network administrators for a chain of garden centers, with 16 locations across the southwestern United States. All three administrators are based at the head office in Scottsdale, AZ. Each garden center has its own Windows Server 2003 system. The servers are all configured identically, and host the same point-of-sale application. The servers are all linked back to the head office by a high speed T-1 WAN link. One morning, you get a call from a user in one of the garden centers complaining that the point-of-sale application is running very slowly. You meet with the other administrators to determine a strategy for identifying the issue with the server. One of the other administrators in the team suggests that you can use Task Manager to view the performance statistics for the systems, while another suggests that System Monitor would be a better choice. In this scenario, which of the following is a reason why Task Manager might not work as well as System Monitor in monitoring system resource usage?

Selected Answer:

   Task Manager cannot be used to monitor a remote system.

Correct Answer:    Task Manager cannot be used to monitor a remote system.

Feedback: Task Manager can only be used to monitor the resources on the local system. It cannot view information from other systems, which System Monitor can. All of the other answers are incorrect. Both Task Manager and System Monitor can be used to monitor these system components. (Discussion starts on page 76.)

   Question 16

1 out of 1 points  

You are the network administrator for a glass manufacturer in Pittsburgh, PA. The network consists of two Windows Server 2003 systems. Each server is an older dual processor system with 768 MB of RAM. For some time now you have been considering hardware upgrades for the servers, but budgets are tight. Both servers are domain controllers. One server hosts DHCP and DNS server services, and is a file and print server and the company e-mail server. The other server hosts the company sales database and order processing system. As part of your morning routine, you use System Monitor to view some of the performance counters for the server and make the following observations:Server Work Queues: Queue Length = 1Memory: Available Bytes = 3,623,676Memory: Page Faults/Sec = 3Network Interface: Output Queue Length = 0LogicalDisk: % Free Space = 47What, if anything, might you look into in terms of upgrading the server?

Selected Answer:    Install more memory.

Correct Answer:    Install more memory.

Feedback: The Memory: Available Bytes counter specifies the amount of available physical memory in bytes. This value should be as high as possible, and should not fall below 5 percent of the system's total physical memory. In this case, the byte value of the memory installed in the system is 768,000,000. So, the Memory: Available Bytes counter should be no lower than 38,400,000. The answer "Install a faster processor" is incorrect. There is nothing in the counter values that indicates the need for a faster processor. The answer "Install a larger hard disk" is incorrect. There is nothing in the counter values that indicates a shortage of hard disk space. The answer "Replace the memory" is incorrect. There is nothing in the counter values that denotes faulty memory. (Discussion starts on page 81.)

   Question 17

1 out of 1 points  

You are the network administrator for a real estate company in Chicago, IL. You have a single Windows Server 2003 system that acts as domain controller and file and print server and also hosts an intranet-based workgroup application. You back up the system each night at 11:00 P.M. Normally the back up takes less than two hours, but for the past two days the backup has still been running when you have gotten into the office at 8:00 A.M. While talking to the technical support representative from the backup software provider, they suggest that it could be one of a number of problems. In order to determine what the problem is they ask you to record information about the number of times per second that the code or data needed for processing is not found in memory while the backup job is running. They caution you, however, that you should only record the information while the backup job is running. Recording the information during the day could severely impact performance of the server. Which of the following would you do to achieve this?

Selected Answer:

   Configure a Trace log to run between 11:00 P.M. and 6:00 A.M. and record Page Faults.

Correct Answer:

   Configure a Trace log to run between 11:00 P.M. and 6:00 A.M. and record Page Faults.

Feedback: The Trace log feature of Performance Logs and Alerts can be configured to record information such as page faults. The log can also be scheduled to run at certain times. The answer "Configure a Trace log to run between 11:00 P.M. and 6:00 A.M. and record Page Faults" is incorrect. Task Manager is a real-time monitoring tool. It does not provide the facility to record information to a file. The answer "Configure System Monitor to display information in histogram view between 2 and 4 A.M." is incorrect. System Monitor is a real-time performance monitoring tool. You would use it to view recorded information, but not to create it. The answer "Configure a Trace log to run between 2 and 4 A.M. and record Memory Errors" is incorrect. Recording "Memory Errors" is not an option for a Trace log. (Discussion starts on page 86.)

   Question 18

1 out of 1 points  

You are the network administrator for an outdoor equipment wholesaler in Detroit, MI. You have three locations. One is the head office from which the ordering and distribution is handled. The other two locations are retail outlets—one in a retail park on the edge of the city and another in a downtown location. Each of the retail outlets has its own Windows Server 2003 system in its own domain. The retail park location has a new server with 1 GB of RAM and four processors. The downtown store has an older server with 512 MB of RAM and two processors that has been installed for some time and was originally a Windows 2000 Server system. Staff in the downtown store have been complaining that ever since a new point-of-sale application was installed the server seems very slow. The retail park location is not having any problems. Using System Monitor, you monitor the server in the retail park location and the downtown location at the same time. You monitor counters related to processor, memory, disk, and network on each of the servers. Of all the counters you monitor, you notice that the Server: Bytes Total/Sec counter for the downtown location is very high, while the other counters are very similar between servers. Which of the following strategies might you use to cure this issue?

Selected Answer:    Install a faster network adapter.

Correct Answer:    Install a faster network adapter.

Feedback: The Server: Bytes Total/Sec counter reflects the amount of data (in bytes) sent and received by the server over all of its network interfaces. If this figure is more than 50 percent of the total bandwidth capacity of the network interfaces in the server, you should consider migrating some applications to another server to reduce the network load on the server, or upgrade to faster network interfaces if possible. In this example, because there is only one server in that location, the only real option would be to install a faster network adapter. The answer "Install a faster processor" is incorrect. Installing a faster processor is unlikely to improve the situation. The answer "Install more memory" is incorrect. Installing more memory is unlikely to improve the situation. The answer "Move the application to another server" is incorrect. As there is only one server in that location, moving the application to another server would not be possible. (Discussion starts on page 85.)

   Question 19

1 out of 1 points  

You are the network administrator for a property development company in Salt Lake City, UT. You have a single Windows Server 2003 system that is a domain controller, a DHCP and DNS server, a file and print server, and the company e-mail server. The server also hosts a document management system. One Wednesday afternoon, without warning, the server crashes. You reboot the server and it comes up without a problem. You examine the system performance through System Monitor, but everything seems in order.   Two weeks later, the server crashes again. As before, you reboot the server and it comes up without any errors. Immediately after the restart, you use System Monitor and observe the following counters and values.Server Work Queues: Queue Length = 2Memory: Page Faults/Sec = 2Memory: Pages/Sec = 7Memory: Available Bytes = 452,332,145PhysicalDisk: % Disk Time = 34Network Interface: Output Queue Length = 1Two days later, you monitor the same counter statistics and note the following:Server Work Queues: Queue Length = 1

Memory: Page Faults/Sec = 3Memory: Pages/Sec = 11Memory: Available Bytes = 124,342,841PhysicalDisk: % Disk Time = 43Network Interface: Output Queue Length = 0Which of the following strategies are you likely to take with the server?

Selected Answer:

   Examine memory usage for each application on the server.

Correct Answer:    Examine memory usage for each application on the server.

Feedback: A substantial decrease in the Memory: Available Bytes counter can be caused by a memory leak. A memory leak is the result of a program allocating memory for use but not freeing up that memory when it is finished using it. Over time, the computer's free memory can be totally consumed, degrading performance and ultimately halting the system. In this scenario, the first thing you would do is examine the memory usage for each application to determine if one of the applications is responsible for a memory leak. The answer "Move an application off of the server and on to another server" is incorrect. This is not the first thing you would do in this scenario. The answer "Upgrade the network card from a 10 Mbps card to a 100 Mbps card" is incorrect. There is nothing to indicate that network performance is an issue. The answer "Nothing. The counter statistics do not indicate any issues" is incorrect. There is a concern with the statistics. (Discussion starts on page 81.)

   Question 20

1 out of 1 points  

You are the network administrator for an electrical goods importer in Brandon, FL. You have a single Windows Server 2003 system that is a domain controller, a DHCP and DNS server, a file and print server, and the company e-mail server. The server also hosts the inventory database and sales order processing system. Early one morning, a user calls to report that the server appears to be running very slowly. Using System Monitor, you examine some of the performance counters for the server and make the following observations:Server Work Queues: Queue Length = 2Memory: Page Faults/Sec = 9Memory: Pages/Sec = 35PhysicalDisk: % Disk Time = 5Network Interface: Output Queue Length = 1Which of the following are you most likely to do to cure the problem?

Selected Answer:    Install more memory.

Correct Answer:    Install more memory.

Feedback: The Memory: Page Faults/Sec counter specifies the number of times per second that the code or data needed for processing is not found in memory. This value should be as low as possible, with values below 5 being acceptable. If this value is too high, you should determine whether the system is experiencing an inordinate number of hard faults by examining the Memory: Pages/Sec counter. If the number of hard page faults is excessive (above 20), you should

either determine what process is causing the excessive paging or install more random access memory (RAM) in the system. The answer "Replace the memory" is incorrect. There are no counters that indicate that the memory needs to be replaced. The answer "Install a faster network interface" is incorrect. There are no counters that indicate that the network interface needs to be upgraded. The answer "Install a larger hard disk" is incorrect. There are no counters that indicate that a larger hard disk is required. (Discussion starts on page 81.)

  Question 1

1 out of 1 points  

What is the maximum uncompressed capacity of a digital audio tape (DAT) cartridge?

Selected Answer:    20 GB

Correct Answer:    20 GB

Feedback: The maximum uncompressed capacity of a DAT cartridge is 20 GB. (Discussion starts on page 98.)

   Question 2

1 out of 1 points  

Which of the following is not a recognized type of backup?

Selected Answer:    Supplemental

Correct Answer:    Supplemental

Feedback: Supplemental is not a recognized type of backup. Incremental, differential, and full (also called normal) are all recognized types of backup. (Discussion starts on page 103.)

   Question 3

1 out of 1 points  

Which of the following media has the largest data storage capacity?

Selected Answer:    DVD

Correct Answer:    DVD

Feedback: DVDs of certain formats can hold more than 4 GB of data.Zip cartridges can hold up to only 750 MB of data.A CD can hold up to only 650 MB of data.A Jaz cartridge can hold up to only 2 GB of data. (Discussion starts on page 96.)

   Question 4

1 out of 1 points  

On a Windows Server 2003 system, where do you enable the volume shadow copy feature?

Selected Answer:    In Local Disk, Properties, Shadow Copies tab

Correct Answer:    In Local Disk, Properties, Shadow Copies tab

Feedback: Volume shadow copy is enabled through the Local Disk, Properties, Shadow Copies tab. The other answers are incorrect. (Discussion starts on page 118.)

   Question 5

1 out of 1 points  

Why is hardware data compression for backups preferred over software data compression?

Selected Answer:

   Hardware compression occurs on the tape drive and does not burden the system processor.

Correct Answer:

   Hardware compression occurs on the tape drive and does not burden the system processor.

Feedback: Hardware compression occurs on the tape drive or tape drive controller and therefore does not use system resources.The answer “Hardware compression is more accurate than software compression” is incorrect. Hardware and software compression are equally accurate.The answer “Hardware compression can be used with any type of backup, including differential” is incorrect. The compression method is not dependent on the type of backup being performed.The answer “Hardware compression can gain much higher compression ratios than software compression” is incorrect. There is no evidence to suggest that hardware compression can gain higher compression ratios than software compression. (Discussion starts on page 112.)

   Question 6

1 out of 1 points  

Using a typical Grandfather-Father-Son tape rotation scheme, how often do you normally use the father tape?

Selected Answer:    Once a week

Correct Answer:    Once a week

Feedback: In a typical Grandfather-Father-Son rotation, the father tape is generally used once a week.The son tape is generally used on a daily basis.The grandfather tape is generally used on a monthly basis. (Discussion starts on page 111.)

   Question 7

1 out of 1 points  

What utility do you use to mark specific Active Directory objects as authoritative?

Selected Answer:    Ntdsutil.exe

Correct Answer:    Ntdsutil.exe

Feedback: The Ntdsutil.exe command-line utility is used to mark specific Active Directory objects as authoritative. The other answers are incorrect. (Discussion starts on page 120.)

   Question 8

1 out of 1 points  

Which of the following backup types does not alter the archive bit on a newly created file?

Selected Answer:    Differential

Correct Answer:    Differential

Feedback: Differential backups do not change the state of the archive bit.During a full backup, the archive bit of a file is cleared.During an incremental backup, the archive bit of a file is cleared.Symmetrical is not a recognized type of backup. (Discussion starts on page 103.)

   Question 9

1 out of 1 points  

Which of the following statements describes how to see earlier versions of a file on a volume that has volume shadow copy enabled?

Selected Answer:

   In the Properties dialog box for a file in a shadowed volume, select the Previous Versions tab.

Correct Answer:

   In the Properties dialog box for a file in a shadowed volume, select the Previous Versions tab.

Feedback: To view previous versions of a file on a volume that has volume shadow copy enabled, from the Properties dialog box for a file in a shadow volume, you select the Previous Versions tab.The other answers are not correct ways to view the previous versions of a file on a volume that has volume shadow copy enabled. (Discussion starts on page 118.)

   Question 10

1 out of 1 points  

If you do a full backup to a single tape on a Friday night and then an incremental backup to tape on all other days of the week (including the weekend), if a system failure occurs, what is the maximum number of tapes required to perform a full restore?

Selected Answer:    7

Correct Answer:    7

Feedback: In this scenario, the maximum number of tapes required to perform a complete restore is seven: the full backup from Friday and then the incremental backups from Saturday, Sunday, Monday, Tuesday, Wednesday, and Thursday. (Discussion starts on page 103.)

   Question 11

1 out of 1 points  

True or False: In an authoritative restore of Active Directory, the objects in the Active Directory database are restored with updated sequence numbers that prevent them from being overwritten during the next replication pass.

Selected Answer:  True

Correct Answer:  True

Feedback: In an authoritative restore, the objects in the Active Directory database are restored with updated sequence numbers that prevent them from being overwritten during the next replication pass. (Discussion starts on page 121.)

   Question 12

1 out of 1 points  

While discussing the development of a new backup strategy for your company, a colleague uses the term target. What is she referring to?

Selected Answer:    The data object to be backed up

Correct Answer:    The data object to be backed up

Feedback: In a discussion of backup strategies, the term target refers to the data object being backed up.The term is not used to refer to the other backup components. (Discussion starts on page 101.)

   Question 13

1 out of 1 points  

When you configure volume shadow copy, which of the following parameters cannot be configured?

Selected Answer:

   Which folders on the drive should be included in the volume shadow copy.

Correct Answer:

   Which folders on the drive should be included in the volume shadow copy.

Feedback: The volume shadow copy feature can be enabled only on a drive-by-drive basis. It is not possible to specify specific folders that should be included. The drives that should be included, the maximum size of the storage area for shadowed files, and the frequency with which shadow copies are made are all configurable parameters for volume shadow copy. (Discussion starts on page 118.)

   Question 14

1 out of 1 points  

After a system failure, you restart the system in Directory Services Restore Mode to restore Active Directory from a backup. You are prompted for a username and password, so you enter the username and password for the Administrator account, but you are unable to log on. You used the Administrator account the previous day, and the password has not been changed since then. What is the most likely cause of the problem?

Selected Answer:

   You must use the restore mode password for the Administrator account that you specified when you installed Active Directory.

Correct Answer:

   You must use the restore mode password for the Administrator account that you specified when you installed Active Directory.

Feedback: When Active Directory is first installed, you are prompted for a password to access Directory Services Restore Mode. You must use the Administrator account and this password to enter Directory Services Restore Mode.Using the first password ever associated with the Administratoraccount is not the correct way to enter Directory

Services Restore Mode, nor is using the username DSRESTORE or using an account other than Administrator. (Discussion starts on page 120.)

   Question 15

1 out of 1 points  

If you do a full backup to a single tape on a Friday night and then an incremental backup to tape on all other days of the week (including the weekend), and a system failure occurs on Monday morning, how many tapes are required to perform a full restore?

Selected Answer:    3

Correct Answer:    3

Feedback: In this scenario, you need three tapes to perform a full restore. You first restore the full backup from Friday, and then the incremental backups from Saturday and Sunday. (Discussion starts on page 103.)

   Question 16

1 out of 1 points  

If you are performing a full backup each Friday to a single tape and a differential backup to a single tape on all other days of the week (including the weekend), what is the minimum number of tapes required to accommodate seven days worth of backups?

Selected Answer:    2

Correct Answer:    2

Feedback: Because all files modified or created since the last full backup are included in a differential backup, the minimum number of tapes required to accommodate the backup cycle is two. In the real world, it is more common to have multiple tapes to provide for offsite storage and fault tolerance. (Discussion starts on page 103.)

   Question 17

1 out of 1 points  

How does using the volume shadow copy feature of Windows Server 2003 help system administrators?

Selected Answer:    It reduces the need to restore individual files from backup.

Correct Answer:    It reduces the need to restore individual files from backup.

Feedback: Volume shadow copy reduces the need to restore individual files by keeping previous versions of files on the volume. If a user accidentally overwrites a file or makes unwanted changes to the file, the user can retrieve a previous version. Using volume shadow copy does not reduce the need to performsystem backups, does not allow multiple copies of a file to be writtento different locations at the same time, and does not reduce the amount of time that it takes to perform a backup. (Discussion starts on page 118.)

   Question 18

1 out of 1 points  

True or False: There is always less data included in an incremental backup than a full backup.

Selected Answer:  False

Correct Answer:  False

Feedback: An incremental backup includes any files that have been changed or created since the last full or incremental backup. If all of the files on a drive have been changed or created since the last full or incremental backup, the same amount of data is backed up for a full and an incremental backup. (Discussion starts on page 103.)

   Question 19

1 out of 1 points  

You are the network administrator for a chemical wholesaler in Spokane, Washington. You have a single Windows Server 2003 system with three disk drives. One drive holds the system and boot partition, the second drive is used for file storage, and the third drive is used to store the order processing system and sales database. You back up the system with a full backup each Friday, and you do an incremental backup on all other weekdays at 7 p.m. One of your suppliers sends you electronic copies of its new product catalogs, along with ordering codes. In all, there are 50 files named Cat1 through Cat50.   You create a new folder called Catalogs on the second drive in the server and copy the 50 catalog files into that folder, and then you immediately create a differential backup of the entire drive and store the tape for archive purposes. That night, you perform an incremental backup of the drive as part of your standard backup cycle. What, if anything, will happen during the incremental backup?

Selected Answer:

   The files in the Catalogs folder will be backed up, and the archive bit will be changed from 1 to 0.

Correct Answer:

   The files in the Catalogs folder will be backed up, and the archive bit will be changed from 1 to 0.

Feedback: Differential backups do not alter the state of the archive bit, so as files are created on the drive, they are included with the incremental backup and the archive bit is set to 0.The answer “The files in the Catalogs folder will be backed up, and the archive bit will be set to 1” is incorrect. Incremental backups reset the archive bit on a file to 0 after it has been backed up.The answer “The files in the Catalogs folder will not be backed up, but the archive bit will be set to 1 so that those files will be backed up the following day” is incorrect. If a backup does not take a copy of a file, it does not alter the archive bit.The answer “The files in the Catalog folder will not be backed up because after you copied them to the folder you did not modify them” is incorrect. Even though no changes were made to the files, the fact that they are newly created on the drive would cause them to be included in an incremental backup. (Discussion starts on page 103.)

   Question 20

1 out of 1 points  

You are the network administrator for a large architectural firm in New York. The network comprises three Windows Server 2003 systems and 64 Windows XP Professional systems. The server has four drives installed. One is used to hold the boot and system partitions, and the other three are used for holding data. The data drives are called DATA1, DATA2, and DATA3. Each drive is a 40 GB SCSI drive. The DATA1 drive is 30 percent full, the DATA2 drive is 45 percent full, and the DATA3 drive is 65 percent full.   

The backup schedule consists of a full backup of each drive every Friday, and then an incremental backup of each drive at 9 p.m. on all other days of the week. On Thursday morning, the DATA2 drive fails completely. No replacement drive is immediately available, so you decide that the best course of action is to restore the data to one of the other drives. Which of the following procedures do you follow to do this?

Selected Answer:

   Restore the full backup from Friday to DATA1, and then restore the incremental backups from Monday, Tuesday, and Wednesday to DATA1.

Correct Answer:

   Restore the full backup from Friday to DATA1, and then restore the incremental backups from Monday, Tuesday, and Wednesday to DATA1.

Feedback: When using a backup schedule with full and incremental backup jobs, the latest full backup should be restored first, followed by the incremental backups from the oldest to the most recent. The answer “Restore the full backup from Friday to DATA1, and then restore the incremental backups from Monday, Tuesday, and Wednesday to DATA3” is incorrect. The full and incremental backups must be restored to the same drive for the restore to be complete andup to date. The answer “Restore the full backup from Friday to DATA3, and then restore the incremental backups from Monday, Tuesday, and Wednesday to DATA3” is incorrect. The DATA3 drive does not have sufficient space to accommodate the restore. The answer “Restore the full backup from Friday to DATA1, and then restore the incremental backups from Wednesday, then Tuesday, then Monday to DATA1” is incorrect. When you use a backup schedule with full and incremental backup jobs, the latest full backup should be restored first, followed by the incremental backups from the oldestto the most recent. This answer choice does the reverse. (Discussion starts on page 103.)

   Question 21

1 out of 1 points  

You are the network administrator for a water purification company in Rhode Island. The network consists of three Windows Server 2003 systems, with 45 Windows XP Professional client systems and 30 Windows 2000 Professional client systems. Two of the servers are used as domain controllers. The other server is a member server that hosts the corporate e-mail system and a sales database. Each server has two hard disks in it, one for the system and boot partition and another for data. You restructure the data on the data drive of your member server, and then you perform a copy backup job using Windows Server 2003 Backup so you can store a copy of the data offsite. After the backup is complete, no other changes are made to the files on that drive, but a number of new files are created. That night, you run an incremental backup as part of your standard backup schedule. Which files will be included in the incremental backup?

Selected Answer:

   All files that were modified or created since the last incremental or full backup.

Correct Answer:

   All files that were modified or created since the last incremental or full backup.

Feedback: A copy backup job does not alter the archive bit of a file. Therefore, the incremental backup will include all files that were created or modified since the last full or incremental backup.   The answer “All

files that were created since the copy backup job, but no other files” is incorrect. The files created since the copy backup will be included in the incremental backup, but other files will also be included. The answer “All files that were modified or created since the last differential backup” is incorrect. Differential backups do not change the archive bit. Therefore, the backup program has no way of knowing when the last differential backup was made. The answer “None. All files that have changed will have already been backed up by the copy backup job” is incorrect. The incremental backup will include files from the data drive. (Discussion starts on page 103.)

