10 C H A P T E R 1 0 Practice Exam 1 Exam Cram Questions 1.

Nolan is a network administrator for a company that operates an ActiveDirectory Domain Services (AD DS) network consisting of two domains.The company has offices in Los Angeles and Tokyo, which are connectedby a 128kbps WAN link. Each office is represented by a separate AD DSsite, as well as its own domain.Nolans company stores resource location information in AD DS so thatusers can perform searches to locate the appropriate resources using theEntire Directory option. However, users in the Tokyo office report thatsearch times for resources are unacceptably slow.What can Nolan do to improve search times at the Tokyo office? A.Configure a global catalog server at the Tokyo office. B.Enable universal group caching at the Tokyo office. C.Configure a domain controller for the Los Angeles domain inthe Tokyo office. D.Configure a domain controller for the Tokyo domain in theLos Angeles office Chapter 10 2.Sam is a domain administrator for a company that operates a single domain AD DSnetwork. All servers run Windows Server 2008. Sam needs to grant a junior adminis-trator named Julie the ability to create child organizational units (OU) in the companysEmployees OU. She needs to verify the existence of the OUs she creates, but she shouldnotbeabletoperformotheradministrativetasks.Samaccessesthe DelegationofControlWizardandspecifiesJuliesuseraccount.Whichofthefollowingshouldhedo? A. Select the Create a Custom Task to Delegate option, select OrganizationalUnit objects, and then grant Julie the Read and Write permissions. B. Select the Create a Custom Task to Delegate option, and then select theoption labeled This Folder, Existing Objects in This Folder, and Creation ofNew Objects in This Folder. C. Select the Delegate the Following Common Tasks option, and then selectCreate, Delete, and Manage OUs. D. Select the Create a Custom Task to Delegate option, select OrganizationalUnit objects, and then grant Julie the Read and Create All Child Objectspermissions.

3. Evan is the systems administrator for a company that operates an AD DS network con-sisting of a single domain and five sites, which represent the head office and fourbranch offices. Each branch office is configured with a read-only domain controller(RODC).Evan receives a call from a branch office employee named Melissa, who is experienc-ing extremely long delays in logging on to the network. Evan wants to verify whetherMelissas credentials are cached at the RODC.What should Evan do? (Each correct answer represents part of the solution. Choosethree answers.) A. Access the Active Directory Sites and Services snap-in. B. Access the Active Directory Users and Computers snap-in. C. Access the Properties dialog box for Melissas user account. D. Access the Properties dialog box for the RODC in Melissas branch office. E. Click Advanced, and then select the Accounts Whose Passwords AreStored on This Read-Only Domain Controller option from the drop-downlist. F. Click Advanced, and then select the Accounts That Have BeenAuthenticated to This Read-Only Domain Controller option from the drop-down lis Practice Exam 1 441 4. Shannon has installed a new 500GB hard disk on her Windows Server 2008 computer,which is a domain controller on her companys network. The present disk is almostfull, and she wants to move the ntds.dit database file to the new disk, so she stopsAD DS. Which of the following tools should she use to move the database file? A. Windows Explorer B. wbadmin.exe C.

ntdsutil.exe D. adsiedit.msc 5. Sanjay administers the network for a company called Examprep Ltd. His companyswebsite uses the Domain Name System (DNS) namewww.examprep.com.A singleweb server has been hosting the site since Sanjay first began working for Examprep Ltd.Recent system and network monitoring activities have indicated that the website isexperiencing a tremendous surge in popularity. Sanjay obtains approval to add twoadditional server computers running Windows Server 2008 and Internet InformationServices (IIS) to handle the increased traffic. Sanjay configures each of the three webserver computers to use the namewww.examprep.com.He also configures each serverto use a different IP address. It is Sanjays intent that external users should access theweb servers equally.In the Advanced tab of the DNS servers Properties dialog box, which item on theServer options list should Sanjay select to distribute user access equally among theweb servers? A. Disable Recursion (Also Disables Forwarders) B. BIND Secondaries C. Fail on Load If Bad Zone Data D. Enable Round Robin E. Enable Netmask Ordering F. Secure Cache Against Pollution 6. Bill is the network administrator for Examcram Ltd., which operates an AD DS domainin which all servers run Windows Server 2008. He has configured an offline root enter-prise certification authority (CA) and an online enterprise issuing CA.Examcram Ltd. acquired a company named Que, which operates its own AD DSdomain. Bill wants to set up a virtual private network (VPN) connection between thenetworks of the two companies that is secured with Layer 2 Transport Protocol/IPSecurity (L2TP/IPSec). He installs a VPN server on his network, including a certificatefrom the issuing CA; a network administrator at Que performs similar actions on hisnetwork. Practice Exam 1 443

