1.
IIHT.com
has an Active Directory forest that contains a single domain named IIHT.com.
All domain controllers are configured as DNS servers and have Windows Server
2008 installed. The network has two Active directoryintegrated zones:
IIHTes.com and Testingws.com. The company has instructed you to make sure that
a user is able to modify records in Testingws.com while preventing the user
from modifying the SOA record in Testingws.com zone. What should you do to
achieve this task?
A. Modify the permissions of the
IIHTes.com zone by accessing the DNS Manager Console
B. Configure the user permissions
on IIHTes.com to include all the users and configure the permissions on
Testingws.com to allow only the administrators group to modify the records
C. Modify the permission of
IIHTws.com zone by accessing the DNS Manager Console
D. Modify the Domain Controllers
organizational unit by accessing the Active Directory Users and Computers
console.
E. None of the above.
Answers: A
2.
IIHT.com
has a single Active Directory domain. You have configured all domain
controllers in the network as DNS servers and they run Windows Server 2008. A
domain controller named TK1 has a standard Primary zone for IIHT.com and a
domain controller named TK2 has a standard secondary zone for IIHT.com. You
need to make sure that the replication of the IIHT.com zone is encrypted so you
might not lose any zone data. What should you do to achieve this task?
A. Create a stub zone and delete
the secondary zone
B. Convert the primary zone into
an active directory zone and delete the secondary zone
C. Change the interface where DNS
server listens on both servers
D. On the standard primary zone,
configure zone transfer settings. After that, modify the master servers lists
on the secondary zone
E. None of the above
Answers: B
3.
IIHT.com
has an Active Directory domain called es.IIHT.com. IIHT.com has a subsidiary
company named NetworksLTD. NetworksLTD has an Active Directory domain called
intranet. NetworksLTD.com. since the NetworksLTD security policy does not allow
the transfer of internal DNS zone data outside the NetworksLTD network, you
have to make sure that IIHT.com users are able to resolve names from intranet.
NetworksLTD.com domain. What should you do to achieve this task?
A. Set conditional forwarding for
the intranet. NetworksLTD.com domain
B. Put intranet. NetworksLTD.com
in the Active Directory of IIHT.com
C. Create a subzone for the
intranet.woksworks.com domain
D. Reconfigure the intranet.
NetworksLTD.com domain as a standard secondary zone
E. None of the above
Answer: A
4.
IIHT.com
has a network consisting of a single Active Directory domain. All domain
controllers run Windows Server 2003. IIHT.com instructs you to upgrade all
domain controllers to Windows Server 2008. After upgrading the domain
controllers, you need to ensure that the ebsysvolume share replicates by using
DFS Replication (DFS-R). What should you do to achieve this task?
A. Run dfsutil/addrot:ebsysvolume
on the command prompt
B. Run netdom/dfs-r from the
command prompt
C. Run
dcpromo/attend:attendfile.xml
D. Raise the functional level of
the domain to Windows Server 2008
Answer: D
5.
Chavi
is responsible for administering DNS for a company that operates an Active
Directory Domain Services network consisting of a single domain. Currently, two
member servers are configured as the network’s only DNS servers. Chavi would
like to provide fault tolerance for the DNS zones so that if a single DNS
server fails, updates can still be made to the DNS zones. In addition, she
would like to ensure that only computers that are authorized by a domain
controller could update the DNS resource record information. Which of the
following must Chavi do to satisfy these requirements? (Choose all that apply.)
A. Install DNS on at least two
domain controllers.
B. Create a stub zone.
C. Create an Active
Directory–integrated zone.
D. Select the Secure Only Dynamic
Updates option.
E. Select the Secure and
Nonsecure Dynamic Updates option.
Answer: A, C, D
6.
Shweta
is responsible for administering DNS on her company’s AD DS network, which
includes a single domain. All domain controllers on the network are configured
as DNS servers with an Active Directory–integrated zone. When checking the
configuration of one of the DNS servers, Shweta notices that the zone includes
resource records for computers that were removed from the network several weeks
ago. She decides she wants to remove these resource records immediately. What
should she do?
A. In DNS Manager, right-click
the DNS server and choose Scavenge Stale Resource Records.