   Question 22

1 out of 1 points  

You are the network administrator for a bank in San Diego. The network consists of two Windows Server 2003 systems and 55 Windows XP Professional systems. Both servers are domain controllers. One server hosts applications, including Microsoft Exchange and Microsoft SQL Server, and the other server is dedicated to hosting the bank's customer service database. The database is used to store requests from customers, such as changes of address and requests for information about banking products. Each server has two hard disks in it, one for the system and boot partition and another for data. Your backup cycle for each server includes a full backup every Friday and an incremental backup on all other days of the week. Another administrator suggests that you do a differential backup on Tuesday so the maximum number of tapes needed for a complete restore would be four. What issues, if any, can you see with this solution?

Selected Answer:    The solution offers no benefits.

Correct Answer:    The solution offers no benefits.

Feedback: Because the incremental backup on Monday would clear the archive bit on modified or created files, the differential backup on Tuesday would not include any other data that would not otherwise be included in an incremental backup. So, if the drive failed on Thursday, you would still need the full backup from Friday; then the incremental from Saturday, Sunday, and Monday; the differential from Tuesday; and the incremental from Wednesday. Therefore, the proposed solution does not offer any benefit.   The answer “None. The proposed solution is appropriate and valid” is incorrect. There are issues with the proposed solution.   The answer “You cannot mix incremental and differential backups in this way” is incorrect. There are no specific restrictions on combining incremental and differential backups.   The answer “The differential backup would not back up any data” is incorrect. The differential backup would include any files that were created or modified since the last full or incremental backup. Therefore, it would have data in it. (Discussion starts on page 103.)

   Question 23

1 out of 1 points  

You are the network administrator for a fruit wholesaler in Orlando, Florida. The network consists of three Windows Server 2003 systems and 110 Windows 2000 Professional systems. All three servers are used as domain controllers. One server also acts as a file and print server, and it hosts Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) server services. One of the other servers is dedicated to hosting the company's order processing system. The

order processing system database is stored on a single drive. Last week, at 6:30 p.m., the drive holding the order processing system failed. Even though you had a new drive installed and a restore from the previous night's full backup completed within an hour, the manager of the sales department was still disappointed because an entire day's worth of orders was lost. As a result, that manager wants to start taking backups in the middle of the day so the maximum amount of work he can lose is a half day rather than a whole day.The size of the order processing system is fairly static, at around 25 GB. The manager gives you a 30-minute backup window between 12:30 and 1:00 p.m. when you can have exclusive access to the database to complete a backup. He gives you the necessary budget to buy a new drive to accommodate this request. Which of the following drive types would you implement?

Selected Answer:    8 mm

Correct Answer:    8 mm

Feedback: 8-mm tape drives have a maximum capacity of 100 GB and a data transfer rate of up to 1400 MB per minute. In a 30-minute window, you could back up a maximum of 42 GB—more than enough to accommodate the 25 GB database.Jaz drives have a maximum capacity of 2 GB.DVD typically has a capacity of about 4 GB.Although quarter-inch cartridge (QIC) drives have a maximum capacity of 50 GB, the maximum data transfer rate is 600 MB per minute. In a 30-minute window, even if the maximum transfer rate could be attained for the whole time, you would still only be able to backup 18 GB, which is not enough to back up the database. (Discussion starts on page 96.)

   Question 24

1 out of 1 points  

You are the network administrator for an electrical wholesaler in Bloomington, Indiana. You have a single Windows Server 2003 system with three disk drives. One drive holds the system and boot partition, the second is used for file storage, and the third is used to store the customer database. You do a full backup each Friday and a differential backup on all other weekdays at 9 p.m. On Wednesday at 11 a.m., the drive holding the customer database fails. You replace the drive immediately with a spare drive. How would you go about restoring the data?

Selected Answer:

   Obtain the full backup from Friday and then the differential backup from Tuesday. Restore the full backup, and then restore the differential backup.

Correct Answer:

   Obtain the full backup from Friday and then the differential backup from Tuesday. Restore the full backup, and then restore the differential backup.

Feedback: When you restore from a backup schedule that involves a full backup and a differential backup, you should restore the full backup first and then restore the differential backup over the top. This results in the latest set of data.The answer “Obtain the full backup from Friday and then the differential backup from Tuesday. Restore the differential backup, and then restore the full backup” is incorrect. This is not the correct order for restor-ing data.The answer “Obtain the full backup from Friday and then the differential backups from Monday and Tuesday. Restore the full

backup, and then restore the differential backups from Monday and then Tuesday” is incorrect. When you use a differential backup, you need only the latest full backup and the latest differential backup to perform a complete restore.The answer “Obtain the full backup from Friday and then the differential backups from Monday and Tuesday. Restore the differential backups from Monday and then Tuesday. Finally, restore the full backup from Friday” is incorrect. When you use a differential backup, you need only the latest full backup and the latest differential backup to perform a complete restore. (Discussion starts on page 103.)

   Question 25

1 out of 1 points  

You are the network administrator for a telecommunications company in Rochester, New York. The network consists of two Windows Server 2003 systems and 57 Windows XP Professional systems. Both servers are used as domain controllers. One server hosts DHCP and DNS server services. It is also used as a file and print server. The other server hosts a large SQL database. Each server has two hard disks in it, one for the system and boot partition and another for data. The backup cycle for each server comprises a full backup each Tuesday at 7 p.m. and a differential backup on all other days of the week at 9 p.m. You are backing up to a digital audio tape (DAT) drive. The backups have been operating flawlessly for some time, but one Tuesday you notice that the backup of the drive holding the SQL database has stopped and requested another tape. Upon investigation, you determine that the SQL database has grown to 22 GB in size. Which of the following strategies is the most cost-effective way to cure the problem?

Selected Answer:

   Enable compression so twice as much data can be backed up to a single DAT tape.

Correct Answer:

   Enable compression so twice as much data can be backed up to a single DAT tape.

Feedback: The capacity of a DAT tape is 20 GB uncompressed. In this case, because the amount of data being written to the drive is 22 GB and is too big to fit on the tape, compression is probably not being used. Turning on compression would be the most cost-effective solution.The answer “Purchase another DAT drive and split the backup job so that it writes to more than one device” is incorrect. Although this is a valid solution, it is not the most cost-effective solution.   The answer “Perform an incremental backup on Tuesdays so less data is backed up” is incorrect. Incremental backups must be combined with a full backup to ensure that a complete copy of the data is available. The answer “Implement a higher-capacity backup system so all the data will fit on a single tape” is incorrect. Although this is a valid solution, it is not the most cost-effective solution. (Discussion starts on page 96.)

   Question 26

1 out of 1 points  

You are the network administrator for an electronics manufacturer in Springfield, Ohio. The network consists of four Windows Server 2003 systems and 262 Windows XP Professional systems. One server is assigned to each of four departments—sales, manufacturing, administration, and distribution. Each server has two hard disks in it, one for the system and boot partition and another for data. The Active Directory structure consists of a single domain. The backup cycle for each server comprises a full backup each Wednesday at 7 p.m. and an incremental backup on all other days of the week at 7 p.m. You are using high-speed backup

devices, and the backups finish within an hour.On Tuesday, a user from the manufacturing department calls to report that he overwrote a file the previous day at 2:30 p.m. The file was created on Thursday at 11:30 p.m. and modified on Saturday at 4:15 p.m. That was the last modification to the user's file before be overwrote it. Which of the following procedures would you follow to restore the earlier version of the user's file?

Selected Answer:

   Restore the file from the incremental backup from Saturday.

Correct Answer:    Restore the file from the incremental backup from Saturday.

Feedback: Because the file was modified on Saturday, it would be included on Saturday's backup because it was modified on Saturday before the backup was made. Therefore, to restore the previous version of the user's file, you can simply restore the file from the incremental backup performed on Saturday.The answer “Restore the file from the incremental backup from Thursday, and then restore the file from the incremental backup from Sunday” is incorrect. The file would not be included in Thursday's backup because at the time of the backup the file had not yet been created. In addition, the file would not be included in Sunday's backup.The answer “Restore the file from the incremental backup from Thursday, and then restore the file from the incremental backup from Saturday” is incorrect. The file would not be included in Thursday's backup because at the time of the backup the file had not yet been created.The answer “Restore the file from the incremental backup from Sunday” is incorrect. The file would not be included in Sunday's backup. (Discussion starts on page 103.)

 Question 1

1 out of 1 points  

In Active Directory Users And Computers, where do you configure logon time restrictions for a user?

Selected Answer:    The Account page of the user account properties

Correct Answer:    The Account page of the user account properties

Feedback: Time restrictions are configured from the Logon Hours button on the Account page of a user's properties. There is no Logon Hours page in the user account properties. (Discussion starts on page 181.)

   Question 2

1 out of 1 points  

What term describes a type of user profile that the user can change but that does not save those changes when the user logs off?

Selected Answer:    Mandatory

Correct Answer:    Mandatory

Feedback: A mandatory profile can be changed by the user, but when the user logs off, the changes are not saved. A roaming profile can be accessed by the user no matter what system on the network she is logging on from. Fixed and static are not profile types. (Discussion starts on page 199.)

   Question 3

1 out of 1 points  

Which of the following utilities can you use to modify an existing object in Active Directory?

Selected Answer:    Dsmod.exe

Correct Answer:    Dsmod.exe

Feedback: The Dsmod.exe utility allows you to modify an object in Active Directory. The Comma Separated Value Data Exchange utility (Csvde.exe) can be used only to import or export information to or from the directory. It cannot be used to modify an existing directory object. Dsadd.exe can be used only to add objects to the directory, not to modify an existing object. There is no such utility as Adobjedit.exe. (Discussion starts on page 195.)

   Question 4

1 out of 1 points  

Which of the following properties cannot be configured for multiple users at a single time?

Selected Answer:    Terminal Services session settings

Correct Answer:    Terminal Services session settings

Feedback: When you configure the properties of more than one user at a time, you cannot configure the Terminal Services Session settings. All of the other items can be edited for multiple users at once. (Discussion starts on page 186.)

   Question 5

1 out of 1 points  

A user calls to report that his account has been locked after he entered the incorrect password four times. Which tab of the user's account properties do you go to unlock his account?

Selected Answer:    Account

Correct Answer:    Account

Feedback: The Account Is Locked Out check box is in the Account tab of a user's properties. If the account is locked as a result of settings in the Account Lockout Policy, the check box is selected. Clearing it unlocks the account. The Account Is Locked Out check box is not in the General or Sessions tab of a user's account properties. There is no tab in the user's account properties called User. (Discussion starts on page 181.)

   Question 6

1 out of 1 points  

Which of the following client operating systems requires additional client software to access the complete functionality of Active Directory?

Selected Answer:    All of the above

Correct Answer:    All of the above

Feedback: All of the operating systems listed require additional client software to access the complete functionality of Active Directory. (Discussion starts on page 201.)

   Question 7

1 out of 1 points  

Which of the following items is not included in a user profile?

Selected Answer:    Logon time restrictions

Correct Answer:    Logon time restrictions

Feedback: Logon time restrictions are part of a user's account properties. They are not part of the user profile. All of the other items are included in a user profile. (Discussion starts on page 196.)

   Question 8

1 out of 1 points  

If the Password Must Meet Complexity Requirements policy is enabled, which of the following passwords is not acceptable?

Selected Answer:    !!@TRPP%%

Correct Answer:    !!@TRPP%%

Feedback: For a password to meet complexity requirements, it must contain at least three of the following four elements: uppercase alphabetic characters, lowercase alphabetic characters, numbers, or special characters (such as !@#). It must also be at least six characters long and not be based on the username. The !!@TRPP%% password contains only special characters and uppercase letters. All of the other passwords conform to the complexity requirements. (Discussion starts on page 168.)

   Question 9

1 out of 1 points  

When you configure the Password Policy, why would you enable the option to store passwords using reversible encryption?

Selected Answer:

   So that other applications can access the password information

Correct Answer:    So that other applications can access the password information

Feedback: If a password is stored using reversible encryption, it can be accessed by other applications. This approach poses a security risk, and it should be implemented only if absolutely necessary. There is no way for a user account password to be recovered, nor is there any facility in Windows Server 2003 for providing users with password clues. The administrator cannot view users' passwords. (Discussion starts on page 182.)

   Question 10

1 out of 1 points  

A user calls you because he cannot log on to the system. After verifying his identity, you determine that he recently returned from vacation and is unsure of his password. You decide to reset the password. How do you do accomplish this?

Selected Answer:

   In the Active Directory Users And Computers MMC snap-in, select the user and then select Reset Password from the Action menu. Enter the new password, retype the new password in the Confirm Password box, and click OK.

Correct Answer:

   In the Active Directory Users And Computers MMC snap-in, select the user and then select Reset Password from the Action menu. Enter the new password, retype the new password in the Confirm Password box, and click OK.

Feedback: You can reset a user account password in Active Directory Users And Computers by selecting Reset Password from the Action menu. You must enter and confirm the new password. You do not need to know the existing password to reset the password. User passwords are not reset from the Account properties page for the user, nor are they reset from the General properties page for the user. (Discussion starts on page 177.)

   Question 11

1 out of 1 points  

You have set the Account Lockout Duration setting of the Account Lockout Policy to 0. What does this mean?

Selected Answer:

   An account that has exceeded the account lockout threshold must be manually unlocked.

Correct Answer:

   An account that has exceeded the account lockout threshold must be manually unlocked.

Feedback: A value of 0 for the Account Lockout Duration policy setting means that any account locked out by exceeding the account lockout threshold must be unlocked manually. This value does not cause a locked account to immediately unlock. Resetting a password for the user does not unlock the account. The Enforce Password History policy is part of the Password Policy and is not related to settings in the Account Lockout Policy. (Discussion starts on page 200.)

   Question 12

1 out of 1 points  

You are attempting to use the Csvde.exe tool to import a new set of user accounts to the directory. You confirm that the import file is formatted correctly, and then you issue the command csvde -f newusers -k. When you check in Active Directory, none of the new user accounts appears. What is the most probable cause of the problem?

Selected Answer:

   The default mode for Csvde.exe is export; if you want to import objects, you must use the -i switch.

Correct Answer:

   The default mode for Csvde.exe is export; if you want to import objects, you must use the -i switch.

Feedback: The default mode for Csvde.exe is export. Unless you use the -i

switch in the command, Csvde.exe will attempt an export to the specified file, not an import from the file. The -k switch tells Csvde.exe to ignore errors such as duplicate users. It does not (nor does any other switch) determine when the user accounts should be added. Csvde.exe can be used to import a wide range of directory objects, including users, groups, and computer accounts. The -f switch is correct for specifying the comma-separated value file that is to be used for the import. (Discussion starts on page 192.)

   Question 13

1 out of 1 points  

What information is transferred from a user's Account tab when you copy the user's account?

Selected Answer:

   Everything except the User Logon Name and User Logon Name (Pre–Windows 2000)

Correct Answer:

   Everything except the User Logon Name and User Logon Name (Pre–Windows 2000)

Feedback: All values except the Logon Name are copied from the Account tab when a user account is copied to create a new user account. Group Memberships are listed in the Members Of tab of the user's account properties, not the Account tab. The logon hours are copied from the Account tab when a user account is copied to create a new account. The Street Address value is in the Address tab, not the Account tab. (Discussion starts on page 190.)

   Question 14

1 out of 1 points  

You have configured Logon Hours restrictions for a specific user. The user is not a member of any group policy objects. If the user is already logged on when the allowed logon time ends, what happens?

Selected Answer:    The user can continue working.

Correct Answer:    The user can continue working.

Feedback: If the user is already logged on when the allowed logon time ends, service is not interrupted—except if the security option in group policy objects called Network Security: Force Logoff When Logon Hours Expire is enabled. In this case, the user is forcibly disconnected when her logon hours expire. (Discussion starts on page 181.)

   Question 15

1 out of 1 points  

What does setting an account lockout threshold of 0 achieve?

Selected Answer:

   Any account that has exceeded the account lockout threshold is not locked out.

Correct Answer:

   Any account that has exceeded the account lockout threshold is not locked out.

Feedback: The account lockout threshold specifies the number of invalid logon attempts that triggers an account lockout. A value of 0 prevents

accounts from ever being locked out. (Discussion starts on page 200.)

   Question 16

1 out of 1 points  

You are looking at ways to automate the creation of user accounts. You do not have a large turnover of staff in your organization, so you decide to use templates as a shortcut to user creation. Which of the following statements about the use of template user accounts is true?

Selected Answer:

   All new users created with the template have the same group memberships.

Correct Answer:

   All new users created with the template have the same group memberships.

Feedback: When you create a new user account from a template, group memberships are copied to the new user. In addition, all address information is copied except the street address. Password and file permissions granted to the original user are not transferred over. (Discussion starts on page 190.)

   Question 17

1 out of 1 points  

After numerous support calls from a user who is creating problems by making changes to his Windows settings, you get management approval to configure the user with a profile that will not allow him to save any changes. How do you go about doing this?

Selected Answer:

   Locate the profile folder for the user, and rename the Ntuser.dat file to Ntuser.man.

Correct Answer:

   Locate the profile folder for the user, and rename the Ntuser.dat file to Ntuser.man.

Feedback: The basic procedure for making a profile mandatory is to locate the Ntuser.dat file related to the user account and rename it to Ntuser.man. There is no Set As Mandatory button in the Advanced page of the System Properties dialog box. Although setting read-only permissions for the user's profile folder might prevent the user from making any changes to his profile, this is not the accepted way of making a profile mandatory. (Discussion starts on page 199.)

   Question 18

1 out of 1 points  

You have recently been employed as the network administrator for a commercial real estate company. The company is relatively small and has a highly mobile workforce. The company has two Windows Server 2003 systems and one Windows 2000 system. Active Directory is configured at a Windows 2000 mixed domain functional level. Many of the sales representatives spend a great deal of time on the road and use the dial-in features of Windows Server 2003. The others are based primarily in the office and rarely work remotely. Late one evening, a user who normally works from the office pages you to report that he can't gain access to the system over his dial-up link. He is calling from a hotel, where he is staying while at a conference. He explains that he connected the previous night from home without any problems, but this is the first time he has tried to connect from anywhere other than his home. Since you started working with the company, you have not made any changes to the user's account properties. Based on the information he has provided, which of the following could be the problem?

Selected Answer:

   The Always Callback To property on the user's Dial-In page has been configured with the user's home phone number.

Correct Answer:

   The Always Callback To property on the user's Dial-In page has been configured with the user's home phone number.

Feedback: The most likely answer of those listed is that the Callback Options on the Dial-In page for the user have been configured to always call back his home phone number. When the user tries to establish a dial-in connection, the server he is connecting to drops the connection and then calls his home number. The Verify Caller ID property is not available when Active Directory is configured in Windows Server 2003 mixed mode. Static routes determine which areas of the network are available to the user if he connects over a dial-in or VPN connection, and what areas of the network are inaccessible. They affect the user after he connects, not while he is trying to connect. Also, because you have made no changes to the account and the user was able to connect the previous day, this is unlikely to be the problem. The telephone numbers listed on the Telephones page of the user's account properties are unrelated to the dial-in properties. (Discussion starts on page 186.)

   Question 19

1 out of 1 points  

You are the system administrator for a company that manufactures electronics equipment for the aerospace industry. The company has more than 150 employees, but only the administrative staff of 24 people has PCs. The other employees are involved in production and manufacturing and do not require a PC to perform their job. The client workstations are a mix of Windows 95, Windows 98, and Windows 2000 Professional systems. You have a single Windows Server 2003 system that provides file and print services and runs DHCP, DNS, and WINS services. Each employee has a browser-based e-mail account that is accessed via the company's intranet.    Your manager has asked you to configure a single user account that will be used to log on from three PCs in the company cafeteria so employees can access the company intranet and their e-mail. Which of the following approaches are you most likely to take?

Selected Answer:

   In the Account page of the user's properties, configure the Log On To restrictions for the user by entering the NetBIOS machine name of the systems the user is permitted to use. Assign the user a mandatory profile by renaming the user account's Ntuser.dat file to Ntuser.man and placing it on a server in the network. Configure the user's profile path so it points to the location of the profile.

Correct Answer:

   In the Account page of the user's properties, configure the Log On To restrictions for the user by entering the NetBIOS machine name of the systems the user is permitted to use. Assign the user a mandatory profile by renaming the user account's Ntuser.dat file to Ntuser.man and placing it on a server in the network. Configure the user's profile path so it points to the location of the profile.

Feedback: To configure Log On To restrictions, you enter the NetBIOS machine names of the system that you will permit the user account to log on from. You can assume that the company is using NetBIOS because it has a WINS server. To create a roaming mandatory profile for the user, you rename the Ntuser.dat file for the user to Ntuser.man. Log On To restrictions are not configured using the IP address of the

systems that the user is permitted to log on from, nor are they configured using the MAC address. The user profile file is not named Ntuser.pfl. (Discussion starts on page 195.)

   Question 20

1 out of 1 points  

You are the network administrator for a media company with 27 employees. You have recently implemented a new Windows Server 2003 system. Your manager is concerned about the security of your network. She has asked you to configure an Account Lockout Policy to provide additional security. She wants you to make sure that if a user tries to log on with the wrong password more than four times, that user's account is disabled. She also wants to make sure that the user must call you when the account is locked so you can determine what the problem is before the user can attempt to gain access to the system again. Which of the following statements describes the Account Lockout Policy settings you would choose?

Selected Answer:

   Set the Account Lockout Duration policy to 0, the Account Lockout Threshold policy to 4, and the Reset Account Lockout Counter After policy to 30.

Correct Answer:

   Set the Account Lockout Duration policy to 0, the Account Lockout Threshold policy to 4, and the Reset Account Lockout Counter After policy to 30.

Feedback: If you set the Account Lockout Duration policy to 0, locked accounts must be manually unlocked by the administrator. The administrator would find out when an account becomes locked because the user must ask the administrator to unlock the account. Setting the Account Lockout Threshold policy to 4 causes the account to become locked after four incorrect logon attempts. These settings would satisfy the manager's requirements. Setting the Account Lockout Threshold policy to 0 would cause the system to lock the account after the first incorrect logon attempt. Setting the Account Lockout Duration policy to 4 would cause the lockout to be cleared after 4 minutes. The Enforce Password History policy is part of the Password Policy, not the Account Lockout Policy. (Discussion starts on page 200.)

   Question 21

1 out of 1 points  

You are the network administrator for a large computer manufacturer in Portland, Oregon. Another computer manufacturer has recently acquired the company, and you are in the process of transitioning your IT infrastructure, including Active Directory, to the naming standards and schemes used by the takeover company. Your Active Directory structure uses domains with names based on geographical locations, so no reconfiguration of domain names is necessary. However, the domain name used for e-mail and the corporate Web page has changed. You have been asked to reconfigure all of the user accounts with the new e-mail address and Web page information. In total, you have to reconfigure 325 users in three organizational units. Which of the following is the easiest way to do this?

