Exam 70-291 preparation questions

Exam 70-291 study material

Made available by Testkingprep.com

Free 70-291 Exam Preparation Questions

Exam 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

For Latest 70-291 Exam Questions and study guides- visit- http://www.testkingprep.com/70-291.html

http://www.testkingprep.com/70-291.html



Question:1 Your company has a main office and one branch office. All servers run Windows Server 2003 Service Pack 2 (SP2). The main office has a third-party gateway device named Gateway1. Gateway1 is connected to the internal network and the Internet. Gateway1 supports IPSec. In the branch office, you have a server named Server1. You create an IPSec policy on Server1. You need to ensure that Server1 can establish an IPSec tunnel to Gateway1. What should you use to configure the IPSec policy? A. an IP filter that allows only Internet Control Message Protocol (ICMP) traffic B. an IP filter that allows only TCP traffic on port 1701 C. a pre-shared key for authentication D. Kerberos authentication


Answer: C Question:2 Your network consists of a single Active Directory domain named Hi-Tech.com.com. You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). You have two domain user accounts named Admin1 and User1. Admin1 is a member of the Administrators group on Server1. User1 is a member of the Domain Users group only. You log on to Server1 as User1. You need to run several administrative tools. You must minimize the number of times you are prompted to enter a username and password when starting the tools. You must achieve this goal without logging off from Server1. What should you do? You work as a security administrator for Microsoft. The basic network and some policies are as the following:

A. Configure the secondary logon service to start by using the Admin1 account. B. Configure the Start menu shortcut for each administrative tool to run as Admin1. C. Create a Start menu shortcut for cmd.exe to run as Admin1, and then start the administrative tools

from the command prompt. D. Configure the Start menu shortcut for each administrative tool, and assign the Admin1 account

ownership of the shortcuts.

Answer: C Question:3 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. Users browse the internal network and the Internet from their client computers on a regular basis. All Web and e-mail hosting for a separate DNS domain, named zkxl-north.com, is outsourced to an ISP that also resolves all name resolution requests for zkxl-north.com. Since you have no administrative control over the DNS servers at the ISP, you are unable to list the contents of north.com using the nslookup command on the DNS servers at the ISP. You configure a Windows Server 2003 Service Pack 2 (SP2) computer, named SERVER01, with a primary


zone for Hi-Tech.com, and remove all root hints from it. All client computers are configured to refer to SERVER01 for name resolution. You have to make sure that all client computers can locate and access resources in Hi-Tech.com, zkxl-north.com, and on the Internet. What should you do to configure DNS resolution to meet these requirements A. Configure a secondary zone for north.com on SERVER01. B. Configure a primary zone for north.com on SERVER01. C. Configure conditional forwarding for north.com with the IP address of the DNS server at the ISP. D. Configure simple forwarding with the default settings with the IP address of the DNS server at the

ISP.


Answer: D Question:4 Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network. You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access. What should you do? A. Allow dial-in access for the user accounts of all Sales group members. B. Deny dial-in access for the user accounts of all users except the Sales group members. C. Create a remote access policy and assign the Allow - Remote Access permission. Add the

Windows-Groups condition and specify the Sales group. D. Create a remote access policy and assign the Deny - Remote Access permission. Add the

Windows-Groups condition and specify all Active Directory groups except for Sales.

Answer: C Question:5 Your network consists of a single Active Directory domain and two network segments named Subnet1 and Subnet2. You deploy a server named Server1 that runs Routing and Remote Access. Server1 is configured as a router between the two network segments. You deploy a DHCP server on Subnet1. You configure a DHCP scope for each network segment. Client computers that run Windows XP Professional Service Pack 3 (SP3) are deployed on both network segments and are configured to receive IP configurations dynamically. You discover that all client computers on Subnet2 have Automatic Private IP Addressing (APIPA) addresses. You need to ensure that all client computers on Subnet2 receive their IP configurations from the DHCP server. What should you do in Routing and Remote Access? A. Disable IP Routing. B. Create a static route. C. Enable demand-dial routing. D. Enable a DHCP Relay Agent.