B. From the Zone Aging/Scavenging
Properties dialog box, select the Scavenge Stale Resource Records check box.
C. From the Advanced tab of the
DNS server’s Properties dialog box, select Enable Automatic Scavenging of Stale
Records.
D. In DNS Manager, select the DNS
zone, and then deletes the stale resource records from the list that appears in
the Details pane.
Answer: A
7.
Amir
has installed AD LDS on a Windows Server 2008 computer and created an instance
that he plans to use for data storage with two directory-enabled applications
that he will deploy on his company’s network. Which of the following tools can
he use to manage the AD LDS instance he has created? (Choose all that apply.)
A. Active Directory Users and
Computers
B. Active Directory Sites and
Services
C. Active Directory Domains and
Trusts
D. Active Directory Schema
E. Active Directory Services
Interface (ADSI)
F. Ldp.exe
Answer: B, D, E, F
8.
You
are the administrator of your company’s network. You have installed several
Active Directory LDS instances to enable connections to directory-enabled
applications that run on your Windows Server 2008 network. A contractor named
Amir requires access to one of these applications from his laptop computer
running Windows Vista Business, but he should not have access to shared
resources in Active Directory. What should you do to enable this access?
A. Configure an AD LDS security
principal for Amir.
B. Configure a domain user
account for Amir.
C. Add Amir’s local user account
to the Domain Users group in Active Directory.
D. You do not need to do
anything. Amir can access the applications simply by plugging his laptop into
the network and using his local user account.
Answer: A
9.
Pankaj
works in a company that has an AD DS forest that consists of a forest root
domain plus five domains.He should create a group that contains 70 users who
require access to resources in all six domains. All the useraccounts are
located in the forest root domain. Which of the following group scope he should
use?
A. Universal
B. Domain local
C. Local
D. Global
Answer: D
10.
Diya
is the network administrator for iiht.com. The network consists of a single AD
DS forest that consists ofeight domains. Seven of the domains contain Window
Server 2008 domain controllers. The functional level of allthe domains is
Window Server 2003. The network includes a Microsoft Exchange Server 2007
network. Diyashould create groups that are to be used solely as email
distribution lists for sending messages within the organization.She wants to
accomplish this goal with the minimum quantity of replication traffic and
minimizing the size of theAD DS database. How should she proceed?
A. She should create global
distribution groups in each domain and make the appropriate users from
eachdomain members of the global distribution group in the respective domain.
She should create universaldistribution groups and make the global distribution
groups in each domain members of the universal distributiongroups.
B. She should create universal
distribution groups and make the appropriate users from each domain membersof a
universal distribution group.
C. She should create global
security groups in each domain and make the appropriate users from each
domainmembers of the global security group in the respective domain. She needs
to create universal security groupsand make the global security groups in each
domain members of the universal security groups.
D. She should create universal
security groups and make the appropriate users from each domain members of
auniversal security group.
Answers: A
11.
Harish
has configured Group Policy on a network that contains a single AD DS domain
with four sites: Delhi, Karnataka, Orissa, and Assam. He has created a GPO
named as Restrictions that limits access to several desktop components. These
restrictions are to be applied to all employees with the following exceptions:
On the network, administrators need to have access to everything on their
desktops. Managers and supervisors require access to all components on their
computers. The domain has OUs like Employees, which is located at the top of
the OU tree; and Supervisors, Managers, Administrators, Research, Financial,
Legal, Sales, and Marketing OUs configured as children of the Employees OU.
Which two of the following are some of the Active Directory containers to which
Harish must link the Restrictions GPO?
A. The Domain
B. The Employees OU
C. The Orissa site
D. The Marketing OU
E. The Legal OU
Answer: D & E
12.
Gita
is a systems administrator for organizations that operates an AD DS forest
having three domains. There are six sites, and all the sites represent a city
where the organization does business. All sites contain at minimum two domains
and several OUs within each domain, and each site is configured with a proxy
server that all users are expected to access the Internet. Gita has created
GPOs that set the proxy configuration for all computers in the forest,
including portable computers. How would she configure this GPO to ensure that
users always access the Internet by means of the proxy server in the office
where they are located?
A. She should link each GPO to
the OUs located in its site and specify the Block Inheritance option.
B. She should link each GPO to
the domains located in its site and do nothing else.
