Windows 2000 Network Infrastructure1. Your enterprise has implemented Active Directory. The Active Directory forest consists of two domains: corp.com and research.corp.com. You install the Dynamic Host Configuration Protocol (DHCP) Server service and the Remote Installation Service (RIS) on RIS10, a computer running Windows 2000 Server that is a member of research.corp.com. Your user account, JoeJones, is a member of the group Domain Admins in research.corp.com and a member of RIS10\Administrators. Tom's user account, TomThompson, is a member of the group Domain Admins in corp.com. Sandra's user account, SandraSmith, is a member of the group Enterprise Admins in corp.com. Which user or users can authorize the DHCP and RIS services on RIS10 in Active Directory by default? (Choose all that apply) A. TomThompson can authorize RIS. B. SandraSmith can authorize RIS. C. JoeJones can authorize RIS. D. TomThompson can authorize DHCP. E. SandraSmith can authorize DHCP. F. JoeJones can authorize DHCP.
2. The company has expressed a desire to migrate many of their databases from the mainframe to SQL Server. As such, they have decided that room can be made in the budget to ensure that it is done right. What will your design call for regarding SQL implementation? [view the scenario] A. It will call for the use of load balancing between two SQL Servers computers. B. It will call for the use of clustering between the two SQL Server computers. C. It will call for the use of load balancing between four SQL Server computers. D. It will call for the use of clustering between the four SQL Server computers.
3. In reviewing the information you have collected about the hospital's network, what would you say are its three most significant problems at the moment? [view the scenario] A. The fact that it desperately needs to be upgraded. B. The very poor performance it is currently producing. C. The fact that there are frequent network outages. D. The fact that it is very hard to monitor, much less manage. E. The fact that the staff has not had proper systems training. F. The amount of incompatible hardware and software that is on the network. G. The fact that network communication between all branches of the hospital is not possible.
4. What will your design call for implementing in Seattle to improve Internet access for the North American offices? [view the scenario] A. Your design will call for implementing Internet Connection Sharing. B. Your design will call for upgrading the firewall. C. Your design will call for a proxy server array. D. Your design will call for replacing the proxy servers with NAT.
5. You install the Domain Name System (DNS) service on a computer running Windows 2000 Server and connect to the server in the DNS console. You do not create any zones on this computer because you want to use it as a caching-only server. You also want the server to cache information about name resolution requests that cannot be resolved. Which value should you ensure is greater than zero to enable support for this feature? A. The registry value NegativeTimeCache B. The time value in the cache.dns file C. The Retry time for the DNS server D. The Expire time for the DNS server
6. You are a network architect for a manufacturing enterprise. You evaluate the existing network infrastructure to ascertain if it will be able to support additional traffic that will be generated when the computers for the enterprise are upgraded to run Windows 2000 operating systems and Active Directory is implemented. For which type of traffic should you ensure that latency is minimized? A. Thin client application traffic B. Web-based application traffic C. Client/server traffic D. Authentication traffic
7. You are a member of the IT staff at the headquarters office of BCD Train. You learn that a member of the finance team in the business office located in Kansas City has been given permission to work from home two days a week. This employee must submit confidential financial information to the headquarters office. You configure a virtual private network (VPN) using the Layer Two Tunneling Protocol (L2TP) and Internet Protocol Security (IPSec) to provide authentication and encryption services. The employee will access the VPN through an Internet Service Provider (ISP) in Kansas City. What protocols and ports must you enable on the firewall to support the IPSec traffic? (Choose three) A. IP protocol 50 B. IP protocol 51 C. User Datagram Protocol (UDP) port 500 D. User Datagram Protocol (UDP) port 139 E. IP protocol 47 F. Transmission Control Protocol (TCP) port 389
8. You are responsible for network planning and configuration for a medical supplies manufacturing enterprise. Approximately 2000 of the employees of the enterprise work at the headquarters office, and most networking services run on computers at this office, as well. Management has budgeted for a new server to allow consolidation of key network services on one server. Their goal is to minimize the number of servers that must be administered. Which two network services could you combine on a server running Windows 2000 Advanced Server with a low to medium level of impact on the memory and processor subsystems of the server? A. Windows Internet Name Service (WINS) and the Dynamic Host Configuration Protocol (DHCP) relay agent. B. Network Address Translation (NAT) and Internet Protocol Security (IPSec). C. Dynamic Host Configuration Protocol (DHCP) and Routing and Remote Access as a remote access server. D. Internet Authentication Service (IAS) and Domain Name System (DNS).
