Вы находитесь на странице: 1из 101

CHAPTER 1

INTRODUCING
MICROSOFT WINDOWS
SERVER 2003
Note: The answers to the questions are shown as hidden text. To view hidden text in
Word, select Options from the Tools menu, and then select the Hidden Text check
box. To view hidden text in Microsoft Word Viewer, select Options from the View
menu, and then select the Hidden Text check box. To print hidden text, click Options
in the Print dialog box, and then select the Hidden Text check box.

1. How many processors does the 64-bit version of Windows Server 2003
Datacenter Edition support?
a. 4
b. 8
c. 32
d. 64
2. Which of the following is not an edition of Windows Server 2003?
a. Enterprise
b. Datacenter
c. Standard
d. Web
e. Corporate
3. What is the maximum amount of RAM supported by the 32-bit version of
Windows Server 2003 Datacenter Edition?
a. 32 GB
b. 64 GB
c. 128 GB
d. 512 GB
4. Which of the following is not an organizational element of Active Directory?
2 Managing and Maintaining a Microsoft Windows Server 2003 Environment

a. Tree
b. Organizational unit
c. Domain
d. Branch
5. Explain the purpose and function of group policies.
6. True or False: Before you create a domain controller, a DNS server must be
available on the network.
7. Why is it common practice to implement more than one domain controller per
domain?
a. So the Active Directory database can be divided among multiple systems
b. To provide fault tolerance
c. So administration of the directory can be distributed among multiple
administrators
d. So each domain controller holds records for fewer objects
8. You are installing an application that requires the Active Directory schema to be
extended. The application itself does not extend the schema, but the
documentation included with the application specifies that each user account must
have a property for the personal employer ID code. What steps would you take to
achieve this?
a. Using the Schema Extender, add an object called Employer ID Code.
b. Using the Schema Manager, add an attribute to the user account object for
Employer ID Code.
c. Using the Active Directory Schema snap-in, add an attribute to the user
account property for Employer ID Code.
d. Using the Active Directory Schema snap-in, add an object called Employer
ID Code.
9. You are setting up a new server to provide file and print services for the corporate
accounting department of your company. The accounting department has 78 users
and four printers. The server assigned to the accounting department is an eight-
processor system with 2 GB of RAM. The server used to be a corporate database
server, but a recent upgrade has made the system available. What edition of
Windows Server 2003 are you most likely to install on the server?
a. Web
b. Datacenter
c. Standard
d. Enterprise
Managing and Maintaining a Microsoft Windows Server 2003 Environment
3

10. Which of the following is a disadvantage of using answer files to automate the
installation of Windows Server 2003 on multiple systems?
a. Certain parameters in the file must be changed for each installation.
b. Only one copy of the file can be used at a time.
c. Answer files can be used only for Web Edition and Standard Edition
systems.
d. Use of an answer file requires that RIS be installed and available on the
network.
11. Explain the functions of objects and attributes in Active Directory. Provide
examples.
12. Which of the following statements about Windows Server 2003 Web Edition is
true?
a. A computer running the Web Edition can be a member of an Active
Directory domain and function as a domain controller.
b. The standard Client Access License (CAL) model does not apply to
computers running the Web Edition.
c. The Internet Connection Firewall (ICF) and Internet Connection Sharing
(ICS) features allow the Web Edition to be used as an Internet gateway.
d. A computer running the Web Edition can function as a Dynamic Host
Configuration Protocol (DHCP) server.
13. You have assigned a junior member of your team the task of producing a
specification for upgrading a mission-critical server from Windows 2000 to
Windows Server 2003. No additional budget is available for server hardware, so
one major consideration is that you cannot upgrade hardware. The existing server
is a four-processor system with 64 GB of RAM and fault-tolerant storage and
network subsystems. The junior team member has reviewed the technical specs
and requirements and has suggested that the most appropriate choice for the
server is Windows Server 2003 Datacenter Edition. What issues, if any, can you
see with this proposal?
a. None. The recommendation is appropriate.
b. The Datacenter Edition is available only preinstalled on OEM equipment. It
cannot be purchased separately.
c. The Datacenter Edition supports only 32 GB of RAM.
d. The Datacenter Edition supports only two-processor systems.
4 Managing and Maintaining a Microsoft Windows Server 2003 Environment

14. You have been asked to recommend a server for a small programming team that
develops enterprise-level data warehousing applications. The team sometimes
uses testing processes that can diminish network performance, so it will be placed
on a separate network from the rest of the organization.

To create an environment similar to the one in which the applications they


develop will be used, you intend to purchase a four-processor Intel Itanium
system with 32 GB of RAM for their exclusive use. Aside from the operating
system, you want to avoid purchasing any additional software. They will need
automatic IP address allocation, secure Internet access, and remote administration
capabilities. Which of the following solutions would you recommend?
a. Buy a system with Windows Server 2003 Datacenter Edition and enable the
Internet Connection Firewall (ICF), Internet Connection Sharing (ICS),
Dynamic Host Configuration Protocol (DHCP), and Terminal Services.
b. Buy a system with Windows Server 2003 Enterprise Edition and enable ICF,
ICS, DHCP, and Terminal Services.
c. Buy a system with Windows Server 2003 Standard Edition and enable ICS,
DHCP, and Terminal Services.
d. Buy a system with Windows Server 2003 Web Edition and enable ICS,
Domain Name System (DNS), and Terminal Services.
15. You are the systems administrator for a college with more than 700 students on a
single campus. You have two servers, one running Windows Server 2003
Enterprise Edition and the other running the Standard Edition. The college has
two libraries, one for business students and another for arts students. Both
libraries run a client management application from the Enterprise Edition server
over Terminal Services. The library manager for the arts library calls to tell you
that he is experiencing performance problems with the client management
application. You call the manager of the business library, who tells you that she
has been running a client inventory program for over an hour and has had no
performance problems.

Upon investigation, you determine that when the business library manager is
running the inventory program, the performance of the arts library application is
affected. Which of the following tools would you use to manage this issue?
a. MMS
b. ICF
c. NLB
d. WSRM
Managing and Maintaining a Microsoft Windows Server 2003 Environment
5

16. You are the network administrator for a customs brokerage in Columbus, Ohio.
You have been asked to recommend a server operating system to support your
company’s new intranet site. The server assigned for the purpose is a dual-
processor system with 512 MB of RAM. In addition to providing support for the
intranet site, the server will also act as a departmental server for the 17-person
Web development team. Which of the following editions of Windows Server 2003
are you most likely to recommend?
a. Web Edition
b. Standard Edition
c. Corporate Edition
d. Enterprise Edition
CHAPTER 2
ADMINISTERING
MICROSOFT WINDOWS
SERVER 2003
1. What TCP/IP port number is used by Terminal Services?
a. 110
b. 80
c. 3389
d. 1863
2. By default, members of which groups are assigned remote access permission?
a. Administrators and Server Operators
b. Administrators
c. Administrators and RAS Admins
d. Server Operators
3. Which of the following folders would you share out to make the Remote Desktop
Connection client software available to users?
a. Systemroot\System\Clients\Tsclient\Win32
b. Systemroot\System32\Clients\Tsclient\Win32
c. Systemroot\System32\Clients\RDP\Win32
d. Systemroot\System32\Clients\Tsclient\Winx
Managing and Maintaining a Microsoft Windows Server 2003 Environment
7

4. You are the network administrator for a large finance house. You have a user who
wants to create an invitation for you to provide him with Remote Assistance.
Which of the following is the best way for the user to supply you with the
invitation and the password for the invitation?
a. E-mail the password and attach the invitation as a file to the same e-mail.
b. Create a text file with the password in it, and attach the text file and the
invitation to an e-mail.
c. Transfer the invitation file to you via Windows Messenger, and then supply
the password in an instant message.
d. E-mail the invitation to you as an attachment, and then call you with the
password.
5. You are the senior network administrator for an insurance company in Lincoln, NE.
You want to create some customized MMC consoles for a junior administrator
who has recently joined the company. You want to prevent him from opening new
windows or accessing a portion of the console tree, and you want to allow him to
view only one window in the console. Which of the following modes would you
configure for the custom MMC console?
a. User Mode: Limited Access, Single Window
b. User Mode: Limited Access, Multiple Windows
c. User Mode: Limited Access, Single Window, No Open
d. User Mode: Full Access, Single Window
6. Under what circumstances can you use Remote Assistance to connect to an
unattended computer?
a. If you are logged in as an administrator.
b. If the password for the administrator account on the unattended computer is
the same as the password for the administrator account on your system.
c. You cannot connect to an unattended computer using Remote Assistance.
d. If you have a valid invitation issued from that computer.
7. On a computer running Windows Server 2003, which of the following procedures
would you follow to issue an invitation for Remote Assistance?
a. Select Help And Support from the Start menu to open the Help And Support
Center window, and then click the Remote Assistance hyperlink
b. Select Help And Support from the Start Menu to open the Help And Support
Center window, click the Get Help hyperlink, and then select Remote
Assistance.
c. Double-click the Help And Support applet in Control Panel to open the Help
And Support Center window, and then click the Remote Assistance hyperlink
d. Double-click the Remote Assistance applet in Control Panel to open the Help
And Support Center window, and then click the Remote Assistance hyperlink
8. Explain the function of a taskpad in MMC and how you would create one.
8 Managing and Maintaining a Microsoft Windows Server 2003 Environment

9. You are the network administrator for a property management firm with its
head office in Boulder, CO. The company has 16 offices across the United
States. Each site has a Windows Server 2003 system and 4 to 16 Windows XP
Professional client computers. Each site is linked via an ISDN line, and even
though this creates a private WAN, you are implementing firewalls at each
location to provide security.
You are designing the specifications for the firewall, and you decide to provide
Remote Assistance to users on the remote sites. You also decide to allow users to
send invitations for Remote Assistance to the technical support department in
Boulder over Windows Messenger. How would you configure the firewall to
accommodate this configuration?
a. Open ports 2289 and 1863
b. Open ports 3389 and 1863
c. Open ports 2058 and 1863
d. Open ports 3389 and 2058
CHAPTER 3
MONITORING MICROSOFT
WINDOWS SERVER 2003
1. Which of the Windows Server 2003 event logs contains information about events
generated by components such as services and device drivers?
a. Security
b. Devices
c. System
d. Application
2. Which of the following methods can be used to start the Task Manager?
a. Pressing Ctrl+Alt+Del
b. Pressing Ctrl +Alt+Esc
c. Double-clicking on the taskbar and selecting Task Manager
d. Right-clicking on My Computer and selecting Task Manager
3. What does the Server: Bytes Total/Sec Performance console counter reflect?
a. The amount of data that is being written to the page file every second
b. The amount of data that is being processed by the server service each second
c. The amount of data sent and received by the server over all of its network
interfaces
d. The amount of data being written to disk each second
4. Describe the purpose and function of a baseline.
5. In a default configuration, members of which group(s) are permitted to view
entries in the Security log?
a. Administrators, Server Operators
b. Administrators, Auditors
c. Administrators, Power Users
d. Administrators
10 Managing and Maintaining a Microsoft Windows Server 2003 Environment

6. In Task Manager, what tab allows you to view which of the current user’s
processes are running on the computer?
a. Processes
b. Users
c. Performance
d. Applications
7. If you have configured an event log retention setting of Do Not Overwrite Events
(Clear Log Manually), what happens when the maximum log file size is reached?
a. A new file is created with an EV1 extension.
b. The original file is copied to a BK1 file and a new log file is started.
c. Events are no longer written to the file.
d. Events continue to be written to the file but an alert is sent to the administrator
prompting him or her to clear the log manually.
8. Describe a memory leak and the potential results of a leak occurring on the
system.
9. True or False? If a server that you are working on has a File Replication Service
event log and a Directory Service event log, then it must be a domain controller.
10. You are concerned that an unauthorized person has been logging into the system
with a username and password from another user, but when you check the
Security log in Event Viewer there are no events of any type recorded. What
could be the cause of this problem?
a. The Security log file is full.
b. Auditing has not been enabled.
c. Only failed logon attempts are recorded in the Security log.
d. The system is not a domain controller and so logon and logoff events are not
recorded.
11. You are reconfiguring a SQL Server database application on a member server.
The reconfigurations seem to go smoothly, but after you have finished, a user
calls you to report that they are having an issue accessing certain records in the
database. In which of the following places are you most likely to look for events
related to this problem?
a. In the System log of Event Viewer
b. In the Database log of Event Viewer
c. In the Application log of Event Viewer
d. In the Security log of Event Viewer
Managing and Maintaining a Microsoft Windows Server 2003 Environment
11

12. In Event Viewer, you are configuring a filter that will display events that describe
the successful operation of an application, driver, or service, and events that relate
to significant problems, such as loss of data or loss of functionality. Which of the
following events would you include in the filter?
a. Information, Warning
b. Warning, Error
c. Error, Information
d. Success, Error
13. Explain the difference between real-time and logged monitoring, and the
circumstances under which each type of logging is useful.
14. You are troubleshooting a problem with a Windows Server 2003 system whereby
users cannot connect to the server. The server itself appears to be running, but you
notice that there is no link light on the port of the hub into which the server is
connected. As a result, you suspect that the network card in the server may have
failed. Where would you look to see events related to the network card?
a. The Network log of Event Viewer
b. The System log of Event Viewer
c. The Application log of Event Viewer
d. The Security log of Event Viewer
15. You are working on a Windows Server 2003 system that has just been installed by
another administrator. The administrator completed the installation but did not
make any configuration changes following the installation. While checking the
maximum log sizes in Event Viewer, you notice that the maximum size of the
Security log is 16 MB. What does this tell you about the system?
a. That Auditing has been enabled
b. That the system is running either the DNS or DHCP service
c. That the system is a domain controller
d. That the system is not a domain controller
16. You have configured the Security log so that it must be cleared manually. One
day, while reviewing the log prior to archiving, you notice that there were a large
number of unsuccessful object accesses the previous night. You decide to save the
file so that it can be examined in Event Viewer by another administrator. Which
of the following file type(s) would you save the file as?
a. .evt, .txt
b. .evt
c. .evt, .txt, .csv
d. .evt, .csv
12 Managing and Maintaining a Microsoft Windows Server 2003 Environment

17. You are the network administrator for a car dealership in Lexington, KY. You
have a single Windows Server 2003 system that is a domain controller, a DHCP
and DNS server, a file and print server, and the company e-mail server. The
server also hosts the company dealership database and sales and parts order
processing system. Early one morning, a user calls to report that the server
appears to be running very slowly. Using System Monitor, you examine some of
the performance counters for the server and make the following observations:
Server Work Queues: Queue Length = 9
Memory: Page Faults/Sec = 3
PhysicalDisk: % Disk Time = 45
Network Interface: Output Queue Length = 1
Which of the following system components are you most likely to examine for a
problem?
a. Processor
b. Memory
c. Network Interfaces
d. Hard Disk
18. You are the network administrator for a publishing company in Portland, OR. The
network is comprised of 4 Windows Server 2003 systems and 122 workstation
systems, which are a mix of Windows XP Professional and Windows 2000
Professional systems. One morning, a user calls to report that the server seems very
slow. No changes to the server configuration have been made recently, but the user
reports that they are performing a daily database re-index. Upon inspection, you notice
that the PhysicalDisk: % Disk Time counter is 92 percent. Which of the following
would you do next?
a. Install a larger hard disk.
b. Install a faster hard disk.
c. Examine memory-related counters.
d. Replace standalone drives with a RAID array.
19. You are one of three network administrators for a chain of garden centers, with 16
locations across the southwestern United States. All three administrators are based
at the head office in Scottsdale, AZ. Each garden center has its own Windows
Server 2003 system. The servers are all configured identically, and host the same
point-of-sale application. The servers are all linked back to the head office by a
high speed T-1 WAN link.
One morning, you get a call from a user in one of the garden centers complaining
that the point-of-sale application is running very slowly. You meet with the other
administrators to determine a strategy for identifying the issue with the server.
One of the other administrators in the team suggests that you can use Task
Manager to view the performance statistics for the systems, while another
suggests that System Monitor would be a better choice. In this scenario, which of
the following is a reason why Task Manager might not work as well as System
Monitor in monitoring system resource usage?
Managing and Maintaining a Microsoft Windows Server 2003 Environment
13

a. Task Manager cannot be used to monitor processor usage.


b. Task Manager cannot be used to monitor network usage.
c. Task Manager cannot be used to monitor a remote system.
d. Task Manager cannot be used to monitor memory usage.
20. You are the network administrator for a glass manufacturer in Pittsburgh, PA. The
network consists of two Windows Server 2003 systems. Each server is an older
dual processor system with 768 MB of RAM. For some time now you have been
considering hardware upgrades for the servers, but budgets are tight.
Both servers are domain controllers. One server hosts DHCP and DNS server
services, and is a file and print server and the company e-mail server. The other
server hosts the company sales database and order processing system. As part of
your morning routine, you use System Monitor to view some of the performance
counters for the server and make the following observations:
Server Work Queues: Queue Length = 1
Memory: Available Bytes = 3,623,676
Memory: Page Faults/Sec = 3
Network Interface: Output Queue Length = 0
LogicalDisk: % Free Space = 47
What, if anything, might you look into in terms of upgrading the server?
a. Install a faster processor.
b. Install more memory.
c. Install a larger hard disk.
d. Replace the memory.
14 Managing and Maintaining a Microsoft Windows Server 2003 Environment

21. You are the network administrator for a real estate company in Chicago, IL. You
have a single Windows Server 2003 system that acts as domain controller and file
and print server and also hosts an intranet-based workgroup application. You back
up the system each night at 11:00 P.M. Normally the back up takes less than two
hours, but for the past two days the backup has still been running when you have
gotten into the office at 8:00 A.M. While talking to the technical support
representative from the backup software provider, they suggest that it could be
one of a number of problems. In order to determine what the problem is they ask
you to record information about the number of times per second that the code or
data needed for processing is not found in memory while the backup job is
running. They caution you, however, that you should only record the information
while the backup job is running. Recording the information during the day could
severely impact performance of the server. Which of the following would you do
to achieve this?
a. Configure a Trace log to run between 11:00 P.M. and 6:00 A.M. and record
Page Faults.
b. Configure Task Manager to log memory information to a file between
11:00 P.M. and 6 A.M.
c. Configure System Monitor to display information in histogram view between
2 and 4 A.M.
d. Configure a Trace log to run between 2 and 4 A.M. and record Memory Errors.
22. You are the network administrator for an outdoor equipment wholesaler in
Detroit, MI. You have three locations. One is the head office from which the
ordering and distribution is handled. The other two locations are retail outlets—
one in a retail park on the edge of the city and another in a downtown location.
Each of the retail outlets has its own Windows Server 2003 system in its own
domain. The retail park location has a new server with 1 GB of RAM and four
processors. The downtown store has an older server with 512 MB of RAM and
two processors that has been installed for some time and was originally a
Windows 2000 Server system. Staff in the downtown store have been
complaining that ever since a new point-of-sale application was installed the
server seems very slow. The retail park location is not having any problems.
Using System Monitor, you monitor the server in the retail park location and the
downtown location at the same time. You monitor counters related to processor,
memory, disk, and network on each of the servers. Of all the counters you
monitor, you notice that the Server: Bytes Total/Sec counter for the downtown
location is very high, while the other counters are very similar between servers.
Which of the following strategies might you use to cure this issue?
a. Install a faster processor.
b. Install a faster network adapter.
c. Install more memory.
d. Move the application to another server.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
15