Selected Answer:

   Select multiple user objects at once, and then edit the user's properties and enter the new e-mail and Web page information.

Correct Answer:

   Select multiple user objects at once, and then edit the user's properties and enter the new e-mail and Web page information.

Feedback: The Web Page field and the E-Mail Address field are available for edit by selecting multiple users at one time. The Csvde.exe utility is

used for importing or exporting objects from the directory. It is not used for editing the properties of existing objects. The Dsmod.exe utility can be used for editing the properties of existing objects, but in this case it would almost certainly be simpler to just edit the properties of multiple objects at a time. There is no facility for user objects inheriting values from an OU. (Discussion starts on page 188.)

   Question 22

1 out of 1 points  

You are the network administrator for a healthcare provider in Denver, Colorado. The network comprises three Windows Server 2003 systems. You have recently installed a new database application that requires a service account to be created. This service account needs to impersonate a client to access computer resources on behalf of other user accounts. Which of the following approaches do you take to do this?

Selected Answer:

   Create a new user account. Then, in the Account properties tab for that user, select the Account Is Trusted For Delegation check box.

Correct Answer:

   Create a new user account. Then, in the Account properties tab for that user, select the Account Is Trusted For Delegation check box.

Feedback: When a service account is required, you should create a new user account for that purpose. If the account needs to impersonate a client to access computer resources on behalf of other user accounts, you must select the Account Is Trusted For Delegation check box, which is in the Account properties tab for a user account. (Discussion starts on page 181.)

   Question 23

1 out of 1 points  

You have recently installed Microsoft Internet Information Services (IIS) on your Windows Server 2003, Enterprise Edition server so that you can create an intranet for your company. Anonymous access to the IIS server has been enabled. The intranet is intended solely as a source of publicly available corporate information. It will also contain a mirror of the company's Internet Web site.     In addition to providing access to employees, you also want the public to be ableto access the intranet from two terminals in the reception area of the building. The terminals will be configured with third-party software that will restrict access to any application other than Microsoft Internet Explorer. Because employees in the company already have user accounts for the network, you will not need to make any changes to their configuration in order to allow access to the intranet. What do you do with respect to user accounts to enable users in the reception area to access the intranet?

Selected Answer:    Nothing.

Correct Answer:    Nothing.

Feedback: When you install IIS, a user account is created called IUSR_computername. This account allows anonymous users to connect to the server and access Web pages on it. There is no need, in this example, to create user accounts in Active Directory. There is no Use IIS right in the General Properties tab. (Discussion starts on page 173.)

   Question 24

1 out of 1 points  

You are the network administrator for a footwear distributor in Georgia. After a recent break-in, your manager is concerned that the criminals might have been able to access the computer systems. She asks you to tighten up security of user accounts and passwords. She asks you to propose settings for an Account Lockout Policy. You propose the following values for the Account Lockout Policy:Account Lockout Threshold = 3Account Lockout Duration = 0Reset Account Lockout Counter After = 15What would the result of these policies be?

Selected Answer:

   If a user enters the incorrect password more than three times, the account is locked. The administrator must manually clear the lock on the account.

Correct Answer:

   If a user enters the incorrect password more than three times, the account is locked. The administrator must manually clear the lock on the account.

Feedback: A value of 0 for the Account Lockout Duration means that a locked account must be manually unlocked by an administrator. The Reset Account Lockout Counter After value determines the "memory" of the system for incorrect passwords in a given time period. In this example, the user can enter an incorrect password twice every 15 minutes and still not lock the account. After three incorrect passwords are entered in a 15-minute period, the account is locked. Triggering the Account Lockout policy locks an account—it does not disable it. A disabled account cannot be used, even with the correct password. The policy as described allows a user three incorrect logon attempts before the account is locked. (Discussion starts on page 200.)

   Question 25

1 out of 1 points  

You are the network administrator for a soft-toy manufacturer in Wisconsin. The network comprises three Windows Server 2003 systems operating at a Windows 2000 mixed mode domain functional level. There are 135 users, each of whom has a Windows XP Professional system.    The Sales department has been based solely in Green Bay, at the company headquarters, but management has decided to split it into two teams, one of which will telecommute. You are given the names of the users who will be part of the new remote sales team, and you are asked to configure the user accounts with some new information. Specifically, you must specify a new Manager and Department name. You must also provide each user with dial-in capability to the system, which they have never had. Which of the following approaches are you most likely to take?

Selected Answer:

   Configure the properties on multiple objects. Edit the Manager and Department fields in the Organization Properties tab. Grant the dial-in permission on the Dial-In tab, and configure the dial-in permissions on a per-user basis.

Correct Answer:

   Configure the properties on multiple objects. Edit the Manager and Department fields in the Organization Properties tab. Grant the dial-in permission on the Dial-In tab, and configure the dial-in permissions on a per-user basis.

Feedback: The Manager and Department fields can be edited on multiple

objects at a time. The dial-in permission must be edited on a per-user basis. Configuration by Remote Access Policy is not supported on a Windows 2000 mixed mode domain functional level. The Dsadd.exe utility is used to add objects to Active Directory, not to edit the properties of existing objects. (Discussion starts on page 177.)

   Question 26

1 out of 1 points  

You are the network administrator for a pottery distributor in Utah. You are in the process of upgrading the corporate network from another operating system to Windows Server 2003. You ask a junior administrator to design an effective Password Policy. He offers the following suggestion:Enforce Password History = 10Maximum Password Age = 30Minimum Password Age = 15Minimum Password Length = 6Password Must Meet Complexity Requirements = YesWhat would the result of this policy be?

Selected Answer:

   The user can use a password of $$r763 but must change it every 30 days. She cannot change it any sooner than 15 days. She cannot reuse the same password until she has changed her password 10 times.

Correct Answer:

   The user can use a password of $$r763 but must change it every 30 days. She cannot change it any sooner than 15 days. She cannot reuse the same password until she has changed her password 10 times.

Feedback: For a password to meet complexity requirements, it must include characters from at least three of the following four categories: uppercase letters, lowercase letters, numbers, and symbols. In this example, the password $$r763 fulfills these requirements. The Maximum Password Age setting requires that the user change her password at least every 30 days, but the Minimum Password Age value preventsthe user from changing her password any sooner than 15 days. The Enforce Password History value of 10 ensures that the user must change her password 10 times before using a previous password. (Discussion starts on page 168.)

Question 1

1 out of 1 points  

Which of the following is not a domain functional level supported by Windows Server 2003?

Selected Answer:    Windows Server 2003 mixed

Correct Answer:    Windows Server 2003 mixed

Feedback: Windows Server 2003 mixed is not a domain functional level supported by Windows Server 2003. All of the other answers are domain functional levels supported by Windows Server 2003. (Discussion starts on page 212.)

   Question 2

1 out of 1 points  

Which of the following is not a built-in Active Directory group?

Selected Answer:    Power Users

Correct Answer:    Power Users

Feedback: Power Users is not a built-in Active Directory group. Backup Operators, Account Operators, and Network Configuration Operators are all valid Active Directory groups. (Discussion starts on page 226.)

   Question 3

1 out of 1 points  

What happens to the local Administrators group when a computer is added to the domain?

Selected Answer:

   The Domain Admins global group is added to the local Administrators group.

Correct Answer:

   The Domain Admins global group is added to the local Administrators group.

Feedback: When a computer is added to the domain, the Domain Admins global group is added to the local Administrators group. It is not possible to add a local group to a global group, so it is not possible to add the local Administrators group to the Domain Admins global group. When a computer is added to the domain, the Domain Admins global group is not added to the Power Users group. There is no local group called Computers. (Discussion starts on page 221.)

   Question 4

1 out of 1 points  

Where do you change the group scope?

Selected Answer:

   In the General properties tab of the group in Active Directory Users and Computers

Correct Answer:

   In the General properties tab of the group in Active Directory Users and Computers

Feedback: You change group scopes in the General properties tab of the group in Active Directory Users and Computers. There is no tab in Active Directory Users and Computers called Scopes, nor is there one called Type. Scope changes are not made in the Members properties tab of Active Directory Users and Computers. (Discussion starts on page 237.)

   Question 5

1 out of 1 points  

Which of the following statements is not true of universal groups?

Selected Answer:

   Universal groups can be granted access permissions only for resources in the domain in the forest in which they are created.

Correct Answer:

   Universal groups can be granted access permissions only for resources in the domain in the forest in which they are created.

Feedback: Universal groups can be granted access permissions for resources in any domain in the forest, and in domains in other trusted forests. Universal groups are available only in the Windows 2000 native and Windows Server 2003 functional levels, and universal groups can be converted to domain local groups or to global groups, as long as they do not have other universal groups as members. (Discussion starts on page 218.)

   Question 6

1 out of 1 points  

Which of the following Active Directory built-in groups does not have the right to back up files and directories?

Selected Answer:    Account Operators

Correct Answer:    Account Operators

Feedback: The Account Operators group does not have the right to back up files and directories. The Server Operators, Administrators, and Backup Operators groups all have the rights to back up files and directories. (Discussion starts on page 226.)

   Question 7

1 out of 1 points  

Which of the following statements is true of global groups?

Selected Answer:

   Global groups can include only users from within their domain.

Correct Answer:    Global groups can include only users from within their domain.

Feedback: Global groups can include only users from within their domain. They cannot include members from other domains in the tree, the forest, or anywhere else in the Active Directory structure. (Discussion starts on page 217.)

   Question 8

1 out of 1 points  

Which of the following tools do you use to raise the domain functional level of Active Directory?

Selected Answer:    Active Directory Domains and Trusts

Correct Answer:    Active Directory Domains and Trusts

Feedback: Active Directory Domains and Trusts is used to raise the domain functional level of Active Directory. None of the other tools listed can be used for this purpose. (Discussion starts on page 212.)

   Question 9

1 out of 1 points  

You have installed a new Windows Server 2003 system on your test network. After completing the installation, you run the Manage Your Server Wizard and configure the system as a domain controller. There are no other servers on the network. What

will the domain functional level of the system be?

Selected Answer:    Windows 2000 mixed

Correct Answer:    Windows 2000 mixed

Feedback: Windows 2000 mixed is the default domain functional level. Windows 2000 native and Windows Server 2003 interim are valid domain functional levels, but they are not the default domain functional levels. Windows Server 2003 single server is not a recognized domain functional level. (Discussion starts on page 212.)

   Question 10

1 out of 1 points  

A user who is connected to the system via a Remote Desktop connection automatically becomes a member of what special identity?

Selected Answer:    Interactive

Correct Answer:    Interactive

Feedback: A user who connects to the system via a Remote Desktop connection automatically becomes a member of the Interactive special identity. The user does not become part of the Dialup or Anonymous Logon special identity. Remote Users is not a recognized special identity. (Discussion starts on page 229.)

   Question 11

1 out of 1 points  

You are creating a script to streamline the process of adding new groups to Active Directory. You add the following command to the file:dsadd group "CN=Sales,CN=Users,DC=contoso,DC=com"   –member "CN=Administrator,CN=Users,DC=contoso,DC=com" -scope gWhat is the result of this command?

Selected Answer:

   A global group called sales.users.contoso.com is created, with the user Administrator as a member.

Correct Answer:

   A global group called sales.users.contoso.com is created, with the user Administrator as a member.

Feedback: The Dsadd command is used to add new groups to Active Directory. The command creates a new global group called sales.users.contoso.com, and the user Administrator is made a member of that group. The answer "The command produces an error" is incorrect. The syntax and usage of the command is valid. The answer "A universal group called sales.users.constoso.com is created, with the user Administrator as a member" is incorrect. The "-scope g" would cause a global group to be created. The answer "The user administrator is removed from the sales.users.contoso.com group, and the scope is changed to global" is incorrect. Group membership cannot be changed using the Dsadd command. (Discussion starts on page 239.)

   Question 12

1 out of 1 points  

Under what circumstances can you convert a global group to a universal group?

Selected Answer:

   Only when the global group is not a member of another global group.

Correct Answer:

   Only when the global group is not a member of another global group.

Feedback: You can convert a global group to a universal group only if the global group is not a member of any other global group. The answer "Only when the global group contains users from only one domain" is incorrect. By definition, a global group can contain only users from a single domain. The answer "There are no restrictions when converting a global group to a universal group" is incorrect. There are restrictions on converting a global group to a universal group. The answer "You cannot convert a global group to a universal group under any circumstances" is incorrect. You can convert a global group to a universal group if the global group is not a member of another global group. (Discussion starts on page 220.)

   Question 13

1 out of 1 points  

The technical support department has a new member who needs rights to perform system functions and Active Directory administration tasks such as creating new user accounts, shutting down and restarting the server, backing up files and directories, and loading and unloading device drivers. You want to make the user a member of only one group, but you also want to avoid assigning more rights than necessary. Which of the following groups should you make the new hire a member of?

Selected Answer:    Administrators

Correct Answer:    Administrators

Feedback: Of the groups listed, only the Administrators group and the Domain Admins group have all of the required permissions. However, the Domain Admins group also has rights that are not required by the new hire. Therefore, the best choice is to add the user to the Administrators group. The Server Operators group does not have rights to create user accounts or load and unload device drivers. The Backup Operators group does not have rights to create user accounts or load and unload device drivers. (Discussion starts on page 226.)

   Question 14

1 out of 1 points  

You have a laser printer in the Sales department. The Sales group is assigned permissions to print to that printer. The members of the Sales department are all members of the Sales group. No other users or groups are assigned permissions to the printer. What happens if you delete the Sales group?

Selected Answer:

   The Sales group is removed from the ACL for the printer, and members of the Sales department can no longer print.

Correct Answer:

   The Sales group is removed from the ACL for the printer, and members of the Sales department can no longer print.

Feedback: When a group is deleted, access control list (ACL) entries related to

that group are removed. In this example, there are no other permissions assigned to the printer, so members of the Sales department can no longer print. The answer "The Sales group is removed from the ACL for the printer, but members of the Sales group can still print to the printer" is incorrect. If the group is removed and the users are not assigned permissions individually, the users cannot print. The answer "The Sales group is removed from the ACL for the printer, but the individual user accounts that were members of the Sales group are added to the ACL of the printer, thereby allowing them to print" is incorrect. When you delete a group, members of that group are not added to the ACL of any resource to which the group was assigned permissions. The answer "Any user account that is a member of the Sales group is deleted" is incorrect. Deleting a group causes only that group object to be deleted. User accounts that are a member of that group are not deleted. (Discussion starts on page 238.)

   Question 15

1 out of 1 points  

True or False: On a domain controller, members of the Power Users group can create user and group accounts and modify the users and groups they have created.

Selected Answer:  False

Correct Answer:  False

Feedback: Power Users is a local group. Local groups do not exist on Active Directory domain controllers. (Discussion starts on page 221.)

   Question 16

1 out of 1 points  

To redistribute some of the administrative burden on your network, your manager suggests having a member of the customer help desk act as your assistant. To allow this person to perform account management tasks, you make him a member of the Account Operators built-in Active Directory group. Which of the following tasks will the user be allowed to perform?

Selected Answer:    Creating new user accounts

Correct Answer:    Creating new user accounts

Feedback: Members of the Account Operators group can create, delete, and modify user, computer, and group objects in the Users and Computers containers and in all OUs except domain controllers. Members do not have permission to modify the Administrators or Domain Admins groups, nor can they modify the accounts for members of those groups. (Discussion starts on page 226.)

   Question 17

1 out of 1 points  

You want to implement group policy on your network to provide control over user accounts on the network. Which of the following entities cannot be assigned group policy?

Selected Answer:    Groups

Correct Answer:    Groups

Feedback: Group policy objects (GPOs) can be assigned only to Active Directory domain, site, and OU objects. You cannot assign a group policy object to a group. (Discussion starts on page 211.)

   Question 18

1 out of 1 points  

When you join a computer to the domain, what happens to the membership of the local Guests group?

Selected Answer:

   The Domain Guests predefined global group is added to the local Guests group.

Correct Answer:

   The Domain Guests predefined global group is added to the local Guests group.

Feedback: When a computer is added to the domain, the Domain Guests predefined global group is automatically added to the local Guests group. The answer "The special identity Guests is added to the local Guests group" is incorrect. There is no Guests special identity. The answer "Any user accounts defined as members of the local Guests group are added to the Domain Guests group" is incorrect. When a computer is added to the domain, no changes are made to the Domain Guests group. The answer "The local Guests group is deleted" is incorrect. The local Guests group is not deleted when the computer is added to the domain. (Discussion starts on page 221.)

   Question 19

1 out of 1 points  

You are the network administrator for a clothing manufacturer in Boise, Idaho. The network comprises three domains. Each domain is assigned to a specific division in the company. You have six Windows Server 2003 systems running Standard Edition. Active Directory is running at a Windows Server 2003 domain functional level. You have a group of auditors who move from department to department in the course of their work. Because they move around, they need access to the nearest printer at any given time. Which of the following do you do to accommodate this?

Selected Answer:

   Create a universal group, place the user accounts for the auditors in that group, and then assign the universal group permissions to all of the printers in each of the domains.

Correct Answer:

   Create a universal group, place the user accounts for the auditors in that group, and then assign the universal group permissions to all of the printers in each of the domains.

Feedback: The correct answer is "Create a universal group, place the user accounts for the auditors in that group, and then assign the universal group permissions to all of the printers in each of the domains." The answer "Create a global group, place the user accounts for the auditors in that group, and then assign the global group permissions to all of the printers in each of the domains" is incorrect. You cannot assign a global group permissions to resources in a domain other than the one in which it is created. The answer "Create a universal group, place the user accounts for the auditors in that group, and then place the universal group into the local printer users group on the domain controllers that host a printer" is incorrect. There is no

local printer users group. The answer "Create a universal group, and place the user accounts for the auditors in that group. Create a global group, and place the auditors universal group into that global group. Finally, assign the global group permissions to the printers in each domain" is incorrect. You cannot place a universal group into a global group. (Discussion starts on page 218.)

   Question 20

1 out of 1 points  

You are the network administrator for a real estate agency in Washington, D.C. The network comprises three Windows Server 2003 systems and 120 client systems running Windows XP Professional. You have two domains, one representing each of the two divisions of the company (residential and commercial). You receive a request to create a group called Marketing that will be assigned resource access to resources in both domains. However, when you go to create a new security group, in the Group Scope option the Universal option button is grayed out. Which of the following is the most likely cause of the problem?

Selected Answer:

   You are running at a Windows 2000 mixed domain functional level.

Correct Answer:    You are running at a Windows 2000 mixed domain functional level.

Feedback: Universal groups are available only in the Windows 2000 native and Windows Server 2003 domain functional levels. They are not available in Active Directory operating at a Windows 2000 mixed domain functional level. The answer "You have more than one domain" is incorrect. The ability to create universal groups is not dependent on the number of domains in the directory, although the functionality they provide is not relevant in directory structures with only one domain. (Discussion starts on page 212.)

   Question 21

1 out of 1 points  

You are the network administrator for a company that sells computer books. The network comprises six Windows Server 2003 systems, three of which are domain controllers. The other servers are member servers. Active Directory is operating at a Windows Server 2003 functional level. One of the domain controllers hosts a database application, and you need to provide users in the Sales department with access to a folder on that server that contains the data files for the database. Which of the following is the best approach to take?

Selected Answer:

   Create a domain local group called Database, and give that group the necessary permissions to the folder containing the data file. Create a global group called SalesData, and add the appropriate members of the Sales department to the SalesData global group. Add the SalesData global group to the Database domain local group.

Correct Answer:

   Create a domain local group called Database, and give that group the necessary permissions to the folder containing the data file. Create a global group called SalesData, and add the appropriate members of the Sales department to the SalesData global group. Add the SalesData global group to the Database domain local group.

Feedback: Best practice dictates that you identify the resource to which users need access, and then create one or more domain local groups for those resources. Next you assign the permissions needed for access

to the resources to the domain local group. Then you identify users with common job responsibilities and add their user objects to a global group. Finally, you make the global group a member of the appropriate domain local group. The answer "Assign each user in the Sales department access to the folder individually" is incorrect. This would not be the best way to give users from the Sales department access to the database. The answer "Create a global group called Database, and give that group the necessary permissions to the folder containing the data file. Create a domain local group called SalesData, and add the appropriate members of the Sales department to the SalesData domain local group. Add the SalesData domain local group to the Database global group" is incorrect. You cannot nest a domain local group in a global group. The answer "Create a local group called Database on the domain controller. Create a global group called SalesData, and add the appropriate members of the Sales department to the SalesData global group. Add the SalesData global group to the local group" is incorrect. You cannot create a local group on a domain controller. (Discussion starts on page 220.)

   Question 22

1 out of 1 points  

You are the network administrator for a tire wholesaler with seven offices across the continental United States. Each site has a single Windows Server 2003 server operating at a Windows Server 2003 domain functional level. Each site is linked to the head office in Buffalo, New York, by a PRI-ISDN line. Each site has its own domain. The WAN links are used by a number of applications, including a sales order-processing system. The company is experiencing huge growth, and over the next three months the number of staff members is set to increase from 160 to 310. You are in the process of reorganizing the group structure on the network. Many of the users require access to data and applications in more than one site, and up to this point many of the assignments have been made with a user account rather than a group. One of your fellow administrators suggests creating a number of universal groups and adding the users to the universal groups. Permissions to resources can then be granted via the universal groups. What issues, if any, do you see with this solution?

Selected Answer:

   It might create additional traffic on the already heavily used WAN links.

Correct Answer:

   It might create additional traffic on the already heavily used WAN links.

Feedback: To use universal groups effectively, the best practice is to create a global group in each domain, with user or computer accounts as members, and then make the global groups members of a universal group. This enables you to create a single universal group that is usable throughout the enterprise, but with a membership that does not change frequently. This method is preferable to adding users and computers to the universal group directly, because every change to the universal group's membership causes the entire membership to be replicated to the global catalog, throughout the forest. Managing the users and computers in the global groups does not affect the universal group's membership and therefore generates no additional replication traffic. In this scenario, with slow WAN links and universal group memberships that are likely to change, this would be of particular concern. The answer "None. The suggestion is practical and valid" is incorrect. There are issues with this solution. The

answer "Universal groups are not available on a Windows Server 2003 domain functional level" is incorrect. Universal groups can be created in Active Directory running at a Windows Server 2003 domain functional level. The answer "You can place global or domain local groups only in a universal group, not user accounts" is incorrect. You can place individual user accounts into a universal group, although this is not recommended. (Discussion starts on page 218.)