9. You are the network administrator for your enterprise. All of the employees of the enterprise are housed in the same building with a separate network segment configured for each department. A project team in the marketing department is working on a publicity plan for a new product soon to be announced. Management wants to ensure that details about the new product are only available to those employees who developed the new product and the members of the marketing project team. You decide to implement Internet Protocol Security (IPSec) policies to protect information being exchanged among employees in these two groups. How should you configure authentication, encryption, and key exchange settings to protect the data with the lowest processing overhead? A. Use Message Digest 5, 56-bit Data Encryption Standard, and Diffie-Hellman Group 1. B. Use Message Digest 5, Triple Data Encryption Standard, and Diffie-Hellman Group 2. C. Use Secure Hash Algorithm, 56-bit Data Encryption Standard, and Diffie-Hellman Group 2. D. Use Secure Hash Algorithm, Triple Data Encryption Standard, and Diffie-Hellman Group 1.
10. You are responsible for the configuration of routers for your corporation. One of the routers is a computer running Windows 2000 Server on which Routing and Remote Access is enabled. You need to provide support for multicasting on this router, so you install the Internet Group Management Protocol (IGMP). The computer contains two network interface cards named Internal and External. External is connected to a network on which a multicast-enabled router is installed. Internal is connected to your corporation's internal network. How should you configure multicasting on External and Internal? A. Configure both External and Internal in IGMP router mode. B. Configure both External and Internal in IGMP proxy mode. C. Configure External in IGMP router mode. Configure Internal in IGMP proxy mode. D. Configure External in IGMP proxy mode. Configure Internal in IGMP router mode.
11. You have been hired as a network consultant for a corporation. You learn that their network includes three computers running Windows 2000 Server and the Windows Internet Name Service (WINS). Each WINS server is located on a separate subnet. There are computers running Windows 2000 Professional that are configured as WINS clients on these three subnets as well as four other subnets. You recommend that the network administrators select the option Enable Automatic Partner Configuration on the Advanced tab of the Properties dialog box of the Replication Partners node in the WINS console for each server. What else should you recommend that the network administrators do to ensure that the WINS servers discover each other and self-configure? A. Configure the routers between the subnets on which the WINS servers are located to support multicasting. B. Configure a WINS proxy agent on each subnet on which there is no WINS server. C. In the WINS console for each WINS server, add the other two WINS servers as replication partners from the context menu of the Replication Partners node. D. In the WINS console for each WINS server, configure a static mapping for each of the other two WINS servers.
12. You are the network administrator for your enterprise. Your management recently signed an agreement with a business partner that will require that employees of the partner access data on your network. You decide to provide access via an extranet configured on a computer that resides in a screened subnet. The computer is running Windows 2000 Server and the Internet Information Service. You learn that the partner's employees use a variety of Web browsers. You plan to allow mutual authentication between the server and clients and to protect passwords exchanged during the security negotiation process. You plan to manage access to the data by using NTFS permissions. Which authentication mechanism should you implement for the Web site defined for the extranet? A. Certificate-based Authentication B. Digest Authentication C. Basic Authentication D. Integrated Windows Authentication
13. You have been hired as a network consultant by the business manager of a group of physicians who own and operate clinics in five cities, a main clinic and four satellite clinics. All of the computers in use at the clinics are running Windows 2000 Professional or Windows 2000 Server and belong to a Windows 2000 mixed-mode domain. You learn that each clinic maintains its own patient data in a local database. Twice a day, the patient information is uploaded to a central database at the main clinic. Three or four times a day, employees at the satellite clinics need to reference information in a medical information database that is stored at the main clinic. You recommend that a computer running Windows 2000 Server at each clinic be configured as a router. You recommend that Dial-on-Demand connections be configured between the Windows 2000 router at each satellite clinic and the Windows 2000 router at the main clinic to help minimize communication costs. You recommend that the routing protocol RIP version 2 for Internet Protocol be installed on the routers at all five clinics. What configuration should you recommend to allow the routers to share Routing Information Protocol (RIP) routes but avoid the overhead of RIP multicasts over the demand-dial connections? A. Configure RIP for autostatic update mode on the demand-dial interfaces. B. Enable ICMP router discovery. C. Configure a static route to the remote router for the user account used for the demand-dial interfaces. D. Configure RIP for periodic update mode on the demand-dial interfaces.
14. You are responsible for the configuration of routers for your corporation. The corporation has ten branch offices that connect to the main office via demand-dial routers. The demand-dial routers are computers running Windows 2000 Server on which Routing and Remote Access is enabled. You need to configure all communication between one branch office and the main office to use Internet Protocol Security (IPSec) in tunnel mode. How should you configure IPSec to use tunnel mode between these locations? A. By configuring the properties of a rule defined for an IPSec policy. B. By configuring the properties of a filter used by a rule in an IPSec policy. C. By configuring the general properties of an IPSec policy. D. By configuring the properties of the interface used for demand-dial routing.