23. You are the network administrator for a property development company in Salt
Lake City, UT. You have a single Windows Server 2003 system that is a domain
controller, a DHCP and DNS server, a file and print server, and the company e-
mail server. The server also hosts a document management system. One
Wednesday afternoon, without warning, the server crashes. You reboot the server
and it comes up without a problem. You examine the system performance through
System Monitor, but everything seems in order.
Two weeks later, the server crashes again. As before, you reboot the server and it
comes up without any errors. Immediately after the restart, you use System Monitor
and observe the following counters and values.
Server Work Queues: Queue Length = 2
Memory: Page Faults/Sec = 2
Memory: Pages/Sec = 7
Memory: Available Bytes = 452,332,145
PhysicalDisk: % Disk Time = 34
Network Interface: Output Queue Length = 1
Two days later, you monitor the same counter statistics and note the following:
Server Work Queues: Queue Length = 1
Memory: Page Faults/Sec = 3
Memory: Pages/Sec = 11
Memory: Available Bytes = 124,342,841
PhysicalDisk: % Disk Time = 43
Network Interface: Output Queue Length = 0
Which of the following strategies are you likely to take with the server?
a. Move an application off of the server and on to another server.
b. Examine memory usage for each application on the server.
c. Upgrade the network card from a 10 Mbps card to a 100 Mbps card.
d. Nothing. The counter statistics do not indicate any issues.
24. You are the network administrator for an electrical goods importer in Brandon,
FL. You have a single Windows Server 2003 system that is a domain controller, a
DHCP and DNS server, a file and print server, and the company e-mail server.
The server also hosts the inventory database and sales order processing system.
Early one morning, a user calls to report that the server appears to be running very
slowly. Using System Monitor, you examine some of the performance counters
for the server and make the following observations:
Server Work Queues: Queue Length = 2
Memory: Page Faults/Sec = 9
Memory: Pages/Sec = 35
PhysicalDisk: % Disk Time = 5
Network Interface: Output Queue Length = 1
16 Managing and Maintaining a Microsoft Windows Server 2003 Environment

Which of the following are you most likely to do to cure the problem?
a. Replace the memory.
b. Install more memory.
c. Install a faster network interface.
d. Install a larger hard disk.
CHAPTER 4
BACKING UP AND
RESTORING DATA
1. What is the maximum uncompressed capacity of a digital audio tape (DAT)
cartridge?
a. 10 MB
b. 20 MB
c. 20 GB
d. 30 GB
2. Which of the following is not a recognized type of backup?
a. Incremental
b. Differential
c. Supplemental
d. Full
3. Which of the following media has the largest data storage capacity?
a. Zip cartridge
b. CD
c. DVD
d. Jaz cartridge
4. On a Windows Server 2003 system, where do you enable the volume shadow
copy feature?
a. In Local Disk, Properties, Advanced tab
b. In Volume Shadow tab of My Computer
c. In Control Panel, Volume Shadow applet
d. In Local Disk, Properties, Shadow Copies tab
18 Managing and Maintaining a Microsoft Windows Server 2003 Environment

5. Why is hardware data compression for backups preferred over software data
compression?
a. Hardware compression is more accurate than software compression.
b. Hardware compression can be used with any type of backup, including
differential.
c. Hardware compression occurs on the tape drive and does not burden the
system processor.
d. Hardware compression can gain much higher compression ratios than
software compression.
6. Using a typical Grandfather-Father-Son tape rotation scheme, how often do you
normally use the father tape?
a. Once a day
b. Once a week
c. Once a month
d. Once a year
7. What utility do you use to mark specific Active Directory objects as authoritative?
a. ADutil.exe
b. Auth.exe
c. DSAuth.exe
d. Ntdsutil.exe
8. Which of the following backup types does not alter the archive bit on a newly
created file?
a. Full
b. Incremental
c. Symmetrical
d. Differential
9. Which of the following statements describes how to see earlier versions of a file
on a volume that has volume shadow copy enabled?
a. In the Properties dialog box for the drive, select the Shadow Copy tab.
b. In the Properties dialog box for a file in a shadowed volume, select the
Shadow Copy tab.
c. In the Properties dialog box for a file in a shadowed volume, select the
Previous Versions tab.
d. In the System Properties dialog box, select the Previous Versions tab.
10. If you do a full backup to a single tape on a Friday night and then an incremental
backup to a single tape on all other days of the week (including the weekend), if a
system failure occurs, what is the maximum number of tapes required to perform
a full restore?
a. 1
Managing and Maintaining a Microsoft Windows Server 2003 Environment
19

b. 2
c. 7
d. 8
11. True or False: In an authoritative restore of Active Directory, the objects in the
Active Directory database are restored with updated sequence numbers that prevent
them from being overwritten during the next replication pass.
12. While discussing the development of a new backup strategy for your company, a
colleague uses the term target. What is she referring to?
a. The system hosting the tape drive
b. The backup device
c. The data object to be backed up
d. The media in the backup device
13. Explain the purpose and function of the archive bit in relation to backing up data.
14. When you configure volume shadow copy, which of the following parameters
cannot be configured?
a. Which folders on the drive should be included in the volume shadow copy.
b. The drives that should be included in the volume shadow copy.
c. The maximum size of the storage area for shadowed files.
d. The frequency with which shadow copies should be made.
15. After a system failure, you restart the system in Directory Services Restore Mode
to restore Active Directory from a backup. You are prompted for a username and
password, so you enter the username and password for the Administrator account,
but you are unable to log on. You used the Administrator account the previous day,
and the password has not been changed since then. What is the most likely cause
of the problem?
a. You must use the first password ever associated with the Administrator
account.
b. You must use the username DSRESTORE and the Administrator account
password to enter Directory Services Restore Mode.
c. You must use the restore mode password for the Administrator account that
you specified when you installed Active Directory.
d. You must use an account other than Administrator that is a member of the
Domain Admins group to enter Directory Services Restore Mode.
20 Managing and Maintaining a Microsoft Windows Server 2003 Environment

16. If you do a full backup to a single tape on a Friday night and then an incremental
backup to a single tape on all other days of the week (including the weekend), and
a system failure occurs on Monday morning, how many tapes are required to
perform a full restore?
a. 1
b. 3
c. 7
d. 8
17. If you are performing a full backup each Friday to a single tape and a differential
backup to a single tape on all other days of the week (including the weekend),
what is the minimum number of tapes required to accommodate seven days worth
of backups?
a. 2
b. 7
c. 8
d. 9
18. How does using the volume shadow copy feature of Windows Server 2003 help
system administrators?
a. It reduces the need to perform backups.
b. It allows multiple copies of a file to be written to different locations at the
same time.
c. It reduces the amount of time that it takes to perform a backup.
d. It reduces the need to restore individual files from backup.
19. You are configuring a Windows XP client to use the volume shadow copy feature
of Windows Server 2003. From which of the following locations do you install the
volume shadow copy client?
a. Systemroot\System32\Clients\VSCclient
b. Systemroot\System\Clients\VSCclient
c. Systemroot\System\Clients\Twclient
d. Systemroot\System32\Clients\Twclient
20. True or False: There is always less data included in an incremental backup than a
full backup.
21. Explain what happens when you run the Automated System Recovery Preparation
Wizard.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
21

22. You are the network administrator for a chemical wholesaler in Spokane,
Washington. You have a single Windows Server 2003 system with three disk
drives. One drive holds the system and boot partition, the second drive is used for
file storage, and the third drive is used to store the order processing system and
sales database. You back up the system with a full backup each Friday, and you
do an incremental backup on all other weekdays at 7 P.M. One of your suppliers
sends you electronic copies of its new product catalogs, along with ordering codes. In
all, there are 50 files named Cat1 through Cat50.
You create a new folder called Catalogs on the second drive in the server and
copy the 50 catalog files into that folder, and then you immediately create a
differential backup of the entire drive and store the tape for archive purposes.
That night, you perform an incremental backup of the drive as part of your
standard backup cycle. What, if anything, will happen during the incremental
backup?
a. The files in the Catalogs folder will be backed up, and the archive bit will be
changed from 1 to 0.
b. The files in the Catalogs folder will be backed up, and the archive bit will be
set to 1.
c. The files in the Catalogs folder will not be backed up, but the archive bit will
be set to 1 so that those files will be backed up the following day.
d. The files in the Catalog folder will not be backed up because after you
copied them to the folder you did not modify them.
23. You are the network administrator for a large architectural firm in New York.
The network comprises three Windows Server 2003 systems and 64 Windows XP
Professional systems. The server has four drives installed. One is used to hold the
boot and system partitions, and the other three are used for holding data. The data
drives are called DATA1, DATA2, and DATA3. Each drive is a 40 GB SCSI drive.
The DATA1 drive is 30 percent full, the DATA2 drive is 45 percent full, and the
DATA3 drive is 65 percent full.
The backup schedule consists of a full backup of each drive every Friday, and
then an incremental backup of each drive at 9 P.M. on all other days of the week.
On Thursday morning, the DATA2 drive fails completely. No replacement drive
is immediately available, so you decide that the best course of action is to restore
the data to one of the other drives. Which of the following procedures do you
follow to do this?
a. Restore the full backup from Friday to DATA1, and then restore the
incremental backups from Monday, Tuesday, and Wednesday to DATA3.
b. Restore the full backup from Friday to DATA3, and then restore the
incremental backups from Monday, Tuesday, and Wednesday to DATA3.
c. Restore the full backups from Friday to DATA1, and then restore the
incremental backup from Wednesday, then Tuesday, then Monday to DATA1.
d. Restore the full backup from Friday to DATA1, and then restore the
incremental backups from Monday, Tuesday, and Wednesday to DATA1.
22 Managing and Maintaining a Microsoft Windows Server 2003 Environment

24. You are the network administrator for a water purification company in Rhode
Island. The network consists of three Windows Server 2003 systems, with 45
Windows XP Professional client systems and 30 Windows 2000 Professional
client systems. Two of the servers are used as domain controllers. The other
server is a member server that hosts the corporate e-mail system and a sales
database. Each server has two hard disks in it, one for the system and boot
partition and another for data.
You restructure the data on the data drive of your member server, and then you
perform a copy backup job using Windows Server 2003 Backup so you can store
a copy of the data offsite. After the backup is complete, no other changes are
made to the files on that drive, but a number of new files are created. That night,
you run an incremental backup as part of your standard backup schedule. Which
files will be included in the incremental backup?
a. All files that were created since the copy backup job, but no other files.
b. All files that were modified or created since the last incremental or full
backup.
c. All files that were modified or created since the last differential backup.
d. None. All files that have changed will have already been backed up by the
copy backup job.
25. You are the network administrator for a bank in San Diego. The network consists
of two Windows Server 2003 systems and 55 Windows XP Professional
systems. Both servers are domain controllers. One server hosts applications,
including Microsoft Exchange and Microsoft SQL Server, and the other server is
dedicated to hosting the bank’s customer service database. The database is used to
store requests from customers, such as changes of address and requests for
information about banking products. Each server has two hard disks in it, one for
the system and boot partition and another for data.
Your backup cycle for each server includes a full backup every Friday and an
incremental backup on all other days of the week. Another administrator suggests
that you do a differential backup on Tuesday so the maximum number of tapes
needed for a complete restore would be four. What issues, if any, can you see with
this solution?
a. None. The proposed solution is appropriate and valid.
b. The solution offers no benefits.
c. You cannot mix incremental and differential backups in this way.
d. The differential backup would not back up any data.
26. You are the network administrator for a fruit wholesaler in Orlando, Florida. The
network consists of three Windows Server 2003 systems and 110 Windows 2000
Professional systems. All three servers are used as domain controllers. One server
also acts as a file and print server, and it hosts Dynamic Host Configuration
Protocol (DHCP) and Domain Name System (DNS) server services. One of the
other servers is dedicated to hosting the company’s order processing system. The
order processing system database is stored on a single drive. Last week, at 6:30 P.M.,
the drive holding the order processing system failed. Even though you had a
new drive installed and a restore from the previous night’s full backup completed
Managing and Maintaining a Microsoft Windows Server 2003 Environment
23

within an hour, the manager of the sales department was still disappointed
because an entire day’s worth of orders was lost. As a result, that manager wants
to start taking backups in the middle of the day so the maximum amount of work
he can lose is a half day rather than a whole day.
The size of the order processing system is fairly static, at around 25 GB. The
manager gives you a 30-minute backup window between 12:30 and 1:00 P.M .
when you can have exclusive access to the database to complete a backup. He
gives
you the necessary budget to buy a new drive to accommodate this request. Which
of the following drive types would you implement?
a. Jaz
b. DVD
c. QIC
d. 8 mm
27. You are the network administrator for an electrical wholesaler in Bloomington,
Indiana. You have a single Windows Server 2003 system with three disk drives.
One drive holds the system and boot partition, the second is used for file storage,
and the third is used to store the customer database. You do a full backup each
Friday and a differential backup on all other weekdays at 9 P.M.
On Wednesday at 11 A.M., the drive holding the customer database fails. You
replace the drive immediately with a spare drive. How would you go about
restoring the data?
a. Obtain the full backup from Friday and then the differential backup from
Tuesday. Restore the full backup, and then restore the differential backup.
b. Obtain the full backup from Friday and then the differential backup from
Tuesday. Restore the differential backup, and then restore the full backup.
c. Obtain the full backup from Friday and then the differential backups from
Monday and Tuesday. Restore the full backup, and then restore the differential
backups from Monday and then Tuesday.
d. Obtain the full backup from Friday and then the differential backups from
Monday and Tuesday. Restore the differential backups from Monday and
then Tuesday. Finally, restore the full backup from Friday.
24 Managing and Maintaining a Microsoft Windows Server 2003 Environment

28. You are the network administrator for a telecommunications company in Rochester,
New York. The network consists of two Windows Server 2003 systems and 57
Windows XP Professional systems. Both servers are used as domain controllers.
One server hosts DHCP and DNS server services. It is also used as a file and print
server. The other server hosts a large SQL database. Each server has two hard
disks in it, one for the system and boot partition and another for data.
The backup cycle for each server comprises a full backup each Tuesday at 7 P.M.
and a differential backup on all other days of the week at 9 P.M. You are backing
up to a digital audio tape (DAT) drive. The backups have been operating flawlessly
for some time, but one Tuesday you notice that the backup of the drive holding
the SQL database has stopped and requested another tape. Upon investigation,
you determine that the SQL database has grown to 22 GB in size. Which of
the following strategies is the most cost-effective way to cure the problem?
a. Purchase another DAT drive and split the backup job so that it writes to more
than one device.
b. Enable compression so twice as much data can be backed up to a single
DAT tape.
c. Perform an incremental backup on Tuesdays so less data is backed up.
d. Implement a higher-capacity backup system so all the data will fit on a
single tape.
29. You are the network administrator for an electronics manufacturer in Springfield,
Ohio. The network consists of four Windows Server 2003 systems and 262
Windows XP Professional systems. One server is assigned to each of four
departments—sales, manufacturing, administration, and distribution. Each server
has two hard disks in it, one for the system and boot partition and another for data.
The Active Directory structure consists of a single domain. The backup cycle for
each server comprises a full backup each Wednesday at 7 P.M. and an incremental
backup on all other days of the week at 7 P.M. You are using high-speed backup
devices, and the backups finish within an hour.
On Tuesday, a user from the manufacturing department calls to report that he
overwrote a file the previous day at 2:30 P.M. The file was created on Thursday at
11:30 P.M. and modified on Saturday at 4:15 P.M. That was the last modification to
the user’s file before be overwrote it. Which of the following procedures would you
follow to restore the earlier version of the user’s file?
a. Restore the file from the incremental backup from Thursday, and then restore
the file from the incremental backup from Sunday.
b. Restore the file from the incremental backup from Thursday, and then restore
the file from the incremental backup from Saturday.
c. Restore the file from the incremental backup from Saturday.
d. Restore the file from the incremental backup from Sunday.
CHAPTER 5
MAINTAINING THE
OPERATING SYSTEM
1. What switch do you use with the Update.exe tool to get a list of all hotfixes
installed on the computer?
a. /H
b. /L
c. /F
d. /N
2. On a client system, where do you look to find out what updates have been applied
to the system via Windows Update or SUS?
a. systemroot\Sus.log
b. systemroot\Winupd.log
c. systemroot\Windows Update.log
d. systemroot\Update.log
3. What happens if the hotfix you are installing is older than the system’s currently
installed service pack?
a. You are asked whether you want to revert to the pre–service pack version of
the files that are affected by the hotfix.
b. The installation halts.
c. You are given the option to continue or abort the installation.
d. The hotfix is applied over the service pack.
4. Which of the following editions of Windows Server 2003 does not require a CAL
to connect to it?
a. Datacenter
b. Standard
c. Web
d. Terminal Services
26 Managing and Maintaining a Microsoft Windows Server 2003 Environment

5. Which of the following license conversion processes is permitted by Windows


Server 2003?
a. Per Server to Per Device or Per User
b. Per User to Per Device or Per Server
c. Per Device or Per User to Per Server
d. Per Device to Per User or Per Server
6. Which of the following tools do you use to determine which server is the license
server for a site?
a. Active Directory Site Licensing
b. Active Directory Sites And Services
c. Active Directory Licensing And Resources
d. Active Directory Users And Computers
7. Where do you go to manage licensing requirements for a single computer running
Windows Server 2003?
a. Control Panel, System, Licensing
b. Control Panel, Computer Management, Licensing
c. Administrative Tools, Computer Management, Licensing
d. Control Panel, Licensing
8. Which of the following utilities do you use to install multiple hotfixes one after the
other without restarting the computer after each one?
a. Hfchain.exe
b. Update.exe
c. Qchain.exe
d. MBSA
9. Explain the difference between a hotfix and a service pack.
10. You are creating a batch file for users so they can easily apply service packs. You
configure the batch file with Update.exe using the /F switch. What happens when
the user runs the batch file?
a. The update command runs and checks to see whether the user has
administrative privileges. If so, the service pack installation runs. If not,
the installation fails.
b. The update command runs, but the user is prompted for a user account with
administrative privileges to perform the update.
c. The service pack is installed, but the installation program closes all open
applications without saving data when it restarts the computer after the
installation is completed.
d. The service pack is installed, but the installation program is prevented from
restarting the computer after the installation is completed.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
27

11. You are concerned about the security configuration of your server. You decide to
run MBSA. Which of the following does not happen when you run MBSA?
a. It reports whether you are using NTFS on all drives in the server.
b. It reports whether the password for the Administrator account is too short.
c. Any account that has excessive rights and no password is locked.
d. It reports whether the server is configured to use the Autologon feature.
12. True or False: To use SUS, clients must be running Windows Server 2003,
Windows 2000, or Windows XP.
13. While configuring SUS, you are unable to modify settings in the Set Options page
of the administration Web site. Which of the following troubleshooting steps
should you perform first?
a. Restart the synchronization service
b. Restart IIS
c. Restart the server
d. Reload the memory cache
14. You are the network administrator for a sporting goods wholesaler in Dallas,
Texas. You are experiencing a problem with one of your Windows Server 2003
systems. You have constructed a test system in an effort to identify and remedy
the problem. During your research, you find a newsgroup discussion about the
exact problem you are having. The newsgroup posting tells you to download the
hotfix discussed in Knowledge Base article 823980. Which of the following files
do you look for to download?
a. WS2003-KB823980-x86-ENU.exe
b. WindowsServer2003-823980-x86-ENU.exe
c. WindowsServer2003-KB823980-x86-ENU.exe
d. WindowsServer2003-KB823980-x86-FRA.exe
15. You are the network administrator for a company with 275 Windows XP
Professional systems. Why would you not want to use Windows Update?
a. Windows Update is supported only by server platforms, not by client
operating systems such as Windows XP Professional.
b. Individually downloading software updates for each system would consume
too much bandwidth.
c. Windows XP Professional requires a Windows Update license that would
cost a lot for 275 computers.
d. Software updates are more easily available through the Microsoft CD-based
update subscription service.
28 Managing and Maintaining a Microsoft Windows Server 2003 Environment

16. On September 24, 2003, you applied a hotfix to your Windows 2000 Service
Pack 3 system. The hotfix is covered in Knowledge Base article 306547. Which
of the following folders is used to store the files backed up by the hotfix?
a. $NtUninstallKB092403$
b. $NtUninstallKB306547$
c. $NtUninstallKB2K3SP3$
d. There is no way to determine this from the information provided.
17. You want to assign the site license server role to another server, and you want to
retain the licensing history for your enterprise. Which of the following files are
you not required to copy to the new license server immediately after you transfer
the role?
a. Systemroot\System32\Cpl.cfg
b. Systemroot\Lls\Llsuser.lls
c. Systemroot\Lls\Llsmap.lls
d. Systemroot\Lls\Llsdevice.lls
18. Which of the following components is not installed as part of the Microsoft
Software Update Services Setup Wizard?
a. The Software Update Synchronization Service
b. An IIS Web site that services update requests from Automatic Updates
clients
c. An SUS administration Web page
d. An SUS Event Viewer Log
19. Explain how SUS works and the benefits it provides.
20. If you select the Automatically Download The Updates, And Install Them On The
Schedule That I Specify option in the Automatic Updates tab, what happens if
the administrator is logged on to the system at the scheduled time? Also explain
what happens if a nonadministrator user account is logged on to the system and
what happens if no one is logged on to the system at all.
21. You want to use Update.exe to install a new service pack on your system, but you
want to have the backup files for the update stored in a folder named newspackbackup
rather than the default folder. Which of the following commands do you execute?
a. Update /D:newspackbackup
b. Update /F:newspackbackup
c. Update /D:nodefault /F:newspackbackup
d. Update /ND /D:newspackbackup
Managing and Maintaining a Microsoft Windows Server 2003 Environment
29