   Question 23

1 out of 1 points  

If you are using a Windows 2000 native domain functional level, which of the following Active Directory objects can be a member of a domain local group?

Selected Answer:

   User and computer accounts, universal groups, and global groups from any domain; other domain local groups from the same domain

Correct Answer:

   User and computer accounts, universal groups, and global groups from any domain; other domain local groups from the same domain

Feedback: When you use Active Directory at a Windows 2000 native domain functional level, a domain local group can contain user and computer accounts, universal groups, and global groups from any domain, as well as other domain local groups from the same domain. All of the other answers are incorrect. (Discussion starts on page 219.)

   Question 24

0 out of 1 points  

You are the network administrator for a music publishing company in Los Angeles. The network comprises four Windows Server 2003 systems, two of which are domain controllers. The network is operating at a Windows Server 2003 domain functional level. You have a number of distribution groups in Active Directory that were created for contacts in an external public relations (PR) firm. However, the PR firm has been bought out by the firm you work for, and the entire PR operation has been moved in-house. A new department has been created for the PR function. Users in the new PR department need access to resources such as folders and printers. Which of the following do you do to provide them access?

Selected Answer:

   Create new user accounts for users from the PR department. Add the users to domain local groups as needed to provide access.

Correct Answer:

   Create new user accounts for users from the PR department. Create a global group, and add the users to that group. Add the global group to domain local groups as needed to provide access.

Feedback: The best practice is to add users to global groups, and then add global groups to domain local groups that have been assigned the appropriate access to resources. The answers "Create user accounts to match the users listed in the distribution group, then convert the distribution group to a global group. Assign the new global group to domain local groups as needed to provide access" and "Convert the distribution group to a global group. Assign the new PR global group to the appropriate domain local group" are both incorrect. You cannot convert a distribution group to a security group, which is what a global group is. The answer "Create new user account for users from the PR department. Add the users to domain local groups as needed to provide access" is incorrect. As indicated, the best practice is to

add users to a global group, and then add global groups to domain local groups to provide access to resources. (Discussion starts on page 220.)

   Question 25

1 out of 1 points  

On a network operating at a Windows 2000 mixed domain functional level, which of the following are limitations on converting groups?

Selected Answer:

   You cannot convert groups in Active Directory operating at a Windows 2000 mixed domain functional level.

Correct Answer:

   You cannot convert groups in Active Directory operating at a Windows 2000 mixed domain functional level.

Feedback: You cannot convert groups when running Active Directory at a Windows 2000 mixed domain functional level. You can convert groups only when you are running Active Directory at a Windows 2000 native or Windows Server 2003 functional level. All of the other answers describe limitations on converting groups at either a Windows 2000 native or Windows Server 2003 domain functional level. (Discussion starts on page 220.)

   Question 26

1 out of 1 points  

You have recently been hired as the network administrator for a trading card manufacturing company in New York. The network comprises four Windows Server 2003 systems, two of which are domain controllers. Active Directory is configured at a Windows Server 2003 domain functional level. Twelve groups have been created for each of the departments in the organization. You will soon be implementing a new Active Directory–aware e-mail system, and your manager wants to be able to send messages to all users in a department at one time. How do you accommodate this?

Selected Answer:    Special group configuration is not necessary.

Correct Answer:    Special group configuration is not necessary.

Feedback: Security groups can be used as distribution groups by directory-aware applications. Your manager can send messages to all users in a department just by using the security group, so special group configuration is not necessary. The answer "Copy each of the departmental groups, and then convert the new group to a distribution group" is incorrect. You cannot copy or convert groups. The answer "Create a distribution group for each department, and manually duplicate the membership of the security group for each department" is incorrect. There is no need to create distribution groups for each department. The answer "Convert the security group for each department to a distribution group" is incorrect. You cannot convert a security group to a distribution group, or vice versa. (Discussion starts on page 216.)

   Question 27

1 out of 1 points  

You are the network administrator for a data storage device manufacturer in Yakima, Washington. The network comprises three domains. Each domain is assigned to a specific department in the company (Development, Sales,

Administration). You have three Windows Server 2003 systems running Standard Edition. Active Directory is running at a Windows Server 2003 domain functional level.     You have recently acquired a new plotter, which is to be used by the 14 electronics designers, all of whom are in the Development department and are members of the Development global group. The manager informs you that he is expecting to recruit two more designers in the near future. Which of the following do you do to provide the electronics designers with access to the new plotter?

Selected Answer:

   Create a domain local group called Plotter. Place the Development global group into the Plotter group.

Correct Answer:

   Create a domain local group called Plotter. Place the Development global group into the Plotter group.

Feedback: Best practice dictates that global groups be added to domain local groups that have been assigned the appropriate access to resources, so you should create a domain local group called Plotter and place the Development global group into the Plotter domain local group. The answer "Create a domain local group called Plotter, create a global group called Plotter Users, and make the Development global group a member of the Plotter Users group" is incorrect. There is no need to create a global group called Plotter Users in this example. The answer "Create a domain local group called Plotter. Place the user accounts for the users in the Development department into that group" is incorrect. Best practice dictates that you use global groups to group people by job function, and then use these global groups in domain local groups to provide access to resources. The answer "Assign the users from the Development department access to the plotter by assigning permissions to their user accounts" is incorrect. Best practice dictates that you use groups, not individual user accounts, to provide access to resources. (Discussion starts on page 220.)

   Question 28

1 out of 1 points  

You are the network administrator for an insurance company with its head office in San Francisco. The company has four other offices—in Detroit, New York, Vancouver, and Dallas. The network comprises six Windows Server 2003 systems, two in San Francisco and one at each of the other sites. Active Directory is operating at a Windows 2000 mixed domain functional level.    The company has a sales order-processing system with a local database in each location. The local databases are synchronized hourly with the central database in San Francisco. Users at every site have been experiencing problems with the database, so your manager has contracted two SQL database administrators (DBAs) for three months to determine the problem and make recommendations for optimizing the database. These DBAs, who will be based in San Francisco, need direct access to the database folders in each location. Which of the following do you do to achieve this?

Selected Answer:

   Create a global group called DBA in the San Francisco domain. Create a domain local group in each of the other domains, and grant permissions to the folders containing the database data files to the respective domain local group. Assign the DBA global group to the domain local groups.

Correct Answer:

   Create a global group called DBA in the San Francisco domain. Create a domain local group in each of the other domains, and grant

permissions to the folders containing the database data files to the respective domain local group. Assign the DBA global group to the domain local groups.

Feedback: At the Windows 2000 mixed domain functional level, domain local groups can contain global groups from any domain on the network. The answer "Create a universal group called SQL, and assign it to the folders containing the database data files. Create a global group in each domain called DBAs, and add the user accounts for the DBAs to the DBA group. Add the DBA group to the SQL universal group" and the answer "Create a universal group called SQLDBA, and assign it permissions to the folders containing the database data files. Make the DBAs' user accounts members of the universal group" are incorrect. You cannot create universal groups in Active Directory running at a Windows 2000 mixed domain functional level. The answer "Create a global group in each location, and assign the global group permissions to folders containing the database data files. Add the DBAs from San Francisco to the global group in each location" is incorrect. On Active Directory running at a Windows 2000 mixed domain functional level, global groups can contain user and computer accounts only from the same domain. (Discussion starts on page 216.)

   Question 29

1 out of 1 points  

On a system running Active Directory at a Windows 2000 mixed domain functional level, what objects can be a member of a universal group?

Selected Answer:

   None. Universal groups are not supported at the Windows 2000 mixed domain functional level.

Correct Answer:

   None. Universal groups are not supported at the Windows 2000 mixed domain functional level.

Feedback: Universal groups are supported only at the Windows 2000 native or Windows Server 2003 functional level. They are not supported at the Windows 2000 mixed or Windows Server 2003 interim functional level. (Discussion starts on page 219.)

   Question 30

1 out of 1 points  

You are the network administrator for a frozen foods wholesaler. The network comprises 3 Windows 2000 Server systems and 165 workstations that run Windows XP Professional or Windows 2000 Professional. You are planning to install a new Windows Server 2003 system and want to configure the domain functional level for the highest level supported by both servers. You also want to use universal security and distribution groups, and group nesting. What domain functional level do you use after you have installed the Windows Server 2003 system?

Selected Answer:    Windows 2000 native

Correct Answer:    Windows 2000 native

Feedback: The Windows 2000 native domain functional level supports both Windows Server 2003 and Windows 2000 servers. It also supports universal security and distribution groups, and group nesting. The answer "Windows Server 2003" is incorrect. The Windows Server 2003 domain functional level supports domain controllers running

Windows Server 2003 only. The answer "Windows Server 2003 interim" is incorrect. This domain functional level is used only when you upgrade domain controllers in Windows NT 4 domains to Windows Server 2003 domain controllers. The answer "Windows 2000 mixed" is incorrect. Although this domain functional level supports both Windows Server 2003 and Windows 2000 Server systems, it does not support universal security groups or group nesting. (Discussion starts on page 212.)

   Question 1

1 out of 1 points  

When creating a new computer account, under what circumstances would you select the Assign This Computer Account As A Pre–Windows 2000 Computer check box?

Selected Answer:

   The system you are creating an account for is running Windows NT 4.

Correct Answer:

   The system you are creating an account for is running Windows NT 4.

Feedback: You should select the check box if you are creating a computer account for a system running Windows NT 4. MS-DOS–based operating systems such as Windows 98 and Windows Me can log on to Active Directory with additional client software, but they do not have a corresponding computer account object in Active Directory. (Discussion starts on page 251.)

   Question 2

1 out of 1 points  

If the name of a computer is salesadminsouth07, what is the default pre–Windows 2000 computer name for the system?

Selected Answer:    salesadminsouth

Correct Answer:    salesadminsouth

Feedback: The pre–Windows 2000 computer name is automatically generated using the first 15 characters of the computer name. This makes the pre–Windows 2000 computer name salesadminsouth. (Discussion starts on page 251.)

   Question 3

1 out of 1 points  

On a Windows Server 2003 system, where do you go to join the computer to a domain?

Selected Answer:    Control Panel, System, Computer Name

Correct Answer:    Control Panel, System, Computer Name

Feedback: You join the computer to a domain using the Computer Name tab of the System Properties dialog box, which is accessed by selecting System in Control Panel. The computer name cannot be changed in the Advanced or General tab of the System Properties dialog box. There is no Network Identification tab in the System Properties dialog box. (Discussion starts on page 254.)

   Question 1 out of 1 points  

4

What is the function of the Redircmp.exe command?

Selected Answer:

   It allows you to specify a different default location for new computer accounts.

Correct Answer:

   It allows you to specify a different default location for new computer accounts.

Feedback: By default, computer accounts are created in the Computers container. You can use the Redircmp command to specify an alternative default location for the creation of computer accounts. Redircmp does not allow you to move computers from one OU to another, map more than one computer name to the same computer object, or copy computer account objects. (Discussion starts on page 259.)

   Question 5

1 out of 1 points  

In Active Directory Users And Computers, in which tab of the Properties dialog box for the computer account do you view the service pack version installed on the corresponding system?

Selected Answer:    Operating System

Correct Answer:    Operating System

Feedback: The Operating System tab of the computer account properties shows the name, version, and service pack level of the currently installed operating system. You cannot view the service pack level in the General tab, and there is no Service Pack or Version tab for the properties of a computer account. (Discussion starts on page 260.)

   Question 6

1 out of 1 points  

Which of the following utilities do you use to remove a computer account from Active Directory?

Selected Answer:    Dsrm

Correct Answer:    Dsrm

Feedback: You can use the Dsrm utility to remove objects, including computer accounts, from Active Directory. Cmprem is not a valid Windows Server 2003 utility. You can use the Dsmod utility to modify an existing Active Directory object, but not to remove an object. You use the Redircmp command to specify a new default location for computer accounts in Active Directory, not to remove computer accounts. (Discussion starts on page 264.)

   Question 7

1 out of 1 points  

During user logon on a Windows 2000 Professional system, which of the following is responsible for checking to see if the computer has a corresponding account in Active Directory?

Selected Answer:    Netlogon

Correct Answer:    Netlogon

Feedback: During user logon, the Netlogon service running on the client computer connects to the same service on the domain controller, and then each one verifies that the other system has a valid computer account. Dsmod, Dsadd, and Redircmp are command-line utilities associated with the management of computer objects. They are not services and are not used to check whether a corresponding computer account exists in Active Directory. (Discussion starts on page 248.)

   Question 8

1 out of 1 points  

By default, the Add Workstations To Domain right is assigned to the Authenticated Users special identity, thereby allowing an authenticated user to create up to how many computer accounts in Active Directory?

Selected Answer:    10

Correct Answer:    10

Feedback: The Default Domain Controllers Policy GPO grants a user right called Add Workstations To Domain to the Authenticated Users special identity. This means that any user who is successfully authenticated to Active Directory is permitted to join up to 10 workstations to the domain and create 10 associated computer objects, even if the user does not possess explicit object creation permissions. (Discussion starts on page 257.)

   Question 9

1 out of 1 points  

True or False: The person nominated in the Name field of the Managed By tab of the computer accounts properties must exist in Active Directory.

Selected Answer:  True

Correct Answer:  True

Feedback: You cannot manually edit the Name field of the Managed By tab. The name selected must be a user account that already exists in Active Directory. (Discussion starts on page 260.)

   Question 10

1 out of 1 points  

If you are joining a computer to the domain and a computer account has already been created for that computer, which of the following rules must you obey?

Selected Answer:

   The name in the Computer Name field must be identical to the already created computer account.

Correct Answer:

   The name in the Computer Name field must be identical to the already created computer account.

Feedback: When you join a computer to a domain in which a computer account has already been created for the computer, the name you enter in the Computer Name field must be identical to the name of the computer account. The computer does not automatically detect the correct value for the Computer Name field. (Discussion starts on

page 260.)

   Question 11

1 out of 1 points  

When you use the Netdom command to create computer accounts, what happens if you don't use the /OU switch?

Selected Answer:

   The computer account is created in the Computers container.

Correct Answer:    The computer account is created in the Computers container.

Feedback: By default, the Netdom command creates computer accounts in the Computers container. The /OU switch allows you to define where the computer account is created. (Discussion starts on page 254.)

   Question 12

1 out of 1 points  

If you reinstall the operating system on a computer that is a member of the domain, what steps, if any, must you take for that computer to reuse the existing computer account?

Selected Answer:    You must reset the computer account.

Correct Answer:    You must reset the computer account.

Feedback: Resetting a computer account causes Active Directory to resynchronize passwords between the computer account and the directory. This resetting process allows you to reuse an existing account after a new operating system installation on that computer. You cannot manually reconfigure the SID, and Active Directory does not automatically recognize the system. (Discussion starts on page 263.)

   Question 13

1 out of 1 points  

You have a user who is going on maternity leave for a month. Her work has been reassigned to other people, and no one will be using her PC while she is away. You want to make the network as secure as possible. What should you do to the computer account object for her PC?

Selected Answer:    Disable it.

Correct Answer:    Disable it.

Feedback: Disabling a computer account object renders users unable to log on to the directory from that system. If you are operating in a high-security environment, any account (computer or user) that can gain access to the network should be disabled if it is not to be used for an extended period of time. Resetting the computer account does not serve any purpose in this situation—it resynchronizes password information with Active Directory. You would also not delete the computer account because the account will be required in the future.

Suspending the account is not a recognized action for computer account objects in Active Directory. (Discussion starts on page 262.)

   Question 14

1 out of 1 points  

When you use the Dsmod utility, you include the -p switch in the command line. What value do you specify for this switch?

Selected Answer:

   The password for the user account that has privileges to modify the computer account.

Correct Answer:

   The password for the user account that has privileges to modify the computer account.

Feedback: The -p (password) switch is used in conjunction with the -u (username) switch to specify a user account that should be used to modify the computer accounts in the directory. The answer "None. The -p switch indicates that the computer account is subjected to group policy and has no values associated with it" is incorrect. There is no switch in the Dsmod command for specifying that the computer account is subject to group policy. The answer "The password that the computer account will use in Active Directory" is incorrect. The computer account password cannot be reset using the Dsmod command. The answer "The password for the user who will use the computer" is incorrect. The user password is a property of the user account object and is completely unrelated to the computer account. (Discussion starts on page 263.)

   Question 15

1 out of 1 points  

Which of the following commands do you use to make the default location of newly created computer objects be the OU workstations.contoso.com?

Selected Answer:    redircmp ou=workstations,DC=contoso,dc=com

Correct Answer:    redircmp ou=workstations,DC=contoso,dc=com

Feedback: The answers "redircmp -d:ou=workstations,DC=contoso,dc=com" and "redircmp -def:ou=workstations,DC=contoso,dc=com" are incorrect. No switches are necessary to specify the new default location for computer accounts. The answer "rediscmp ou=workstations,DC=contoso,dc=com" is incorrect. Rediscmp is not a recognized Windows Server 2003 utility or command. (Discussion starts on page 259.)

   Question 16

1 out of 1 points  

Why is it necessary to reset a computer account after you reinstall an operating system on the client computer?

Selected Answer:

   The new computer will have a different SID than the old one.

Correct Answer:    The new computer will have a different SID than the old one.

Feedback: A computer account, like a user account, has a SID that is used to identify that computer account in Active Directory. When a computer is joined to the domain, it changes its SID to match that of the computer object. If a new operating system is installed, the SID will be different, so it must be resynchronized with the SID of the computer account in Active Directory. You do this by resetting the computer account. The answer "The information in the Operating System tab of the computer account object must be manually refreshed" is incorrect. The information in the Operating System tab is dynamically updated when the computer connects to the domain. The answer "Resetting the computer account updates the client computer with a list of the users permitted to log on from that system" is incorrect. Lists of permitted users are not downloaded to client computers. The answer "The serial number of the operating system installation will have changed" is incorrect. The computer account object does not have anything to do with the serial number of the operating system software installed on the system. (Discussion starts on page 249.)

   Question 17

1 out of 1 points  

Which of the following commands creates a computer account for computer1.sales.contoso.com?

Selected Answer:

   dsadd computer CN=computer1,CN=sales,DC=contoso,DC=com

Correct Answer:

   dsadd computer CN=computer1,CN=sales,DC=contoso,DC=com

Feedback: The command dsadd computer CN=computer1,CN=sales,DC=contoso,DC=com creates a new computer account in the sales.contoso.com OU. The answer "dsadd comp CN=computer1,CN=sales,DC=contoso,DC=com" is incorrect. The switch for creating a computer account with Dsadd is computer, not comp. The answer "dsmod computer CN=computer1,CN=sales,DC=contoso,DC=com" is incorrect. The Dsmod command is not used to create computer accounts; it can be used only to modify existing computer accounts. The answer "dsrm computer CN=computer1,CN=sales,DC=contoso,DC=com" is incorrect. The Dsrm command is not used to create computer accounts; it is used to delete computer accounts. (Discussion starts on page 253.)

   Question 18

1 out of 1 points  

When you create an account for a computer that is not a domain controller, what default group memberships are assigned to it?

Selected Answer:    Domain Computers group

Correct Answer:    Domain Computers group

Feedback: When a new computer account is created, it is made a member of

the Domain Computers group. It is not made a member of any other groups. (Discussion starts on page 260.)

   Question 19

1 out of 1 points  

Why is it preferable to place client computer account objects in an OU rather than the system-created Computers container?

Selected Answer:

   So group policy settings can be applied to the computer accounts in one step.

Correct Answer:

   So group policy settings can be applied to the computer accounts in one step.

Feedback: Group Policy Objects (GPOs) cannot be applied to system-created container objects such as the Computers container, so you should create OUs to hold computer accounts. The answer "The Computers container can hold a maximum of only 100 objects" is incorrect. There is no practical limit to the number of objects that can be created in the Computers container. The answer "The Computers container should be used only for computer accounts that are related to servers" is incorrect. There are no guidelines or best practices that dictate that the Computers folder be used only for computer accounts related to servers. The answer "The Computers container is designed to hold computer accounts only for domain controllers" is incorrect. Computer accounts for domain controllers are automatically placed in the Domain Controllers container. (Discussion starts on page 259.)

   Question 20

1 out of 1 points  

When you create a computer account in Active Directory Users And Computers, what do you enter in the User Or Group field of the New Object – Computer Wizard?

Selected Answer:

   The name of a user or group with permissions to join the computer to the domain.

Correct Answer:

   The name of a user or group with permissions to join the computer to the domain.

Feedback: The User Or Group field is for specifying the user or group with the necessary permissions to join the computer to the domain. The default value is the Domain Admins group. The answer "The name of the user or group that will use the computer corresponding to the computer account" is incorrect. Computer accounts are not assigned to any one user or group during the account creation process. The answer "The name of a user or group with permissions to create a computer object" is incorrect. The ability to create a computer account is not related to this field. The answer "The name of the user or group that will be responsible for managing the corresponding computer system" is incorrect. It is possible to specify the person responsible for the management of a computer system in the Managed By tab of the computer object's properties, but you don't specify this during the computer account creation process. (Discussion starts on page 251.)

   Question 1 out of 1 points  

21

True or False: When you use Dsadd to create a computer account, the DN must be surrounded by quotation marks in order for the account to be created successfully.

Selected Answer:  False

Correct Answer:  False

Feedback: The computer distinguished name (DN) requires quotation marks around it only if there are spaces in the DN path. For example, the DN CN=sales1,CN=sales,DC=contoso,DC=com does not require quotation marks around it, but the DN CN=sales1,CN=sales north,DC=contoso,DC=com does. (Discussion starts on page 253.)

   Question 22

1 out of 1 points  

In a default configuration, members of the Account Operators group have permissions to create computer objects in which of the following locations?

Selected Answer:    The Computers container and any new OUs you create

Correct Answer:    The Computers container and any new OUs you create

Feedback: By default, members of the Account Operators group have permissions to create computer accounts in the Computers container as well as any new OUs that you create. The answers "The Computers container and the OU in which the user account that is a member of the Account Operators group resides" and "The Computers container" are incorrect. Members of the Account Operators group also have permission to create computer accounts in any new OUs you create. The answer "Any container or OU in the domain" is incorrect. Members of the Account Operators group have permissions to create computer accounts only in the Computers container and any new OUs you create. (Discussion starts on page 251.)

   Question 23

1 out of 1 points  

Which of the following commands disables the computer account for the object computer1.sales.contoso.com?

Selected Answer:

   dsmod computer CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes

Correct Answer:

   dsmod computer CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes

Feedback: The Dsmod computer command can be used to disable a computer account. The target computer must be identified in the command, and the -disabled yes switch must be used. The answer "dsmod CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes" is incorrect. Dsmod requires that you specify the type of Active Directory object you are modifying. The answer "dsadd computer CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes" is incorrect. The Dsadd command is used to add objects to Active Directory, not to modify existing objects. 