C. She should link each GPO to
the domains located in its site and specify the
Block Inheritance option
D. She should link each GPO to
its site and do nothing else.
E. She should link each GPO to
its site and specify the Enforced option
Answer: E
13.
Jiten
configures Group Policy in his company’s domain. The domain functional level is
set to Windows Server 2003. Jiten’s manager has asked him to implement an
account policy which specifies that all user accounts account will be locked
out when an incorrect password is entered five times in a one-quarter hour
period. The account is to remain locked out until a support technician unlocks
it. How should Jiten configure the account policy?
A.Set the account lock out
duration to 0.
B. Set the account lockout
duration to 1.
C. Set the reset lockout counter
to 900.
D. Set the reset lockout counter
to 15.
E. Set the account lockout
threshold to 0.
F. Set the account lockout
threshold to 4.
Answer: D, E, F
14.
Rita
is system administrator for a company. The computer operates an AD DS domain.
The Domain and the forest functional level are set to Window Server 2008. She
has configured a password policy for users in her company’s domain, which
specifies that passwords should be minimum seven characters long. She was
informed that users in the legal department must have secure passwords. She
configures a password policy in a GPO linked to the Legal OU, which specifies
that passwords must be of minimum 12 characters. After some days, the CIO questioned
her why she has not yet implemented the stricter password policy. What should
Rita do to implement the policy with the least amount of administrative effort?
A. She should create a new
domain, place the legal users and their computers in this domain, and then
replay the password policy to this domain.
B. She needs to create a password
settings object that contain the required password settings and apply this
object to the Legal OU.
C. She needs to create a global
security group and add the required users to this group. She then needs to
create a password settings object containing the required password settings and
apply this object to the group containing these users.
D. She needs to create a global
security group, add the required users to this group, and ensure that the group
has the Allow–Apply Group Policy permission applied to it.
Answer: C
15.
Hema
is the system administrator for a company. The company operates an AD DS
network that consists of single domain. She has to perform a system state backup
of the network’s domain controllers to be certain that she restore AD DS when a
catastrophic failure occurs. Which of the following tools she should use?
A. Windows Server Backup
B. Ntdsutil.exe
C. Ntbackup.exe
D. Wbadmin.exe
Answers: D
16.
Working
at one of the six domain controllers in his company’s network Rakesh
accidentally deleted his company’s Executive OU. Understanding that none of the
executives would be able to log on the next morning, Rakesh thought that he
must restore this OU as rapidly as possible. Fortunately, a backup of the
system state of the domain controller had been created the day before. Which of
the following actions does Rakesh need to perform?
A. Select the Format and
Repartition Disks option.
B. Select the Repair Your Computer
option.
C. Use the net stop ntds and the
wbadmin start systemstaterecovery commands to restore system state from backup.
D. Start the domain controller in
Safe Mode, and then use the wbadmin start systemstaterecovery command to
restore system state from backup
E. Start the domain controller in
Directory Services Restore Mode, and then use the wbadmin start
systemstaterecovery command to
restore system state from backup.
F. Use the ntdsutil program to
mark the restored Executive OU as authoritative by specifying the LDAP DN of
the Executive OU.
Answers: E, F
17.
Dawn
is planning a PKI for her company that will include a multiple-tier hierarchy
of CA servers. Which of the following types of CA servers should she plan to
keep offline as a safeguard against certificate compromise?
A. Standalone root
B. Enterprise root
C. Intermediate
D. Issuing
Answer: A
18.
Kevin
is installing a PKI for his company, which operates an AD DS domain in which
all servers run Windows Server 2008. He has installed a root CA and is now at
the computer that will host an enterprise subordinate CA. However, on the
Specify Setup page, he discovers that the Enterprise CA option is grayed out
and only the Standalone CA option is available. What must Kevin do to install
an enterprise subordinate CA on this computer?
A. Log on to the server as a
member of the Enterprise Admins group.
B. Log on to the server as a
member of the Schema Admins group.
C. Use Server Manager to install
AD DS on this server.
D. Run dcpromo.exe to promote the
server to a domain controller.
E. Install a standalone CA on the
server, and then use the Certification Authority console to promote the server
to an enterprise CA.
Answer: D
No comments:
Post a Comment