22. You are the network administrator for a large clothing manufacturer in Fort
Worth, Texas. The company has three departments, each of which has its own
network administrator and a Windows Server 2003, Standard Edition server. In
total, there are more than 400 Windows XP Professional workstations. You
decide to implement a SUS server for each department to ease the deployment of
software updates. You nominate one of the servers to become the parent SUS
server and implement a loose parent/child topology for the SUS servers. Which of
the following is true of this configuration?
a. The Administrator in each department has control over which updates are
downloaded from Microsoft.
b. The Administrator in each department has control over the approval of
updates.
c. Each server synchronizes its content with the Windows Update site and
manages its own list of approved updates.
d. Each server synchronizes its content with the Windows Update site and
administrators have control over the approval of updates.
23. You are the network administrator for a bank in Denver, Colorado, with 65 employees.
You have two Windows Server 2003 servers. One server uses Windows Server
2003, Standard Edition and hosts the corporate banking application. The other
uses Windows Server 2003, Web Edition and hosts the corporate intranet
application. Each employee has a workstation or laptop computer. Seven printers
are hosted by the Windows Server 2003, Standard Edition server, and three
workstations are in the lobby so customers can access the corporate intranet. You
are using Per Server licensing. How many CALs are required on the Windows
Server 2003, Standard Edition server to support the maximum number of
concurrent connections?
a. 65
b. 68
c. 72
d. 75
24. You have recently assumed the role of network administrator for the head office
of a department store chain. Last week you upgraded a number of servers from
Windows 2000 Server to Windows Server 2003, Enterprise Edition. You are
concerned about the security configuration of your server and decide to run
MBSA to look for security weaknesses.
Documentation from the previous administrator shows that he performed security
checks using the Hfnetchk.exe utility. He also created a script for performing
security checks. How do you perform a security check using his script?
a. Use Mbsa.exe with the /hf switch.
b. Use Mbsacli.exe with the /hf switch.
c. Use Hfnetchk.exe with the MBSA switch.
d. Rewrite the script file using MBSA command options.
30 Managing and Maintaining a Microsoft Windows Server 2003 Environment

25. You are the network administrator for an insurance company in Wichita, Kansas,
with 160 employees. You have three Windows Server 2003, Standard Edition
servers. One server is a domain controller and is also used to host file and print,
DNS, and DHCP services. The second server is also a domain controller and hosts
the company’s client database. The third server hosts a database that is used by
the Fraud Investigation department. The database is highly confidential and is
accessed by only the seven employees in that department. Each company
employee has a single workstation or laptop computer. The company uses 16
printers. You are using Per Device or Per User licensing. How many CALs do you
require?
a. 3
b. 153
c. 160
d. 176
26. You are the network administrator for a graphic design studio. You have two
servers running Windows Server 2003, Standard Edition. Last week you installed
a newly released service pack on the server. You are experiencing some problems
with RRAS and investigate the problem on the Microsoft Web site. You find a
Knowledge Base article, dated a month ago, that offers a solution to your problem
by installing the service pack prior to the one you just installed. What should you
do?
a. Install the older service pack, and then reapply the newer service pack.
b. Uninstall the newer service pack, reapply the older service pack, and then
reapply the newer one.
c. Install the older service pack.
d. Nothing. Keep looking for more information.
27. You are a network administrator for a publishing company. You have two Windows
Server 2003 systems. Both servers are domain controllers. One server acts as a
file and print server and also hosts the corporate document management system.
The other server hosts the corporate accounting system and IIS. Last week you
downloaded and installed a new service pack on both servers. For fault-tolerance
reasons, you want to configure the second server as a DHCP server. Which of the
following approaches ensures that the files related to DHCP are the latest
versions?
a. Run the Netinst utility from the service pack directory to make sure you
install the latest version of the files.
b. Download a new installer from the Microsoft Web site that has the latest
version of the files for that service.
c. Install the DHCP service through Add Or Remove Programs.
d. Install the DHCP service through Add Or Remove Programs, and then
reapply the service pack.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
31

28. You are the network administrator for a telemarketing call center in Indianapolis,
Indiana, with 220 employees. You have two Windows Server 2003 servers. One
uses Windows Server 2003, Standard Edition and hosts the corporate database
application. It also acts as a file and print server and hosts DHCP and DNS server
services. The other server is also a Windows Server 2003, Enterprise Edition
system and hosts the customer service database and accounting application. The
Administration and Management department has 40 users, each with a client
workstation or laptop. The other users are call center operators who work in a
three-shift rotation, sharing PCs. You are using Per Device or Per User licensing.
How many CALs are required?
a. 40
b. 60
c. 100
d. 220
29. You are the network administrator for a large clothing manufacturer with its head
office in Freehold, New Jersey. The company has three other offices (in Detroit,
San Diego, and Lincoln, Nebraska) that are linked to one another via a T-1 leased
line. Each site has a Windows Server 2003, Standard Edition system. All client
computers across the organization run Windows XP Professional. You have
implemented a strict parent/child topology for SUS, with the server in Freehold as
the parent server. What happens when new software updates are available?
a. The updates are downloaded to the server in Freehold and then copied
automatically to each server in the other offices. Administrators in each
location can determine which software updates are approved.
b. The updates are downloaded to the server in Freehold and then copied
automatically to each server in the other offices. Administrators in Detroit,
San Diego, and Lincoln have no control over which software updates are
approved.
c. The updates are downloaded directly from the Windows Update site to each
server on the network, but only the updates approved by the administrator in
Freehold are available to clients.
d. The updates are downloaded to each server on the network. Administrators
in each location can determine which software updates are approved.
30. You are the network administrator for a large distribution company in Maine. The
company has three offices that are linked to one another via a T-1 leased line.
Each site has a Windows Server 2003, Standard Edition system. All client
computers across the organization run Windows XP Professional. Because each
office has fewer than 20 employees, Internet access to each office is provided via
a DSL link.
You have been tracking and installing updates to client systems manually, but the
administrative burden is too great, so you want to enable Windows Update. Your
manager likes the idea but is concerned that the additional burden on the relatively
slow Internet links could cause problems with accessing supplier ordering
systems, which happens via the Internet. He is also concerned that users’
32 Managing and Maintaining a Microsoft Windows Server 2003 Environment

productivity will be affected by the installation of updates. Which automatic update


option addresses his concerns?
a. Download The Updates Automatically And Notify Me When They Are
Ready To Be Installed
b. Automatically Download The Updates, And Install Them On The Schedule
That I Specify
c. Notify Me Before Downloading Any Updates And Notify Me Again Before
Installing Them On My Computer
d. Automatically Download The Updates, And Install Them When Ready
31. You are the network administrator for an advertising company in San Francisco.
Since you installed a new Windows Server 2003, Enterprise Edition server,
remote dial-in users have had problems connecting to the system. Upon
investigation, you determine that three hotfixes are available that directly relate to
the problem. You have two other Windows Server 2003, Enterprise Edition
servers and six Windows Server 2003, Standard Edition servers that are not
experiencing any problems. Which of the following do you do?
a. Install the hotfixes on the Enterprise Edition server that is experiencing the
problem.
b. Install the hotfixes on all Enterprise Edition servers, regardless of whether
they are experiencing problems.
c. Install the hotfix on the Enterprise Edition server that is experiencing the
problem. If the problem is cured, install the hotfix on all other Enterprise
Edition servers.
d. Install the hotfix on all the servers in the enterprise.
32. You are the network administrator for a manufacturing company in Phoenix,
Arizona, with 450 employees. One hundred employees are in the Administration,
Management, and Development departments. The remainder are production line
workers. The company has two Windows Server 2003 systems. One server is a
Windows Server 2003, Standard Edition system and hosts the corporate
accounting application and sales database. The other is a Windows Server 2003,
Web Edition server that hosts the corporate intranet application.
Employees in the Administration, Management, and Development departments
each use a single workstation or laptop computer. Five printers are hosted by the
Windows Server 2003, Standard Edition server. Another 25 workstations are in
the cafeteria, for use by the production workers to access the corporate intranet.
The users in other departments can also access the corporate intranet from their
own computers. You are using Per Server licensing. How many CALs are
required on the Windows Server 2003, Web Edition server?
a. 0
b. 25
c. 350
d. 450
CHAPTER 6
WORKING WITH USER
ACCOUNTS
1. In Active Directory Users And Computers, where do you configure logon time
restrictions for a user?
a. The Logon Hours page of the user account properties
b. The General Page of the user account properties
c. The Sessions page of the user account properties
d. The Account page of the user account properties
2. What term describes a type of user profile that the user can change but that does
not save those changes when the user logs off?
a. Fixed
b. Roaming
c. Mandatory
d. Static
3. Explain the purpose of the Minimum Password Age policy setting in the Password
Policy.
4. Which of the following utilities can you use to modify an existing object in Active
Directory?
a. Dsmod.exe
b. Csvde.exe
c. Dsadd.exe
d. Adobjedit.exe
5. Which of the following properties cannot be configured for multiple users at a
single time?
a. Terminal Services session settings
b. Address
c. Logon Hours
d. E-mail address
34 Managing and Maintaining a Microsoft Windows Server 2003 Environment

6. A user calls to report that his account has been locked after he entered the incorrect
password four times. Which tab of the user’s account properties do you go to
unlock his account?
a. Account
b. General
c. Sessions
d. User
7. Which of the following client operating systems requires additional client
software to access the complete functionality of Active Directory?
a. Windows 98
b. Windows NT 4
c. Windows Me
d. All of the above
8. Which of the following items is not included in a user profile?
a. Shortcuts and cookies for favorite locations on the Internet
b. Links to other computers on the network
c. Application data and user-defined configuration settings
d. Logon time restrictions
9. If the Password Must Meet Complexity Requirements policy is enabled, which of
the following passwords is not acceptable?
a. 111aaaBBB
b. !!@TRPP%%
c. aa2324!@
d. TTee@#P1
10. When you configure the Password Policy, why would you enable the option to
store passwords using reversible encryption?
a. So that if a user forgets her password it can be recovered
b. So that the user can find her password by providing a password clue if she
forgets it
c. So the administrator can view the password to ensure that it meets
complexity requirements
d. So that other applications can access the password information
Managing and Maintaining a Microsoft Windows Server 2003 Environment
35

11. A user calls you because he cannot log on to the system. After verifying his identity,
you determine that he recently returned from vacation and is unsure of his
password. You decide to reset the password. How do you do accomplish this?
a. In the Active Directory Users And Computers MMC snap-in, select the user
and then select Reset Password from the Action menu. Enter the existing
password, and then enter a new password. Retype the new password in the
Confirm Password box, and click OK.
b. In the Active Directory Users And Computers MMC snap-in, select the user
and then select Reset Password from the Action menu. Enter the new
password, retype the new password in the Confirm Password box, and click
OK.
c. In the Active Directory Users And Computers MMC snap-in, select the user.
On the Account properties page for the user, click Change Password and then
enter a new password. Retype the password in the Confirm password box,
and click OK.
d. On the General properties page for the user, click Change Password and then
enter a new password for the user. Retype the password in the Confirm password
box, and click OK.
12. Explain the purpose of the Apply Static Routes check box in the Dial-In
Properties page of a user account.
13. You have set the Account Lockout Duration setting of the Account Lockout
Policy to 0. What does this mean?
a. The account lockout threshold will become ineffective because accounts that
are locked by exceeding the account lockout threshold will immediately
unlock.
b. An account that has exceeded the account lockout threshold cannot be
unlocked until the administrator resets the password for the user.
c. The Enforce Password History setting will automatically record all of the
incorrect passwords that are being tried.
d. An account that has exceeded the account lockout threshold must be manually
unlocked.
14. You are attempting to use the Csvde.exe tool to import a new set of user accounts
to the directory. You confirm that the import file is formatted correctly, and then
you issue the command csvde -f newusers -k. When you check in Active
Directory, none of the new user accounts appears. What is the most probable
cause of the problem?
a. The -k switch tells Csvde.exe that it should create the users only at the next
database synchronization.
b. The default mode for Csvde.exe is export; if you want to import objects, you
must use the -i switch.
c. The Csvde.exe command can be used only to import group and computer
accounts, not user accounts.
d. The correct switch for specifying the filename for a Csvde.exe command is
-fn, not -f.
36 Managing and Maintaining a Microsoft Windows Server 2003 Environment

15. What information is transferred from a user’s Account tab when you copy the
user’s account?
a. Everything except the Logon Hours
b. Everything except the Group Memberships
c. Everything except the User Logon Name and User Logon Name
(Pre–Windows 2000)
d. Everything except the Street Address
16. Describe the elements of a domain user account, and explain what happens when
a user logs on to the system with a user account.
17. You have configured Logon Hours restrictions for a specific user. The user is not
a member of any group policy objects. If the user is already logged on when
the allowed logon time ends, what happens?
a. The user is forcibly disconnected.
b. The user is granted a 15-minute grace period.
c. The user is given a 5-minute warning and then is forcibly disconnected.
d. The user can continue working.
18. What does setting an account lockout threshold of 0 achieve?
a. Any account that was locked out by the account lockout threshold remains
locked indefinitely.
b. Any account that was locked by the account lockout threshold is unlocked
immediately.
c. Any account that has exceeded the account lockout threshold needs the
administrator to manually unlock it.
d. Any account that has exceeded the account lockout threshold is not
locked out.
19. Describe two ways to disable an existing domain user account in Active Directory
Users And Computers.
20. You are looking at ways to automate the creation of user accounts. You do not
have a large turnover of staff in your organization, so you decide to use templates
as a shortcut to user creation. Which of the following statements about the use of
template user accounts is true?
a. All new users created with the template have the same initial password.
b. All new users created with the template have the same group memberships.
c. All new users created with the template have the same file permissions as the
template user.
d. All new users created with the template have the same street address.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
37

21. After numerous support calls from a user who is creating problems by making
changes to his Windows settings, you get management approval to configure the
user with a profile that will not allow him to save any changes. How do you go
about doing this?
a. Open the Advanced page from the System Properties dialog box on the system
that holds the profile, select the relevant profile, and click Set As Mandatory.
b. Locate the profile folder for the user and rename the Ntuser.man file to
Ntuser.dat.
c. Configure the permissions to the folder holding the profile to read-only.
d. Locate the profile folder for the user, and rename the Ntuser.dat file to
Ntuser.man.
22. You have recently been employed as the network administrator for a commercial
real estate company. The company is relatively small and has a highly mobile
workforce. The company has two Windows Server 2003 systems and one
Windows 2000 system. Active Directory is configured at a Windows 2000 mixed
domain functional level.
Many of the sales representatives spend a great deal of time on the road and use
the dial-in features of Windows Server 2003. The others are based primarily in the
office and rarely work remotely. Late one evening, a user who normally works
from the office pages you to report that he can’t gain access to the system over his
dial-up link. He is calling from a hotel, where he is staying while at a conference.
He explains that he connected the previous night from home without any problems,
but this is the first time he has tried to connect from anywhere other than his
home. Since you started working with the company, you have not made any
changes to the user’s account properties. Based on the information he has
provided, which of the following could be the problem?
a. The user has Verify Caller ID enabled, and his home phone number is
defined for that property.
b. The static routes for the user have been configured to only allow the user to
connect from his home phone number.
c. The Always Callback To property on the user’s Dial-In page has been
configured with the user’s home phone number.
d. The phone number that the user is calling from is not listed on the
Telephones properties page.
23. You are the system administrator for a company that manufactures electronics
equipment for the aerospace industry. The company has more than 150
employees, but only the administrative staff of 24 people has PCs. The other
employees are involved in production and manufacturing and do not require a
PC to perform their job. The client workstations are a mix of Windows 95,
Windows 98, and Windows 2000 Professional systems. You have a single
Windows Server 2003 system that provides file and print services and runs
DHCP, DNS, and WINS services. Each employee has a browser-based e-mail
account that is accessed via the company’s intranet.
Your manager has asked you to configure a single user account that will be used
to log on from three PCs in the company cafeteria so employees can access the
38 Managing and Maintaining a Microsoft Windows Server 2003 Environment

company intranet and their e-mail. Which of the following approaches are you
most likely to take?
a. In the Account page of the user’s properties, configure the Log On To
restrictions for the user by entering the IP address of the systems the user is
permitted to use. Assign the user a mandatory profile by renaming the user
account’s Ntuser.dat file to Ntuser.man and placing it on a server in the network.
Configure the user’s profile path so it points to the location of the profile.
b. In the Account page of the user’s properties, configure the Log On To
restrictions for the user by entering the MAC address of the systems the user
is permitted to use. Assign the user a mandatory profile by renaming the user
account’s Ntuser.man file to Ntuser.dat and placing it on a server in the
network. Configure the user’s profile path so it points to the location of the
profile.
c. In the Account page of the user’s properties, configure the Log On To
restrictions for the user by entering the NetBIOS machine name of the
systems the user is permitted to use. Assign the user a mandatory profile by
renaming the user account’s Ntuser.dat file to Ntuser.man and placing it
on a server in the network. Configure the user’s profile path so it points to
the location of the profile.
d. In the Account page of the user’s properties, configure the Log On To
restrictions for the user by entering the NetBIOS machine name of the
systems the user is permitted to use. Assign the user a mandatory profile by
renaming the user account’s Ntuser.pfl file to Ntuser.man and placing it
on a server in the network. Configure the user’s profile path so it points to
the location of the profile.
24. You are the network administrator for a media company with 27 employees. You
have recently implemented a new Windows Server 2003 system. Your manager is
concerned about the security of your network. She has asked you to configure an
Account Lockout Policy to provide additional security. She wants you to make
sure that if a user tries to log on with the wrong password more than four
times, that user’s account is disabled. She also wants to make sure that the user
must call you when the account is locked so you can determine what the problem
is before the user can attempt to gain access to the system again. Which of the
following statements describes the Account Lockout Policy settings you would
choose?
a. Set the Account Lockout Duration policy to 4, the Account Lockout Threshold
policy to 0, and the Reset Account Lockout Counter After policy to 60.
b. Set the Account Lockout Duration policy to 0, the Enforce Password History
policy to 0, and the Reset Account Lockout Counter After policy to 60.
c. Set the Enforce Password History policy to 4, the Account Lockout
Threshold policy to 0, and the Reset Account Lockout Counter After policy
to 30.
d. Set the Account Lockout Duration policy to 0, the Account Lockout Threshold
policy to 4, and the Reset Account Lockout Counter After policy to 30.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
39