Answer: D Question:6 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory forest that contains two domains named us.Hi-Tech.com and uk.Hi-Tech.com. All servers on the Hi-Tech.com network run Windows Server 2003 Service Pack 2 (SP2) and all client computers run Windows XP Professional. IP addresses for all client computers and servers are dynamically assigned by DHCP. All computers on the Hi-Tech.com network are either registered in the uk.Hi-Tech.com DNS zone or the us.Hi-Tech.com DNS zone, and all DNS servers contain copies of all zones. A new Hi-Tech.com network management policy requires that computers are not allowed to have duplicate host names. Hi-Tech.com's client computers always connect to other computers by specifying the name of the target computer only. The CIO informs you that you have to configure the client computers to make sure that all computer names can be resolved using DNS without the domain name being specified. He also tells you that this configuration must be automated so that if an additional domain is added to the forest, manual reconfiguration is not necessary. Which of the following should you carry out to complete this task A. In the DNS client configuration of each client computer, configure the Append these DNS

suffixes option. B. Configure the 015 DNS Domain Name option on all DHCP scopes. C. Configure the Default Domain Policy GPO in each domain, and then enable the DNS Suffix

Search List policy setting in the GPO. D. Configure the Default Domain Policy GPO in each domain, and then enable the Primary DNS Suffix

policy setting in the GPO.

Answer: C Question:7 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. All servers on the Hi-Tech.com network run Windows Server 2003 Service Pack 2 (SP2). The Hi-Tech.com network contains a remote access server named SERVER24 connected to a modem pool supporting eight simultaneous inbound connections. A new Hi-Tech.com security policy requires that SERVER24 be configured to support only Windows 95, Windows 98, Windows 2000 Professional, and Windows XP Professional client computer operating systems for dial-up access. You have received instruction from the CIO to configure the remote access policy to support the most secure authentication methods using only the necessary authentication methods for the supported client computers that will be connecting. Which authentication method will configure the remote access policy to support the most secure authentication methods? A. On SERVER24 implement the PAP authentication protocol. B. On SERVER24 implement the SPAP authentication protocol. C. On SERVER24 implement the CHAP authentication protocol. D. On SERVER24 implement the MS-CHAP Version 1 and MS-CHAP Version 2 authentication

protocols.

Answer: D Question:8 You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server has Windows Server Update Services (WSUS) 3.0 installed. The server contains a single 30-GB volume named Volume1. Volume1 is 90 percent full. You install a new 136-GB hard disk in the server. You create a new 136-GB volume named Volume2. You need to increase the storage space available to WSUS. What should you do? A. Use wsusutil.exe to copy the updates to Volume2. Manually delete the folder that contains the

updates on Volume1. B. Use ntbackup.exe to backup the updates on Volume1. Restore the updates to Volume2.

Manually delete the folder that contains the updates on Volume1. C. From the Update Services console, configure the server to download Express Installation files.

D. Modify the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup\ContentDir registry setting. Restart the Update Services service.

Answer: A Question:9 Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). All servers and client computers are members of the domain. You need to configure Automatic Updates on all computers to meet the following requirements: Install updates automatically on all computers. Prevent users from modifying the Automatic Update settings. What should you do?

A. From the Default Domain Policy, modify the Windows Update settings. B. On each client computer, run wuauclt.exe /resetauthorization. C. On each client computer, modify the Automatic Updates settings from Control Panel. D. On a server, install and configure Windows Server Updates Services (WSUS) 3.0.

Answer: A Question:10 You are the network administrator for your company. All servers run Windows Server 2003 Service Pack 2 (SP2). You configure the Routing and Remote Access service on a server named Server2. Server2 is connected to a modem pool and supports eight simultaneous inbound connections. You instruct remote users to dial in to Server2 from their home computers. The company's written business policy states that the only client computer operating systems that should be supported for dial-up access are Windows 95, Windows 98, Windows 2000 Professional, and Windows XP Professional. You need to configure the remote access policy to support the most secure authentication methods possible. You want to enable only the necessary authentication methods based on the supported client computers that will be connecting. Which authentication method or methods should you enable? (Choose all that apply.) A. PAP B. SPAP C. CHAP D. MS-CHAP Version 1 E. MS-CHAP Version 2