15. You are the network architect for a travel agency. The agency recently acquired two new offices from another travel agency. You plan to lease T1 lines to connect each of the new offices to the main office of the agency. You use the private IP address 172.20.64.0/19 for the subnet identifier at the main office. Which values can you use as subnet identifiers for the new offices? A. 172.20.40.0/19 B. 172.20.144.0/19 C. 172.20.88.0/19 D. 172.20.32.0/19 E. 172.20.128.0/19
16. In your opinion, what was the most significant reason behind the company's decision to implement different levels of network administrators? [view the scenario] A. The fact that the network desperately needs to be upgraded. B. The fact that the networks performance is very poor. C. How difficult the network is to use. D. The fact that the network is very difficult to manage and monitor.
17. You have been retained as a network consultant by an advertising agency. The agency has offices in eight cities throughout Europe. While analyzing the current network and the agency's plans for integrating Windows 2000 into its existing Windows NT 4.0 network, you learn that the agency plans to acquire another advertising firm with two offices. The computers used by the firm being acquired include servers running Novell NetWare 4.11 and client computers running Windows 98 and the Novell NetWare client. The owners of the agency report that the new offices will continue to use their existing hardware and software, but employees of these offices must have access to directories in a shared folder on a computer at the headquarters office of the agency. This computer will be upgraded to Windows 2000 Server. What should you recommend be installed on the upgraded server to allow the employees to access data in the shared folder? A. Directory Services Manager for NetWare (DSMN) B. Microsoft Directory Synchronization Services (MSDSS) C. Gateway (and Client) Services for NetWare (GSNW) D. File and Print Services for NetWare (FPNW)
18. One of your design alternatives mandates the use of Windows 2000 DHCP servers. Given the information you collected from the company, which of the following will your design call for regarding DHCP? [view the scenario] A. Your design will call for a single DHCP server that has scopes configured for each subnet in the network. B. Your design will call for a DHCP cluster that is located in the Red building and has scopes configured for each subnet on the network. C. Your design will call for a DHCP server on each subnet that has scopes configured for every subnet on the network. D. Your design will call for a DHCP server on each subnet that has a scope configured for its subnet only. E. Your design will call for a DHCP cluster on each subnet that has a scope configured for its subnet only. F. Your design will call for outsourcing your DHCP server to your Internet Service Providers.
19. You have been hired as a network consultant by the Information Services (IS) department chairperson of a college. You are to analyze the existing network at the college and recommend modifications that should be made. You learn that there are three computers running Windows 2000 Server that are configured as network routers. Each computer serves as a router for three subnets. RouterABC is connected to SubnetA, SubnetB, and SubnetC. RouterCDE is connected to SubnetC, SubnetD, and SubnetE. RouterEFG is connected to SubnetE, SubnetF, and SubnetG. You recommend that the Routing Information Protocol (RIP) for Internet Protocol (IP) be added to all three computers. You then develop a procedure for the network administrators to follow when configuring RIP. What is the first step you should include in the procedure to configure each router to ensure that computers on SubnetA can communicate with computers on SubnetG? A. Enable router authentication. B. Define the interface or interfaces that should use RIP. C. For each interface configure the IP address of other routers connected to a common segment as default gateways. D. Delete all static routes.
20. Because of the importance of DNS on the network, it needs to be highly available. Which of the following is the best DNS design for the company? [view the scenario] A. The creation of a primary DNS zone on a server in the Red building with Secondary zones located on servers in each of the other two buildings. B. The creation of a primary DNS zone on a server in each building. C. The creation of a primary DNS zone on a server in each building with servers in the Blue and Green building configured to use the DNS server in the Red building as a forwarder. D. The creation of an Active Directory integrated zone on a server in the Red building with Secondary zones located in each of the other two buildings. E. The creation of an Active Directory integrated zone on a server in each building.
21. Before you begin to actually write the design specifications for a network that you are working on, you like to get a feel for what is important to the company. Over the years you have found that this helps to guide your design and avoid complications. What high level considerations are the most significant to DSI (Select all that apply)? [view the scenario] A. The company's need for remote connectivity to the mainframe is one of the most significant concerns. B. The company's' need to update and replace their existing topology, especially regarding strategic systems is one of the most significant concerns. C. The company's budget for the implementation is one of the most significant concerns. D. Maintaining the company's systems so that there is interoperability with the current environment is one of the most significant concerns. E. Establishing Internet connectivity for the company's internal users is one of the most significant concerns. F. The company's need to train their staff on the new systems is one of the most significant concerns. G. The ability for all staff members to be able to dial into the network is one of the most significant concerns.