25. You are the administrator for a law firm with more than 400 employees. The
firm has a single office in New York. The network comprises three Windows
Server 2003 systems and two Windows 2000 Server systems. Active Directory is
configured at a mixed mode functional level. The servers provide DHCP, DNS,
ICS, and file and print services. All workstation PCs are running Windows
2000 Professional. Employees almost always use the same PC, so you are using
local profiles.
Your manager has asked you to create a user account for a student who will work
at the firm during the summer. The student will spend a few days in each
department to gain a wide range of experience in the firm. Your manager asks you
to create a user account for the student but to restrict the account as much as
possible so technical staff don’t have to spend time troubleshooting account
problems. You inform the manager that among other restrictions, you will
create a mandatory roaming profile for the user. He is unfamiliar with how
profiles work and asks you to describe how to configure such a profile. Describe
the process of configuring a mandatory roaming profile for a user account.
26. You are the network administrator for a large computer manufacturer in Portland,
Oregon. Another computer manufacturer has recently acquired the company,
and you are in the process of transitioning your IT infrastructure, including
Active Directory, to the naming standards and schemes used by the takeover
company. Your Active Directory structure uses domains with names based on
geographical locations, so no reconfiguration of domain names is necessary.
However, the domain name used for e-mail and the corporate Web page has
changed. You have been asked to reconfigure all of the user accounts with the
new e-mail address and Web page information. In total, you have to reconfigure
325 users in three organizational units. Which of the following is the easiest way
to do this?
a. Select multiple user objects at once, and then edit the user’s properties and
enter the new e-mail and Web page information.
b. Use Csvde.exe, and specify new values for the Web Page and E-Mail
Address fields.
c. Use the Dsmod.exe command, and specify new values for the Web Page and
E-Mail Address fields.
d. Edit the Web Page and E-Mail Address values for the OU objects. Then
select Allow Inheritance Of Values From This Object on the OU.
27. You are the network administrator for a healthcare provider in Denver, Colorado.
The network comprises three Windows Server 2003 systems. You have recently
installed a new database application that requires a service account to be created. This
service account needs to impersonate a client to access computer resources on
behalf of other user accounts. Which of the following approaches do you take to
do this?
a. Create a new user account. Then, in the General properties tab for that user
account, select the Account Is Trusted For Delegation check box.
b. Create a new user account. Then, in the Account properties tab for that user,
select the Account Is Trusted For Delegation check box.
40 Managing and Maintaining a Microsoft Windows Server 2003 Environment

c. Create a new user account. Then, in the Advanced properties tab for that
user, select the Account Is Trusted For Delegation check box.
d. Use an existing user account. In the Account properties tab for that user, select
the Account Is Trusted for Delegation check box.
28. You have recently installed Microsoft Internet Information Services (IIS) on your
Windows Server 2003, Enterprise Edition server so that you can create an intranet
for your company. Anonymous access to the IIS server has been enabled. The
intranet is intended solely as a source of publicly available corporate information.
It will also contain a mirror of the company’s Internet Web site.
In addition to providing access to employees, you also want the public to be able
to access the intranet from two terminals in the reception area of the building. The
terminals will be configured with third-party software that will restrict access to
any application other than Microsoft Internet Explorer. Because employees in the
company already have user accounts for the network, you will not need to make
any changes to their configuration in order to allow access to the intranet. What
do you do with respect to user accounts to enable users in the reception area to
access the intranet?
a. Create one user account in Active Directory. Restrict logon through station
restrictions to the systems in the reception area.
b. Create two user accounts, one for each system in the reception area, in
Active Directory. Restrict logon through station restrictions to the systems
in the reception area.
c. Create two user accounts, one for each system in the reception area, in
Active Directory. Restrict logon through station restrictions to the systems
in the reception area. In the General Properties tab, grant the user accounts
the Use IIS right.
d. Nothing.
29. You are the network administrator for a footwear distributor in Georgia. After a
recent break-in, your manager is concerned that the criminals might have been
able to access the computer systems. She asks you to tighten up security of user
accounts and passwords. She asks you to propose settings for an Account Lockout
Policy. You propose the following values for the Account Lockout Policy:
Account Lockout Threshold = 3
Account Lockout Duration = 0
Reset Account Lockout Counter After = 15
Managing and Maintaining a Microsoft Windows Server 2003 Environment
41

What would the result of these policies be?


a. If a user enters the incorrect password more than three times, the account is
disabled. The account is automatically enabled after 15 minutes.
b. If a user enters the incorrect password more than three times, the account is
locked. The account is automatically unlocked after 15 minutes.
c. If a user enters the incorrect password more than three times, the account is
locked. The administrator must manually clear the lock on the account.
d. The account is never locked, regardless of how many attempts are made to
access the system using the incorrect password.
30. You are the network administrator for a soft-toy manufacturer in Wisconsin.
The network comprises three Windows Server 2003 systems operating at a
Windows 2000 mixed mode domain functional level. There are 135 users, each
of whom has a Windows XP Professional system.
The Sales department has been based solely in Green Bay, at the company
headquarters, but management has decided to split it into two teams, one of which
will telecommute. You are given the names of the users who will be part of the new
remote sales team, and you are asked to configure the user accounts with some
new information. Specifically, you must specify a new Manager and Department
name. You must also provide each user with dial-in capability to the system,
which they have never had. Which of the following approaches are you most likely
to take?
a. Configure the properties on multiple objects. Edit the Manager and Department
fields in the Organization Properties tab. Grant the dial-in permission on the
Dial-In tab, and configure the dial-in permissions on a per-user basis.
b. Configure the properties on multiple objects. Edit the Manager and Department
fields in the Organization Properties tab. Enable the Control Access Through
Remote Access Policy.
c. Open each user’s account individually. Edit the Manager and Department
fields in the Organization Properties tab. Grant the dial-in permission in the
Dial-In tab, and configure the dial-in permissions on a per-user basis.
d. Using Dsadd.exe, configure a script to modify the parameters for the dial-in
permission and the Manager and Department fields.
31. You are the network administrator for a pottery distributor in Utah. You are in the
process of upgrading the corporate network from another operating system to
Windows Server 2003. You ask a junior administrator to design an effective
Password Policy. He offers the following suggestion:
Enforce Password History = 10
Maximum Password Age = 30
Minimum Password Age = 15
Minimum Password Length = 6
Password Must Meet Complexity Requirements = Yes
What would the result of this policy be?
42 Managing and Maintaining a Microsoft Windows Server 2003 Environment

a. The user can use a password of 33$#54 but must change it every 30 days.
She cannot change it any sooner than 15 days. She cannot reuse the same
password until she has changed her password 10 times.
b. The user can use a password of 23%&678 but must change it every 30 days.
She cannot change her password any sooner than 15 days. She cannot reuse
the same password until she has changed her password 10 times.
c. The user can use a password of $$r763 but must change it every 30 days. She
cannot change it any sooner than 15 days. She cannot reuse the same password
until she has changed her password 10 times.
d. The user can use a password of $P%#TR but must change it every 15 days.
She cannot change it any sooner than 30 days. She cannot reuse the same
password until she has changed her password 10 times.
32. A new user has just joined the Sales department. His job is to prepare monthly sales
figures, which up to this point has been the sole responsibility of the department
manager. To simplify account creation for the new user, you copy the manager’s
user account. The user can log on and access most of the resources that are
available to the Sales department, but there are a number of files and directories
that the manager has access to that the new user can’t see. What is the likely
cause of this problem? How do you resolve the issue?
CHAPTER 7
WORKING WITH GROUPS
1. Which of the following is not a domain functional level supported by Windows
Server 2003?
a. Windows 2000 mixed
b. Windows Server 2003 interim
c. Windows Server 2003 mixed
d. Windows Server 2003
2. Which of the following is not a built-in Active Directory group?
a. Backup Operators
b. Power Users
c. Account Operators
d. Network Configuration Operators
3. What happens to the local Administrators group when a computer is added to
the domain?
a. The Domain Admins global group is added to the local Administrators group.
b. The local Administrators group is added to the Domain Admins global group.
c. The Domain Admins global group is added to the Computers local group.
d. The Domain Admins global group is added to the Power Users group.
4. Where do you change the group scope?
a. In the Scopes properties tab of the group in Active Directory Users and
Computers
b. In the General properties tab of the group in Active Directory Users and
Computers
c. In the Members properties tab of the group in Active Directory Users and
Computers
d. In the Type properties tab of the group in Active Directory Users and
Computers
44 Managing and Maintaining a Microsoft Windows Server 2003 Environment

5. Which of the following statements is not true of universal groups?


a. Universal groups can be granted access permissions for resources in any
domain in the forest, and in domains in other trusted forests.
b. Universal groups are available only in the Windows 2000 native and
Windows Server 2003 functional levels.
c. Universal groups can be converted to domain local groups or to global groups,
as long as they do not have other universal groups as members.
d. Universal groups can be granted access permissions only for resources in the
domain in the forest in which they are created.
6. Which of the following Active Directory built-in groups does not have the right to
back up files and directories?
a. Account Operators
b. Server Operators
c. Administrators
d. Backup Operators
7. Which of the following statements is true of global groups?
a. Global groups can include only users from within their domain.
b. Global groups can include users from any domain in the tree.
c. Global groups can include users from any domain in the forest.
d. Global groups can include users from any domain in Active Directory.
8. Which of the following tools do you use to raise the domain functional level of
Active Directory?
a. Active Directory Sites and Services
b. Active Directory Users and Computers
c. Active Directory Domains and Trusts
d. Security Configuration and Analysis
9. You have installed a new Windows Server 2003 system on your test network.
After completing the installation, you run the Manage Your Server Wizard and
configure the system as a domain controller. There are no other servers on the
network. What will the domain functional level of the system be?
a. Windows 2000 mixed
b. Windows 2000 native
c. Windows Server 2003 interim
d. Windows Server 2003 single server
10. Describe the function of a security group.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
45

11. A user who is connected to the system via a Remote Desktop connection
automatically becomes a member of what special identity?
a. Remote Users
b. Interactive
c. Dialup
d. Anonymous Logon
12. You are creating a script to streamline the process of adding new groups to Active
Directory. You add the following command to the file:
dsadd group "CN=Sales,CN=Users,DC=contoso,DC=com"
–member "CN=Administrator,CN=Users,DC=contoso,DC=com"
-scope g
What is the result of this command?
a. The command produces an error.
b. A universal group called sales.users.constoso.com is created, with the user
Administrator as a member.
c. A global group called sales.users.contoso.com is created, with the user
Administrator as a member.
d. The user administrator is removed from the sales.users.contoso.com group,
and the scope is changed to global.
13. Describe when and where the Enterprise Admins group is created. Also explain the
powers that are assigned to the Enterprise Admins group, and describe the default
group memberships for the Enterprise Admins group.
14. Under what circumstances can you convert a global group to a universal group?
a. Only when the global group contains users from only one domain.
b. Only when the global group is not a member of another global group.
c. There are no restrictions on converting a global group to a universal group.
d. You cannot convert a global group to a universal group under any
circumstances.
15. The technical support department has a new member who needs rights to perform
system functions and Active Directory administration tasks such as creating new user
accounts, shutting down and restarting the server, backing up files and directories, and
loading and unloading device drivers. You want to make the user a member of only
one group, but you also want to avoid assigning more rights than necessary. Which of
the following groups should you make the new hire a member of?
a. Administrators
b. Server Operators
c. Backup Operators
d. Domain Admins
46 Managing and Maintaining a Microsoft Windows Server 2003 Environment

16. You have a laser printer in the Sales department. The Sales group is assigned
permissions to print to that printer. The members of the Sales department are all
members of the Sales group. No other users or groups are assigned permissions to
the printer. What happens if you delete the Sales group?
a. The Sales group is removed from the ACL for the printer, but members of
the Sales group can still print to the printer.
b. The Sales group is removed from the ACL for the printer, but the individual
user accounts that were members of the Sales group are added to the ACL of
the printer, thereby allowing them to print.
c. The Sales group is removed from the ACL for the printer, and members of
the Sales department can no longer print.
d. Any user account that is a member of the Sales group is deleted.
17. Describe the purpose and function of a distribution group.
18. True or False: On a domain controller, members of the Power Users group can
create user and group accounts and modify the users and groups they have
created.
19. To redistribute some of the administrative burden on your network, your manager
suggests having a member of the customer help desk act as your assistant. To
allow this person to perform account management tasks, you make him a member
of the Account Operators built-in Active Directory group. Which of the following
tasks will the user be allowed to perform?
a. Adding user accounts to the Administrators group
b. Changing the password for the Administrator account
c. Adding user accounts to the Domain Admins group
d. Creating new user accounts
20. You want to implement group policy on your network to provide control over
user accounts on the network. Which of the following entities cannot be assigned
group policy?
a. Organizational units
b. Domains
c. Groups
d. Sites
21. When you join a computer to the domain, what happens to the membership of the
local Guests group?
a. The Domain Guests predefined global group is added to the local Guests
group.
b. The special identity Guests is added to the local Guests group.
c. Any user accounts defined as members of the local Guests group are added
to the Domain Guests group.
d. The local Guests group is deleted.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
47

22. You are the network administrator for a clothing manufacturer in Boise, Idaho.
The network comprises three domains. Each domain is assigned to a specific
division in the company. You have six Windows Server 2003 systems running
Standard Edition. Active Directory is running at a Windows Server 2003 domain
functional level. You have a group of auditors who move from department to
department in the course of their work. Because they move around, they need
access to the nearest printer at any given time. Which of the following do you do
to accommodate this?
a. Create a global group, place the user accounts for the auditors in that group,
and then assign the global group permissions to all of the printers in each of
the domains.
b. Create a universal group, place the user accounts for the auditors in that group,
and then assign the universal group permissions to all of the printers in each
of the domains.
c. Create a universal group, place the user accounts for the auditors in that group,
and then place the universal group into the local printer users group on the
domain controllers that host a printer.
d. Create a universal group, and place the user accounts for the auditors in that
group. Create a global group, and place the auditors universal group into that
global group. Finally, assign the global group permissions to the printers in
each domain.
23. You are the network administrator for a real estate agency in Washington, D.C.
The network comprises three Windows Server 2003 systems and 120 client systems
running Windows XP Professional. You have two domains, one representing each
of the two divisions of the company (residential and commercial). You receive a
request to create a group called Marketing that will be assigned resource access to
resources in both domains. However, when you go to create a new security group,
in the Group Scope option the Universal option button is grayed out. Which of the
following is the most likely cause of the problem?
a. You are running at a Windows 2000 mixed domain functional level.
b. You are running at a Windows 2000 native domain functional level.
c. You are running at a Windows Server 2003 domain functional level.
d. You have more than one domain.
48 Managing and Maintaining a Microsoft Windows Server 2003 Environment

24. You are the network administrator for a company that sells computer books. The
network comprises six Windows Server 2003 systems, three of which are domain
controllers. The other servers are member servers. Active Directory is operating at
a Windows Server 2003 functional level. One of the domain controllers hosts a
database application, and you need to provide users in the Sales department with
access to a folder on that server that contains the data files for the database.
Which of the following is the best approach to take?
a. Assign each user in the Sales department access to the folder individually.
b. Create a global group called Database, and give that group the necessary
permissions to the folder containing the data file. Create a domain local
group called SalesData, and add the appropriate members of the Sales
department to the SalesData domain local group. Add the SalesData domain
local group to the Database global group.
c. Create a domain local group called Database, and give that group the necessary
permissions to the folder containing the data file. Create a global group
called SalesData, and add the appropriate members of the Sales department
to the SalesData global group. Add the SalesData global group to the Database
domain local group.
d. Create a local group called Database on the domain controller. Create a global
group called SalesData, and add the appropriate members of the Sales
department to the SalesData global group. Add the SalesData global group
to the local group.
25. You are the network administrator for a tire wholesaler with seven offices across
the continental United States. Each site has a single Windows Server 2003 server
operating at a Windows Server 2003 domain functional level. Each site is linked
to the head office in Buffalo, New York, by a PRI-ISDN line. Each site has its
own domain. The WAN links are used by a number of applications, including a
sales order-processing system. The company is experiencing huge growth, and
over the next three months the number of staff members is set to increase from
160 to 310.
You are in the process of reorganizing the group structure on the network. Many
of the users require access to data and applications in more than one site, and up
to this point many of the assignments have been made with a user account rather
than a group. One of your fellow administrators suggests creating a number of
universal groups and adding the users to the universal groups. Permissions to
resources can then be granted via the universal groups. What issues, if any, do you
see with this solution?
a. None. The suggestion is practical and valid.
b. Universal groups are not available on a Windows Server 2003 domain
functional level.
c. It might create additional traffic on the already heavily used WAN links.
d. You can place global or domain local groups only in a universal group, not
user accounts.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
49

26. If you are using a Windows 2000 native domain functional level, which of the
following Active Directory objects can be a member of a domain local group?
a. User and computer accounts from the same domain
b. User and computer accounts and other global groups from the same domain
c. User and computer accounts, universal groups, and global groups from any
domain; other domain local groups from the same domain
d. User and computer accounts and global groups from any domain
27. You are the network administrator for a music publishing company in Los Angeles.
The network comprises four Windows Server 2003 systems, two of which are
domain controllers. The network is operating at a Windows Server 2003 domain
functional level. You have a number of distribution groups in Active Directory
that were created for contacts in an external public relations (PR) firm. However,
the PR firm has been bought out by the firm you work for, and the entire PR operation
has been moved in-house. A new department has been created for the PR
function. Users in the new PR department need access to resources such as folders
and printers. Which of the following do you do to provide them access?
a. Create user accounts to match the users listed in the distribution group, and
then convert the distribution group to a global group. Assign the new global
group to domain local groups as needed to provide access.
b. Convert the distribution group to a global group. Assign the new PR global
group to the appropriate domain local group.
c. Create new user accounts for users from the PR department. Add the users to
domain local groups as needed to provide access.
d. Create new user accounts for users from the PR department. Create a global
group, and add the users to that group. Add the global group to domain local
groups as needed to provide access.
28. On a network operating at a Windows 2000 mixed domain functional level, which
of the following are limitations on converting groups?
a. You cannot convert groups in Active Directory operating at a Windows 2000
mixed domain functional level.
b. You can convert a domain local group to a universal group, but only when
the domain local group does not have other domain local groups as members.
c. You can convert from a global group to a universal group only when the
global group is not a member of another global group.
d. You can convert from a universal group to a global group only when the
universal group does not have other universal groups as members.
50 Managing and Maintaining a Microsoft Windows Server 2003 Environment

29. You have recently been hired as the network administrator for a trading card
manufacturing company in New York. The network comprises four Windows
Server 2003 systems, two of which are domain controllers. Active Directory is
configured at a Windows Server 2003 domain functional level. Twelve groups
have been created for each of the departments in the organization. You will soon
be implementing a new Active Directory–aware e-mail system, and your manager
wants to be able to send messages to all users in a department at one time. How do
you accommodate this?
a. Copy each of the departmental groups, and then convert the new group to a
distribution group.
b. Create a distribution group for each department, and manually duplicate the
membership of the security group for each department.
c. Convert the security group for each department to a distribution group.
d. Special group configuration is not necessary.
30. You are the network administrator for a data storage device manufacturer in
Yakima, Washington. The network comprises three domains. Each domain is
assigned to a specific department in the company (Development, Sales,
Administration). You have three Windows Server 2003 systems running Standard
Edition. Active Directory is running at a Windows Server 2003 domain functional
level.
You have recently acquired a new plotter, which is to be used by the 14
electronics designers, all of whom are in the Development department and are
members of the Development global group. The manager informs you that he is
expecting to recruit two more designers in the near future. Which of the following
do you do to provide the electronics designers with access to the new plotter?
a. Create a domain local group called Plotter, create a global group called Plotter
Users, and make the Development global group a member of the Plotter
Users group.
b. Create a domain local group called Plotter. Place the Development global
group into the Plotter group.
c. Create a domain local group called Plotter. Place the user accounts for the
users in the Development department into that group.
d. Assign the users from the Development department access to the plotter by
assigning permissions to their user accounts.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
51

31. You are the network administrator for an insurance company with its head office
in San Francisco. The company has four other offices—in Detroit, New York,
Vancouver, and Dallas. The network comprises six Windows Server 2003
systems, two in San Francisco and one at each of the other sites. Active Directory is
operating at a Windows 2000 mixed domain functional level.
The company has a sales order-processing system with a local database in
each location. The local databases are synchronized hourly with the central
database in San Francisco. Users at every site have been experiencing problems with
the database, so your manager has contracted two SQL database administrators
(DBAs) for three months to determine the problem and make recommendations
for optimizing the database. These DBAs, who will be based in San Francisco, need
direct access to the database folders in each location. Which of the following do you
do to achieve this?
a. Create a global group called DBA in the San Francisco domain. Create a
domain local group in each of the other domains, and grant permissions to
the folders containing the database data files to the respective domain local
group. Assign the DBA global group to the domain local groups.
b. Create a universal group called SQL, and assign it to the folders containing
the database data files. Create a global group in each domain called
DBAs, and add the user accounts for the DBAs to the DBA group. Add
the DBA group to the SQL universal group.
c. Create a global group in each location, and assign the global group permissions
to folders containing the database data files. Add the DBAs from San
Francisco to the global group in each location.
d. Create a universal group called SQLDBA, and assign it permissions to the
folders containing the database data files. Make the DBAs’ user accounts
members of the universal group.
32. On a system running Active Directory at a Windows 2000 mixed domain functional
level, what objects can be a member of a universal group?
a. User and computer accounts, universal groups, and global groups from any
domain; other domain local groups from the same domain.
b. User and computer accounts, other universal groups, and global groups from
any domain.
c. User and computer accounts and other global groups from the same domain.
d. None. Universal groups are not supported at the Windows 2000 mixed domain
functional level.
33. List at least three ways in which group management on Active Directory running
at a Windows 2000 mixed domain functional level differs from Active Directory
running at a Windows Server 2003 domain functional level.
52 Managing and Maintaining a Microsoft Windows Server 2003 Environment