Answer: D, E Question:11 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network contains a Windows Server 2003 Service Pack 2 (SP2) computer named DC01. Two administrators and the Domain Admins group are members of the Administrators local group on DC01. Ten administrators are members of the Domain Admins group. DC01 failed because an unauthorized change was made in the corrected this issue. You must now implement auditing so that all attempts to access the HKEY_LOCAL_MACHINE\SYSTEM key in the registry on DC01 are logged. You want to enable auditing in the local security policy on DC01. What should you do to achieve this goal? Choose two answers. Each answer represents part of the solution. A. In the local security policy on DC01, enable auditing and set the Audit object access (success and

failure) option in the audit policy B. In the local security policy on DC01, enable auditing and set the Audit privilege use (success and

failure) option in the audit policy. C. In the local security policy on DC01, enable auditing and set the Audit systems events

(success and failure) option in the audit policy. D. On DC01, configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry. Set

auditing on the Full Control permission for Everyone. E. On DC01, configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry. Set

auditing on the Set Value permission for Everyone.

Answer: D Question:12 Your network consists of an internal network and a perimeter network. On the internal network there is a server named Server1. On the perimeter network there is a server named Server2. All servers run Windows Server 2003 Service Pack 2 (SP2). You schedule a task to transfers files from Server1 to Server2 by using FTP. You monitor the network traffic from Server1 to Server2 and notice that the user name and password used for the FTP transfer are sent as plain text. You need to ensure that all FTP traffic between Server1 and Server2 is encrypted. What should you do? A. Implement IPSec. B. Install a server certificate on Server1. C. Install a server certificate on Server2. D. Use the Encrypting File System on Server1.

Answer: A Question:13 You are the network administrator for your company. All client computers run Windows XP Professional. All servers run Windows Server 2003 Service Pack 2 (SP2). The company has offices in Los Angeles, San Francisco, and Seattle. Each office is configured as a separate IP subnet. DNS is the only method of name resolution used on the network. You need to implement a software update infrastructure on the network. You install Windows Server Update Services (WSUS) on a computer named Server1 in the Los Angeles office. You install WSUS on Server1 with all default settings. You create a Group Policy object (GPO) named WSUS. You have no plans to install additional WSUS servers. You need to ensure that client computers can successfully connect to the WSUS server. What should you do? A. Configure the Internet browser home page on all client computers to point to http:

//windowsupdate.microsoft.com. B. In the WSUS GPO, specify the Server Name property to be the server's fully qualified domain name

(FQDN). C. On the WSUS server, configure the IIS Manager to require HTTP over SSL. D. Enable communication over port 443 between all client computers and the WSUS server.

Answer: B Question:14 Your network consists of a single Active Directory domain. The domain contains a server named Server1. Server1 runs Windows Server 2003 Service Pack 2 (SP2). You install Windows Support Tools on Server1. You need to view the IPSec settings applied to Server1. What command should you run on Server1? A. Netstat r IP B. Netdiag /test:ipsec C. Sc query policyagent D. Netsh ipsec static show all

Answer: D Question:15 You are the network administrator for your company. The network contains a Windows Server 2003 Service Pack 2 (SP2) computer named Server1. Three administrators are members of the Administrators local group on Server1. Twelve other administrators are members of the Domain Admins group. The Domain Admins group is also a member of the Administrators local group on Server1. Someone makes an unauthorized change to the HKEY_LOCAL_MACHINE\SYSTEM key in the registry on Server1, which causes the computer to fail. You fix the problem. You need to log all attempts to access the HKEY_LOCAL_MACHINE\SYSTEM key in the registry on Server1. You decide to enable auditing in the local security policy on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Enable auditing in the local security policy on Server1. Select the Audit object access (success and

failure) option in the audit policy. B. Enable auditing in the local security policy on Server1. Select the Audit privilege use (success and

failure) option in the audit policy. C. Enable auditing in the local security policy on Server1. Select the Audit system events

(success and failure) option in the audit policy. D. Configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry. Specify

auditing of the Full Control permission for Everyone. E. Configure the SACL on the HKEY_LOCAL_MACHINE\SYSTEM key in the registry. Specify

auditing of the Set Value permission for Everyone.