8. Teresa is a systems administrator for her company, which operates an AD DS networkconsisting of a single domain. Her boss has asked her to change the password for auser named Ken. She attempts to contact him to get his current password but hasbeen unable to. The boss is worried that someone might have the password for thisaccount. What is the best course of action for Teresa to take? A. Teresa should disable the account. This will force Ken to call in with theinformation she needs. B. Teresa should lock out the account. This will force Ken to call in with theinformation she needs. C. Teresa should delete the user account and re-create it with the new pass-word. Ken will call in as soon as he is unable to log on. D. Because Teresa is an administrator, she can reset the password for Kensaccount without needing the users current password. 9. Marilyn administers the DNS servers in her companys AD DS domain. All domain con-trollers in the domain run Windows Server 2008. Users on the network have beenreporting name resolution errors in recent days, so Marilyn decides to monitor DNStraffic, including individual name resolution queries. What should she do to accomplishthis task with the least amount of administrative effort? A. Access the Debug Logging tab of each DNS servers Properties dialog boxand configure the logging options. B. Enable Network Monitor to capture frames being transmitted to or from theDNS servers. C. In Performance Monitor, configure a data collector set and capture infor-mation for DNS-related counters. D. Access the Event Logging tab of each DNS servers Properties dialog boxand select both errors and warnings. 10. Julio is the network administrator for a company that has deployed a new AD DSdomain containing Windows Server 2008 domain controllers and member servers andWindows Vista Enterprise client computers.Julios boss would like him to keep track of any attempts, authorized or otherwise, tomodify the configuration of directory objects in the domain. Julio has configured

thesystem access control lists (SACL) of these objects to enable auditing. What else mustJulio do? A. In a domain-based Group Policy object (GPO), enable auditing of objectaccess attempts. B. In a domain-based GPO, enable auditing of directory service accessattempts. 444 Chapter 10 C. In a domain-based GPO, enable auditing of directory service changesattempts. D. Use the auditpol.exe tool to enable auditing of object access attempts. E. Use the auditpol.exe tool to enable auditing of directory serviceaccess attempts. F. Use the auditpol.exe tool to enable auditing of directory servicechanges attempts. 11. Melanie is the network administrator for a company that operates an AD DS networkwith a single domain and three domain controllers named DC1, DC2, and DC3. DC1and DC2 host the companys DNS zone. Melanie has scheduled nightly full server back-ups for all three domain controllers.A flood in the server room damages all three domain controllers. The insurance company purchases three new servers and delivers them rapidly to Melanie. She needs torestore AD DS and ensure that name resolution services are restored as rapidly as pos-sible. How should she proceed? (Each correct answer represents part of the solution.Choose all that apply.) A. Install Windows Server 2008 on all three servers. B. Restart all three servers in Safe Mode. C. Restart all three servers in Directory Services Restore Mode.

 D. Restart all three servers from the Windows Server 2008 DVD and chooseRepair Your Computer. E. Run dcpromo.exe to promote all three servers to domain controllers. F. Perform a nonauthoritative restore of system state on all three domain con-trollers. G. Perform an authoritative restore of system state on all three domain con-trollers. H. Perform a Windows Complete PC Restore procedure on all three domaincontrollers. 12. Bettys AD DS domain uses a standard DNS zone with a primary DNS server calledAlpha and two secondary servers called Beta and Gamma. All three servers are listedas name servers on the Name Servers tab of the DNS zones Properties dialog box.Their IP addresses are 192.168.1.61 , 192.168.1.62 , and 192.168.1.63 ,respectively.

Practice Exam 1 445 Betty has configured zone transfer to allow zone transfers only to servers listed on theName Servers tab. Nevertheless, zone transfers are not taking place across the networkin a timely fashion. Betty clicks the Notify button on the Zone Transfers tab and noticesthat the dialog box is configured as shown in the following figure. What should shedo? (Each correct answer represents part of the solution. Choose all that apply). A. Select the Automatically Notify check box. B. Select The Following Servers option. C. Add the IP address 192.168.1.63

to the list. D. Remove the IP address 192.168.1.62 from the list. E. Select the Servers Listed on the Name Servers Tab option. 13. You are responsible for configuring Group Policy in your companys AD DS domain.The domain contains OUs that mirror the companys departmental organization.Another administrator has applied a GPO to the Sales OU that limits user access totheir computers. Your manager has noticed that this GPO has reduced the number ofhelp desk calls generated by the users in this department, so he asks you to apply thesame policies to the Marketing department. What is the best way to accomplish thistask? A. Create a new GPO containing the required settings, and link this GPO to theMarketing OU. B. Use the GPO linked to the Sales OU as a Starter GPO to create a new GPOlinked to the Marketing OU. C. Add the group containing the Marketing team members to the Sales OU. D. Simply link the current GPO to the Marketing OU.