34. You are the network administrator for a frozen foods wholesaler. The network
comprises 3 Windows 2000 Server systems and 165 workstations that run Windows
XP Professional or Windows 2000 Professional. You are planning to install a new
Windows Server 2003 system and want to configure the domain functional level
for the highest level supported by both servers. You also want to use universal
security and distribution groups, and group nesting. What domain functional level
do you use after you have installed the Windows Server 2003 system?
a. Windows 2000 native
b. Windows Server 2003
c. Windows Server 2003 interim
d. Windows 2000 mixed
CHAPTER 8
WORKING WITH
COMPUTER ACCOUNTS
1. When creating a new computer account, under what circumstances would you
select the Assign This Computer Account As A Pre–Windows 2000 Computer
check box?
a. The system you are creating an account for is running Windows Me.
b. The system you are creating an account for is running Windows NT 4.
c. The system you are creating an account for is running Windows 98.
d. All of the above.
2. If the name of a computer is salesadminsouth07, what is the default pre–
Windows 2000 computer name for the system?
a. salesadminsouth07
b. salesadminso
c. salesadminsouth
d. w2ksalesadminsouth07
3. On a Windows Server 2003 system, where do you go to join the computer to a
domain?
a. Control Panel, System, Computer Name
b. Control Panel, System, Network Identification
c. Control Panel, System, Advanced
d. Control Panel, System, General
4. What is the function of the Redircmp.exe command?
a. It allows you to move computers from one OU to another.
b. It allows you to map more than one computer name to the same computer object.
c. It allows you to specify a different default location for new computer accounts.
d. It allows you to copy computer account objects.
5. In Active Directory Users And Computers, in which tab of the Properties dialog box
for the computer account do you view the service pack version installed on the
corresponding system?
54 Managing and Maintaining a Microsoft Windows Server 2003 Environment

a. Service Pack
b. Operating System
c. General
d. Version
6. Which of the following utilities do you use to remove a computer account from
Active Directory?
a. Cmprem
b. Dsmod
c. Dsrm
d. Redircmp
7. During user logon on a Windows 2000 Professional system, which of the following
is responsible for checking to see if the computer has a corresponding account in
Active Directory?
a. Dsmod
b. Netlogon
c. Dsrm
d. Redircmp
8. By default, the Add Workstations To Domain right is assigned to the Authenticated
Users special identity, thereby allowing an authenticated user to create up to how
many computer accounts in Active Directory?
a. 1
b. 2
c. 10
d. 127
9. True or False: The person nominated in the Name field of the Managed By tab of
the computer accounts properties must exist in Active Directory.
10. If you are joining a computer to the domain and a computer account has already
been created for that computer, which of the following rules must you obey?
a. The name in the Computer Name field must be different from the name of
the already created computer account.
b. You should not enter a value into the Computer Name field because the system
will detect the correct computer name automatically.
c. The name in the Computer Name field must be identical to the already created
computer account.
d. The name in the Computer Name field must be identical to the already created
computer account, but it must be surrounded by < > symbols.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
55

11. When you use the Netdom command to create computer accounts, what happens if
you don’t use the /OU switch?
a. The command returns an error.
b. The computer account is created in the Computers container.
c. The computer account is created in the same context as the user ID of the
person running the command.
d. The computer account is created in the Users container.
12. If you reinstall the operating system on a computer that is a member of the
domain, what steps, if any, must you take for that computer to reuse the existing
computer account?
a. You cannot reuse a computer account. You must create a new computer
account.
b. You must reconfigure the SID of the computer account to match the SID
generated by the new operating system installation.
c. You must reset the computer account.
d. None. Active Directory automatically recognizes the system.
13. You have a user who is going on maternity leave for a month. Her work has been
reassigned to other people, and no one will be using her PC while she is away. You
want to make the network as secure as possible. What should you do to the
computer account object for her PC?
a. Disable it.
b. Reset it.
c. Delete it.
d. Suspend it.
14. When you use the Dsmod utility, you include the -p switch in the command line.
What value do you specify for this switch?
a. None. The -p switch indicates that the computer account is subject to group
policy and has no values associated with it.
b. The password that the computer account will use in Active Directory.
c. The password for the user who will use the computer.
d. The password for the user account that has privileges to modify the computer
account.
15. Which of the following commands do you use to make the default location of newly
created computer objects be the OU workstations.contoso.com?
a. redircmp -d:ou=workstations,DC=contoso,dc=com
b. rediscmp ou=workstations,DC=contoso,dc=com
c. redircmp ou=workstations,DC=contoso,dc=com
d. redircmp -def:ou=workstations,DC=contoso,dc=com
56 Managing and Maintaining a Microsoft Windows Server 2003 Environment

16. Why is it necessary to reset a computer account after you reinstall an operating
system on the client computer?
a. The information in the Operating System tab of the computer account object
must be manually refreshed.
b. The serial number of the operating system installation will have changed.
c. The new computer will have a different SID than the old one.
d. Resetting the computer account updates the client computer with a list of the
users permitted to log on from that system.
17. Which of the following commands creates a computer account for
computer1.sales
.contoso.com?
a. dsadd computer CN=computer1,CN=sales,DC=contoso,DC=com
b. dsadd comp CN=computer1,CN=sales,DC=contoso,DC=com
c. dsmod computer CN=computer1,CN=sales,DC=contoso,DC=com
d. dsrm computer CN=computer1,CN=sales,DC=contoso,DC=com
18. When you create an account for a computer that is not a domain controller, what
default group memberships are assigned to it?
a. Computers group
b. Domain Controllers group
c. Domain Computers group
d. Windows Authorization Access group
19. Why is it preferable to place client computer account objects in an OU rather than
the system-created Computers container?
a. The Computers container can hold a maximum of only 100 objects.
b. The Computers container should be used only for computer accounts that are
related to servers.
c. The Computers container is designed to hold computer accounts only for
domain controllers.
d. So group policy settings can be applied to the computer accounts in one step.
20. Describe the process by which the existence of a corresponding computer account
is verified during user logon.
21. When you create a computer account in Active Directory Users And Computers,
what do you enter in the User Or Group field of the New Object – Computer Wizard?
a. The name of the user or group that will use the computer corresponding to
the computer account.
b. The name of a user or group with permissions to join the computer to the domain.
c. The name of a user or group with permissions to create a computer object.
d. The name of the user or group that will be responsible for managing the
corresponding computer system.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
57

22. True or False: When you use Dsadd to create a computer account, the DN must be
surrounded by quotation marks in order for the account to be created successfully.
23. In a default configuration, members of the Account Operators group have
permissions to create computer objects in which of the following locations?
a. The Computers container and any new OUs you create
b. The Computers container and the OU in which the user account that is a
member of the Account Operators group resides
c. The Computers container
d. Any container or OU in the domain
24. Which of the following commands disables the computer account for the object
computer1.sales.contoso.com?
a. dsmod CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes
b. dsadd computer CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes
c. dsmod computer CN=computer1,CN=sales,DC=contoso,DC=com -disabled
yes
d. dsrm computer CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes
25. You are the network administrator for a small property management company in
Boise, Idaho. The network comprises a single Windows Server 2003 system and
23 Windows XP Professional systems. Active Directory is running at the
Windows Server 2003 domain functional level. Earlier this month, you were
asked to disable the computer account for a user who was taking a month of leave
to care for a sick family member. The user account for the person was not
disabled because the user planned to dial in to the network from home while on
leave. Now there is talk of the user returning from leave early. If he does return
early and goes to use his PC before you have reenabled the computer account,
what will happen?
a. He has logged on to the domain from that system before, so he will be able to
log on to the local system but will not be able to access domain resources.
b. He has logged on to the domain from that system before, so he will be able to
log on and use the domain resources.
c. When he logs on, the computer account will be automatically enabled because
his username and password are valid.
d. He will not be able to log on to that system, even though he has logged on to
the domain from that system before.
26. You are the network administrator for a call center in Houston, Texas. You are
designing a network upgrade from a non-Windows operating system to Windows
Server 2003. The plan is to have four Windows Server 2003 systems running
Active Directory at the Windows Server 2003 domain functional level. As part of
the design, you want to create a single container to hold all of the computer account
objects. Explain how you would reconfigure the default location for the creation
of new computer accounts to the newly created OU, and explain why you would
perform such a reconfiguration.
58 Managing and Maintaining a Microsoft Windows Server 2003 Environment

27. You are the network administrator for a large insurance brokerage in Wichita,
Kansas. The network comprises four Windows Server 2003 systems, two of
which are configured as domain controllers. The other two servers provide file
and print services, and they host the company’s document management and
customer database applications. Active Directory is configured at the Windows
Server 2003 domain functional level.
You have just made a new leasing agreement with your hardware supplier, and as
a result you are in the process of upgrading the company’s 450 client computers.
The existing systems are all running Windows 2000 Professional, but the new
systems will be running Windows XP Professional. Which of the following do
you do to allow the new Windows XP Professional systems to join the domain?
a. When replacing each system, give the new computer the same name as the
one that was removed. Reset the computer account in Active Directory.
b. Create a new computer account for each of the new systems.
c. When replacing each system, give the computer the same name as the one that
was removed. Disable and reenable the computer in Active Directory.
d. In Active Directory Users And Computers, locate the computer accounts for
the existing systems, select the Operating System tab of the properties for the
computer object, and type Windows XP Professional in the Version field.
28. You are the network administrator for an electrical goods distributor in Chicago.
The network comprises three Windows Server 2003 systems, two of which are
domain controllers. The other is a member server that hosts the sales order-
processing database. Active Directory is configured at the Windows Server 2003
domain functional level.
The company has experienced a phenomenal surge in growth that has resulted in
the hiring of 24 new employees, bringing the total staff to 114. Your manager has
realized that managing all these users, who all work on Windows XP Professional
systems, is too much for a single administrator, so he has hired a junior
administrator to help with some of the more mundane network management
tasks. One day, a request arrives to disable a computer account for a salesperson
who is taking a leave of absence. Company policy dictates that while the
salesperson is away, both her computer and user account must be disabled.
Disabling of computer accounts is not a frequently performed task, but you ask
the junior administrator to do it. Unfortunately, he accidentally resets the
computer account instead of disabling it. What action, if any, is required before the
user can log on again from that computer?
a. The account must be disabled and reenabled.
b. The operating system must be reinstalled on the computer.
c. The account must be reset again while a user with administrative rights is
logged on.
d. No action is required.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
59

29. You are the network administrator for a large kitchenware distributor in
Sandusky, Ohio. The network comprises three Windows Server 2003 systems,
two of which are configured as domain controllers. The third server is configured
as a member server and hosts the corporate sales order-processing system. Active
Directory is configured at the Windows 2000 mixed domain functional level.
You are in the process of upgrading the company’s 125 client computers from
Windows 98 to Windows XP Professional. Most users will continue to use the same
PC hardware, but the operating system will be upgraded. The exception is the
Sales department, which will receive brand-new computers running Windows XP
Professional. Their existing Windows 98 systems will be donated to a local school
and will not be reused within the company. Which of the following do you do to
allow the new Windows XP Professional systems to join the domain?
a. Create a new account in Active Directory for each new Windows XP
Professional system.
b. Nothing. If the new systems have the same name as the old ones, they will
automatically reuse the same computer account.
c. Delete the computer accounts for the existing computer objects, and then
create a new computer account for each of the new Windows XP
Professional systems using the same system name used for the old systems.
d. In Active Directory Users And Computers, locate the computer accounts for
the existing systems, go to the Operating System tab of the properties for the
computer object, and type Windows XP Professional in the Version field.
30. You are the network administrator for a telecommunications company in Mobile,
Alabama. The network comprises three Windows Server 2003 systems, all of
which are configured as domain controllers. The company employs 134 people,
and all of them have a Windows XP Professional system.
One morning, you get a call from a user who has received the following error
message:
Windows cannot connect to the domain, either because the
domain controller is down or otherwise unavailable, or
because your computer account was not found. Please try
again later. If this message continues to appear, contact
your system administrator for assistance.
The user logged on to the system without any problem the
previous day, and you have received no other reports of
users experiencing problems. You reset the computer account in
Active Directory Users And Computers, but the user still cannot connect to log
on to the domain. Which of the following do you try next?
a. Disable and reenable the computer account.
b. Disable and reenable the user account.
c. Change the computer system’s membership to a workgroup, and then rejoin
it to the domain.
d. Delete the existing computer account, and re-create a new computer account
with the same name.
60 Managing and Maintaining a Microsoft Windows Server 2003 Environment

31. You are the network administrator for a large public relations agency in Detroit.
The company has four divisions, each of which is responsible for specific geographical
regions internationally. The company operates on four floors of an office building,
with each floor occupied by a department. The network comprises four Windows
Server 2003 systems, one on each floor, and all of them are configured as domain
controllers. Active Directory is operating at the Windows 2000 mixed domain
functional level. All of the domain controllers are in the system-created Domain
Controllers OU, but each department uses one of the servers as a file and print
server, so your manager suggests that the domain controller for each department
be moved to the corresponding OU in Active Directory. What issues, if any, can
you see with her request?
a. None. The suggestion is easily implemented and requires no additional work
other than moving the computer accounts.
b. Domain controller computer accounts must reside in the system-created
Domain Controllers OU. They cannot be moved to another OU.
c. The domain controller computer accounts can be moved, but group policies
must be implemented on the new OU to provide the same configurations that
the domain controllers have in the Domain Controllers OU.
d. The domain functional level must be raised to Windows Server 2003 before
the domain controllers can be moved.
32. You are the network administrator for a small specialty auto parts manufacturer.
The network comprises two Windows Server 2003 systems, both of which are
configured as domain controllers. Active Directory is operating at the Windows
2000 mixed domain functional level. The company has recently created a new
Research and Development department, and 25 new Windows XP Professional
systems are being installed in that department. The users in the department will join
the domain when they first use their PCs. Rather than have the computer
accounts for the department created in the Computers container, you would like to
have the computer accounts in the R&D OU so that they can immediately be
subject to the group policy applied to that OU. Which of the following do you do
to achieve this?
a. Have users create the computer accounts during the domain joining process,
and then move them from the Computers container to the R&D OU.
b. Create the computer accounts in the R&D OU, and then have the users join
the computers to the domain.
c. Apply the same group policy that is applied to the R&D OU to the
Computers container.
d. Direct the users to specify the R&D OU for the computer account creation
when they join the computers to the domain.
33. You are the network administrator for a small graphic design house in Seattle,
Washington. The company also has a sales office in New York with five
employees. The network in Seattle comprises two Windows Server 2003
systems, both of which are domain controllers. Active Directory is configured at
the Windows 2000 mixed domain functional level. The New York office, which is
not yet connected to the Seattle office, is operating its network as a
workgroup with a single Windows 2000 Server system providing file and
Managing and Maintaining a Microsoft Windows Server 2003 Environment
61

print services. You have just implemented a VPN to create a WAN between the
two sites.
The plan is to eventually implement a domain controller in New York for local
authentication and disaster recovery purposes. However, the installation of
that system must wait until you can travel to New York. In the meantime, one
of the more technically capable users in New York has been asked to join the five
Windows XP Professional workstations and the Windows 2000 server to the
domain. The Windows Server 2003 system will become a member server.
The user is able to join all five of the Windows XP Professional systems to the
domain and create the related computer accounts, but he is unable to add the
Windows 2000 server system to the domain. Which of the following is the most
likely cause of the problem?
a. Users are allowed to create only five computer accounts in Active Directory.
b. The system is a Windows 2000 Server system and cannot be joined to
an Active Directory running at the Windows Server 2000 mixed domain
functional level.
c. Users can create computer accounts only for workstations, not server
systems.
d. Users can create computer accounts only in the Computers container, and a
computer account for a server cannot be created in the Computers container.
34. You are the network administrator for a corporate finance house in Dallas, Texas.
You are designing a network upgrade from a non-Windows operating system to
Windows Server 2003. The plan is to have seven Windows Server 2003 systems
running Active Directory at the Windows Server 2000 mixed domain functional
level. To streamline the process of creating computer accounts and joining them
to the domain, you want to create a batch file that can be run to create the
computer accounts en masse. You also want to create a batch file that can be sent
to users via e-mail, which will allow them to join their computer to the domain.
You assign the task of creating the batch file to a junior administrator. She
suggests that you use the Netdom utility for both tasks. What issues, if any, do
you see with this proposed solution?
a. None. The solution is appropriate and valid.
b. The Netdom utility can be used only to create computer accounts. It cannot
be used to join a computer to the domain.
c. The Netdom utility can be used only to join a computer to the domain. It
cannot be used to create computer accounts.
d. The Netdom utility can be used to create computer accounts, but you cannot
specify the location in which the computer accounts will be created.
62 Managing and Maintaining a Microsoft Windows Server 2003 Environment

35. You are the network administrator for an Internet-based craft supplies retailer.
The network comprises three Windows Server 2003 systems, both of which are
domain controllers. Active Directory is configured at the Windows 2000 mixed
domain functional level. You want to configure the network so that any new
computer accounts are created in the Workstations OU because you have
created a new group policy and linked it to that OU. Which of the following do
you do to make sure all new computer objects are created in that OU?
a. Use Redircmp and specify the Workstations OU as the new default location
for computer accounts.
b. Use Dsadd and specify the Workstations OU as the new default location for
computer accounts.
c. Use Netdom and specify the Workstations OU as the new default location for
computer accounts.
d. Manually create computer accounts in the Workstations OU before the
corresponding computer systems join the domain.
CHAPTER 9
SHARING FILE SYSTEM
RESOURCES
1. When you work with NTFS permissions, what does a gray-shaded check box for a
permission in the Security tab of a folder mean?
a. The permission cannot be assigned to a folder.
b. The permission is inherited.
c. The permission cannot be set because you have insufficient rights.
d. The permission is superseded by another permission.
2. By default, members of which Active Directory groups can assign ownership of
an NTFS file or folder to another user?
a. Administrators, Backup Operators
b. Administrators, Backup Operators, Server Operators
c. Administrators, Server Operators
d. Administrators, Backup Operators, Account Operators
3. Which of the following is considered a standard NTFS permission?
a. List Folder Contents
b. Read Extended Attributes
c. Create Folders/Append Data
d. List Folder/Read Data
4. On a workgroup or a standalone Windows Server 2003 computer, membership of
which of the following groups enables you to create a share?
a. Power Users
b. Share Creators
c. Account Operators
d. Server Operators
64 Managing and Maintaining a Microsoft Windows Server 2003 Environment

5. Which of the following is a reason to create shares using the Shared Folders
MMC snap-in rather than Windows Explorer?
a. You can assign permissions to the share at the same time that you create it.
b. You automatically become the creator/owner of the folder that is shared.
c. You can assign NTFS permissions as well as share permissions.
d. You can create a share on a remote computer.
6. What security principal is assigned as the owner of files and folders created by the
operating system?
a. The Administrator account
b. The Administrators group
c. The SYSVOL special identity
d. The SYSTEM special identity
7. True or False: The Write NTFS permission, when applied to a folder, gives the
user the right to modify the folder attributes.
8. Fill in the blanks: Every file and folder on an NTFS drive has an ____ containing
____ that define what security principals are assigned permissions to it.
a. ACE, FATs
b. ACT, ACEs
c. ACL, ACEs
d. ACE, ACLs
9. In a default installation, what path is associated with the Print$ share?
a. systemroot\System32\Spool\Drivers
b. systemroot\System\Spool\Drivers
c. systemroot\System32\Print\Drivers
d. systemroot\System32\Drivers
10. What are the default share permission assignments for a newly created share?
a. None
b. Everyone special identity, Read permission; Administrators group, Full
Control permission
c. Everyone special identity, Change permission; Administrators group, Full
Control permission
d. Everyone special identity, Full Control permission
11. While browsing the shares on your system, you notice that systemroot\SYSVOL
\sysvol\domainname\SCRIPTS is shared out as NETLOGON. What does this tell
you about the system you are working on?
a. The system has at least one shared printer.
b. The system is a Windows NT 4 system.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
65

c. The system is a member server.