The answer "dsrm computer CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes" is incorrect. The Dsrm command is used to remove objects from Active Directory, not configure existing objects. (Discussion starts on page 263.)

   Question 24

1 out of 1 points  

You are the network administrator for a small property management company in Boise, Idaho. The network comprises a single Windows Server 2003 system and 23 Windows XP Professional systems. Active Directory is running at the Windows Server 2003 domain functional level. Earlier this month, you were asked to disable the computer account for a user who was taking a month of leave to care for a sick family member. The user account for the person was not disabled because the user planned to dial in to the network from home while on leave. Now there is talk of the user returning from leave early. If he does return early and goes to use his PC before you have reenabled the computer account, what will happen?

Selected Answer:

   He has logged on to the domain from that system before, so he will be able to log on to the local system but will not be able to access domain resources.

Correct Answer:

   He has logged on to the domain from that system before, so he will be able to log on to the local system but will not be able to access domain resources.

Feedback: Because the user has previously logged on to that computer, he will have cached credentials that will enable him to log on to the system. However, because the computer account is disabled in the domain, he will be unable to log on to the domain until you reestablish the secure channel by enabling the computer account. The answer "He has logged on to the domain from that system before, so he will be able to log on and use the domain resources" is incorrect. He will be able to log on to the local system, but he will not be able to use domain resources. The answer "When he logs on, the computer account will be automatically enabled because his username and password are valid" is incorrect. Computer accounts are not reenabled in this way. The answer "He will not be able to log on to that system, even though he has logged on to the domain from that system before" is incorrect. He will be able to log on to the local system but will not be able to access domain resources. (Discussion starts on page 262.)

   Question 25

1 out of 1 points  

You are the network administrator for a large insurance brokerage in Wichita, Kansas. The network comprises four Windows Server 2003 systems, two of which are configured as domain controllers. The other two servers provide file and print services, and they host the company's document management and customer database applications. Active Directory is configured at the Windows Server 2003 domain functional level.You have just made a new leasing agreement with your hardware supplier, and as a result you are in the process of upgrading the company's 450 client computers. The existing systems are all running Windows 2000 Professional, but the new systems will be running Windows XP Professional. Which of the following do you do to allow the new Windows XP Professional systems to join the domain?

Selected    When replacing each system, give the new computer the same

Answer: name as the one that was removed. Reset the computer account in Active Directory.

Correct Answer:

   When replacing each system, give the new computer the same name as the one that was removed. Reset the computer account in Active Directory.

Feedback: The Reset Computer option is designed to accommodate exactly this kind of procedure. You can reuse the existing computer account by resetting the account, which resets its password but maintains the account's properties. The answer "Create a new computer account for each of the new systems" is incorrect. There is no need to create new computer accounts for the new systems. The answer "When replacing each system, give the computer the same name as the one that was removed. Disable and reenable the computer in Active Directory" is incorrect. Disabling and reenabling the computer account will not have the desired effect. The answer "In Active Directory Users And Computers, locate the computer accounts for the existing systems, select the Operating System tab of the properties for the computer object, and type Windows XP Professional in the Version field" is incorrect. You cannot manually edit the fields in the Operating System tab of Active Directory Users And Computers. This information is automatically completed when the computer connects to the domain. (Discussion starts on page 263.)

   Question 26

1 out of 1 points  

You are the network administrator for an electrical goods distributor in Chicago. The network comprises three Windows Server 2003 systems, two of which are domain controllers. The other is a member server that hosts the sales order-processing database. Active Directory is configured at the Windows Server 2003 domain functional level. The company has experienced a phenomenal surge in growth that has resulted in the hiring of 24 new employees, bringing the total staff to 114. Your manager has realized that managing all these users, who all work on Windows XP Professional systems, is too much for a single administrator, so he has hired a junior administrator to help with some of the more mundane network management tasks. One day, a request arrives to disable a computer account for a salesperson who is taking a leave of absence. Company policy dictates that while the salesperson is away, both her computer and user account must be disabled. Disabling of computer accounts is not a frequently performed task, but you ask the junior administrator to do it. Unfortunately, he accidentally resets the computer account instead of disabling it. What action, if any, is required before the user can log on again from that computer?

Selected Answer:    .No action is required.

Correct Answer:    .No action is required.

Feedback: Resetting the computer account causes the directory to resynchronize with the corresponding computer system. If the computer has not been changed, reconfigured in certain ways, disjoined from the domain, or replaced, no action is necessary. The answer "The account must be disabled and reenabled" is incorrect. This is not necessary and will have no effect on the computer account that has been reset. The answer "The operating system

must be reinstalled on the computer" is incorrect. There is no need to perform this task in this instance. The answer "The account must be reset again while a user with administrative rights is logged on" is incorrect. There is no need to reset the computer account again. (Discussion starts on page 263.)

   Question 27

1 out of 1 points  

You are the network administrator for a large kitchenware distributor in Sandusky, Ohio. The network comprises three Windows Server 2003 systems, two of which are configured as domain controllers. The third server is configured as a member server and hosts the corporate sales order-processing system. Active Directory is configured at the Windows 2000 mixed domain functional level. You are in the process of upgrading the company's 125 client computers from Windows 98 to Windows XP Professional. Most users will continue to use the same PC hardware, but the operating system will be upgraded. The exception is the Sales department, which will receive brand-new computers running Windows XP Professional. Their existing Windows 98 systems will be donated to a local school and will not be reused within the company. Which of the following do you do to allow the new Windows XP Professional systems to join the domain?

Selected Answer:

   Create a new account in Active Directory for each new Windows XP Professional system.

Correct Answer:

   Create a new account in Active Directory for each new Windows XP Professional system.

Feedback: A new computer account will be required for each of the new Windows XP Professional systems. The other answers are incorrect. Windows 98 systems can connect to the domain with Active Directory client software, but they do not have a corresponding computer account object. (Discussion starts on page 248.)

   Question 28

1 out of 1 points  

You are the network administrator for a telecommunications company in Mobile, Alabama. The network comprises three Windows Server 2003 systems, all of which are configured as domain controllers. The company employs 134 people, and all of them have a Windows XP Professional system. One morning, you get a call from a user who has received the following error message:Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance.The user logged on to the system without any problem the previous day, and you have received no other reports of users experiencing problems. You reset the computer account in Active Directory Users And Computers, but the user still cannot connect to log on to the domain. Which of the following do you try next?

Selected Answer:

   Change the computer system's membership to a workgroup, and then rejoin it to the domain.

Correct Answer:

   Change the computer system's membership to a workgroup, and then rejoin it to the domain.

Feedback: The final step in troubleshooting this kind of error is to change the computer system's membership to a workgroup and then rejoin it to the domain. 

The answer "Disable and reenable the computer account" is incorrect. This would likely have no effect on the situation. The answer "Disable and reenable the user account" is incorrect. The user and computer account are separate objects in Active Directory. The error is clearly related to the computer account rather than the user account, so disabling and enabling the user account would likely have no effect on the problem. The answer "Delete the existing computer account, and re-create a new computer account with the same name" is incorrect. Deleting the computer account is a last-resort measure. Like user accounts, computer accounts are assigned a SID when they are created, and the SID cannot be replicated. Even if the new computer account was created with the same name and attributes as the account that was deleted, the SID would still be different, and any group memberships or permission assignments would need to be recreated. (Discussion starts on page 264.)

   Question 29

1 out of 1 points  

You are the network administrator for a large public relations agency in Detroit. The company has four divisions, each of which is responsible for specific geographical regions internationally. The company operates on four floors of an office building, with each floor occupied by a department. The network comprises four Windows Server 2003 systems, one on each floor, and all of them are configured as domain controllers. Active Directory is operating at the Windows 2000 mixed domain functional level. All of the domain controllers are in the system-created Domain Controllers OU, but each department uses one of the servers as a file and print server, so your manager suggests that the domain controller for each department be moved to the corresponding OU in Active Directory. What issues, if any, can you see with her request?

Selected Answer:

   The domain controller computer accounts can be moved, but group policies must be implemented on the new OU to provide the same configurations that the domain controllers have in the Domain Controllers OU.

Correct Answer:

   The domain controller computer accounts can be moved, but group policies must be implemented on the new OU to provide the same configurations that the domain controllers have in the Domain Controllers OU.

Feedback: The Domain Controllers OU has the Default Domain Controller Policy GPO applied to it. If the domain controller computer accounts are moved, GPOs must be applied to the new OU in order for the domain controllers to receive the same level of protection and configuration that they receive in the Domain Controllers OU. The answer "None. The suggestion is easily implemented and requires no additional work other than moving the computer accounts" is incorrect. Additional administrative work is created by moving the domain controller computer accounts. The answer "Domain controller computer accounts must reside in the system-created Domain Controllers OU. They cannot be moved to another OU" is incorrect. Domain controller computer accounts can be moved to other OUs if necessary. The answer "The domain functional level must be raised to Windows Server 2003 before the domain controllers can be moved" is incorrect. The domain functional level does not affect whether domain controller computer accounts can be moved. (Discussion

starts on page 259.)

   Question 30

1 out of 1 points  

You are the network administrator for a small specialty auto parts manufacturer. The network comprises two Windows Server 2003 systems, both of which are configured as domain controllers. Active Directory is operating at the Windows 2000 mixed domain functional level. The company has recently created a new Research and Development department, and 25 new Windows XP Professional systems are being installed in that department. The users in the department will join the domain when they first use their PCs. Rather than have the computer accounts for the department created in the Computers container, you would like to have the computer accounts in the R&D OU so that they can immediately be subject to the group policy applied to that OU. Which of the following do you do to achieve this?

Selected Answer:

   Create the computer accounts in the R&D OU, and then have the users join the computers to the domain.

Correct Answer:

   Create the computer accounts in the R&D OU, and then have the users join the computers to the domain.

Feedback: When a computer joins the domain, it first searches Active Directory for a computer object that relates to it. If it finds one, it uses that computer account as its corresponding Active Directory object. The answer "Have users create the computer accounts during the domain joining process, and then move them from the Computers container to the R&D OU" is incorrect. Although this is a valid way of working with computer accounts, the accounts created in the Computers OU would not be immediately subjected to the R&D group policy. The answer "Apply the same group policy that is applied to the R&D OU to the Computers container" is incorrect. The Computers container is a system-created container. Group policies cannot be applied to it. The answer "Direct the users to specify the R&D OU for the computer account creation when they join the computers to the domain" is incorrect. You cannot specify the location of the computer account when the computer account is created as part of the domain joining process. Computer accounts are placed in the default location. (Discussion starts on page 254.)

   Question 31

1 out of 1 points  

You are the network administrator for a small graphic design house in Seattle, Washington. The company also has a sales office in New York with five employees. The network in Seattle comprises two Windows Server 2003 systems, both of which are domain controllers. Active Directory is configured at the Windows 2000 mixed domain functional level. The New York office, which is not yet connected to the Seattle office, is operating its network as a workgroup with a single Windows 2000 Server system providing file and print services. You have just implemented a VPN to create a WAN between the two sites.   The plan is to eventually implement a domain controller in New York for local authentication and disaster recovery purposes. However, the installation of that system must wait until you can travel to New York. In the meantime, one of the more technically capable users in New York has been asked to join the five Windows XP Professional workstations and the Windows 2000 server to the domain. The Windows Server 2003 system will become a member server. The user is able to join all five of the Windows XP Professional systems to the domain and create the related computer accounts, but he is unable to add the

Windows 2000 server system to the domain. Which of the following is the most likely cause of the problem?

Selected Answer:

   Users can create computer accounts only for workstations, not server systems.

Correct Answer:

   Users can create computer accounts only for workstations, not server systems.

Feedback: Users can create up to 10 computer accounts by virtue of the Add Workstations To Domain user right that is granted to the Authenticated Users special identity. However, this user right allows only workstations, not servers, to be added to the domain. In this example, the system is a Windows 2000 Server system, so the user cannot join it to the domain. The answer "Users are allowed to create only five computer accounts in Active Directory" is incorrect. Users can create up to 10 workstation computer accounts in Active Directory. The answer "The system is a Windows 2000 Server system and cannot be joined to an Active Directory running at a Windows Server 2000 mixed domain functional level" is incorrect. Windows 2000 Server systems can be added as member servers to Active Directory running at a Windows 2000 mixed domain functional level. The answer "Users can create computer accounts only in the Computers container, and a computer account for a server cannot be created in the Computers container" is incorrect. In terms of computer account creation, Active Directory does not differentiate between computers that are member servers and computers that are workstations. Both can be created in the Computers folder. (Discussion starts on page 257.)

   Question 32

1 out of 1 points  

You are the network administrator for a corporate finance house in Dallas, Texas. You are designing a network upgrade from a non-Windows operating system to Windows Server 2003. The plan is to have seven Windows Server 2003 systems running Active Directory at the Windows Server 2000 mixed domain functional level. To streamline the process of creating computer accounts and joining them to the domain, you want to create a batch file that can be run to create the computer accounts en masse. You also want to create a batch file that can be sent to users via e-mail, which will allow them to join their computer to the domain. You assign the task of creating the batch file to a junior administrator. She suggests that you use the Netdom utility for both tasks. What issues, if any, do you see with this proposed solution?

Selected Answer:    None. The solution is appropriate and valid.

Correct Answer:    None. The solution is appropriate and valid.

Feedback: The Netdom utility can be used to both create computer accounts in Active Directory and to join computer accounts to the domain. The other answers are incorrect. Netdom can be used to create computer accounts and to join computers to the domain, and it can be configured to create computer accounts in a specific location through the use of the /OU switch. (Discussion starts on page 254.)

   Question 1 out of 1 points  

33

You are the network administrator for an Internet-based craft supplies retailer. The network comprises three Windows Server 2003 systems, both of which are domain controllers. Active Directory is configured at the Windows 2000 mixed domain functional level. You want to configure the network so that any new computer accounts are created in the Workstations OU because you have created a new group policy and linked it to that OU. Which of the following do you do to make sure all new computer objects are created in that OU?

Selected Answer:

   Manually create computer accounts in the Workstations OU before the corresponding computer systems join the domain.

Correct Answer:

   Manually create computer accounts in the Workstations OU before the corresponding computer systems join the domain.

Feedback: At a Windows 2000 mixed domain functional level, you cannot reconfigure the default location for computer accounts that are created in the directory. To ensure that all computer accounts are created in the Workstations OU, you must create the accounts in that OU. Then, when a workstation is joined to the domain, it automatically locates the corresponding computer account object and uses it. The answer "Use Redircmp and specify the Workstations OU as the new default location for computer accounts" is incorrect. Redircmp can be used only when Active Directory is running at a Windows Server 2003 domain functional level. The answers "Use Dsadd and specify the Workstations OU as the new default location for computer accounts" and "Use Netdom and specify the Workstations OU as the new default location for computer accounts" are incorrect. Both of these utilities can be used to create computer accounts, but neither of them can be used to configure the default location for newly created computer accounts. (Discussion starts on page 259.)

 Question 1

0 out of 1 points  

When you work with NTFS permissions, what does a gray-shaded check box for a permission in the Security tab of a folder mean?

Selected Answer:

   The permission cannot be set because you have insufficient rights.

Correct Answer:    The permission is inherited.

Feedback: A gray-shaded check box in the Security tab for a folder indicates that the permission is inherited. All of the other answers are incorrect. (Discussion starts on page 296.)

   Question 2

0 out of 1 points  

By default, members of which Active Directory groups can assign ownership of an NTFS file or folder to another user?

Selected Answer:    Administrators, Server Operators

Correct Answer:    Administrators, Backup Operators, Server Operators

Feedback: The ability to assign ownership of a file or folder is derived from the Restore Files And Directories user right. Members of the Administrators, Server Operators, and Backup Operators groups all receive this right via the Default Domain Controllers Policy GPO. (Discussion starts on page 304.)

   Question 3

0 out of 1 points  

Which of the following is considered a standard NTFS permission?

Selected Answer:    List Folder/Read Data

Correct Answer:    List Folder Contents

Feedback: List Folder Contents is considered a standard NTFS permission. The others are considered special NTFS permissions. (Discussion starts on page 295.)

   Question 4

1 out of 1 points  

On a workgroup or a standalone Windows Server 2003 computer, membership of which of the following groups enables you to create a share?

Selected Answer:    Power Users

Correct Answer:    Power Users

Feedback: On a computer that is not a member of a domain, you must be logged on as a member of the Administrators or Power Users group to create file system shares. There is no group called Share Creators. The Account Operators and Server Operators groups are considered predefined Active Directory groups and so are found only on Windows Server 2003 systems that are domain controllers. (Discussion starts on page 283.)

   Question 5

1 out of 1 points  

Which of the following is a reason to create shares using the Shared Folders MMC snap-in rather than Windows Explorer?

Selected Answer:    You can create a share on a remote computer.

Correct Answer:    You can create a share on a remote computer.

Feedback: The Shared Folders MMC snap-in allows you to create shares on a remote system. Windows Explorer can be used to create shares only on the local system. The answer "You can assign permissions to the share at the same time that you create it." is incorrect. You can assign permissions at the same time that you create the share in Windows Explorer, just as you can when creating the share using the Shared Folders MMC snap-in. The answer "You can assign NTFS permissions as well as share permissions" is incorrect. The Shared Folders MMC snap-in is not

used to assign NTFS permissions. The answer "You automatically become the creator/owner of the folder that is shared" is incorrect. The creator/owner designation is associated with NTFS permissions, not share permissions. The choice of the tool used to create a share does not change the creator/owner designation of the folder you are sharing. (Discussion starts on page 286.)

   Question 6

1 out of 1 points  

What security principal is assigned as the owner of files and folders created by the operating system?

Selected Answer:    The Administrators group

Correct Answer:    The Administrators group

Feedback: When a file or folder is created by the operating system, the Administrators group is designated as the owner. All of the other answers are incorrect. (Discussion starts on page 304.)

   Question 7

1 out of 1 points  

True or False: The Write NTFS permission, when applied to a folder, gives the user the right to modify the folder attributes.

Selected Answer:  True

Correct Answer:  True

Feedback: When applied to a folder, the Write NTFS permission gives the user the right to create new files and subfolders inside the folder, modify the folder attributes, and view the ownership and permissions of the folder. (Discussion starts on page 296.)

   Question 8

1 out of 1 points  

Fill in the blanks: Every file and folder on an NTFS drive has an ____ containing ____ that define what security principals are assigned permissions to it.

Selected Answer:    ACL, ACEs

Correct Answer:    ACL, ACEs

Feedback: Every file and folder on an NTFS drive has an access control list (ACL) containing access control entries (ACEs) that define what security principals are assigned permissions to it. (Discussion starts on page 295.)

   Question 9

0 out of 1 points  

What are the default share permission assignments for a newly created share?

Selected Answer:

   Everyone special identity, Full Control permission

Correct    Everyone special identity, Read permission; Administrators

Answer: group, Full Control permission

Feedback: On a newly created share, the default permissions assigned are Read to the Everyone special identity, and Full Control to the Administrators group. All of the other answers are incorrect. The answer "Everyone special identity, Full Control permission" describes the default share permission assignments on versions of Windows prior to Windows XP. (Discussion starts on page 294.)

   Question 10

0 out of 1 points  

While browsing the shares on your system, you notice that systemroot\SYSVOL \sysvol\domainname\SCRIPTS is shared out as NETLOGON. What does this tell you about the system you are working on?

Selected Answer:    The system is a Windows NT 4 system.

Correct Answer:    The system is a domain controller.

Feedback: When you promote a Windows Server 2003 computer to a domain controller, the system shares the systemroot\SYSVOL\sysvol \domainname\SCRIPTS folder as NETLOGON to provide backward compatibility with Windows NT 4 domain controllers. The answer "The system has at least one shared printer" is incorrect. The system's status as a print server has no effect on the NETLOGON share. The answer "The system is a Windows NT 4 system" is incorrect. You are unlikely to find a folder called systemroot\SYSVOL\sysvol \domainname\SCRIPTS on a Windows NT 4 system. The answer "The system is a member server" is incorrect. The existence of a NETLOGON share indicates that the system is a domain controller, not a member server. (Discussion starts on page 281.)

   Question 11

0 out of 1 points  

Which of the following tasks can be performed with the Full Control share permission but not the Change share permission?

Selected Answer:    Deleting the file

Correct Answer:    Changing file permissions

Feedback: The Full Control share permission grants the security principal all rights to the file, including the ability to change the file permissions. The Change share permission allows users to create folders, add files to folders, change data in files, append data to files, change file attributes, delete folders and files, and perform actions permitted by the Read permission. It does not allow users to change file permissions. (Discussion starts on page 291.)

   Question 12

1 out of 1 points  

If a group is assigned the Change share permission to a folder, and a user who is a member of that group is assigned the Read share permission to that folder, what are the effective permissions for that user to the folder?

Selected Answer:    Change

Correct Answer:    Change

Feedback: In a scenario such as this, without restrictive permissions, the permissions are combined to give the greatest set of permissions. So, if the group is assigned the Change share permission and the user is assigned Read, the user's effective permission (because he is part of the group) is Change, which is the most permissive. The answer "Read and Change" is incorrect. Effective permissions are expressed as the most permissive permission, not a combination of permissions. The answer "None" is incorrect. A restrictive permission is granted by virtue of the fact that a right is denied to a security principal, but no restrictive permissions are assigned to a security principal in this example. The answer "Full Control" is incorrect. The Full Control permission is not assigned to any security principal in this scenario. (Discussion starts on page 279.)

   Question 13

0 out of 1 points  

You have created a folder called SALES and shared it out as SALESSHARE. The Sales group is assigned the Full Control share permission and the Change NTFS permission. The Sales department is being relocated from the sixth floor to the third floor. To place the data for the Sales group as near to them as possible, you are going to move the SALES folder to the server on the third floor. What happens to the share permissions on the folder after the move?

Selected Answer:    They remain as Full Control for the SALES group.

Correct Answer:    They are lost.

Feedback: Share permissions are lost when a folder is moved. The other answers are incorrect. (Discussion starts on page 292.)

   Question 14

1 out of 1 points  

If you create a share and append the $ symbol to the share name, how does this affect the share?

Selected Answer:

   The share is not shown when you browse the shares available on the system.

Correct Answer:

   The share is not shown when you browse the shares available on the system.

Feedback: Appending the $ symbol to a share name marks the share as hidden. You can still access the share with the appropriate permissions, but you cannot browse to the share, nor does it show up in the list of available shares for a system. The answer "The share is available only to users with Full Control share permissions" is incorrect. The $ symbol does not affect what permissions are required to access the share. The answer "The share is available only to users who are members of the Enterprise Admins, Domain Admins, or Administrators group" is incorrect. The $ symbol does not affect what group memberships are required to access a share. The answer "The share is inaccessible from any system other than the one on which it was created" is incorrect. The purpose of creating

shares is to make them available to systems other than the one on which they were created. (Discussion starts on page 281.)