Answer: A, D Question:16 You have a server that runs Windows Server 2003 Service Pack 2 (SP2). You create a user account named Admin1. You need to allow Admin1 to restart the server and to manage shared folders. You must minimize the rights assigned to Admin1. Which group should you add Admin1 to? A. Power Users B. Administrators C. HelpServicesGroup D. Remote Desktop Users Answer: A Question:17 You install three servers that run Windows Server 2003 Service Pack 2 (SP2). The servers are on the same subnet. You get the IP configuration for the servers as shown in the following table. You need to ensure that you can establish communication between the three servers. What should you do?

A. Modify the IP address on Server3. B. Modify the IP address on Server1. C. Configure the hosts file on each server. D. Modify the default gateway for each server.

Answer: A Question:18 You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). The network contains a Web server that runs IIS 6.0 and hosts a secure intranet site. All users are required to connect to the intranet site by authenticating and using HTTPS. However, because an automated Web application must connect to the Web site by using HTTP, you cannot configure the intranet site to require HTTPS. You need to collect information about which users are connecting to the Web site by using HTTPS. What should you do? A. Check the application log on the Web server. B. Use Network Monitor to capture network traffic on the Web server. C. Review the log files created by IIS on the Web server. D. Configure a performance log to capture all Web service counters. Review the performance log data.

Answer: C Question:19 You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 Service Pack 2 (SP2) computers; 3,000 Windows XP Professional computers; and 2,000 Windows 2000 Professional computers. Windows Server Update Services (WSUS) is installed on a server named Server1. The necessary Group Policy object (GPO) is configured. You need to confirm whether all computers in the domain have received all approved updates from Server1. What should you do on Server1? A. Install and configure Urlscan.exe. B. At the command prompt, type gpresult /scope COMPUTER. C. Open the WSUS console. Run the Status of Computers report. D. Open the WSUS console. Run the Synchronization Results report. Answer: C Question:20 You have a DNS server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). You have two Web servers named Server2 and Server3. The Web servers host an internal Web site that will be accessed by the URL http://www.Hi-Tech.com.com. You need to ensure that requests for www.Hi-Tech.com.com are distributed between Server2 and Server3. What should you do? A. On each Web server, configure a host header value of www.Hi-Tech.com.com. B. On each Web server, configure a custom HTTP header value of www.Hi-Tech.com.com. C. On Server1, create two host (A) records for www.Hi-Tech.com.com. D. On Server1, create a _roundrobin._tcp.Hi-Tech.com.com service locator (SRV) record for each

server that has a port value of 80.

Answer: C Question:21 Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have two servers named Server1 and Server2. Both servers have Windows Server Update Services (WSUS) 3.0 installed. You need to ensure that Server2 automatically receives the same update approvals as Server1. What should you do? A. On Server2, modify the Update Source and Proxy Server settings. B. On Server2, modify the Update Files and Languages settings. C. On Server2, run the Windows Server Update Services 3.0 setup wizard. D. On Server1, run the WSUS Server Configuration Wizard.

Answer: A Question:22 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. All servers on the Hi-Tech.com network run Windows Server 2003 Service Pack 2 (SP2) and all client computers run Windows 2000 Professional with

Service Pack 4 or Windows XP Professional. You have received instruction from the CIO to install and configure Software Update Services (SUS) on a server named SERVER24. You then create a GPO configuring all client computers to receive their software updates from SERVER24. One week later whilst performing your routine systems administration you run Microsoft Baseline Security Analyzer (MBSA) on all the client computers to check whether updates are applied or not, and you discover that all the Windows 2000 Professional client computers receive updates, but not the Windows XP Professional client computers. Later you verify the GPO setting was applied on all Windows XP Professional computers. What should you do to ensure that the Windows XP Professional client computers receive their updates from SERVER24? A. All users of the Windows XP Professional client computers must be made members of the

Administrators local group. B. Service Pack 1 must be installed on all Windows XP Professional client computers. C. Automatic Updates must be restarted on all Windows XP Professional client computers. D. The NoAutoUpdate value unde HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\

Windows\WindowsUpdate\AU. Must be deleted on all Windows XP Professional client computers.

Answer: B Question:23 You have a server named Server2 that runs Windows Server 2003 Service Pack 2 (SP2). The server has two network connections named Local Area Connection and Internet Connection. You configure network address translation (NAT) on Server2 as shown in the exhibit. (Click the Exhibit button.) You configure all client computers to use Server2 as their default gateway. Users report that they cannot connect to the Internet. You successfully connect to the Internet from Server2. You need to ensure that client computers can access Internet resources. What should you do?