d. The system is a domain controller.
12. Which of the following tasks can be performed with the Full Control share permission
but not the Change share permission?
a. Changing the name of the file
b. Changing file permissions
c. Changing the contents of the file
d. Deleting the file
13. If a group is assigned the Change share permission to a folder, and a user who is a
member of that group is assigned the Read share permission to that folder, what are
the effective permissions for that user to the folder?
a. Change
b. Read and Change
c. None
d. Full Control
14. You have created a folder called SALES and shared it out as SALESSHARE. The
Sales group is assigned the Full Control share permission and the Change NTFS
permission. The Sales department is being relocated from the sixth floor to the
third floor. To place the data for the Sales group as near to them as possible, you
are going to move the SALES folder to the server on the third floor. What
happens to the share permissions on the folder after the move?
a. They are lost.
b. They remain as Full Control for the SALES group.
c. They revert to READ for the Sales group.
d. They change to the Change share permission for Everyone.
15. If you create a share and append the $ symbol to the share name, how does this
affect the share?
a. The share is available only to users with Full Control share permissions.
b. The share is available only to users who are members of the Enterprise
Admins, Domain Admins, or Administrators group.
c. The share is not shown when you browse the shares available on the system.
d. The share is inaccessible from any system other than the one on which it was
created.
66 Managing and Maintaining a Microsoft Windows Server 2003 Environment

16. Under what circumstances would you configure IIS to use Basic Authentication?
a. The application hosted by the server is written in the BASIC programming
language.
b. You want to have the server collect user credentials and store them on the
domain controller as an MD5 hash.
c. You want the username and password for the user transmitted in the form of
a hash that prevents eavesdroppers from accessing the user’s credentials.
d. None of the more secure authentication options is available.
17. True or False: If a user is assigned the Read NTFS permission to a file, and a group
of which the user is a member is denied all rights to the file, the user can still open
the file.
18. You have configured a virtual directory alias of info for the E:\sales\information
folder on the server. The Web site hosted by the server is www.contoso.com. Which
of the following URLs do you use to access the virtual directory?
a. www.contoso.com/information
b. www.contoso.com/info
c. www.contoso.com/e:/info
d. www.contoso.com/?info
19. To view the ownership, permissions, and attributes of a file, what is the minimum
standard NTFS permission required?
a. Read
b. Read and Execute
c. Modify
d. Full Control
20. You are configuring IIS on a Windows Server 2003 system. After creating a new
home page for your corporate intranet, you want to make it available to users.
You are not using redirection of any kind. Where do you place the file?
a. C:\INETPUB\WWWROOT
b. C:\WWWROOT
c. C:\IIS\WWWROOT
d. C:\WWWROOT
21. You want a user to take ownership of a file or folder that she did not create.
Which of the following groups do you not add her to?
a. Administrators group
b. Backup Operators group
c. Creator/Owner special identity
d. Server Operators group
Managing and Maintaining a Microsoft Windows Server 2003 Environment
67

22. Which of the following Net commands do you use to create a new share called
DEV from the C:\development folder and allow up to five users to access the
share
at a time?
a. net share DEVELOPMENT=c:\dev /grant:users, read /users:5
b. net share DEV=c:\development /users:users, read /grant:5
c. net share DEV=c:\development /grant:users, read /users:5
d. net share DEV=c:\development /grant:users, read /concurrent:5
23. Why is IIS, in its default configuration, a limited method of publishing files?
24. A user called JohnP is experiencing problems deleting a file out of a folder on the
server. Ordinarily he just opens the file—a report generated by the database
hosted on the system—but in this case, the file has become corrupted and he
needs to delete it. JohnP cannot delete the file, even though he believes he should
be able to. You determine that he is accessing the report through a share called
REPORTS, which was created on a folder called E:\REPORTS. When you
investigate, you find the following permission assignments:
Share Permissions on REPORTS:
Everyone - Read
NTFS Permissions on E:\REPORTS:

Everyone - Read & Execute


Sales - Modify
JohnP - Full Control
What are JohnP’s effective permissions to the folder E:\REPORTS?
a. Full Control
b. Modify
c. Read
d. Read & Execute
68 Managing and Maintaining a Microsoft Windows Server 2003 Environment

25. You are the network administrator for a marketing company in Pensacola. One
morning, you receive a call from a user called Psmith in the Marketing department
who is experiencing problems accessing a spreadsheet in a folder. According to
your system documentation, which is up to date, Psmith is a member of the
Marketing group but holds no other group memberships. You check the
permissions to the folder and see the following entries in the ACL:
Sales - Deny All
Psmith - Read
Sjones - Modify
Everyone - Write
Based on the entries in the ACL, what should Psmith be able to do with the file?
a. Open the file but not make any changes.
b. Open the file but not save it as a new file.
c. He should not be able to open the file.
d. Open the file, make changes, and save it as a new file.
26. A user is assigned the Change share permission to the \\SERVER2\DATA share
that represents the C:\Data folder on Server2. The user connects to the DATA
share across the network and opens a file from the \\SERVER2\DATA\SALES
folder. He then decides that he no longer needs that file, and he tries to delete it.
However, he is unable to do so and receives an error. Which of the following is a
possible explanation for this?
a. NTFS permissions are restricting the user’s access to the folder.
b. The user is a member of a group that is assigned the Read share permission
to the DATA share.
c. Share permissions on the SALES folder in the DATA share are preventing
the user from deleting the file.
d. The user is a member of a group that has been denied all permissions to the
DATA share.
27. You are configuring permissions for users on your network. If a user is assigned
the Modify NTFS permission to the C:\DATA folder and the Read permission to the
C:\DATA\SALES folder, what is the user’s effective permission to the C:\DATA
\SALES folder, assuming that no other NTFS permission or share permission
assignments have been made and that permission inheritance is not blocked?
a. Read.
b. Modify.
c. Full Control.
d. There is insufficient information to answer this question.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
69

28. You are the network administrator for a publishing company in San Diego. One
morning, a user calls to complain that he cannot delete a file from a shared folder.
You locate the folder, and in the Advanced Security Settings dialog box, you
select the Effective Permissions tab. You see that the user should indeed be able
to delete the file. Which of the following might be the cause of the problem?
a. An explicit permission has been assigned to a group of which the user is a
member, and the effective permissions do not factor this into the effective
permissions calculation.
b. An explicit permission has been assigned to the user on that file, and the
effective permissions do not factor this into the effective permissions
calculation.
c. The effective permissions display does not factor in share permissions.
d. The user is a member of a domain local group, and the effective permissions
do not factor this into the effective permissions calculation.
29. Explain how you determine the effective permissions for a user object when a
user is assigned NTFS permissions to a folder within a share to which she is also
given permissions. Give an example of how to determine the effective
permissions in such a scenario.
30. You have just taken over as the network administrator for a paper manufacturer in
Springfield, Ohio. You are in the process of implementing a new file structure to
better accommodate users’ needs and make file access more secure. Today, you
are working on the E:\SALES folder structure, which is used by the 65 users in
the Sales department. All 65 users need the ability to read files in the folder and
run programs from that folder. In addition, three managers need the ability to edit
and delete files in that folder. All of the users and managers in the Sales
department are members of the SALES group. Which of the following statements
best describes how to configure permissions to meet these requirements?
a. Create a share, and assign the Modify share permission to the SALES group.
Assign the SALES group the NTFS Read & Execute permission. Assign the
three managers in the Sales department the NTFS Modify permission.
b. Create a share, and assign the Read share permission to the SALES group.
Assign the SALES group the NTFS Read & Execute permission. Assign the
three managers in the Sales department the NTFS Modify permission.
c. Create a share, and assign the Full Control share permission to the SALES
group. Assign the SALES group the NTFS Read & Execute permission.
Assign the three managers in the Sales department the NTFS Modify
permission.
d. Create a share, and assign the Full Control share permission to the SALES
group. Assign the SALES group the NTFS Read permission. Assign the three
managers in the Sales department the NTFS Modify permission.
70 Managing and Maintaining a Microsoft Windows Server 2003 Environment

31. You are the network administrator for a small furniture manufacturing company
in Portland, Oregon. The network comprises three Windows Server 2003 systems,
all of which are configured as domain controllers. Each server has three disk
drives in it. One drive is dedicated to the system and boot partition, and the other
two drives hold the company sales order-processing database. All of the drives
use NTFS.
One day, a user reports that she has been configuring a folder that she created,
removing all of the users, including herself, from the ACL. Now she is unable
to access the files in the folder. How do you restore her access to the files in
the folder?
a. Restore the folder and its files from a backup taken before the user made the
changes.
b. Have the user assign herself permission to the folder again.
c. Retake ownership of the folder, and reassign permissions to the users as
necessary.
d. Assign the user to the Creator/Owner special identity so she can edit the ACL.
32. You are the network administrator for a small craft supplies wholesaler in Memphis.
You have a single server running Windows Server 2003. You are using the FAT file
system and rely on share permissions to control access to data. You share out the
E:\SALES folder as SALES and assign the Sales group the Full Control share
permission. You then share out the E:\SALES\REPORTS folder as REPORTS and
assign the Sales group the Read permission to the share. Which of the following
actions can users not take on a file in the E:\SALES\REPORTS folder if they
connect to the SALES share?
a. Open a file
b. Delete a file
c. Change the attributes of a file
d. Change the permissions on a file
33. You are troubleshooting a file access problem reported by a user called SallyJ from
the Sales department. As a member of that department, she is a member of the Sales
group. She is connecting to a shared folder called DATA, which is shared on the
E:\DATA folder. You examine the share permissions and NTFS permissions on
the folder and see the following:
Share permissions for DATA share:
Sales - Change
Managing and Maintaining a Microsoft Windows Server 2003 Environment
71

NTFS permissions for E:\DATA folder:


Sales - Write
SallyJ - Read&Execute
No permissions are applied to any files in the folder. What should SallyJ be able
to do in the folder?
a. Open files but not make any changes.
b. She should not be able to open the files.
c. Open files and make changes to those files, but not create any new files.
d. Open files, make changes to those files, and create new files.
34. You are the network administrator for a plumbing hardware wholesaler in
Rochester, New York. The network comprises two Windows Server 2003
systems, both of which are domain controllers. Each server has two disk drives in
it, one that holds the system and boot partitions and another, called STORAGE,
that is used to store the company’s sales order-processing database, inventory
database, and files. Four shares have been created on the server: SALES,
INVENTORY, DATA, and ARCHIVE. The permissions on the shares are set to
Full Control for the Everyone special identity. Folders in the shares are controlled
via NTFS permissions.
One Monday, you arrive at work to find that the STORAGE drive has failed.
Fortunately, your regular supplier is able to deliver a replacement drive within an
hour, and you install it in the server. After formatting the drive, You restore the data
from the previous night’s backup and then perform a quick check to make sure the
data restore is successful. It is, so you inform users that they can use the sales order-
processing system and the inventory database. However, it quickly becomes
apparent that users cannot access either of these applications—they receive
CANNOT READ DATAFILE errors when they try to start either application.
Which of the following might be the cause of the problem?
a. The NTFS permissions on the folders were reset to Read for the Everyone
special identity during the restore process.
b. The ACLs for the folders were re-created by the restore process and are
now empty.
c. The shares that the users used to connect to the server were removed.
d. The shares that the users used to connect to the server were automatically set
to deny access to the Everyone special identity, as a security precaution.
72 Managing and Maintaining a Microsoft Windows Server 2003 Environment

35. You are the network administrator for a small company that develops integrated
circuit chips for mobile communications manufacturers. The company network
comprises a single Windows Server 2003 system that provides file and print
services to the company’s 25 users. Three of the users are working on a top-secret
project. They require a folder on the server that only they can access. Auditing is
enabled on the server, but the manager wants to make sure that no one, including
the Administrator, can access the files except the three engineers working on the
project.
The manager asks you to remove all entries from the ACL for the folder for users,
groups, and special identities other than the three engineers. Will this prevent all
others from seeing or opening the files in the folder?
a. Yes.
b. No. Someone else might be able to open or see the files, but you will have no
way of knowing if this has occurred.
c. No. Someone else might be able to open or see the files, but you will be able
to tell if this has occurred.
d. No. Members of the Administrators group will also be able to see or open the
files.
36. You have configured a share for the Sales department called REPORTS and
assigned all of the users in the department the Read share permission. You have
also selected the All Files And Programs That Users Open From The Share Will
Be Automatically Available Offline option in the Offline Settings dialog box. What
happens if a user has a report open from the REPORTS share and the server
becomes unavailable?
a. The files will be available offline, but access to the files will be controlled by
the share permissions just as if they were being accessed from the server.
b. The files will be available offline but will have no security on them.
c. The files will be available offline, but only if a connection can be established
to a domain controller that can verify the entries in the ACL.
d. The files will not be available offline.
37. You are the network administrator for a charity based in Dallas, Texas. You have a
single Windows Server 2003 system, running Active Directory, that provides file and
print server services to 50 users. The system was donated by a local business, and
while it is powerful enough for your needs, storage capacity on the server is limited.
Your manager has assured you that as soon as funds become available, you will be
able to purchase an additional disk drive, but in the meantime he has asked you to
use any available means to control the storage situation. As a result, you have
implemented disk quotas so that one user cannot monopolize all the available disk
space.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
73

After creating a new directory structure for a user and copying a number of large
files from the user’s workstation to the server, you want to make sure the files are
counted toward the user’s disk quota. Which approach are you most likely to use?
a. Make the user a member of the Administrators group, which allows her to
take ownership of the files. Once she has done that, remove her from the
Administrators group.
b. Make the user a member of the Creator/Owner special identity to allow her
to take ownership of the files.
c. Give the user the Modify NTFS permission so she can take ownership of
the files.
d. While logged on as a user account that is a member of the Server Operators
group, assign ownership of the files to the user.
CHAPTER 10
WORKING WITH PRINTERS
1. Which of the following is not a standard permission that can be assigned to a
printer?
a. Print
b. Manage Printers
c. Manage Properties
d. Manage Documents
2. Where do you look to see if a printer is in offline mode?
a. Printers And Faxes folder
b. System log of Event Viewer
c. Services utility
d. Printer Management MMC snap-in
3. In what tab of a printer’s properties do you configure printer pooling?
a. Pooling
b. Ports
c. Device Settings
d. Configuration
4. Which of the following UNC paths do you use to connect to the LASERJ printer
on the SALES6 server?
a. \\SALES6\\LASERJ
b. \\S=SALES6\P=LASERJ
c. \\LASERJ\SALES
d. \\SALES6\LASERJ
5. In what tab of a printer’s properties do you configure redirection of print jobs?
a. Advanced
b. Ports
c. Device Settings
d. General
Managing and Maintaining a Microsoft Windows Server 2003 Environment
75

6. Which of the following two permissions are assigned to the Server Operators group
by default?
a. Print
b. Manage Printers
c. Manage Documents
d. Manage Spooler
7. Where do you look to see error messages related to the spooler service?
a. Event Viewer, Print log
b. Event Viewer, Security log
c. Event Viewer, Application log
d. Event Viewer, System log
8. In a default configuration, which of the following folders holds the folders in which
print jobs are spooled?
a. Systemroot\System\Spool\Printers
b. Systemroot\System32\Spool
c. Systemroot\System32\Spool\Printers
d. Systemroot\System32\Printers
9. Where do you configure a printer for use with A4-size paper rather than Letter?
a. The Forms tab of the printer’s properties
b. The Device Settings tab of the printer’s properties
c. The Paper Size tab of the printer’s properties
d. The Configuration tab of the printer’s properties
10. Which of the following is not a counter you can add to the Performance console
when you monitor printing activity?
a. Jobs
b. Out Of Paper Errors
c. Offline Errors
d. Total Pages Printed
11. By what mechanism does a user receive the rights to delete a document that she
sent to print from the print queue?
12. While using the Performance console to monitor printing, you notice that the Job
Errors counter for a high-performance laser printer is 15. What does this tell you?
a. Since the spooler was started, 15 Job Errors have been recorded.
b. Since the printer was last offline, 15 Job Errors have been recorded.
c. Since you started monitoring the printer, 15 Job Errors have been recorded.
d. The number of actual errors experienced by print jobs is 15.
76 Managing and Maintaining a Microsoft Windows Server 2003 Environment

13. You create four logical printers called SALES, RESEARCH, MARKETING, and
MANAGEMENT. You assign the SALES printer a priority of 10, The RESEARCH
PRINTER a priority of 8, the MARKETING printer a priority of 5, and the
MANAGEMENT printer a priority of 2. If a document is sent to each of the logical
printers at exactly the same time, which one will print first?
a. MANAGEMENT
b. MARKETING
c. SALES
d. RESEARCH
14. The laser printer on the third floor has failed. To provide users with some printing
capability, you decide to redirect the logical printer for the failed printer to the laser
printer on the second floor. What happens to print jobs that are already printing?
a. They are restarted and placed at the beginning of the print queue.
b. They are restarted and placed at the end of the print queue.
c. The portion of the job that has not yet been output on the original printer is
sent to the new printer.
d. They are not printed.
15. True or False: You can use the Ping utility to prove that the printer is connected to
the network, powered on, and online.
16. A number of users have reported problems with printing. What services do you
check as part of the troubleshooting process?
a. Remote Procedure Call
b. Print Manager
c. Print Spooler
d. Print Driver
17. You have created a printer on a Windows Server 2003 system. During the
creation process, you shared the printer out, but now you want to configure the
printer so it is not listed in Active Directory. Which of the following is the correct
way to do this?
a. Select the printer icon in the Printers And Faxes window and, from the File
menu, select Properties. In the General tab, clear the List In The Directory
check box.
b. Select the printer icon in the Printers And Faxes window. Right-click the
icon, and deselect List In The Directory on the menu.
c. Select the printer icon in the Printers And Faxes window and, from the File
menu, select Sharing. Clear the List In The Directory check box.
d. Locate the corresponding printer object in Active Directory Users And
Computers, and delete or disable it.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
77

18. You have created a printer called SALES LASER on the SALES server. What is
the default share name for the printer?
a. SALESLASER
b. SALES LA
c. SALESLAS
d. SALESSALESLASER
19. After you create a new printer and share it out, users can start printing to the device
even if you have not made any permission assignments for the printer. How is this
possible?
a. The default permission assignment for a newly created printer is Everyone,
Full Control.
b. The default permission assignment for a newly created printer is Everyone, Print.
c. The default permission assignment for a newly created printer is Domain
Users, Print.
d. The default permission assignment for a newly created printer is Domain
Users, Full Control.
20. You have created a printer pool of three printers: HPLASER1, HPLASER2, and
HPLASER3. Three users print to the printer pool at exactly the same time. If one
of the jobs is significantly larger than the others, which of the printers will the print
job be output from?
a. HPLASER1
b. HPLASER2
c. HPLASER3
d. There is no way of knowing.
21. True or False: When you install a printer that is connected directly to the
Windows Server 2003 system, the installation process does not create a
logical printer device for it.
22. Your manager has asked you to configure the company’s Windows Server 2003
system so users in the Sales department can be charged for the use of a high-
resolution color laser printer to which the department has exclusive access. Which
of the following are you most likely to do to achieve this?
a. Implement auditing on the color printer.
b. Use the Performance console to monitor printer usage.
c. Enable disk quotas for the spool directory.
d. Configure the properties of the printer so printed documents are kept after
they have been printed.
78 Managing and Maintaining a Microsoft Windows Server 2003 Environment