   Question 15

0 out of 1 points  

Under what circumstances would you configure IIS to use Basic Authentication?

Selected Answer:

   You want to have the server collect user credentials and store them on the domain controller as an MD5 hash.

Correct Answer:

   None of the more secure authentication options is available.

Feedback: You should use Basic Authentication only when a more secure authentication option is not available. The answer "The application hosted by the server is written in the BASIC programming language" is incorrect. The language in which an application hosted by the system is written does not normally affect the type of authentication system used. The answer "You want to have the server collect user credentials and store them on the domain controller as an MD5 hash" is incorrect. This statement describes the Digest Authentication For Windows Domain Servers authentication method. The answer "You want the username and password for the user transmitted in the form of a hash that prevents eavesdroppers from accessing the user's credentials" is incorrect. This describes Integrated Windows Authentication. (Discussion starts on page 312.)

   Question 16

1 out of 1 points  

True or False: If a user is assigned the Read NTFS permission to a file, and a group of which the user is a member is denied all rights to the file, the user can still open the file.

Selected Answer:  False

Correct Answer:  False

Feedback: Denied permissions override allowed permissions, so if a group of which the user is a member is denied access to a file, that permission assignment cancels out the Read permission assigned directly to that user. (Discussion starts on page 279.)

   Question 17

0 out of 1 points  

You have configured a virtual directory alias of info for the E:\sales\information folder on the server. The Web site hosted by the server is www.contoso.com. Which of the following URLs do you use to access the virtual directory?

Selected Answer:    www.contoso.com/information

Correct Answer:    www.contoso.com/info

Feedback: The virtual directory alias feature allows you to specify a directory in another location on the network that will appear as a subdirectory of a Web site. If the virtual directory alias is info and the main Web site is www.contoso.com, the URL for the virtual directory is www.contoso.com/info. All of the other answers are incorrect.

(Discussion starts on page 311.)

   Question 18

1 out of 1 points  

To view the ownership, permissions, and attributes of a file, what is the minimum standard NTFS permission required?

Selected Answer:    Read

Correct Answer:    Read

Feedback: The minimum permission required to view the ownership, permissions, and attributes of a file is the NTFS Read standard permission. The Read & Execute, Modify, and Full Control standard permissions all grant more rights than those required to view the ownership, permissions, and attributes of a file. (Discussion starts on page 296.)

   Question 19

0 out of 1 points  

You are configuring IIS on a Windows Server 2003 system. After creating a new home page for your corporate intranet, you want to make it available to users. You are not using redirection of any kind. Where do you place the file?

Selected Answer:    C:\IIS\WWWROOT

Correct Answer:    C::\INETPUB\WWWROOT

Feedback: By default, IIS looks in the C:\INETPUB\WWWROOT folder for pages that comprise the default Web site. If you have created a new home page, you place it in this directory. All of the other answers are incorrect. (Discussion starts on page 309.)

   Question 20

1 out of 1 points  

You want a user to take ownership of a file or folder that she did not create. Which of the following groups do you not add her to?

Selected Answer:    Creator/Owner special identity

Correct Answer:    Creator/Owner special identity

Feedback: You cannot amend the membership of special identity groups such as Creator/Owner. By default, the Default Domain Controllers Policy GPO grants all of the other groups listed the Restore Files And Directories user right, which in turn grants the ability to take ownership of a file. However, the appropriateness of making the user a member of one of these groups depends on policy and best practice. (Discussion starts on page 304.)

   Question 21

1 out of 1 points  

Which of the following Net commands do you use to create a new share called DEV from the C:\development folder and allow up to five users to access the share at a time?

Selected Answer:

   net share DEV=c:\development /grant:users, read /users:5

Correct Answer:    net share DEV=c:\development /grant:users, read /users:5

Feedback: The correct use of the Net command to create a share is net share sharename=directorypath. The /grant:principals switch is used to specify what security principals are assigned access and what permissions are assigned. The /users:numusers switch is used to specify how many users are allowed to access a share at one time. All of the other answers are incorrect. (Discussion starts on page 288.)

   Question 22

0 out of 1 points  

A user called JohnP is experiencing problems deleting a file out of a folder on the server. Ordinarily he just opens the file—a report generated by the database hosted on the system—but in this case, the file has become corrupted and he needs to delete it. JohnP cannot delete the file, even though he believes he should be able to. You determine that he is accessing the report through a share called REPORTS, which was created on a folder called E:\REPORTS. When you investigate, you find the following permission assignments:Share Permissions on REPORTS:Everyone - ReadNTFS Permissions on E:\REPORTS:Everyone - Read & ExecuteSales - ModifyJohnP - Full ControlWhat are JohnP's effective permissions to the folder E:\REPORTS?

Selected Answer:    Read & Execute

Correct Answer:    Read

Feedback: When you calculate effective permissions on a folder that is accessed via a share, the most restrictive permission applies. In this case, the share permission for JohnP is Read by virtue of his membership in the Everyone special identity. As a member of the Sales group and the Everyone special identity, JohnP receives the Modify and Read & Execute NTFS permissions, but both of these are superseded by JohnP having the Full Control NTFS permission. However, the effective permission is dropped down to Read because the share permission is the most restrictive and thus becomes effective. All of the other answers are incorrect. (Discussion starts on page 279.)

   Question 23

0 out of 1 points  

You are the network administrator for a marketing company in Pensacola. One morning, you receive a call from a user called Psmith in the Marketing department who is experiencing problems accessing a spreadsheet in a folder. According to your system documentation, which is up to date, Psmith is a member of the Marketing group but holds no other group memberships. You check the permissions to the folder and see the following entries in the ACL:Sales - Deny AllPsmith - ReadSjones - ModifyEveryone - Write

Based on the entries in the ACL, what should Psmith be able to do with the file?

Selected Answer:    [None Given]

Correct Answer:    Open the file, make changes, and save it as a new file.

Feedback: Psmith receives the Read permission from his user permission assignment and the Write permission from his membership in the Everyone special identity. These nonrestrictive permissions result in him receiving the greatest set of permissions, which in this case is Write. With the Write permission, Psmith can open the file, make changes to it, and save it as a new file. The answer "Open the file but not make any changes" is incorrect. It would be correct only if the user did not receive the Write permission as part of the Everyone special identity. The answer "Open the file but not save it as a new file" is also incorrect, for the same reason. The answer "He should not be able to open the file" is also incorrect. The user is not a member of the Sales group, which is denied all access, so he has at least the Read permission assigned to his user account. (Discussion starts on page 279.)

   Question 24

0 out of 1 points  

A user is assigned the Change share permission to the \\SERVER2\DATA share that represents the C:\Data folder on Server2. The user connects to the DATA share across the network and opens a file from the \\SERVER2\DATA\SALES folder. He then decides that he no longer needs that file, and he tries to delete it. However, he is unable to do so and receives an error. Which of the following is a possible explanation for this?

Selected Answer:

   [None Given]

Correct Answer:    NTFS permissions are restricting the user's access to the folder.

Feedback: Of the answers listed, the only possible explanation for this situation is that NTFS permissions are restricting the user's access to the folder. When share and NTFS permissions are combined, the most restrictive permission applies. In this scenario, the user might have been assigned an NTFS permission that is more restrictive than the Change share permission, either as a user or as a member of a group. This would prevent the user from deleting the file. The answer "The user is a member of a group that is assigned the Read share permission to the DATA share" is incorrect. The user's membership in this group would have no effect. The user's Change permission would be effective because share permissions combine to provide the highest level of access, which in this case is Change. The answer "Share permissions on the SALES folder in the DATA share are preventing the user from deleting the file" is incorrect. When you connect to a share across the network, shared folder permissions apply to the share and thus any folders that are subfolders of the folder that is shared. You cannot apply a different set of share permissions to the subfolders of the share without creating a new share at that point. Even then, the user must connect directly to that new share point to be subject to those share

permissions. The answer "The user is a member of a group that has been denied all permissions to the DATA share" is not a possible explanation. Deny permissions overri

   Question 25

0 out of 1 points  

You are configuring permissions for users on your network. If a user is assigned the Modify NTFS permission to the C:\DATA folder and the Read permission to the C:\DATA\SALES folder, what is the user's effective permission to the C:\DATA \SALES folder, assuming that no other NTFS permission or share permission assignments have been made and that permission inheritance is not blocked?

Selected Answer:    [None Given]

Correct Answer:    Read.

Feedback: An explicit permissions assignment overrides a permission assignment at a higher level in the directory tree. In this case, the Read permission assigned to the user on the C:\DATA\SALES folder overrides the Modify permission assignment on the C:\DATA folder. Therefore, the user's permissions are Read to the C:\DATA\SALES folder. The answer "Modify" is incorrect. If no subsequent permission assignment was made, the user's permission would be Modify (as long as permission inheritance had not been blocked). The answer "Full Control" is incorrect. In this case, the most permissive permission assigned is Modify. No circumstances in this scenario would grant the user Full Control permissions. The answer "There is insufficient information to answer this question" is incorrect. There is sufficient information to answer this question. (Discussion starts on page 279.)

   Question 26

0 out of 1 points  

You are the network administrator for a publishing company in San Diego. One morning, a user calls to complain that he cannot delete a file from a shared folder. You locate the folder, and in the Advanced Security Settings dialog box, you select the Effective Permissions tab. You see that the user should indeed be able to delete the file. Which of the following might be the cause of the problem?

Selected Answer:

   [None Given]

Correct Answer:

   The effective permissions display does not factor in share permissions.

Feedback: The effective permissions calculations made in the Effective Permissions tab of the Advanced Security Settings dialog box factor in only NTFS permissions and do not include share permissions, which might be more restrictive. All of the other answers are incorrect. Explicit permissions to groups, explicit permissions to users, and explicit memberships in domain local groups are considered in the effective permissions calculations. (Discussion starts on page 303.)

   Question 27

0 out of 1 points  

You have just taken over as the network administrator for a paper manufacturer in Springfield, Ohio. You are in the process of implementing a new file structure to better accommodate users' needs and make file access more secure. Today, you are working on the E:\SALES folder structure, which is used by the 65 users in the Sales department. All 65 users need the ability to read files in the folder and run programs from that folder. In addition, three managers need the ability to edit and delete files in that folder. All of the users and managers in the Sales department are members of the SALES group. Which of the following statements best describes how to configure permissions to meet these requirements?

Selected Answer:

   [None Given]

Correct Answer:

   Create a share, and assign the Full Control share permission to the SALES group. Assign the SALES group the NTFS Read & Execute permission. Assign the three managers in the Sales department the NTFS Modify permission.

Feedback: Creating a share and assigning the Full Control share permission to the SALES group eliminates the share as a restrictive permission source for members of the group. Assigning the SALES group the NTFS Read & Execute permission then grants the users in the SALES group the rights needed to open files and run programs. Finally, giving the NTFS Modify right to the three managers allows them to read, write to, and delete files in the folder. The answer "Create a share, and assign the Modify share permission to the SALES group. Assign the SALES group the NTFS Read & Execute permission. Assign the three managers in the Sales department the NTFS Modify permission" is incorrect. The available permissions for a share are Read, Change, and Full Control. Modify is not a valid share permission. The answer "Create a share, and assign the Read share permission to the SALES group. Assign the SALES group the NTFS Read & Execute permission. Assign the three managers in the Sales department the NTFS Modify permission" is incorrect. If you assign the Read permission to the Share for the SALES group, it becomes the most restrictive permission. Granting any level of NTFS permissions above Read has no effect. The answer "Create a share, and assign the Full Control share permission to the SALES group. Assign the SALES group the NTFS Read permission. Assign the three managers in the Sales department the NTFS Modify permission" is incorrect. Assigning only the NTFS Read permi

   Question 28

0 out of 1 points  

You are the network administrator for a small furniture manufacturing company in Portland, Oregon. The network comprises three Windows Server 2003 systems, all of which are configured as domain controllers. Each server has three disk drives in it. One drive is dedicated to the system and boot partition, and the other two drives hold the company sales order-processing database. All of the drives use NTFS.One day, a user reports that she has been configuring a folder that she created, removing all of the users, including herself, from the ACL. Now she is unable to access the files in the folder. How do you restore her access to the files in the folder?

Selected Answer:

   [None Given]

Correct Answer:    Have the user assign herself permission to the folder again.

Feedback: When a user creates a file or folder, she automatically becomes the owner of that file. The owner of a file or folder has the right to modify the ACL, which is how the user was able to edit the ACL in the first place. Even though she cannot see the files in the folder, she can still access and edit the ACL for the folder and add herself and other users back into it. The answer "Restore the folder and its files from a backup taken before the user made the changes" is incorrect. There is no need to do this to restore access to the files. The answer "Retake ownership of the folder, and reassign permissions to the users as necessary" is incorrect. There is no need to perform this action to restore the users' access to the files. The answer "Assign the user to the Creator/Owner special identity so she can edit the ACL" is incorrect. You cannot edit the membership of a special identity such as Creator/Owner. (Discussion starts on page 304.)

   Question 29

0 out of 1 points  

You are the network administrator for a small craft supplies wholesaler in Memphis. You have a single server running Windows Server 2003. You are using the FAT file system and rely on share permissions to control access to data. You share out the E:\SALES folder as SALES and assign the Sales group the Full Control share permission. You then share out the E:\SALES\REPORTS folder as REPORTS and assign the Sales group the Read permission to the share. Which of the following actions can users not take on a file in the E:\SALES\REPORTS folder if they connect to the SALES share?

Selected Answer:    [None Given]

Correct Answer:    Change the permissions on a file

Feedback: The ability to change file permissions is granted by the Full Control share permission, but file permissions (NTFS) are available only on drives that use the NTFS file system. In this case, you are using FAT, so even though you have the Full Control share permission (by virtue of the fact that you connected through the SALES share), you still cannot configure file permissions. All of the other answers are incorrect. You can open a file, delete a file, or change the attributes of a file because your effective permissions are those granted at the share from which you entered the file system. Even if you enter another folder that is shared out, you are still subject to the permissions granted at the share where you entered. (Discussion starts on page 292.)

   Question 30

0 out of 1 points  

You are troubleshooting a file access problem reported by a user called SallyJ from the Sales department. As a member of that department, she is a member of the Sales group. She is connecting to a shared folder called DATA, which is shared on the E:\DATA folder. You examine the share permissions and NTFS permissions on the folder and see the following:Share permissions for DATA share:Sales - ChangeNTFS permissions for E:\DATA folder:

Sales - WriteSallyJ - Read&ExecuteNo permissions are applied to any files in the folder. What should SallyJ be able to do in the folder?

Selected Answer:

   [None Given]

Correct Answer:    Open files, make changes to those files, and create new files.

Feedback: SallyJ's effective permission is Write because, although it is the more powerful of the NTFS permissions, it is the most restrictive permission of the share and NTFS permissions. Therefore, it becomes the effective permission for SallyJ. The Write NTFS permission allows you to open a file, make changes to that file, and create new files. All of the other answers are incorrect. (Discussion starts on page 291.)

   Question 31

0 out of 1 points  

You are the network administrator for a plumbing hardware wholesaler in Rochester, New York. The network comprises two Windows Server 2003 systems, both of which are domain controllers. Each server has two disk drives in it, one that holds the system and boot partitions and another, called STORAGE, that is used to store the company's sales order-processing database, inventory database, and files. Four shares have been created on the server: SALES, INVENTORY, DATA, and ARCHIVE. The permissions on the shares are set to Full Control for the Everyone special identity. Folders in the shares are controlled via NTFS permissions.One Monday, you arrive at work to find that the STORAGE drive has failed. Fortunately, your regular supplier is able to deliver a replacement drive within an hour, and you install it in the server. After formatting the drive, You restore the data from the previous night's backup and then perform a quick check to make sure the data restore is successful. It is, so you inform users that they can use the sales order-processing system and the inventory database. However, it quickly becomes apparent that users cannot access either of these applications—they receive CANNOT READ DATAFILE errors when they try to start either application. Which of the following might be the cause of the problem?

Selected Answer:

   [None Given]

Correct Answer:

   The shares that the users used to connect to the server were removed.

Feedback: One disadvantage of using shares is that share information is not included in a backup. Therefore, if you have to restore from a backup, you must re-create shares, and the appropriate share permissions, before users can access data via the shares. The answer "The NTFS permissions on the folders were reset to Read for the Everyone special identity during the restore process" is incorrect. NTFS permissions are restored intact. They would not change from their state when the folder was backed up. The answer "The ACLs for the folders were re-created by the restore process and are now empty" is incorrect. ACLs are not re-created by the restore process. The answer "The shares that the users used to connect to the server

were automatically set to deny access to the Everyone special identity, as a security precaution" is incorrect. This is not the cause of the problem. (Discussion starts on page 291.)

   Question 32

0 out of 1 points  

You are the network administrator for a small company that develops integrated circuit chips for mobile communications manufacturers. The company network comprises a single Windows Server 2003 system that provides file and print services to the company's 25 users. Three of the users are working on a top-secret project. They require a folder on the server that only they can access. Auditing is enabled on the server, but the manager wants to make sure that no one, including the Administrator, can access the files except the three engineers working on the project.The manager asks you to remove all entries from the ACL for the folder for users, groups, and special identities other than the three engineers. Will this prevent all others from seeing or opening the files in the folder?

Selected Answer:

   [None Given]

Correct Answer:

   No. Someone else might be able to open or see the files, but you will be able to tell if this has occurred.

Feedback: Any user who is a member of the Backup Operators or Server Operators group can take ownership of a file because they are given this right via the Default Domain Controllers Policy GPO. However, if a user in this group takes ownership of the file and opens it, you will be able to tell because the ownership of the file will change and the event will be recorded by the auditing process. (Discussion starts on page 304.)

   Question 33

0 out of 1 points  

You have configured a share for the Sales department called REPORTS and assigned all of the users in the department the Read share permission. You have also selected the All Files And Programs That Users Open From The Share Will Be Automatically Available Offline option in the Offline Settings dialog box. What happens if a user has a report open from the REPORTS share and the server becomes unavailable?

Selected Answer:

   [None Given]

Correct Answer:    The files will be available offline but will have no security on them.

Feedback: When the All Files And Programs That Users Open From The Share Will Be Automatically Available Offline option is selected, any file that the user is working on is cached locally, but security that would be offered by the share is lost. Therefore, in this scenario the user will be able to access the files and work on them while the server is down, but the files will have no security on them. The answer "The files will be available offline, but access to the files will be controlled by the share permissions just as if they were being accessed from the server" is incorrect. The share permissions would no longer be effective. The answer "The files will be available offline, but only if a connection

can be established to a domain controller that can verify the entries in the ACL" is incorrect. Share permissions are not stored in the ACL of a file. The answer "The files will not be available offline" is incorrect. If the All Files And Programs That Users Open From The Share Will Be Automatically Available Offline option is selected in the Offline Settings dialog box, the user will still be able to read the file if a connection to the server is lost. (Discussion starts on page 289.)

   Question 34

0 out of 1 points  

You are the network administrator for a charity based in Dallas, Texas. You have a single Windows Server 2003 system, running Active Directory, that provides file and print server services to 50 users. The system was donated by a local business, and while it is powerful enough for your needs, storage capacity on the server is limited. Your manager has assured you that as soon as funds become available, you will be able to purchase an additional disk drive, but in the meantime he has asked you to use any available means to control the storage situation. As a result, you have implemented disk quotas so that one user cannot monopolize all the available disk space. After creating a new directory structure for a user and copying a number of large files from the user's workstation to the server, you want to make sure the files are counted toward the user's disk quota. Which approach are you most likely to use?

Selected Answer:

   [None Given]

Correct Answer:

   While logged on as a user account that is a member of the Server Operators group, assign ownership of the files to the user.

Feedback: Of the approaches listed, the simplest is to assign ownership of the files to the user. To do this, you must be logged on with an account that has the Restore files and directories user right. Members of the Server Operators group have this right, as do members of the Administrators and Backup Operators groups. The answer "Make the user a member of the Administrators group, which allows her to take ownership of the files. Once she has done that, remove her from the Administrators group" is valid, but it is not the most likely approach. The answer "Make the user a member of the Creator/Owner special identity to allow her to take ownership of the files" is incorrect. You cannot modify the membership of the Creator/Owner special identity. The answer "Give the user the Modify NTFS permission so she can take ownership of the files" is incorrect. The Modify NTFS permission does not allow the security principal in possession of the right to take ownership of a file or folder. (Discussion starts on page 304.)

 Question 1

1 out of 1 points  

Which of the following is not a standard permission that can be assigned to a printer?

Selected Answer:    Manage Properties

Correct Answer:    Manage Properties

Feedback: Manage Properties is not a standard printer permission on Windows Server 2003. Print, Manage Printers, and Manage Documents are all standard permissions on Windows Server 2003. (Discussion starts on page 335.)

   Question 2

1 out of 1 points  

Where do you look to see if a printer is in offline mode?

Selected Answer:    Printers And Faxes folder

Correct Answer:    Printers And Faxes folder

Feedback: You can see if a printer is in offline mode by looking in the Printers And Faxes folder. You cannot determine the offline state of a printer through Event Viewer or the Services utility. There is no Printer Management MMC snap-in. (Discussion starts on page 345.)

   Question 3

1 out of 1 points  

In what tab of a printer's properties do you configure printer pooling?

Selected Answer:    Ports

Correct Answer:    Ports

Feedback: Printer pooling is configured in the Ports tab of a printers properties. All of the other answers are incorrect. (Discussion starts on page 338.)

   Question 4

1 out of 1 points  

Which of the following UNC paths do you use to connect to the LASERJ printer on the SALES6 server?

Selected Answer:    \\SALES6\LASERJ

Correct Answer:    \\SALES6\LASERJ

Feedback: Standard UNC naming is \\servername\sharename. In this case, because you are connecting to the LASERJ printer on the SALES6 server, the correct UNC path is \\SALES6\LASERJ. (Discussion starts on page 332.)

   Question 5

1 out of 1 points  

In what tab of a printer's properties do you configure redirection of print jobs?

Selected Answer:    Ports

Correct Answer:    Ports

Feedback: Printer redirection is configured in the Ports tab of a printer's properties. It cannot be configured in the Advanced, Device Settings, or General tab. (Discussion starts on page 340.)

   Question 6

1 out of 1 points  

Where do you look to see error messages related to the spooler service?

Selected Answer:    Event Viewer, System log

Correct Answer:    Event Viewer, System log

Feedback: Spooler-related events are written to the System log of Event Viewer. They are not written to the Security or Application log. There is no Event Viewer log called Print. (Discussion starts on page 345.)

   Question 7

1 out of 1 points  

Where do you configure a printer for use with A4-size paper rather than Letter?