22. If users and staff at the satellite medical centers need to access the Internet, what can you recommend to improve the speed of access for them while minimizing traffic on the internal network? [view the scenario] A. You can recommend that all clients in the satellite medical centers use a proxy server at the main hospital building. B. You can recommend providing each satellite medical center with its own connection to the Internet. C. You can recommend increasing the available bandwidth between the satellite medical centers and the main hospital. D. You can recommend having a proxy server at each satellite medical center.
23. You are very concerned about the company's request that partners be allowed dial in access to data on the mainframe. You know from past (and current) experience that dial in access can be a serious security threat. With this and the company's other specifications in mind, which of the following will you specify for dial up connections (Select all that apply)? [view the scenario] A. You will specify allowing PAP dial-in connections. B. You will specify allowing SPAP dial-in connections. C. You will specify allowing MS-CHAP dial-in connections. D. You will specify allowing MS-CHAP v2 dial-in connections. E. You will specify allowing PPTP VPN connections to secure communications. F. You will specify allowing L2TP VPN connections to secure communications. G. You will mandate basic encryption for all connections. H. You will mandate strong encryption for all connections. I. You will specify allowing IPSec for all connections. J. You will mandate PGP encryption for all connections.
24. Your initial client side name resolution specifications for the hospital called for only using DNS. The company rejected the design as not being fault tolerant enough. They also noted that it failed to accommodate any older Windows clients that were accessing the network via VPN. Given this, what will your design call for regarding post implementation name registration and resolution that will take the company's concerns into consideration (Select all that apply)? [view the scenario] A. Your design will call for having all client computers register directly with DNS. B. Your design will call for having DHCP servers register the host (A) records for Windows 2000 clients. C. Your design will call for having all client computers register with WINS. D. Your design will call for having DHCP servers register the host (A) records for non-Windows 2000 clients. E. Your design will call for having all servers register with DNS exclusively. F. Your design will call for having only non-Windows 2000 client computers register with WINS. G. Your design will call for having all servers register with DNS and WINS.
25. You have been hired as a network architect by the Information Services (IS) department chairperson of a college. You learn that the college has a Windows NT 4.0 domain to which three computers running Windows 2000 Server have been added. Fifteen members of the faculty request that they be given a means of accessing the computers on campus from their home offices. You recommend that Routing and Remote Access be enabled on two of the computers running Windows 2000 Server and that the computers be configured as remote access servers. You learn that most of the computers that the faculty members need to access use TCP/IP as the networking protocol, but a few use NWLink. The faculty members use laptop computers running Windows 2000 Professional on which only TCP/IP is installed. What should you recommend that the network administrators do to allow the faculty members to access all servers when they dial in to the remote access servers? A. Install NWLink, in addition to TCP/IP, on all the laptop computers. B. Install TCP/IP and NWLink on the remote access servers. C. Install TCP/IP on all the servers. D. Enable support for multilinking on the remote access servers.
26. You have arrived at the portion of the design that calls for specification of the network routing strategy. What will your design call for? [view the scenario] A. Your design will call for using Routing Information Protocol (RIP) version 1 on all router interfaces. B. Your design will call for using Routing Information Protocol (RIP) version 1.5 on all router interfaces. C. Your design will call for using Routing Information Protocol (RIP) version 2 on all router interfaces. D. Your design will call for using Open Shortest Path First (OSPF) on all router interfaces. E. Your design will call for using Internet Group Management Protocol (IGMP) on all router interfaces. F. Your design will call for using static routes on all router interfaces. G. Your design will call for using autostatic routes on all router interfaces.
27. The company wishes to use an internal Class B addressing scheme on the network. They have asked you to calculate a subnet mask that will allow them plenty of opportunity for growth. Which of the following will your design include? [view the scenario] A. 255.255.240.0 B. 255.255.248.0 C. 255.255.252.0 D. 255.255.254.0 E. 255.255.255.0
28. You are the network architect for your enterprise. You are responsible for developing procedures to be used by the network administrators for troubleshooting problems with both Domain Name System (DNS) servers and Windows Internet Name Service (WINS) servers. The DNS and WINS server services are installed on computers running Windows 2000 Server. Each standard primary DNS zone is configured to use a WINS server to resolve NetBIOS names, as needed. You need to document how to analyze data returned from the nslookup utility to determine if a record returned by nslookup is from a WINS server. What features of the information that is returned by nslookup can an administrator use to determine which records are being provided by a WINS server? A. Records returned in response to the nslookup request that were obtained from a WINS server will be marked as authoritative and the Time-to-Live value will be the same on subsequent requests. B. Records returned in response to the nslookup request that were obtained from a WINS server will be marked as non-authoritative and the Time-to-Live value will be the same on subsequent requests. C. Records returned in response to the nslookup request that were obtained from a WINS server will be marked as non-authoritative and the Time-to-Live value will be shorter on subsequent requests. D. Records returned in response to the nslookup request that were obtained from a WINS server will be marked as authoritative and the Time-to-Live value will be shorter on subsequent requests.