A. Change the Internet Connection interface type to Basic firewall only. B. Change the Internet Connection interface type to Private interface connected to private

network.

C. Add Local Area Connection as a new interface for the NAT protocol and set the interface as a Public interface connected to the Internet.

D. Add Local Area Connection as a new interface for the NAT protocol and set the new interface as a Private interface connected to private network.

Answer: D Question:24 Your network consists of a single Active Directory domain. The domain contains an organizational unit (OU) named SecureServers. The SecureServers OU contains a computer account for a server named Server1. You link a Group Policy object (GPO) to the SecureServers OU. In the GPO, you assign an IPSec policy that requires encryption for all communications. You notice that all communications to Server1 are unencrypted. You need to ensure that all communications to Server1 are encrypted immediately. What should you do?

A. On Server1, run gpudate.exe. B. On Server1, run gpresult.exe. C. From the properties of the GPO, enable the Enforced option. D. From the properties on the SecureServers OU, enable the Block policy inheritance setting.

Answer: A Question:25 Your network consists of a single Active Directory domain named litwareinc.com. You have server named DC1 that runs Windows Server 2003 Service Pack 2 (SP2). DC1 has the DNS server role installed and is the only DNS server for the network. On DC1, you open the DNS snap-in as shown in the exhibit. (Click the Exhibit button.) At the command prompt, you run Nslookup www.Hi-Tech.com.com and receive the following error message; *** Localhost cant find www.Hi-Tech.com.com: Non-existent domain. You need to ensure that you can connect to Internet hosts by using fully qualified domain names (FQDNs). What should you do?

A. Delete the .(root) forward lookup zone. B. Delete the 192.168.1.x subnet reverse lookup zone. C. Create a new forward lookup zone named Hi-Tech.com.com. D. Enable the Disable recursion (also disables forwarders) setting.

Answer: A Question:26 You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). You open the IP Security Monitor snap-in and see the information shown in the exhibit. (Click the Exhibit button.) You need to ensure that all communications to Server1 are encrypted. What should you do?

A. Modify the Local Security Policy on Server1. B. Modify the Research IPSec Policy Group Policy object. C. Enable Windows Firewall and do not allow exceptions. D. From the Properties of the Local Area Connection, modify the Authentication settings.

Answer: B Question:27 You are the network administrator for your company. The Denver office is currently connected to the corporate WAN by using a Windows Server 2003 Service Pack 2 (SP2) computer named Server23. Server23 is configured as a dial-up router. Server23 has two network adapters. One network adapter connects to the Ethernet LAN. The other network adapter is a broadband networking device. The company plans to increase the number of employees in the Denver office by at least 25 percent. You need to confirm that the current network bandwidth of the broadband connection will be sufficient for the future expansion of the Denver office.You want to use System Monitor on Server23 to find out the current utilization of the broadband network connection.What should you do? A. Monitor the Bytes Total/sec counter on the Network Interface object. B. Monitor the Bytes Total/sec counter on the Server object. C. Monitor the Server\\Packets/sec counter on the Server object. D. Monitor the Current Bandwidth counter on the Network Interface object. Answer: A Question:28 You are the administrator of a Windows Server 2003 Service Pack 2 (SP2) computer named Server1. Server1 has a third-party application installed on it. The third-party application runs as a service that is named Service1. Service1 fails periodically. You need to configure the recovery options for Service1 to meet the following requirements: If Service1 runs successfully for a day or more, you need to ensure that only the service is immediately restarted upon failure. If, after this failure, Service1 does not run successfully for another day, you must ensure the entire server is immediately restarted. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

Answer: Pending Question:29 You have a Web server that runs Windows Server 2003 Service Pack 2 (SP2). You attempt to start the World Wide Publishing Service and receive the following error message. You need to identify which services must be started before you can start the World Wide Web Publishing Service. What should you do?

A. From Event Viewer, view the application log. B. From Windows Explorer, open the %systemroot%\system32\drivers\etc\services file. C. From the Services snap-in, view the properties of the World Wide Web Publishing Service. D. From the command prompt, run Net config server /srvcomment:World Wide Web Publishing

Service.