Selected Answer:    The Device Settings tab of the printer's properties

Correct Answer:    The Device Settings tab of the printer's properties

Feedback: The paper size selection, more properly referred to as assigning forms to trays, is performed in the Device Settings tab of the printer's properties. All of the other answers are incorrect. (Discussion starts on page 336.)

   Question 8

1 out of 1 points  

Which of the following is not a counter you can add to the Performance console when you monitor printing activity?

Selected Answer:    Offline Errors

Correct Answer:    Offline Errors

Feedback: Offline Errors is not a Performance console counter that can be added to the Performance console. If you needed to monitor information about when a printer is offline, you use the Not Ready Errors counter. All of the other answers are valid counters that can be used in the Performance console to monitor printing. (Discussion starts on page 341.)

   Question 9

1 out of 1 points  

While using the Performance console to monitor printing, you notice that the Job Errors counter for a high-performance laser printer is 15. What does this tell you?

Selected Answer:

   Since the spooler was started, 15 Job Errors have been recorded.

Correct Answer:    Since the spooler was started, 15 Job Errors have been recorded.

Feedback: The Job Errors counter specifies the number of Job Errors that have been recorded since the spooler was started. The answers "Since the printer was last offline, 15 Job Errors have been recorded" and "Since you started monitoring the printer, 15 Job Errors have been recorded" are incorrect. The number of Job Errors is measured from the last time the spooler was started. 

The answer "The number of actual errors experienced by print jobs is 15" is incorrect. Although this might in fact be the case, a single print job might experience multiple errors and only record a single Job Error, so it is not a reliable gauge of the number of actual errors experienced by print jobs. (Discussion starts on page 341.)

   Question 10

1 out of 1 points  

You create four logical printers called SALES, RESEARCH, MARKETING, and MANAGEMENT. You assign the SALES printer a priority of 10, The RESEARCH PRINTER a priority of 8, the MARKETING printer a priority of 5, and the MANAGEMENT printer a priority of 2. If a document is sent to each of the logical printers at exactly the same time, which one will print first?

Selected Answer:    SALES

Correct Answer:    SALES

Feedback: In terms of printer priority, the highest value that can be assigned to a printer is 99, and the lowest is 1. In this scenario, the SALES printer has the highest priority. (Discussion starts on page 339.)

   Question 11

1 out of 1 points  

The laser printer on the third floor has failed. To provide users with some printing capability, you decide to redirect the logical printer for the failed printer to the laser printer on the second floor. What happens to print jobs that are already printing?

Selected Answer:    They are not printed.

Correct Answer:    They are not printed.

Feedback: When a printer is redirected, any job that is printing at the time of the redirection is not redirected to the new printer. The print job must be resent. The other answers are incorrect. (Discussion starts on page 340.)

   Question 12

1 out of 1 points  

True or False: You can use the Ping utility to prove that the printer is connected to the network, powered on, and online.

Selected Answer:  False

Correct Answer:  False

Feedback: Successfully pinging a printer proves that it is connected to the network and powered on, but it does not prove that it is online. A printer will reply to a ping even if it is not online. (Discussion starts on page 345.)

   Question 13

1 out of 1 points  

You have created a printer on a Windows Server 2003 system. During the creation process, you shared the printer out, but now you want to configure the printer so it is not listed in Active Directory. Which of the following is the correct way to do this?

Selected Answer:

   Select the printer icon in the Printers And Faxes window and, from the File menu, select Sharing. Clear the List In The Directory check box.

Correct Answer:

   Select the printer icon in the Printers And Faxes window and, from the File menu, select Sharing. Clear the List In The Directory check box.

Feedback: For a printer to not be listed in Active Directory, the List In The Directory check box in the Sharing tab of the printer's properties must be cleared. You can access this tab by selecting the printer icon in the Printers And Faxes window and selecting Sharing from the File menu. The answer "Select the printer icon in the Printers And Faxes window and, from the File menu, select Properties. In the General tab, clear the List In The Directory check box" is incorrect. The List In The Directory check box is in the Sharing tab, not the General tab. The answer "Select the printer icon in the Printers And Faxes window. Right-click the icon, and deselect List In The Directory on the menu" is incorrect. You cannot clear the List In The Directory option in this way. The answer "Locate the corresponding printer object in Active Directory Users And Computers, and delete or disable it" is incorrect. When a printer is listed in Active Directory, a printer object for it is not created in Active Directory. Therefore, there is no Active Directory printer object that can be deleted through Active Directory Users And Computers. (Discussion starts on page 330.)

   Question 14

1 out of 1 points  

You have created a printer called SALES LASER on the SALES server. What is the default share name for the printer?

Selected Answer:    SALESLAS

Correct Answer:    SALESLAS

Feedback: When you first share out a printer, the default share name is the first eight nonblank characters of the printer name. In this case, because the printer name is SALES LASER, the default share name uses SALES, ignores the space, and then uses the first three characters of the second word, LAS. The result is SALESLAS. All of the other answers are incorrect. (Discussion starts on page 326.)

   Question 15

1 out of 1 points  

After you create a new printer and share it out, users can start printing to the device even if you have not made any permission assignments for the printer. How is this possible?

Selected Answer:

   The default permission assignment for a newly created printer is Everyone, Print.

Correct Answer:

   The default permission assignment for a newly created printer is Everyone, Print.

Feedback: When you create a printer on a Windows Server 2003 system, the Everyone special identity is assigned the Print permission. This enables users to start printing to a newly created printer without any

additional permission assignments. All of the other answers are incorrect. (Discussion starts on page 335.)

   Question 16

1 out of 1 points  

You have created a printer pool of three printers: HPLASER1, HPLASER2, and HPLASER3. Three users print to the printer pool at exactly the same time. If one of the jobs is significantly larger than the others, which of the printers will the print job be output from?

Selected Answer:    There is no way of knowing.

Correct Answer:    There is no way of knowing.

Feedback: When you create a printer pool, which printer services a particular job has nothing to do with the size of the job. All of the other answers are incorrect. (Discussion starts on page 338.)

   Question 17

1 out of 1 points  

True or False: When you install a printer that is connected directly to the Windows Server 2003 system, the installation process does not create a logical printer device for it.

Selected Answer:  False

Correct Answer:  False

Feedback: A logical printer is required for printers that are connected directly to the network and for printers that are connected directly to a Windows Server 2003 system. The logical printer is created when the printer is added to the system. (Discussion starts on page 324.)

   Question 18

1 out of 1 points  

Your manager has asked you to configure the company's Windows Server 2003 system so users in the Sales department can be charged for the use of a high-resolution color laser printer to which the department has exclusive access. Which of the following are you most likely to do to achieve this?

Selected Answer:    Use the Performance console to monitor printer usage.

Correct Answer:    Use the Performance console to monitor printer usage.

Feedback: By using the Total Jobs Printed or Total Pages Printed counters, you can get an accurate total for the printer usage. The answer "Implement auditing on the color printer" is incorrect. Although you can implement auditing to track how many jobs are printed, this approach is less than ideal because a number of events can be created for a single print job. The answer "Enable disk quotas for the spool directory" is incorrect. Disk quotas are implemented on a volume, not on the directory level. They would not be an accurate measure of printer usage anyway. The answer "Configure the properties of the printer so printed documents are kept after they have been printed" is incorrect.

Keeping jobs that have printed is an option in the Advanced tab of a printer's properties, but this would involve keeping a number of potentially large print jobs on the disk, which is not a great use of available disk space. (Discussion starts on page 340.)

   Question 19

1 out of 1 points  

You have installed a laser printer and connected it directly to the network. You created logical printers on 7 of 10 Windows 98 workstations and configured the logical printers to point to the newly installed printer. When the printer runs out of paper, which systems receive the error message generated by the printer?

Selected Answer:

   Only the PC that is printing a job or has a job at the front of the print queue

Correct Answer:

   Only the PC that is printing a job or has a job at the front of the print queue

Feedback: When you are not using a print server, each system that prints to the printer does so with no knowledge of the other users of the printer. If the printer generates an error message, it appears only on the system that is printing the current job. All of the other answers are incorrect. (Discussion starts on page 325.)

   Question 20

1 out of 1 points  

You are the network administrator for a small book distribution company. The network comprises 2 Windows Server 2003 systems, 3 Windows 2000 Professional workstations, and 11 Windows 98 systems. The company uses two laser printers that are connected directly to the network. One of the Windows Server 2003 systems is configured as the print server for both printers. You have subscribed to an e-mail notification system provided by the printer manufacturer, which informs you that new printer drivers are available for Windows 98 and Windows Server 2003. No new drivers are available for Windows 2000. Which of the following procedures do you follow to install and update the printer drivers?

Selected Answer:

   On the Windows Server 2003 systems, update the drivers for both Windows Server 2003 and Windows 98. In addition, install the Windows 98 drivers on the client systems.

Correct Answer:

   On the Windows Server 2003 systems, update the drivers for both Windows Server 2003 and Windows 98. In addition, install the Windows 98 drivers on the client systems.

Feedback: You must install the new driver on both the client and the server because client computers running Windows 95 or Windows 98 do not check for updated printer drivers after the initial download of the driver. Therefore, if a new driver is available, it must be installed on both the server and the client systems. The answer "On the Windows Server 2003 systems, update the drivers for both Windows Server 2003 and Windows 98" is incorrect. You would need to install the new driver on the client systems as well. The answer "On the Windows Server 2003 systems, update the drivers for both Windows Server 2003 and Windows 98. Select the Automatic Update Of Clients option in the Sharing tab of the printer's properties" is incorrect. There is no Automatic Update Of Clients option in the Sharing tab of a printer's properties. 

The answer "Install the new Windows 98 drivers on the Windows 98 client systems. Install the Windows Server 2003 drivers on the server" is incorrect. You would need to update the drivers for Windows 98 on the server system as well. (Discussion starts on page 330.)

   Question 21

1 out of 1 points  

You are the network administrator for a bank. The network comprises 3 Windows Server 2003 systems, 23 Windows 98 client systems, 3 Windows NT 4 systems, and 14 Windows XP Professional systems. You have one laser printer that is connected directly to the network. One of the servers is configured as a print server for the printer, and the Windows 98 and Windows XP Professional systems all have a logical printer configured that connects to the printer via the print server. The Windows NT 4 workstation systems print directly to the printer across the network. You have just purchased a new printer and are in the process of configuring it. The users on the Windows NT 4 workstation systems do not need to access it. The new printer will be attached directly to the print server by a parallel interface. What platforms do you install drivers for when you configure the printer?

Selected Answer:

   Windows Server 2003, Windows XP Professional, and Windows 98

Correct Answer:

   Windows Server 2003, Windows XP Professional, and Windows 98

Feedback: A driver must be installed for every operating system that will access the printer through the print server. The fact that the printer is directly attached to the print server does not change this requirement. All of the other answers are incorrect. (Discussion starts on page 330.)

   Question 22

1 out of 1 points  

You are the network administrator for a large department store. The network comprises 3 Windows Server 2003 systems and 134 workstations, and 47 of those workstations are configured as point-of-sale terminals. There are 27 printers, all of which are connected directly to the network. Each of the seven customer service desks has a PC and a color laser printer. The PCs are for customers to browse the company's online catalog and to print product information sheets. However, your manager has learned that someone might be using one of the PCs and color laser printers to print personal material after hours. He asks you to enable auditing on the printer to determine if this is indeed the case. You enable auditing on the printer, but when you review the Security log the following evening, there are no entries of any kind, even though you know that legitimate printing was done during the day. What is the most likely cause of the problem?

Selected Answer:    Object auditing might not be enabled.

Correct Answer:    Object auditing might not be enabled.

Feedback: For printer auditing to work, you must enable the Audit Object Access policy. If you do not, no events of any type are recorded. The answer "Audit events are not recorded in the Security log" is incorrect. Audit events are recorded in the Security log of Event Viewer. The answer "Users are creating print jobs as the special identity Everyone and are therefore not subject to auditing" is incorrect. Special identities are not exempted from auditing. 

The answer "You cannot audit successful print jobs—only failed print jobs" is incorrect. You can audit both failed and successful print jobs. (Discussion starts on page 343.)

   Question 23

1 out of 1 points  

You are the network administrator for a sporting goods wholesaler. The network comprises 2 Windows Server 2003 systems, 23 Windows 98 workstations, and 4 Windows 2000 Professional workstations. The company has two high-speed laser printers that are connected directly to the network. A user with a Windows 98 workstation reports that he is having problems printing from Microsoft Word. When you visit the user's workstation, you discover that he cannot print from any other application on the workstation either, even though he was able to earlier in the day. You log on as yourself, attempt to print, and are able to do so. In addition, the user at the next desk, who is also using a Windows 98 workstation, is able to print from Word and Microsoft Excel to the same printer that the user is attempting to print to. What is the most likely cause of the problem?

Selected Answer:    The user has become disconnected from the printer.

Correct Answer:    The user has become disconnected from the printer.

Feedback: Even though it might not be apparent, the most likely answer based on a process of elimination is that the user has become disconnected from the printer. If the user logs back on again, the printer will probably be reconnected and the user will be able to print. The answer "The printer driver on the user's workstation is corrupted" is incorrect. If you are able to print while logged on with your user ID, the printer driver on the workstation is most likely not corrupted. The answer "A job-specific printer configuration is preventing the user from printing" is incorrect. Although a job-specific printer configuration might prevent a user from printing, the user has tried to print from two different applications, so this is unlikely to be the problem because the incorrect job specification would have to be the same in both applications to prevent the user from printing. The answer "The printer driver on the server has become corrupted" is incorrect. Given that you and the user at the next desk are both able to print to the printer, it is unlikely that the printer driver on the server has become corrupted. (Discussion starts on page 344.)

   Question 24

1 out of 1 points  

You are the network administrator for a stock brokerage. The network comprises 2 Windows Server 2003 systems and 57 Windows XP Professional workstations. You have three network-attached printers that are hosted by one of the Windows Server 2003 systems that is configured as the print server. Two of the printers are Hewlett-Packard LaserJet 4050s and are named Accounts and Admin. The third printer is a Hewlett-Packard DeskJet printer, which is called Publish. The Accounts and Publish printers are on the first floor of the building, and the Admin printer is on the second floor.One morning, a user from the Accounting department reports that her print job has stopped coming out of the Accounts printer, with only 43 of 75 pages printed. Fourteen other jobs are in the print queue behind the job that has stopped. You check that print queue and find that the print job indeed appears to be stuck in the print queue, with only half of it printed. You determine that the printer has actually stopped printing altogether and will not even print a test page. You check the print queue again and find that there are now 21 print jobs in the print queue. Which of

the following do you do next?

Selected Answer:

   Redirect the logical printer to the Admin printer. Tell the user to resend her print job to the queue. Notify all of the users of the Accounts printer that their print jobs will be printed on the Admin printer.

Correct Answer:

   Redirect the logical printer to the Admin printer. Tell the user to resend her print job to the queue. Notify all of the users of the Accounts printer that their print jobs will be printed on the Admin printer.

Feedback: When you have a problem such as this, you can use redirection to send the jobs from the print queue to another printing device. However, the printing device that you send the jobs to must use the same printer driver as the original device, and any job that is partially printed must be resent. In this example, only the Admin printer is of the same type as the Accounts printer. The answer "Redirect the logical printer to the Admin printer. Tell the user to collect the rest of her job from the Admin printer. Notify all of the users of the Accounts printer that their print jobs will be printed on the Admin printer" is incorrect. The user must resend the print job that was partially printed. The answers that include redirecting the logical printer to the Publish printer are incorrect. The Publish printer is a completely different type of printer and would not use the same drivers as the original printer. (Discussion starts on page 340.)

   Question 25

1 out of 1 points  

You are the network administrator for a large real estate company. You have configured two logical printers with one physical printing device. One logical printer called RESIDENTIAL is assigned to the residential sales team. The other, called COMMERCIAL, is assigned to the commercial sales team. You assign the COMMERCIAL printer a priority of 10 and the RESIDENTIAL printer a priority of 1. There are currently seven jobs in the RESIDENTIAL print queue. What happens when a print job is sent to the COMMERCIAL print queue?

Selected Answer:

   The currently printing job is completed, and then the print job from the COMMERCIAL queue is printed.

Correct Answer:

   The currently printing job is completed, and then the print job from the COMMERCIAL queue is printed.

Feedback: Jobs sent to a higher-priority logical printer (1 is the lowest, 99 the highest) take precedence over jobs in a queue for a lower-priority logical printer. However, when a job from a higher-priority queue is sent to the printer, if a job from a lower-priority queue is already printing, that job is allowed to finish before the higher-priority job is printed. The answer "The currently printing job is paused, and the print job from the COMMERCIAL queue is printed" is incorrect. The currently printing job is allowed to finish first. The answers "All of the jobs in the RESIDENTIAL queue are printed, and then the job from the COMMERCIAL queue is printed as long as no other jobs are added to the RESIDENTIAL queue in the meantime" and "All of the jobs and any additional jobs in the RESIDENTIAL queue are printed. When there are no outstanding

jobs in the RESIDENTIAL queue, the job from the COMMERCIAL queue is printed" are incorrect. The COMMERCIAL queue has a higher priority, so jobs in that queue are printed before other jobs in the RESIDENTIAL queue. (Discussion starts on page 339.)

   Question 26

1 out of 1 points  

You are the network administrator for a small computer distributor. The network comprises a single Windows Server 2003 system, which is configured as a domain controller, and 17 Windows XP Professional workstations. There is a single high-performance laser printer, which is directly connected to the network. The Windows Server 2003 system acts as a print server for the device, with a single logical printer. You are due to take a week's vacation, and although you anticipate few problems, you want to give a user with some technical expertise the ability to pause and restart the printer if a printing problem arises. You also want to allow him to manage jobs in the print queue other than his own. To give him the necessary rights, you want to make a single group assignment for the user. If possible, though, you do not want to add him to a group that grants him more rights than he needs. Which of the following predefined Active Directory groups do you add him to?

Selected Answer:    Print Operators

Correct Answer:    Print Operators

Feedback: Of the groups listed, only the Administrators and Print Operators are assigned the Manage Printers permission on a Windows Server 2003 domain controller. You do not want to make the user a member of the Administrators group because he would receive more rights than he needs. Therefore, you should add him to the Print Operators group. The Power Users group is found only on Windows Server 2003 systems that are not domain controllers. Print Managers is not a predefined Active Directory group on a Windows Server 2003 system. (Discussion starts on page 335.)

   Question 27

1 out of 1 points  

You are the network administrator for a media publishing company. The network comprises 2 Windows Server 2003 systems, 15 Windows 98 systems, and 10 Windows XP Professional systems. You have one high-performance laser printer, which is connected directly via a parallel connection to one of the Windows Server 2003 systems that is configured as a print server. One morning, a user with a Windows 98 system reports a problem with printing. She can send the job, but when the job is printed, it is simply a collection of blank pages. While investigating, you successfully print a test page from an application on the print server to which the printer is directly connected. Which of the following areas have you not eliminated as possible sources of the problem?

Selected Answer:    Printer drivers

Correct Answer:    Printer drivers

Feedback: When you print from the server, you are using a Windows Server 2003 printer driver. When the user prints, she is using a Windows 98 printer driver. Therefore, by printing directly from the server, you are not proving that the Windows 98 printer drivers are not corrupt. You

are however, proving that the physical printing device, the spooler service, and the available disk space on the server are not the source of the problem. (Discussion starts on page 344.)

   Question 28

1 out of 1 points  

You are the network administrator for a pharmaceutical company. The network comprises 4 Windows Server 2003 systems and 205 Windows XP Professional client computers. Three of the servers are configured as domain controllers. The fourth server is configured as a member server and is the sole print server for the company. The company has five divisions: Sales, Research, Manufacturing, Distribution, and Administration.Users in the Research department print large reports from a database system that was developed in-house. For some reason, these large print jobs often get stuck in the print queue and prevent other users in the department from printing. The developer responsible for the application, who is also based in the Research department, is looking into the problem. In the meantime, you give another person from that department the ability to delete print jobs for himself and other users in the department from the print queue, which you hope will reduce the number of calls to the support desk. However, you do not want them to be able to make any configuration changes to the printer itself. At the same time, you want to give the developer the ability to modify printer properties so he can attempt to isolate the problem with the database. Company policy dictates that group membership should be used before creating individual permissions to a resource, unless doing so grants a user more rights than he requires. Which of the following statements describes the best way to provide the necessary access?

Selected Answer:

   Grant the developer the Manage Printers permission. Make the nominated user a member of the Print Operators group.

Correct Answer:

   Grant the developer the Manage Printers permission. Make the nominated user a member of the Print Operators group.

Feedback: On a Windows Server 2003 system that is configured as a member server, the only group that is assigned the Manage Printers permission is Administrators. Making the developer a member of the Administrators group would grant him far more rights than you would want him to have just to manage the properties of a printer. Therefore, it is best to assign his user account the Manage Printers permission. To enable the user to manage print jobs in the queue, making him a member of the Print Operators group is sufficient. The answer "Make the developer a member of the Administrators group. Make the nominated user in the Research department a member of the Print Operators group" is incorrect. Making the developer a member of the Administrators group would grant him too many rights. The answer "Make the developer a member of the Print Operators group. Make the nominated user a member of the Print Managers group" is incorrect. Making the developer a member of the Print Operators group would not provide him with enough rights to modify the configuration of the printer. There is also no such group as Print Managers. The answer "Make the developer a member of the Print Managers group. Make the nominated user a member of the Document Managers group" is incorrect. Print Managers and Document Managers are not recognized built-in groups on a Windows Server 2003 system. (Discussion starts on page 335.)

 COMPUTER NETWORK TECH 55 SEC 093 (31251) SPRING 2009 (L2009SP-CNT-55-093-31251) > COURSE MATERIALS > REVIEW

ASSESSMENT: TEST12

 Review Assessment: Test12User RAFAEL JANANIAROSALES

Submitted 5/28/09 1:30 AM

Name Test12

Status Completed

Score 0 out of 34 points  

Instructions

   Question 1

0 out of 1 points  

Which of the following commands do you use to start the standalone Disk Management utility?

Selected Answer:    [None Given]

Correct Answer:    Diskmgmt.msc

Feedback: To start the standalone Disk Management console, you use the Diskmgmt.msc command. (Discussion starts on page 392.)

   Question 2

0 out of 1 points  

What is the maximum number of partitions supported by a single dynamic disk?

Selected Answer:    [None Given]

Correct Answer:    1

Feedback: All dynamic disks consist of only one partition, which encompasses its entire usable storage space. The partition can then be divided up into volumes. A basic disk can have a maximum of four partitions. All of the other answers are incorrect. (Discussion starts on page 390.)

   Question 3

0 out of 1 points  

In Disk Management, what status is assigned to a dynamic disk that has been removed from another system and added to this system but has not yet been imported?