/ 626

Download this Document for Free 534 Chapter 13 deleted objects are in the database and not the SYSVOL folder, soanswer A is incorrect. This behavior is not related to the addition of other objects by another administrator, so answer C is incorrect. Tomhas waited long enough already for the deleted objects to be removed, soanswer D is incorrect. 54. C. Kathy will use ntdsutil to seize this role. This utility can seize any of the FSMO roles, or if the role holder is online, it can transfer the role toanother domain controller. The Active Directory Domains and Trusts

or Active Directory Sites and Services tools are not used to seize roles, soanswers A and B are incorrect. The wbadmin utility is used to configurebackups, not to administer FSMO roles, so answer D is incorrect. 55. A, D. Dan should select Primary Zone (which would already be selectedin this scenario). He should also select the Store the Zone in ActiveDirectory option. By creating an Active Directory integrated zone, he isemploying the security and replication of Active Directory to maintainand distribute the zone data to a series of servers. Because ActiveDirectory replication is multimaster, Dan can make certain updates toany domain controller. These changes propagate to other domain con-trollers. In this case, DNS zone information will be synchronized amongthe multiple master servers. This also reduces administrative effort. A secondary zone receives updates from a master DNS server. It cannot beintegrated with Active Directory. Because this is the master server, Danshould not select this option, so answer B is incorrect. A stub zone contains only information about its zones authoritative name servers; itobtains this information from another DNS server. He must not choosethis option, so answer C is incorrect. He needs to have his zone integrat-ed with Active Directory, so he should not clear the Store the Zone in Active Directory option; therefore, answer E is incorrect. 56. B, E. Mike should configure each RODC with a password replicationpolicy that includes Christinas user account in the Allowed list. Thisensures that her password is stored locally so that she can log on to theRODC even if the connection to the head office is down. Mike shouldalso add Christinas user account to each RODCs local Administratorsgroup. This provides her with administrative rights to the RODC, with-out granting her domain administrative rights. Placing Christinas useraccount in the Denied list would prevent her from logging on to theRODC, so answer A is incorrect. Adding her user account to theDomain Admins global group would grant her excessive administrativeprivileges, so answer C is incorrect. Adding her user account to the

Answer Key to Practice Exam 2 535 Server Operators global group would also grant her excessive administra-tive privileges and would not provide complete local administrative capa-bilities on the RODC, so answer D is incorrect. 57. B, C. By using a Starter GPO, Joanne can create multiple GPOs withsimilar settings linked to the appropriate OUs in her companys network. The Starter GPO is a set of preconfigured Administrative Template poli-cy settings, including comments, which she can use for ease of creatingnew GPOs. The Backup function contained within Group Policy Management Console (GPMC) enables her to export the settings in theGPO linked to the Financial OU and then import them into the othercompanys domain, where she can link the GPO to that companysFinancial OU. It is not possible to link a Starter GPO to any AD DScontainer; it is used only for ease of creating

other GPOs, so answer A isincorrect. Starter GPOs are a new feature of Windows Server 2008 andcannot be used on a Windows Server 2003 network, so answer D isincorrect. 58. C. You should access the Security tab of the Marketing OU Propertiesdialog box and remove Jills permission to reset passwords. Moving Jillsuser account from one OU to another does not reset permissions, soanswer A is incorrect. The Delegation of Control Wizard does notinclude the ability to revoke permissions, so answer B is incorrect. If you were to delete and re-create Jills user account, it would remove her per-mission to reset passwords, but it would also remove all other permis-sions and group memberships because the new user account would havea new SID, even though it has the same name as the old account. Therefore, answer D is incorrect. 59. C. Mark should grant the CertMgrs group the PKI Administratoradministrative role. He can do this by granting this group the AllowIssue and Manage Certificates permission on the CA server. Thisis one of several role-based administrative roles that are available in Windows Server 2008 that allow him to assign predefined task-basedroles to users or groups. Granting the CertMgrs group the AllowManage CA permission on the CA server would assign them thePKI Administrator role, which provides these users with excessive privi-leges, so answer A is incorrect. Issuing them the Enrollment Agent cer-tificate would enable them to enroll certificates based on other users but would not grant them the ability to revoke certificates, so answer B isincorrect. As already stated, the PKI Administrator role provides exces-sive privileges, so answer D is incorrect. 536 Chapter 13 60. B. The RID master keeps track of all relative identifiers (RID) assigned within its domain and issues blocks of 500 RIDs to all other domain con-trollers in the domain so that administrators can create accounts. If thiscomputer becomes unavailable, Elaine can create new user accounts untilthe available pool of RIDs is exhausted, after which new account creation will fail until the RID master can issue a new pool of RIDs. The infra-structure master is not involved in user account creation, so answer A isunavailable. If the .csv file had become corrupted, Elaine would havebeen able to manually add the principals user accounts, so answer C isincorrect. It is not necessary to replicate the user accounts to otherdomain controllers before continuing to add additional accounts, soanswer D is incorrect.