Answer: C Question:30 Your company has a stand-alone server named Server2 that runs Windows Server 2003 Service Pack 2 (SP2). Server2 is a Web server. You monitor two client connections to your Web site on Server2 and obtain the results shown in the exhibit. (Click the Exhibit button.) You need to ensure that all connections to the Web server are encrypted. What should you do?

A. Install a Web server certificate on Server2. B. Configure the Web site to require a secure channel. C. Configure the Web site to redirect all requests to https://Server2. D. Configure the Web site to require integrated Windows authentication.

Answer: B Question:31 You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server connects to the Internet by using a router. You attempt to ping a public IP address and receive the following error message: Request timed out. The servers routing table is configured as shown in the exhibit. (Click the Exhibit button.) You need to ensure that you can ping Internet hosts by using their IP addresses. Which command should you run?

A. Netsh interface ip set address Local Area Connection 2 static 10.1.10.11 255.255.0.0 10.1.10.11 1

B. Netsh interface ip set address Local Area Connection 2 static 10.1.10.11 255.0.0.0 10.0.0.18 1 C. Route ADD 0.0.0.0 MASK 0.0.0.0 10.1.10.11 D. Route DELETE 0.0.0.0

Answer: B Question:32 You have a server that runs Windows Server 2003 Service Pack 2 (SP2). The server connects to the Internet by using a router. You attempt to launch Windows Update and receive the following error message: Cannot find server or DNS Error. The IP configurations of the server are shown in the exhibit. (Click the Exhibit button.) You need to ensure that the server can connect to Windows Update. What should you do?

A. Configure the server to have static IP settings. B. Install the DNS Server service on Server1 and configure DNS to use a forwarder. C. Add an entry to the %systemroot%\system32\drivers\etc\hosts file for update.microsoft.com. D. Add an entry to the %systemroot%\system32\drivers\etc\lmhosts file for update.microsoft.com.

Answer: A Question:33 Look at the picture. You are the administrator of a Windows Server 2003 Service Pack 2 (SP2) computer named Server1. The LAN connection TCP/IP properties on Server1 are configured to use a static IP address. An administrator reports that Server1 is receiving incorrect results to a query for server2.fourthcoffee.com. You log on to Server1 and run the ipconfig /flushdns command. You receive the following error message. You need to start the appropriate service or services to ensure that Server1 can correctly resolve name resolution queries. You want to achieve this goal by using the minimum amount of administrative effort. Which service or services should you start? To answer, select the appropriate service or services in the work area. Answer & Explanation Correct Answer Explanations No more information available

Answer: Pending Question:34 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. All servers on the Hi-Tech.com network run Windows Server 2003 Service Pack 2 (SP2). The Hi-Tech.com network contains a DNS server named SERVER03. Hi-Tech.comrecently started using a new ISP, and ever since then users have been reporting that they are unable to access Internet Web sites using their fully qualified domain names (FQDNs). You decide to manually configure a test computer to use the DNS server address of the new ISP. You find that the test computer can successfully access Internet Web sites using their FQDNs. You now need to make sure that network users are able to access Internet Web sites using their FQDNs, while also making sure that user access to internal resources is not disrupted. Which of the following are two options that will achieve this goal? (Each correct answer presents a complete solution. Choose two) A. Create a root zone on SERVER03. B. Configure SERVER03 to use the default root hints. C. Configure a forwarder on SERVER03 to the new ISP's DNS server. D. Configure all computers on your network to use the new ISP's DNS server.

Answer: B, C Question:35 You are the network administrator for your company. All servers run Windows Server 2003 Service Pack 2 (SP2). All servers are configured with static IP addresses. All client computers run Windows XP Professional. All client computers are configured as DHCP clients. The company has a main office and one branch office. The offices are separated by a router. A DHCP server is deployed in each office. One of the DHCP servers shuts down unexpectedly. It takes four hours to repair the server. During that time, several mobile users connect their portable computers to the network and report that they cannot connect to shared resources on the network. After the server is repaired, you create a new scope on each DHCP server that includes IP addresses for the other office. You activate the scopes. You test the new DHCP configuration by shutting down the DHCP server in the main office. You find out that the client computers in the main office are not receiving IP addresses from the DHCP server in the branch office. You need to ensure that when the DHCP server in one office fails, the client computers will receive a correct IP address configuration from the DHCP server in the other office. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) You work as a security administrator for Microsoft. The basic network and some policies are as the following:

A. Configure the router between the offices to forward BOOTP broadcasts. B. Configure the DHCP server in each office with a DHCP scope that includes the same IP

addresses as the DHCP server in the other office. Activate the scope. C. Configure the DHCP server in each office with an additional network adapter. Connect each new

network adapter to the local network. Assign an IP address from the other office's network to each new network adapter.