Selected Answer:    [None Given]

Correct Answer:    Foreign

Feedback: A drive that has been removed from another system but that has not yet been imported into the current system's configuration is given a status of Foreign in Disk Management. A status of Not Initialized would be assigned to a drive that does not contain a valid signature. Neither Unknown nor Alien is a disk status in Disk Management.

(Discussion starts on page 392.)

   Question 4

0 out of 1 points  

How much free disk space is required for a complete defragmentation to be run on a volume?

Selected Answer:    [None Given]

Correct Answer:    15 percent

Feedback: To be completely defragmented, a volume must have at least 15 percent free space. All of the other answers are incorrect. (Discussion starts on page 406.)

   Question 5

0 out of 1 points  

When you view information for a volume in Disk Management, what does the Overhead statistic represent?

Selected Answer:

   [None Given]

Correct Answer:

   The percentage of the volume's capacity devoted to storing redundant data

Feedback: In Disk Management, the Overhead statistic represents the percentage of the volume's capacity devoted to storing redundant data. The percentage of the volume's capacity that is free is represented by the % Free statistic. The volume type is represented by the Layout field. The Fault Tolerance field indicates whether the volume type provides fault tolerance. (Discussion starts on page 392.)

   Question 6

0 out of 1 points  

When you run the Chkdsk command-line utility, which of the following switches do you use to automatically fix file system errors?

Selected Answer:    [None Given]

Correct Answer:    /f

Feedback: When you use the Chkdsk command line utility, you can use the /f switch to automatically fix file system errors that are found by the utility. The /r switch is used to instruct Chkdsk to attempt the recovery of any bad sectors it finds. The /fx and /fs switches are not recognized Chkdsk command switches. (Discussion starts on page 407.)

   Question 7

0 out of 1 points  

What is the maximum number of partitions you can have on a single basic disk?

Selected Answer:    [None Given]

Correct Answer:    4

Feedback: A single basic disk can have up to four partitions. These can be four primary partitions, or three primary partitions and an extended

partition. (Discussion starts on page 389.)

   Question 8

0 out of 1 points  

Fill in the blank: You can create a spanned volume using storage space from up to ____ physical disks.

Selected Answer:    [None Given]

Correct Answer:    32

Feedback: A spanned volume includes space on more than one physical disk. You can create a spanned volume using storage space from up to 32 physical disks, and the amount of space used on each disk can be different. All of the other answers are incorrect. (Discussion starts on page 390.)

   Question 9

0 out of 1 points  

You are using RAID-1 on your server. After a hard disk failure, you replace the failed disk with a new one and restart the system. When you look in Disk Management, what would you expect the status of the newly replaced volume to be while the mirror data is being written to the new drive?

Selected Answer:    [None Given]

Correct Answer:    Resynching

Feedback: A status of Resynching for a volume indicates that a mirrored volume is in the process of re-creating data on a newly restored disk. Remirroring and Reraiding are not recognized status messages in Disk Management. A status of Regenerating indicates that a RAID-5 volume is in the process of re-creating data on a newly restored disk. (Discussion starts on page 392.)

   Question 10

0 out of 1 points  

You have a spanned volume that uses space from three disks. If the third drive in the volume fails, which of the following is the easiest way to get the data back?

Selected Answer:    [None Given]

Correct Answer:    Replace the failed disk. Restore the data from a backup.

Feedback: Spanned volumes are not fault tolerant. If a drive in a spanned volume fails, the data is lost. After you replace the failed drive, the data must be restored from a backup. All of the other answers are incorrect. (Discussion starts on page 390.)

   Question 11

0 out of 1 points  

Which of the following is a limitation of mounting a volume to a folder path?

Selected Answer:

   [None Given]

Correct Answer:    The folder in which you are mounting the volume must be

empty.

Feedback: Although the disk containing the folder to which you mount the volume must use NTFS, a mounted volume can use any file system. It can also be part of a spanned or striped volume or be hosted on or be part of a RAID-1 or RAID-5 array. However, the folder into which you mount the volume must be empty. (Discussion starts on page 403.)

   Question 12

0 out of 1 points  

After installing a new disk, you start the Disk Management snap-in but find that the newly installed drive is not shown. What do you do next?

Selected Answer:

   [None Given]

Correct Answer:    Run Rescan Disks from the Action menu in Disk Management.

Feedback: After you install a new disk in the system, if the disk is not recognized in Disk Management, you can run Rescan Disks from the Action menu. Dsscan is not a recognized Windows Server 2003 utility. There is no /rs switch for starting Disk Management. Although powering down the system, disconnecting, and reconnecting the drive might cause the new drive to be recognized, this is not the first thing you should do if a drive is not recognized in Disk Management. (Discussion starts on page 396.)

   Question 13

0 out of 1 points  

You have three 16-GB drives in your server. Two of the drives have 6 GB of unallocated space, and the third drive has 10 GB of unallocated space. What is the largest spanned volume you can create?

Selected Answer:    [None Given]

Correct Answer:    22 GB

Feedback: Spanned volumes can use any amount of space from each of the drives. In this example, the total available space is 22 GB. All of the other answers are incorrect. (Discussion starts on page 398.)

   Question 14

0 out of 1 points  

You have three 20-GB drives in your server configured in a RAID-0 array. Each drive has a single partition that uses the entire drive. How much space is available for the storage of files?

Selected Answer:    [None Given]

Correct Answer:    60 GB

Feedback: RAID-0 is a non–fault tolerant RAID level, so no disk space is lost for the storage of parity information or duplicate data. Therefore, in a three-disk RAID-0 array using 20-GB disks, the space available for the storage of files would be 60 GB. (Discussion starts on page 398.)

   Question 0 out of 1 points  

15

How can you determine that a user has reached or exceeded her disk quota limit?

Selected Answer:    [None Given]

Correct Answer:    View the System log in Event Viewer.

Feedback: There are only two ways to determine whether a user has reached or exceeded her disk quota limit. One is to view the Quota Entries dialog box, which displays the current disk storage utilization per user. The other is to look for disk quota events in the System log of Event Viewer. Information on a user's disk quota usage cannot be viewed through the Application log of Event Viewer, through Disk Management, or from the Properties dialog box of a user account in Active Directory Users And Computers. (Discussion starts on page 412.)

   Question 16

0 out of 1 points  

True or False: If you specify an allocation unit size other than the default, you cannot use file or folder compression.

Selected Answer:  [None Given]

Correct Answer:  False

Feedback: To use the file or folder compression feature, the allocation unit size must be 4 KB (the default) or smaller. If a larger allocation unit size is specified, file or folder compression cannot be used. (Discussion starts on page 405.)

   Question 17

0 out of 1 points  

When you configure disk quotas, which of the following cannot be configured?

Selected Answer:    [None Given]

Correct Answer:    The disk space available to a specific group

Feedback: Disk quotas can be configured only on a per-user basis, not a per-group basis. You can use disk quotas to configure warnings for users and to configure whether users can continue to write to a drive after they have reached their quota. (Discussion starts on page 410.)

   Question 18

0 out of 1 points  

When you use basic disks on a Windows Server 2003 domain controller, where is the information about the partitions on the drive stored?

Selected Answer:    [None Given]

Correct Answer:    The MBR

Feedback: On a basic disk, information about the partitions on the drive is stored in the Master Boot Record, or MBR. On a dynamic disk, information about volumes is stored in the LDM database. Disk information is not stored in Active Directory. Information about partitions is not stored in the Master File Table (MFT). (Discussion starts on page 390.)

   Question 19

0 out of 1 points  

You are about to convert a basic disk to a dynamic disk. Which of the following should you do before proceeding?

Selected Answer:

   [None Given]

Correct Answer:    Make sure you have a complete backup of the data on the drive.

Feedback: Before performing any operations that could lead to damage or cause you to lose data, you should ensure that you have a complete and valid backup of the drive. Deleting volumes and removing any spanned or striped volumes is necessary only if you are converting from a dynamic disk to a basic disk. You do not need to perform these tasks when converting from a basic disk to a dynamic disk. The same is true if you are removing any logical drives in a partition. (Discussion starts on page 397.)

   Question 20

0 out of 1 points  

You are the network administrator for a building supplies wholesaler. You have a single Windows Server 2003 system that has three 16-GB IDE disk drives in it. Each disk has three volumes on it that together use 100 percent of the available space. The first volume on disk 0 (C:) is the system and boot volume for the server. This volume is mirrored to the first volume on disk 1. The second volume on the first disk is configured as E:, and the third volume on the first disk is configured as F:. The second and third volumes on the second drive are G: and H:, respectively. The first, second, and third volumes on the third disk are called I:, J:, and K:, respectively.    Recently you have experienced disk-related performance problems with the server and are looking at ways to address this. One reliable source suggests placing the Active Directory database and log files on separate disks. After consulting the documentation that was created when the server was installed, you determine that the Active Directory log files are indeed stored on the same volume as the Active Directory database. Which of the following volumes do you move the Active Directory log files to?

Selected Answer:    [None Given]

Correct Answer:    J:

Feedback: Best practice dictates that the Active Directory database and log files be stored on separate physical drives. In this example, however, the system and boot volume is mirrored to the second drive in the system, so placing the log files on the second drive would not result in any performance benefit because the log file updates would be recorded to both physical drives. The best thing to do is to place the log files on the third drive, which would keep them off of the drives being used by the Active Directory database. Therefore, of the answers listed, only J: is the right choice. (Discussion starts on page 388.)

   Question 21

0 out of 1 points  

You are the network administrator for an architectural design firm. The company recently created a new materials analysis department, and you have been asked to specify a new server for the department's use. The manager wants you to specify a

server that is as fault tolerant as possible and provides sufficient storage for a large materials database. The database will be hosted on a RAID-5 array, and the system and boot volume will be mirrored. The database will be around 80 GB, growing to around 100 GB after the architects add their data. It is unlikely to grow beyond that size, but the manager wants at least 20 percent free space within the array to allow for future growth. The server you are considering for the department has capacity for up to five drives. You decide to purchase two 20-GB drives to hold the system and boot partitions. What is the minimum size of drives you should specify for the RAID array?

Selected Answer:    [None Given]

Correct Answer:    60 GB

Feedback: With three drives in the RAID-5 array and a required capacity of 120 GB (100 GB + 20 percent), you need three 60-GB drives. An amount of space equal to one entire drive is lost to the storage of parity information. Therefore, the amount of space available for data storage on the 60 GB drives is 120 GB. All of the other answers are incorrect. (Discussion starts on page 398.)

   Question 22

0 out of 1 points  

You are the network administrator for a community college. The network comprised of three Windows Server 2003 systems and more than 200 Windows XP Professional workstations. Each server has four 12-GB drives in it. Each drive has two 4-GB partitions on it that were created using FAT. The rest of the disk is free space. No fault-tolerant storage measures are in place, but after a recent disk failure and a time-consuming restore process, your manager has asked you to implement a fault-tolerant strategy that can be rolled out to each of the existing servers. He is aware that this will use available disk space. No budget is available for new drives, so you must create a solution using only the existing hardware. You decide to create a RAID-5 array using the unused 4 GB of space on each drive. Which of the following steps must you perform before you can complete this task?

Selected Answer:    [None Given]

Correct Answer:    Convert the disks to dynamic disks.

Feedback: To create a RAID-5 array, the disks must be dynamic. In this example, each drive has two 4-GB partitions on it, and only basic disks allow more than one partition per disk. Therefore, the drives are basic and must be converted before they can be used in a RAID-5 array. The answer "Convert the drives to NTFS" is incorrect. Both FAT and NTFS file systems can be used in a RAID array. The answer "Export any quotas that are in place" is incorrect. If the file system on the drives is FAT, disk quotas cannot be used. The answer "Disable compression" is incorrect. Compression is available only on drives formatted with the NTFS file system. (Discussion starts on page 397.)

   Question 23

0 out of 1 points  

You are the network administrator for a small biological research company. The network comprised of a single Windows Server 2003 system that has two 20-GB drives installed. Both disks are dynamic and are formatted with NTFS. One drive is assigned as the system and boot volume, the other drive (called DATA) is assigned to file storage and application hosting. The DATA drive is shared by 50 users in the

Sales department, 27 users in the Marketing department, and 4 users in the Research department.     While viewing the information on the drive, you notice that the amount of free space on the drive has fallen below 10 percent. Your manager agrees with you that you need more storage space and has authorized the purchase of a new drive, but she asks that you control the amount of data on the new drive. At the same time, she wants to make sure that users in the Research department are not limited in the amount of data they can store. Which of the following solutions do you implement?

Selected Answer:

   [None Given]

Correct Answer:

   Enable disk quotas. Configure quota entries for each user in the Research department.

Feedback: Quotas are created on a per-volume basis. Quota limits apply to all users unless a specific quota entry is created to give users in that group more or less space. In this scenario, because the Research department has so few users, the best approach is to enable quotas on the volume and then create quota entries for the four people in the Research department. This allows users in the Research department more space while preventing the users in the Sales and Marketing departments from accessing the new drive. The other answers are incorrect. You cannot create quota entries for group objects. (Discussion starts on page 409.)

   Question 24

0 out of 1 points  

You are planning to buy a new server for your department, and a supplier offers you a large discount on a system with four 20-GB drives in it. Your manager approves the purchase and asks you to recommend a strong fault-tolerant storage strategy that uses all of the disks. You decide to create a 10-GB mirrored volume for the system and boot volume and then devote the rest of the available space to a RAID-5 array. Assuming that you create the largest possible RAID-5 array for this scenario, how much space will be available for data storage within the array?

Selected Answer:    [None Given]

Correct Answer:    30 GB

Feedback: In this scenario, the largest RAID-5 array that could be created would be 40 GB (10 GB from each of the four drives). With four disks, you would lose 25 percent of the available space to the storage of parity information, so the amount of storage space available would be 30 GB. Even though the system and boot volume is mirrored, the 10 GB free on each drive can still be included in the RAID-5 array. (Discussion starts on page 398.)

   Question 25

0 out of 1 points  

You have been hired as the first network administrator for a small horticultural wholesaler. The network comprised of a single Windows Server 2003 system, which was recently installed by the owner of the company. He has little technical knowledge, so the server has a very simple configuration. A single 10-GB drive is installed in the system, and it is configured as a basic disk with a single partition using FAT. When you discuss the configuration of the server with the manager, you advise adding a second drive in the server for storing data to keep it separate from

the system and boot partition, and that the system and boot partition be mirrored to provide fault tolerance. He authorizes you to purchase a new disk drive and create a mirror, but he wants you to take only the steps necessary to put the mirror in place, and nothing more, as he wants to understand and approve any changes you make. Which of the following best describes the procedure you should follow to do this?

Selected Answer:

   [None Given]

Correct Answer:

   Install, initialize, and format the new drive. Back up the data from the existing drive. Convert the existing disk from basic to dynamic. Convert the new drive from basic to dynamic. Create the mirror.

Feedback: To create a mirror, both of the disks in the mirror must be dynamic disks. Because the default for Windows Server 2003 is basic disks, you must convert both drives before creating a mirror. The answer "Install, initialize, and format the new drive. Convert the existing disk from FAT to NTFS. Create the mirror" is incorrect. The ability to create a mirror is not dependent on the file system in use. The answer "Install, initialize, and format the new drive. Remove the data from the existing disk, convert the existing disk from basic to dynamic. Restore the data. Convert the new disk from basic to dynamic. Create the mirror" is incorrect. To convert from basic to dynamic disks, you do not need to remove the data from the drive. The answer "Install, initialize, and format the new drive. Back up the data from the existing drive, remove the partitions from the drive, convert the disk from basic to dynamic, restore the data, and create the mirror" is incorrect. To convert from basic to dynamic disks, you do not need to remove the partitions from the drive. (Discussion starts on page 397.)

   Question 26

0 out of 1 points  

True or False: If you move a dynamic disk that is part of a striped volume from one Windows Server 2003 system and install it in another system, the data on the drive will be available on the new system.

Selected Answer:  [None Given]

Correct Answer:  False

Feedback: In a striped volume, if any one of the drives in the striped volume is removed or fails, the entire volume will be unavailable. If the drive is moved to another system, none of the data in the striped volume area on any of the disks will be available. (Discussion starts on page 398.)

   Question 27

0 out of 1 points  

You have recently purchased a new Pentium 4 system with six 60-GB drives. Your manager has asked you to design a fault-tolerant storage strategy that provides the largest amount of protected storage. You decide to create a 30-GB mirrored volume for the system and boot partition and then create the largest RAID-5 array possible. In this scenario, what is the maximum amount of storage space that will be available in the RAID-5 array?

Selected Answer:    [None Given]

Correct Answer:    180 GB

Feedback: In this example, the largest RAID-5 array would be created by using the four disks that are not part of the system/boot partition mirror. With four 60-GB drives, the amount of data storage space available in the array would be 180 GB because an amount of space equal to one drive in the array would be lost to the storage of parity information. If the available space on the drives holding the system and boot partition mirror were used in the RAID-5 array, a RAID-5 array with 150 GB of available storage space would be created, which is less than the 180 GB that could be created by using the unallocated drives. (Discussion starts on page 398.)

   Question 28

0 out of 1 points  

You are the network administrator for an automotive manufacturer. The company has a central parts reference database that is hosted on a dedicated Windows Server 2003 system. The database is updated only once every six months because it contains parts information for past models and is used by the dealership support team only for reference purposes. The server currently has three 4-GB SCSI drives in it, but your manager has asked you to reconfigure the server and add two additional drives. He wants to create fault tolerance for the system and boot volume and reconfigure the drives hosting the database application for optimal read performance. Given the static nature of the database, he is not concerned with providing fault tolerance for it. Which of the following strategies do you implement?

Selected Answer:

   [None Given]

Correct Answer:

   RAID-1 for the system/boot volume, RAID-0 for the database drives

Feedback: In this scenario, the best way to provide fault tolerance for the system and boot volume is to create a mirror. To provide the highest levels of read performance when no fault tolerance is required, you would use RAID-0. All of the other answers are incorrect. (Discussion starts on page 401.)

   Question 29

0 out of 1 points  

You are the network administrator for a household goods wholesaler. The network comprised of a single server with four hard disks in it. All four disks are basic and were formatted with FAT. After a recent hard disk failure, your manager has asked you to suggest a fault-tolerant strategy for your server. He wants to ensure that the server can endure the failure of any one of the four disks without the server failing, requiring a restart, or the users noticing that the drive is unavailable. Which of the following is the easiest way to do this?

Selected Answer:    [None Given]

Correct Answer:    Implement hardware-based RAID.

Feedback: When you use hardware RAID, you can include all of the drives in the system in a single RAID array. You can also include the system and boot volume. In a RAID-5 array, if one of the drives becomes unavailable, users generally do not notice because missing data is calculated on the fly using the parity. (Discussion starts on page 401.)

   Question 30

0 out of 1 points  

You are the network administrator for a publishing company. The network comprised of two Windows Server 2003 systems and 62 Windows XP Professional systems. Each server has two 40-GB SCSI disk drives, which are configured in Windows Server 2003 as dynamic disks. On each drive is a 30-GB volume; the rest of the space on the drive is unallocated. On one server, the first drive, which holds the system and boot volume, is formatted with the NTFS file system, and disk quotas have been implemented. Even so, you are running low on free space in the volume and have decided to extend it. Which of the following will prevent you from doing this?

Selected Answer:    [None Given]

Correct Answer:    The volume is the system and boot volume.

Feedback: To extend a volume, you must be using dynamic disks with NTFS. However, you cannot extend a system or boot volume. Whether disk quotas are enabled on a volume has no bearing on whether it can be extended. (Discussion starts on page 406.)

   Question 31

0 out of 1 points  

You are the network administrator for a public relations agency. The network comprised of a single Windows Server 2003 system with two disks. Each disk has a single partition on it. The first disk drive in the system is configured as the system and boot volume. The second disk drive is used for file storage and application hosting.    Over the past few weeks, a number of users have commented that retrieving and saving files to the server seems to be getting slower. You check the status of the disk drive in Disk Management and find that it is online and healthy. You also notice that the Overhead value is 6 percent. You run Check Disk, but no errors are reported. Which of the following do you do next?

Selected Answer:    [None Given]

Correct Answer:    Defragment the disk drive.

Feedback: If users are experiencing performance issues retrieving files from a server but there are no apparent problems with the disk drive, defragmenting the disk drive is a logical next step. Removing data from the disk drive or implementing disk quotas is unlikely to help. You would not reinitialize a disk drive that is installed in the server and functioning correctly. (Discussion starts on page 408.)

   Question 32

0 out of 1 points  

You are the network administrator for a bicycle manufacturer. You have a single Windows Server 2003 system with two 16-GB disk drives in it. Each drive has a single partition on it that uses 100 percent of the available space. However, there is less than 20 percent free space available on each drive. Your manager suggests that you purchase an additional 16-GB drive and then mirror the drive that holds the system and boot volume to the new drive. That way, the additional expense will not only gain you extra space but will also add a degree of fault tolerance to the storage subsystem on the server. What would you tell your manager?

Selected Answer:

   [None Given]

Correct Answer:

   The strategy will provide fault tolerance but no additional disk space.

Feedback: When you add a new drive to create a mirror set, an amount of disk space equal to the size of the partition that is being mirrored will be lost to the storage of the mirrored data. In this example, because the partition on each drive uses 100 percent of the available space on the 16-GB drive, using a new 16-GB drive would cause the entire available space on the new drive to be assigned to the mirrored volume. The answer "The strategy seems appropriate and valid" is incorrect. There are issues with this strategy. The answer "The system and boot partition cannot be included in a mirror set" is incorrect. System and boot partitions can be included in a mirror set. The answer "The strategy can be implemented, but it will create only 3.2 GB of additional free space" is incorrect. Volumes are mirrored on a like-for-like basis. If a 16-GB volume is mirrored, it will use 16 GB on the mirrored drive. Even though there might still be free space within the volume, this space will not be available as additional storage space. (Discussion starts on page 398.)

   Question 33

0 out of 1 points  

Which of the following RAID levels is not supported by Windows Server 2003?

Selected Answer:    [None Given]

Correct Answer:    RAID-3

Feedback: Windows Server 2003 supports RAID-0 (disk striping), RAID-1 (disk mirroring), and RAID-5 (disk striping with parity). It does not support RAID-3 (disk striping with single-disk parity). (Discussion starts on page 401.)

   Question 34

0 out of 1 points  

When you create a dynamic volume, which of the following volume types does not require you to use the same amount of space on each disk that will be included in the volume?

Selected Answer:    [None Given]

Correct Answer:    Spanned

Feedback: You can create spanned volumes using any amount of space from each drive that will be included in the volume. Mirrored, striped, and RAID-5 volumes require that the drives use the identical amount of space. (Discussion starts on page 398.)