23. You have installed a laser printer and connected it directly to the network. You
created logical printers on 7 of 10 Windows 98 workstations and configured the
logical printers to point to the newly installed printer. When the printer runs out of
paper, which systems receive the error message generated by the printer?
a. All PCs on the network
b. All PCs that are connected to the printer
c. All PCs that currently have jobs in the print queue
d. Only the PC that is printing a job or has a job at the front of the print queue
24. You are the network administrator for a small book distribution company. The
network comprises 2 Windows Server 2003 systems, 3 Windows 2000 Professional
workstations, and 11 Windows 98 systems. The company uses two laser printers
that are connected directly to the network. One of the Windows Server 2003
systems is configured as the print server for both printers. You have subscribed to
an e-mail notification system provided by the printer manufacturer, which informs
you that new printer drivers are available for Windows 98 and Windows Server
2003. No new drivers are available for Windows 2000. Which of the following
procedures do you follow to install and update the printer drivers?
a. On the Windows Server 2003 systems, update the drivers for both Windows
Server 2003 and Windows 98. In addition, install the Windows 98 drivers on
the client systems.
b. On the Windows Server 2003 systems, update the drivers for both Windows
Server 2003 and Windows 98.
c. On the Windows Server 2003 systems, update the drivers for both Windows
Server 2003 and Windows 98. Select the Automatic Update Of Clients option
in the Sharing tab of the printer’s properties.
d. Install the new Windows 98 drivers on the Windows 98 client systems.
Install the Windows Server 2003 drivers on the server.
25. You are the network administrator for a bank. The network comprises 3 Windows
Server 2003 systems, 23 Windows 98 client systems, 3 Windows NT 4 systems,
and 14 Windows XP Professional systems. You have one laser printer that is
connected directly to the network. One of the servers is configured as a print
server for the printer, and the Windows 98 and Windows XP Professional systems
all have a logical printer configured that connects to the printer via the print server.
The Windows NT 4 workstation systems print directly to the printer across the
network. You have just purchased a new printer and are in the process of configuring
it. The users on the Windows NT 4 workstation systems do not need to access it.
The new printer will be attached directly to the print server by a parallel interface.
What platforms do you install drivers for when you configure the printer?
a. Windows Server 2003
b. Windows Server 2003 and Windows 98
c. Windows Server 2003, Windows XP Professional, and Windows 98
d. Windows Server 2003 and Windows XP Professional
Managing and Maintaining a Microsoft Windows Server 2003 Environment
79

26. You are the network administrator for a large department store. The network
comprises 3 Windows Server 2003 systems and 134 workstations, and 47 of those
workstations are configured as point-of-sale terminals. There are 27 printers, all
of which are connected directly to the network. Each of the seven customer
service desks has a PC and a color laser printer. The PCs are for customers to
browse the company’s online catalog and to print product information sheets.
However, your manager has learned that someone might be using one of the PCs
and color laser printers to print personal material after hours. He asks you to
enable auditing on the printer to determine if this is indeed the case. You enable
auditing on the printer, but when you review the Security log the following
evening, there are no entries of any kind, even though you know that legitimate
printing was done during the day. What is the most likely cause of the problem?
a. Audit events are not recorded in the Security log.
b. Users are creating print jobs as the special identity Everyone and are
therefore not subject to auditing.
c. You cannot audit successful print jobs—only failed print jobs.
d. Object auditing might not be enabled.
27. You are the network administrator for a sporting goods wholesaler. The network
comprises 2 Windows Server 2003 systems, 23 Windows 98 workstations, and 4
Windows 2000 Professional workstations. The company has two high-speed laser
printers that are connected directly to the network. A user with a Windows 98
workstation reports that he is having problems printing from Microsoft Word.
When you visit the user’s workstation, you discover that he cannot print from any
other application on the workstation either, even though he was able to earlier in
the day. You log on as yourself, attempt to print, and are able to do so. In addition,
the user at the next desk, who is also using a Windows 98 workstation, is able to
print from Word and Microsoft Excel to the same printer that the user is attempting
to print to. What is the most likely cause of the problem?
a. The printer driver on the user’s workstation is corrupted.
b. A job-specific printer configuration is preventing the user from printing.
c. The printer driver on the server has become corrupted.
d. The user has become disconnected from the printer.
28. Explain the function of the Printing Defaults button in the Advanced tab of a
printer’s properties, and the Printing Preferences button in the General tab of
the printer’s properties. Explain what happens when a user configures job-specific
printing properties through an application such as Word, and explain the
interaction with both the printing defaults and printing preferences in such a case.
80 Managing and Maintaining a Microsoft Windows Server 2003 Environment

29. You are the network administrator for a stock brokerage. The network comprises
2 Windows Server 2003 systems and 57 Windows XP Professional
workstations. You have three network-attached printers that are hosted by one of
the Windows Server 2003 systems that is configured as the print server. Two of
the printers are Hewlett-Packard LaserJet 4050s and are named Accounts and
Admin. The third printer is a Hewlett-Packard DeskJet printer, which is called
Publish. The Accounts and Publish printers are on the first floor of the building,
and the Admin printer is on the second floor.
One morning, a user from the Accounting department reports that her print job has
stopped coming out of the Accounts printer, with only 43 of 75 pages printed.
Fourteen other jobs are in the print queue behind the job that has stopped. You check
that print queue and find that the print job indeed appears to be stuck in the print
queue, with only half of it printed. You determine that the printer has actually
stopped printing altogether and will not even print a test page. You check the print
queue again and find that there are now 21 print jobs in the print queue. Which of
the following do you do next?
a. Redirect the logical printer to the Admin printer. Tell the user to collect the
rest of the job from the Admin printer. Notify all of the users of the Accounts
printer that their print jobs will be printed on the Admin printer.
b. Redirect the logical printer to the Admin printer. Tell the user to resend her
print job to the queue. Notify all of the users of the Accounts printer that
their print jobs will be printed on the Admin printer.
c. Redirect the logical printer to the Publish printer. Tell the user to resend her
print job to the queue. Notify all of the users of the Accounts printer that
their print jobs will be printed on the Publish printer.
d. Redirect the logical printer to the Publish printer. Tell the user to collect the
rest of her job from the Publish printer. Notify all of the users of the
Accounts printer that their print jobs will be printed on the Publish printer.
30. You are the network administrator for a large real estate company. You have
configured two logical printers with one physical printing device. One logical
printer called RESIDENTIAL is assigned to the residential sales team. The other,
called COMMERCIAL, is assigned to the commercial sales team. You assign
the COMMERCIAL printer a priority of 10 and the RESIDENTIAL printer a
priority of 1. There are currently seven jobs in the RESIDENTIAL print
queue. What happens when a print job is sent to the COMMERCIAL print
queue?
a. The currently printing job is paused, and the print job from the
COMMERCIAL queue is printed.
b. The currently printing job is completed, and then the print job from the
COMMERCIAL queue is printed.
c. All of the jobs in the RESIDENTIAL queue are printed, and then the job from
the COMMERCIAL queue is printed as long as no other jobs are added to
the RESIDENTIAL queue in the meantime.
d. All of the jobs and any additional jobs in the RESIDENTIAL queue are
printed. When there are no outstanding jobs in the RESIDENTIAL queue, the
job from the commercial queue is printed.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
81

31. You are the network administrator for a small computer distributor. The network
comprises a single Windows Server 2003 system, which is configured as a domain
controller, and 17 Windows XP Professional workstations. There is a single high-
performance laser printer, which is directly connected to the network. The Windows
Server 2003 system acts as a print server for the device, with a single logical printer.
You are due to take a week’s vacation, and although you anticipate few problems,
you want to give a user with some technical expertise the ability to pause and restart
the printer if a printing problem arises. You also want to allow him to manage jobs
in the print queue other than his own. To give him the necessary rights, you want
to make a single group assignment for the user. If possible, though, you do not
want to add him to a group that grants him more rights than he needs. Which of
the following predefined Active Directory groups do you add him to?
a. Print Operators
b. Administrators
c. Power Users
d. Print Managers
32. You are the network administrator for a media publishing company. The network
comprises 2 Windows Server 2003 systems, 15 Windows 98 systems, and 10
Windows XP Professional systems. You have one high-performance laser printer,
which is connected directly via a parallel connection to one of the Windows
Server 2003 systems that is configured as a print server. One morning, a user
with a Windows 98 system reports a problem with printing. She can send the job,
but when the job is printed, it is simply a collection of blank pages. While investigating,
you successfully print a test page from an application on the print server to which
the printer is directly connected. Which of the following areas have you not
eliminated as possible sources of the problem?
a. The physical printing device
b. Available disk space on the server
c. The spooler service
d. Printer drivers
82 Managing and Maintaining a Microsoft Windows Server 2003 Environment

33. You are the network administrator for a pharmaceutical company. The network
comprises 4 Windows Server 2003 systems and 205 Windows XP Professional
client computers. Three of the servers are configured as domain controllers. The
fourth server is configured as a member server and is the sole print server for the
company. The company has five divisions: Sales, Research, Manufacturing,
Distribution, and Administration.
Users in the Research department print large reports from a database system that
was developed in-house. For some reason, these large print jobs often get stuck in
the print queue and prevent other users in the department from printing. The
developer responsible for the application, who is also based in the Research
department, is looking into the problem. In the meantime, you give another
person from that department the ability to delete print jobs for himself and other
users in the department from the print queue, which you hope will reduce the
number of calls to the support desk. However, you do not want them to be able to
make any configuration changes to the printer itself. At the same time, you want to
give the developer the ability to modify printer properties so he can attempt to
isolate the problem with the database. Company policy dictates that group
membership should be used before creating individual permissions to a resource,
unless doing so grants a user more rights than he requires. Which of the following
statements describes the best way to provide the necessary access?
a. Make the developer a member of the Administrators group. Make the nominated
user in the Research department a member of the Print Operators group.
b. Make the developer a member of the Print Operators group. Make the nominated
user a member of the Print Managers group.
c. Make the developer a member of the Print Managers group. Make the nominated
user a member of the Document Managers group.
d. Grant the developer the Manage Printers permission. Make the nominated user a
member of the Print Operators group.
CHAPTER 11
MANAGING DEVICE
DRIVERS
1. What is the name given to a pathway that some hardware devices use to transfer
data directly to and from system memory?
a. IRQ channel
b. I/O channel
c. DMA channel
d. MA channel
2. What name is given to a location in memory that is allocated for use by a particular
hardware device, to exchange information with the system?
a. Memory address
b. IRQ
c. I/O address
d. I/O channel
3. Which of the following keys do you press during the system boot to access the Last
Known Good Configuration?
a. F10
b. F5
c. F8
d. F1
4. Where does Windows Server 2003 store hardware and device driver information?
a. The Registry
b. The hw.ini and dd.ini files
c. Devices database
d. Hardware abstraction layer database
84 Managing and Maintaining a Microsoft Windows Server 2003 Environment

5. Which of the following is not an option available for the configuration of driver
signing on Windows Server 2003?
a. Ignore
b. Warn
c. Block
d. Deny
6. Which of the following icons is used in Device Manager to identify a device that
cannot be recognized?
a. Yellow question mark
b. Red question mark
c. Red circle with a white question mark
d. Yellow circle with a white question mark
7. Which of the following is a limitation of using Device Manager to work with
devices on a remote system?
a. You can view and reconfigure existing devices, but you cannot add new
ones.
b. You can view information, but you cannot change anything.
c. You cannot view information on objects marked as unknown.
d. You can view and reconfigure devices, but you cannot update drivers.
8. In which tab of a device’s properties in Device Manager do you update the driver
for the device?
a. Driver
b. Resources
c. General
d. Advanced
9. What does a valid digital signature on a device driver prove?
a. The device driver has not been altered since the manufacturer produced it.
b. The manufacturer is an IEEE-registered company.
c. The manufacturer is who it says it is.
d. The device driver has been downloaded from a trusted source.
10. After installing a Plug and Play device, you restart the system but the operating
system does not recognize it. What do you do next?
a. Power down the system, physically remove the device, restart and shut down
the system, reinstall the hardware, and reboot the system.
b. From Control Panel, run the Add Hardware Wizard.
c. From Device Manager, run the Add Hardware Wizard.
d. Boot the system into Safe mode, and run the Add Hardware Wizard.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
85

11. Which of the following is not a reason to update a device driver on a Windows
Server 2003 system?
a. To ensure driver conformity between systems
b. To enhance performance
c. To implement new features
d. To address problems with previous driver releases
12. You installed a device manually using the Add Hardware Wizard, and then
uninstalled it. How will the device be represented in Device Manager?
a. The device’s icon will be removed.
b. The device’s icon will appear with a white cross on a red circle.
c. The device’s icon will appear with a yellow question mark.
d. The device’s icon will appear with an exclamation point.
13. You have uninstalled a network card that was installed via Plug and Play (PnP),
but you have not physically removed the network card from the system. What will
happen when the system is restarted?
a. The device will be ignored by the system and marked with a red X in Device
Manager.
b. The system will attempt to reinstall the device.
c. Nothing.
d. The device will be ignored by the system and marked with a yellow question
mark in Device Manager.
14. After installing a legacy device in your computer, Windows Server 2003 does not
detect the new hardware. Which of the following two procedures do you follow to
start the detection process?
a. Restart the server.
b. Open Control Panel, and double-click Add Hardware.
c. Open the System Properties dialog box, click the Hardware tab, and click Add
Hardware Wizard.
d. Restart the system in Safe mode, open Control Panel, and double-click Add
Hardware.
15. True or False: Members of the Administrators group can use Device Manager to
configure hardware resources for devices on remote systems.
16. Which of the following conditions need not be met for a user to install a new
device?
a. The device driver for the device must have a digital signature.
b. The installation must not require Windows to display a user interface to install
the device.
c. The device driver must be present on the computer.
d. The device must be using a USB or FireWire interface.
86 Managing and Maintaining a Microsoft Windows Server 2003 Environment

17. Explain how the Last Known Good Configuration feature is accessed and what actions
are performed by the system when it is invoked. Also explain the circumstances in
which invoking the Last Known Good Configuration is necessary.
18. While troubleshooting a problem with a video card in your system, you read a
TechNet article that discusses the use of Device Manager error codes to identify
the cause of hardware problems. Where do you check to see if the device has
produced an error code?
a. The General tab of the properties for the device in Device Manager
b. The System log of Event Viewer
c. The Application log of Event Viewer
d. The Resources tab of the properties for the device in Device Manager
19. You want to configure driver signing on your Windows Server 2003 system to
prevent unsigned drivers from being installed on the system. Which of the following
is the correct procedure to do this?
a. Select System in Control Panel, and, in the System Properties dialog box, select
the Hardware tab and then click Driver Signing. Select Ignore in the Driver
Signing Options dialog box.
b. Select System in Control Panel, and, in the System Properties dialog box, select
the Hardware tab and then click Device Manager. From the File menu in
Device Manager, point to Options and then select Driver Signing. Select
Deny in the Driver Signing Options dialog box.
c. Select System in Control Panel, and, in the System Properties dialog box, select
the Hardware tab and then click Driver Signing. Select Block in the Driver
Signing Options dialog box.
d. Select System in Control Panel, and, in the System Properties dialog box, select
the Hardware tab and then click Device Manager. From the File menu in Device
Manager, point to Options and then select Driver Signing. Select Block in the
Driver Signing Options dialog box.
20. True or False: If you install a device in a Windows Server 2003 system that has a
signed driver, the device is guaranteed to work with all other hardware in the
system.
21. Which of the following is true of devices that have been assigned a signed driver?
a. They are guaranteed to work with any other device that is recognized by
Windows Server 2003.
b. They are the best available of their type.
c. They can use a device driver from another manufacturer if it is for the same
classification of hardware.
d. They are guaranteed to be stable when used in a system running Windows
Server 2003 where all other devices are using signed drivers.
22. Which of the following is not a way to start Device Manager?
a. Click Start, point to Control Panel, and select System. In the System Properties
dialog box, select the Hardware tab, and then click the Device Manager button.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
87

b. Click Start, point to Administrative Tools, and select Computer Management.


In the Computer Management console’s scope pane, select the Device
Manager icon.
c. Open the Run dialog box, type mmc in the Open text box, and press ENTER to
open an empty Microsoft Management Console window. Select Add/Remove
Snap-In from the File menu, and add the Device Manager snap-in to the console.
d. Click Start, point to Administrative Tools, and click System. In the Computer
Management console’s scope pane, select the Device Manager icon.
23. You have recently installed a new driver for the Plug and Play network interface
card in your server. Since then, users have complained that network performance is
poor. You use the Performance console to measure the performance of the
network interface and determine that performance has indeed dropped since the
new driver was installed. Which of the following courses of action are you most
likely to take to solve the problem?
a. In Device Manager, disable the network card, and then determine the problem.
b. Using Device Manager, assign the network interface card a different IRQ.
c. Reinstall the driver for the network card.
d. Use the Driver Rollback feature to return to the previous version of the
driver.
24. You have installed a new network card driver on your Windows Server 2003
system. Since then, the system will not boot correctly, crashing about 10 seconds
after you log on. Which of the following procedures do you follow to correct the
problem?
a. Press F8 as the system boots, and select Safe Mode from the Windows
Advanced Options menu. When the system has booted, uninstall the network
card through Device Manager. Then restart the system.
b. Press F5 as the system boots, and select Safe Mode from the Windows
Advanced Options menu. When the system has booted, disable the network
card in Device Manager.
c. Press F8 as the system boots, and select Safe Mode from the Windows
Advanced Options menu. When the system has booted, disable the network
card in Device Manager.
d. Press F8 as the system boots, and select Last Known Good Configuration from
the Windows Advanced Options menu.
25. You are the network administrator for a mortgage brokerage. The network comprises
2 Windows Server 2003 systems and 45 Windows XP Professional systems. Your
manager has employed a second administrator to help you with the heavy workload.
One of the first tasks he is assigned is to update the drivers for the network cards
in one of the servers. He has been using a user account that is a member of the
Domain Users group only and has been assigned interactive logon rights to access
the server because you want him to become familiar with the system before he
gets full administrative access. Now, however, you need to provide him with the
rights necessary to install the new drivers, but you still do not want him to have full
access to the server. Which of the following is the best way of doing this?
88 Managing and Maintaining a Microsoft Windows Server 2003 Environment

a. Add him to the Administrators group.


b. Add him to the Server Operators group.
c. Grant his user account the Add And Remove Hardware user rights assignment
through the Default Domain Controllers Policy GPO.
d. Grant his user account the Load And Unload Device Drivers user rights
assignment through the Default Domain Controllers Policy GPO.
26. You are the network administrator for a life insurance company. You are in the
process of configuring a Windows Server 2003 system as a fax server. Previously
you’ve used a Windows NT 4 Server for this purpose, but you need to upgrade
to a more powerful system. To accommodate the fax server function, you need to
install three identical non-PnP serial communications boards that will be connected
to 15 fax modems.
You physically install the devices in the server and configure the resources for the
boards. When you restart the server, two of the communications boards function
correctly, but the third does not work at all. When you look in Device Manager,
you notice that the third board is marked with a yellow exclamation point. When
you view the properties for the third communications board, an error code of 12 is
shown in the General tab of the Properties page. Which of the following solutions
are you likely to attempt first?
a. Reinstall the driver for the board.
b. Uninstall the third board through Device Manager, and restart the system.
c. Check the hardware resources for the communications board, and look for
any conflicts.
d. Remove the communications board because it is faulty.
27. While decommissioning an old Linux server, you notice that the server has a high-
performance Ethernet card installed in it. The network card is better than the one
installed in your Windows Server 2003 system, so you decide to install the Ethernet
card in your Windows Server 2003 system. Using the Internet, you locate a driver
for the card, although the README for the driver says that the driver has not
been approved by Microsoft for use on Windows Server 2003. The driver signing
options on your Windows Server 2003 system are configured to Ignore. Which of
the following statements describes what will happen when you attempt to install the
driver?
a. You can install the driver, but if it conflicts with another device in the
system, error messages indicating this will be ignored.
b. You can install the driver, but it might cause a conflict with another device in
the system.
c. You can install the driver, but you should call Microsoft technical support for
help in configuring the device to make sure it doesn’t conflict with other installed
hardware.
d. You will not be able to install the driver.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
89