D. Install and configure a DHCP relay agent in each office.

Answer: D Question:36 You have a DNS server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). You create a primary zone on Server1 for Hi-Tech.com.com. You run the DNS simple query test and recursive query test. The simple query test completes successfully, but the recursive query test fails. You need to ensure that the recursive query test can complete successfully. What should you do on Server1? A. Clear the cache. B. Disable recursion. C. Enable access to the Internet. D. Configure a reverse lookup zone.

Answer: C Question:37

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains Windows Server 2003 Service Pack 2 (SP2) computers and Windows XP Professional computers. You configure a server named Server1 to be a file server. The written company security policy states that you must analyze network traffic that is sent to and from all file servers. You need to capture file-transfer network traffic that is being sent to and from Server1. You install Network Monitor Tools from a Windows Server 2003 Service Pack 2 (SP2) product CD-ROM on a server named Server2, which is on the same network segment as Server1. You run Network Monitor on Server2. However, Network Monitor captures only network traffic that is sent to and from Server2. You need to capture all network traffic that is sent to and from Server1.What should you do? A. Install the Network Monitor driver on Server1. Run Network Monitor on Server2 to capture

network traffic. B. Open Network Monitor on Server2 and create a capture filter to enable the capture of all

protocols. Run Network Monitor to capture network traffic. C. Install Network Monitor Tools on Server1. Run Network Monitor to capture network traffic. D. Open Network Monitor on Server2 and increase the capture buffer from 1 MB to 20 MB in size. Run

Network Monitor to capture network traffic.

Answer: C Question:38 You have a single network segment. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a DHCP server named Server1. Client computers receive IP addresses from Server1. You add a second network segment separated by a RFC 1542-compliant router. You need to ensure that computers in the new network segment can receive their IP configurations from Server1. You make the appropriate configuration changes on the router. What should you do on Server1? A. Create a new scope. B. On Server1, configure a static IP address for the Local Area Connection. C. On Server2, change the node type to broadcast. D. On Server1, modify the DNS server address.

Answer: D Question:39 Your network consists of a single Active Directory domain named nwtraders.com. All network servers run Windows Server 2003 Service Pack 2 (SP2). The relevant IP configuration for the network is configured as shown in the following table. DC1 contains an Active Directory-integrated zone for nwtraders.com. From Server2, you run the Ping 172.26.26.11 command and receive a request timed out error message. From Server2, you run the Ping 172.16.16.129 command and receive a reply. You need to ensure that you can join Server2 to the nwtraders.com domain. What should you do?

A. Set the IP address to 172.16.16.2. B. Set the subnet mask to 255.255.255.128. C. Set the default gateway address to 172.16.16.129. D. Set the preferred DNS server address to 172.16.16.130.

Answer: C Question:40 You are the administrator of an Active Directory domain. The network contains a Windows Server 2003 Service Pack 2 (SP2) domain controller named Server1. Users report that they experience intermittent delays when they log on to Server1. Administrators report that replication attempts between Server1 and other domain controllers are occasionally delayed. You need to verify the cause of the intermittent connection delays to Server1. You also need to find out whether the problem is related to a hardware deficiency on Server1. You need to track these delays over a period of one day. What should you do first? A. Run the netdiag /verbose command to perform a network diagnostic test on Server1. B. Run the replmon command to view the Active Directory replication status on Server1. C. Use Network Monitor to view the network traffic packet contents between Server1 and all other

computers. D. Create a System Monitor counter to track the queue lengths on the network adapter on

Server1.

Answer: D


For complete Exam 70-291 Training kits and Self-Paced Study Material

Visit:http://www.testkingprep.com/70-291.html

http://www.testkingprep.com/


http://www.testkingprep.com/



Documents

Exam 70-291 preparation questions