28. You are configuring a new server for your company. The operating system
installation completes without error, and once the system restarts, you proceed
to use the system. After you have installed the application software on the server,
you decide to install a USB mouse. However, when you connect the mouse it does
not work. You notice that the USB controller has been marked with a yellow
exclamation point in Device Manager. You see in the Properties page for the
USB controller that Device Manager reports an error code of 10 in the General
tab. You restart the system and confirm that the USB controller is correctly enabled
in the BIOS. Which of the following are you most likely to do next?
a. Reinstall the operating system.
b. Uninstall the USB controller through Device Manager. Restart the system,
and have Windows redetect the controller.
c. Run the Hardware Update Wizard using the Update Driver button, but do not
let Windows Server 2003 automatically detect devices.
d. Run the Hardware Update Wizard using the Update Driver button. Let Windows
Server 2003 automatically detect devices.
29. You are the network administrator for a regional bank. The network comprises 3
Windows Server 2003 systems and 168 Windows XP Professional systems. The
servers were all implemented at different times, and they differ in their power and
have different hardware configurations. However, they all have the same network
card installed.
While comparing baselines with current performance statistics for the servers, you
notice that the oldest of the three servers appears to have an issue with network
performance. Statistics for the network interface have dropped drastically over the
last month, whereas the network performance statistics for the other servers have
remained the same. While researching the problem, you find that there is a known
problem with the network card driver when it is being used on the same processor
platform as that of the server with the issue. An updated and signed driver for the
network card is available that cures the specific problem. Which of the following
do you do?
a. Download the signed driver, install it on the Windows Server 2003 system
during off hours, and monitor the server to ensure that it is stable. As early as
possible, check to see if network performance has improved.
b. Download the signed driver, install it on the Windows Server 2003 system
during off hours, and monitor the server to ensure that it is stable. As early as
possible, check to see if network performance has improved. If it has, install
the driver on the other servers.
c. Download the signed driver, and install it on the Windows Server 2003 system
during a peak usage period to see if the network performance has improved.
If it has, install the driver on the other servers.
d. Replace the network card in the server.
30. Name the four types of hardware resource that might need to be configured when
you manually install a device on a Windows Server 2003 system, and briefly
explain their function and purpose.
90 Managing and Maintaining a Microsoft Windows Server 2003 Environment

31. You are troubleshooting a problem with a Windows Server 2003 system that has
crashed. When you try to reboot the system, it fails and reports an error with the
video card driver. You have attempted to boot the system into Safe mode and Last
Known Good Configuration without success. Which of the following are you likely
to do next?
a. Reinstall the operating system.
b. Use the Update Driver option from the Windows Advanced Options menu.
c. Use the Recovery console.
d. Use the Driver Rollback feature to revert to an earlier version of the video
card driver.
32. You have just installed a new network card in your Windows Server 2003 system.
When you start the server, the system detects the new device and identifies that it
is a network card, but it cannot identify the specific model. Which of the
following are you likely to do?
a. Install another network card because the original card is faulty.
b. Remove the network card, physically reinstall it, and then reboot the system.
c. Configure the manufacturer and model of the device manually.
d. Free up some resources in the system by disabling another device.
33. You are the network administrator for a publishing company. The network
comprises 3 Windows Server systems and 100 Windows XP Professional
systems. You are upgrading your Internet connection from ISDN to DSL. As
part of the upgrade process, you are going to remove an ISDN terminal adapter
from one of the servers. The ISDN adapter is an older type that is not a PnP device.
You uninstall the device in Device Manager but forget to physically remove the
device from the system. What will happen when the system is restarted?
a. The device’s icon in Device Manager will appear with an exclamation point.
b. The device will be removed from Device Manager.
c. The device’s icon in Device Manager will appear with a red X.
d. The device’s icon in Device Manager will appear with a yellow question mark.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
91

34. You are the network administrator for a furniture manufacturer. The network
comprises 3 Windows Server 2003 systems and 140 Windows XP Professional
workstations. The network is generally problem-free, but recently you have
experienced failed backups on one of the servers. You determine that the SCSI
controller installed in the server is causing the problem. While troubleshooting the
issue, you look in the General tab of the properties for the SCSI adapter in Device
Manager. An error code of 3 is reported. Which of the following do you do?
a. Replace the SCSI adapter with one that uses a signed driver.
b. Check that there is enough available system memory. If there is, determine
whether a new driver is available for the SCSI adapter. If so, download and
install it.
c. Check that there is enough available system memory. If there is, use the Replace
Driver option in the Driver tab of the properties for the device to install another
copy of the same driver from a different location.
d. Check that there is enough available system memory. If there is, use the
Update Driver option in the Driver tab of the properties for the device to install
another copy of the same driver from a different location.
35. You are one of two network administrators for a food wholesaler. The network
comprises a single Windows Server 2003 server and 17 Windows XP Professional
workstations. Your manager recently purchased a refurbished server system from
a reseller and wants to install it on the network as a second domain controller.
During installation of Windows Server 2003 on the new server, the installation
program is unable to identify the video card installed in the system and installs a
generic driver. After the installation, you look on the Internet and find a driver for
the video card, but it is not signed. You are unable to locate another driver, so you
decide to install the unsigned driver to get the system up and running, but you
plan to buy a new Microsoft-approved video card and install it before the server
goes live. No driver signing options have yet been configured. What will happen
when you try to install the unsigned driver?
a. You will be prevented from installing it.
b. You will be warned that the driver is not signed.
c. You will be able to install the driver, but the system will continue to use the
generic signed driver installed with the operating system.
d. You will be able to install the driver and will not be warned that it is unsigned.
CHAPTER 12
MANAGING DISK
STORAGE
1. Which of the following commands do you use to start the standalone Disk
Management utility?
a. Dskmanager.msc
b. Diskmgmt.exe
c. Diskmgr.exe
d. Diskmgmt.msc
2. What is the maximum number of partitions supported by a single dynamic disk?
a. 1
b. 4
c. 16
d. 256
3. In Disk Management, what status is assigned to a dynamic disk that has been
removed from another system and added to this system but has not yet been
imported?
a. Foreign
b. Alien
c. Not Initialized
d. Unknown
4. How much free disk space is required for a complete defragmentation to be run on
a volume?
a. 5 percent
b. 10 percent
c. 15 percent
d. 25 percent
Managing and Maintaining a Microsoft Windows Server 2003 Environment
93

5. When you view information for a volume in Disk Management, what does the
Overhead statistic represent?
a. The percentage of the volume’s capacity devoted to storing redundant data
b. The percentage of the volume’s capacity that is free
c. The volume type
d. Whether the volume type provides fault tolerance
.
6. When you run the Chkdsk command-line utility, which of the following switches
do you use to automatically fix file system errors?
a. /fx
b. /fs
c. /r
d. /f
7. What is the maximum number of partitions you can have on a single basic disk?
a. 1
b. 4
c. 16
d. 32
8. Fill in the blank: You can create a spanned volume using storage space from up
to ____ physical disks.
a. 4
b. 16
c. 32
d. 64
9. You are using RAID-1 on your server. After a hard disk failure, you replace the
failed disk with a new one and restart the system. When you look in Disk Management,
what would you expect the status of the newly replaced volume to be while the
mirror data is being written to the new drive?
a. Resynching
b. Remirroring
c. Regenerating
d. Reraiding
94 Managing and Maintaining a Microsoft Windows Server 2003 Environment

10. You have a spanned volume that uses space from three disks. If the third drive in
the volume fails, which of the following is the easiest way to get the data back?
a. Replace the failed disk, select Rescan Disks in Disk Management, and then
select Rebuild from the Action menu.
b. Replace the failed disk. Restore the data from a backup.
c. Replace the failed disk. The system will automatically detect the new disk
and re-create the data.
d. Replace the failed disk. Create a mirror between the first disk and the third
disk. The missing data will automatically be re-created on the failed drive.
11. Which of the following is a limitation of mounting a volume to a folder path?
a. The volume you are mounting cannot be using FAT.
b. The folder in which you are mounting the volume must be empty.
c. The volume you are mounting cannot be striped or spanned.
d. The volume you are mounting cannot be part of a RAID-1 or RAID-5 array.
12. After installing a new disk, you start the Disk Management snap-in but find that
the newly installed drive is not shown. What do you do next?
a. Run the Dsscan utility from the command prompt.
b. Run Rescan Disks from the Action menu in Disk Management.
c. Click Start, select Run, and restart Disk Management with the /rs switch.
d. Power down the system, disconnect the drive, reconnect the drive, and restart
the system.
13. You have three 16-GB drives in your server. Two of the drives have 6 GB of
unallocated space, and the third drive has 10 GB of unallocated space. What is the
largest spanned volume you can create?
a. 6 GB
b. 12 GB
c. 18 GB
d. 22 GB
14. You have three 20-GB drives in your server configured in a RAID-0 array. Each
drive has a single partition that uses the entire drive. How much space is available
for the storage of files?
a. 20 GB
b. 30 GB
c. 40 GB
d. 60 GB
15. List at least two advantages of using hardware RAID instead of software RAID.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
95

16. How can you determine that a user has reached or exceeded her disk quota limit?
a. Look in the Application log of Event Viewer.
b. View Quota Alerts in Disk Management.
c. View the System log in Event Viewer.
d. View the Properties dialog box of a user in Active Directory Users And
Computers and select the Disk Quotas tab.
17. True or False: If you specify an allocation unit size other than the default, you
cannot use file or folder compression.
18. Explain what happens when you select Scan For And Attempt Recovery Of Bad
Sectors using Check Disk.
19. When you configure disk quotas, which of the following cannot be configured?
a. The disk space available to a specific user
b. The disk space available to a specific group
c. Whether the user receives a warning as he approaches his quota limit
d. Whether the user is prevented from storing more data after he has reached
his quota limit
20. When you use basic disks on a Windows Server 2003 domain controller, where is
the information about the partitions on the drive stored?
a. The MFT
b. The MBR
c. LDM database
d. Active Directory
21. You are about to convert a basic disk to a dynamic disk. Which of the following
should you do before proceeding?
a. Remove any spanned or striped volumes.
b. Delete all of the volumes.
c. Make sure you have a complete backup of the data on the drive.
d. If the drive has an extended partition, remove any logical drives in that partition.
96 Managing and Maintaining a Microsoft Windows Server 2003 Environment

22. You are the network administrator for a building supplies wholesaler. You have a
single Windows Server 2003 system that has three 16-GB IDE disk drives in it.
Each disk has three volumes on it that together use 100 percent of the available
space. The first volume on disk 0 (C:) is the system and boot volume for the server.
This volume is mirrored to the first volume on disk 1. The second volume on the
first disk is configured as E:, and the third volume on the first disk is configured as F:.
The second and third volumes on the second drive are G: and H:, respectively.
The first, second, and third volumes on the third disk are called I:, J:, and K:,
respectively.
Recently you have experienced disk-related performance problems with the server
and are looking at ways to address this. One reliable source suggests placing the
Active Directory database and log files on separate disks. After consulting the
documentation that was created when the server was installed, you determine that
the Active Directory log files are indeed stored on the same volume as the Active
Directory database. Which of the following volumes do you move the Active
Directory log files to?
a. J:
b. G:
c. F:
d. H:
23. You are the network administrator for an architectural design firm. The company
recently created a new materials analysis department, and you have been asked to
specify a new server for the department’s use. The manager wants you to specify
a server that is as fault tolerant as possible and provides sufficient storage for a
large materials database. The database will be hosted on a RAID-5 array, and the
system and boot volume will be mirrored. The database will be around 80 GB,
growing to around 100 GB after the architects add their data. It is unlikely to
grow beyond that size, but the manager wants at least 20 percent free space
within the array to allow for future growth. The server you are considering for
the department has capacity for up to five drives. You decide to purchase two
20-GB drives to hold the system and boot partitions. What is the minimum size
of drives you should specify for the RAID array?
a. 20 GB
b. 40 GB
c. 50 GB
d. 60 GB
Managing and Maintaining a Microsoft Windows Server 2003 Environment
97

24. You are the network administrator for a community college. The network
comprised of three Windows Server 2003 systems and more than 200 Windows
XP Professional workstations. Each server has four 12-GB drives in it. Each drive
has two 4-GB partitions on it that were created using FAT. The rest of the disk is
free space. No fault-tolerant storage measures are in place, but after a recent disk
failure and a time-consuming restore process, your manager has asked you to
implement a fault-tolerant strategy that can be rolled out to each of the existing
servers. He is aware that this will use available disk space. No budget is available
for new drives, so you must create a solution using only the existing hardware.
You decide to create a RAID-5 array using the unused 4 GB of space on each
drive. Which of the following steps must you perform before you can complete
this task?
a. Convert the drives to NTFS.
b. Export any quotas that are in place.
c. Disable compression.
d. Convert the disks to dynamic disks.
25. You are the network administrator for a small biological research company. The
network comprised of a single Windows Server 2003 system that has two 20-
GB drives installed. Both disks are dynamic and are formatted with NTFS. One
drive is assigned as the system and boot volume, the other drive (called
DATA) is assigned to file storage and application hosting. The DATA drive is
shared by 50 users in the Sales department, 27 users in the Marketing department,
and 4 users in the Research department.
While viewing the information on the drive, you notice that the amount of free
space on the drive has fallen below 10 percent. Your manager agrees with you
that you need more storage space and has authorized the purchase of a new drive,
but she asks that you control the amount of data on the new drive. At the same
time, she wants to make sure that users in the Research department are not limited
in the amount of data they can store. Which of the following solutions do you
implement?
a. Enable disk quotas. Create quota entries for the users in the Sales and
Marketing departments.
b. Enable disk quotas for the Sales department.
c. Enable disk quotas. Configure quota entries for the Research department.
d. Enable disk quotas. Configure quota entries for each user in the Research
department.
98 Managing and Maintaining a Microsoft Windows Server 2003 Environment

26. You are planning to buy a new server for your department, and a supplier offers
you a large discount on a system with four 20-GB drives in it. Your manager
approves the purchase and asks you to recommend a strong fault-tolerant storage
strategy that uses all of the disks. You decide to create a 10-GB mirrored volume
for the system and boot volume and then devote the rest of the available space to a
RAID-5 array. Assuming that you create the largest possible RAID-5 array for
this scenario, how much space will be available for data storage within the array?
a. 20 GB
b. 30 GB
c. 60 GB
d. 80 GB
27. You have been hired as the first network administrator for a small horticultural
wholesaler. The network comprised of a single Windows Server 2003 system,
which was recently installed by the owner of the company. He has little technical
knowledge, so the server has a very simple configuration. A single 10-GB drive is
installed in the system, and it is configured as a basic disk with a single partition
using FAT. When you discuss the configuration of the server with the manager,
you advise adding a second drive in the server for storing data to keep it
separate from the system and boot partition, and that the system and boot
partition be mirrored to provide fault tolerance. He authorizes you to purchase a
new disk drive and create a mirror, but he wants you to take only the steps
necessary to put the mirror in place, and nothing more, as he wants to understand
and approve any changes you make. Which of the following best describes the
procedure you should follow to do this?
a. Install, initialize, and format the new drive. Convert the existing disk from
FAT to NTFS. Create the mirror.
b. Install, initialize, and format the new drive. Remove the data from the existing
disk, convert the existing disk from basic to dynamic. Restore the data. Convert
the new disk from basic to dynamic. Create the mirror.
c. Install, initialize, and format the new drive. Back up the data from the existing
drive, remove the partitions from the drive, convert the disk from basic to
dynamic, restore the data, and create the mirror.
d. Install, initialize, and format the new drive. Back up the data from the existing
drive. Convert the existing disk from basic to dynamic. Convert the new
drive from basic to dynamic. Create the mirror.
28. True or False: If you move a dynamic disk that is part of a striped volume from
one Windows Server 2003 system and install it in another system, the data on the
drive will be available on the new system.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
99

29. You have recently purchased a new Pentium 4 system with six 60-GB drives.
Your manager has asked you to design a fault-tolerant storage strategy that
provides the largest amount of protected storage. You decide to create a 30-GB
mirrored volume for the system and boot partition and then create the largest RAID-
5 array possible. In this scenario, what is the maximum amount of storage space that
will be available in the RAID-5 array?
a. 120 GB
b. 150 GB
c. 180 GB
d. 240 GB
30. You are the network administrator for an automotive manufacturer. The company
has a central parts reference database that is hosted on a dedicated Windows
Server 2003 system. The database is updated only once every six months because
it contains parts information for past models and is used by the dealership support
team only for reference purposes. The server currently has three 4-GB SCSI
drives in it, but your manager has asked you to reconfigure the server and add
two additional drives. He wants to create fault tolerance for the system and boot
volume and reconfigure the drives hosting the database application for optimal
read performance. Given the static nature of the database, he is not concerned
with providing fault tolerance for it. Which of the following strategies do you
implement?
a. RAID-0 for the system/boot volume, RAID-1 for the database drives
b. RAID-5 for the system/boot volume, RAID-0 for the database drives
c. RAID-1 for the system/boot volume, RAID-0 for the database drives
d. RAID-1 for the system/boot volume, RAID-5 for the database drives
31. List three disadvantages of implementing RAID-5 over RAID-1 on a Windows
Server 2003 system.
32. You are the network administrator for a household goods wholesaler. The
network comprised of a single server with four hard disks in it. All four disks
are basic and were formatted with FAT. After a recent hard disk failure, your
manager has asked you to suggest a fault-tolerant strategy for your server. He
wants to ensure that the server can endure the failure of any one of the four disks
without the server failing, requiring a restart, or the users noticing that the drive is
unavailable. Which of the following is the easiest way to do this?
a. Convert the disk holding the system partition from basic to dynamic.
b. Implement RAID-1.
c. Convert the disk to NTFS.
d. Implement hardware-based RAID.
100 Managing and Maintaining a Microsoft Windows Server 2003 Environment

33. You are the network administrator for a publishing company. The network
comprised of two Windows Server 2003 systems and 62 Windows XP
Professional systems. Each server has two 40-GB SCSI disk drives, which are
configured in Windows Server 2003 as dynamic disks. On each drive is a 30-GB
volume; the rest of the space on the drive is unallocated. On one server, the first
drive, which holds the system and boot volume, is formatted with the NTFS file
system, and disk quotas have been implemented. Even so, you are running low on
free space in the volume and have decided to extend it. Which of the following
will prevent you from doing this?
a. The disk is configured as a dynamic disk.
b. The volume is formatted with NTFS.
c. The volume is the system and boot volume.
d. The volume has disk quotas enabled on it.
34. You are the network administrator for a public relations agency. The network
comprised of a single Windows Server 2003 system with two disks. Each disk has
a single partition on it. The first disk drive in the system is configured as the
system and boot volume. The second disk drive is used for file storage and
application hosting.
Over the past few weeks, a number of users have commented that retrieving and
saving files to the server seems to be getting slower. You check the status of the
disk drive in Disk Management and find that it is online and healthy. You also
notice that the Overhead value is 6 percent. You run Check Disk, but no errors are
reported. Which of the following do you do next?
a. Remove some data from the disk drive to free up some space.
b. Defragment the disk drive.
c. Implement disk quotas.
d. Reinitialize the disk drive.
35. You are the network administrator for a bicycle manufacturer. You have a single
Windows Server 2003 system with two 16-GB disk drives in it. Each drive has a
single partition on it that uses 100 percent of the available space. However, there
is less than 20 percent free space available on each drive. Your manager suggests
that you purchase an additional 16-GB drive and then mirror the drive that holds
the system and boot volume to the new drive. That way, the additional expense
will not only gain you extra space but will also add a degree of fault tolerance
to the storage subsystem on the server. What would you tell your manager?
a. The strategy seems appropriate and valid.
b. The strategy will provide fault tolerance but no additional disk space.
c. The system and boot partition cannot be included in a mirror set.
d. The strategy can be implemented, but it will create only 3.2 GB of additional
free space.
Managing and Maintaining a Microsoft Windows Server 2003 Environment
101

36. Which of the following RAID levels is not supported by Windows Server 2003?
a. RAID-0
b. RAID-1
c. RAID-3
d. RAID-5
37. When you create a dynamic volume, which of the following volume types does
not require you to use the same amount of space on each disk that will be included
in the volume?
a. Spanned
b. Mirrored
c. Striped
d. RAID-5