29. You are designing the risk assessment documents for the project. Given what you know about the implementation requirements which of the following poses the greatest risk to the functioning of the medical center during the implementation? [view the scenario] A. The greatest risk is posed by file and print service interruptions. B. The greatest risk is posed by domain authentication interruptions. C. The greatest risk is posed by client/server application access interruptions. D. The greatest risk is posed by remote connectivity interruption.
30. You are the network architect for an enterprise that has offices in ten cities throughout Canada. The traffic on the subnet at the office in Toronto has increased dramatically, so you recommend that a new router be added in Toronto to create another subnet. At the same time, you want to implement an internal Internet Protocol (IP) addressing scheme that uses addresses from the private IP range 192.168.0.0/16 to replace the addresses from the public address range that is currently used for computers at the Toronto office. Addresses are currently assigned by a computer running Windows 2000 Server on which the Dynamic Host Configuration Protocol (DHCP) server service is installed. Which feature of DHCP can you use to support the existing addresses as well as migrate to the new addresses? A. Supernetting B. Superscopes C. Variable length subnet masks D. Automatic Private IP Addressing (APIPA)
31. You are the network architect for a manufacturing enterprise. The computers on your network run Windows 2000 Server and Windows 2000 Professional. About 100 employees travel frequently and need access to the network from their laptop computers. You plan support for a virtual private network (VPN) on a computer on which Routing and Remote Access has been enabled. You plan to use the Point-to-Point Tunneling protocol (PPTP) and to limit the network adapter card that is used for VPN access to allow only PPTP traffic. For what Internet Protocol (IP) protocol and port numbers should you allow access in the input and output filters for the VPN interface in the Routing and Remote Access console? A. IP protocol number 47 and TCP port 1723 B. IP protocol number 47 and TCP port 1701 C. IP protocol number 89 and UDP port 500 D. IP protocol number 50 and UDP port 500
32. You have recently been hired as the network architect for a corporation that has manufacturing facilities and offices in four countries. While analyzing the existing network, you learn that computers running Windows 2000 Server have been configured as routers to manage communications between locations. The computers have been configured to use Routing Information Protocol (RIP) version 2. You also learn that the corporation plans to acquire three new facilities in the next year. You decide to switch to the routing protocol Open Shortest Path First (OSPF) in preparation for the integration of the new facilities into the network. You decide that RIP and OSPF should co-exist until OSPF is installed on all routers. If a route to a remote network is learned through both RIP and OSPF, which route will be chosen when a user attempts to access a computer on the remote network? A. The route with the lowest metric. B. The route from the protocol that is configured as the preferred protocol. C. The route that was learned from RIP. D. The route that was learned from OSPF.
33. You need to create the DNS namespace design for the company. Which of the following will your design list as appropriate DNS namespaces to use? (Select all that apply) [view the scenario] A. evilempire.com B. northamerica.evilempire.com C. westerneurope.evilempire.com D. southpacific.evilempire.com E. ad.evilempire.com F. northamerica.ad.evilempire.com G. westerneurope.ad.evilempire.com H. southpacific.ad.evilempire.com
34. The company wants to leverage Windows 2000 to create a method for managing its patient information forms. The forms are Excel spreadsheets that contain summaries of information about patients and are stored on servers at the satellite medical centers as well as the main hospital building. The medical center wants all forms to be available at all locations. They also want them to be stored in a well organized and easy to access way. What will your design specify to achieve this? [view the scenario] A. Your design will specify adding a Distributed file system (Dfs) root server to each satellite medical center that has a Patient Information child node. It will also specify adding a Dfs replica server in the main hospital building. B. Your design will specify adding a Distributed file system (Dfs) root server in the main hospital building, and a child node at each satellite medical center. C. Your design will specify adding a Distributed file system (Dfs) root server in each satellite medical center and a child node in the main hospital building. D. Your design will specify adding a Distributed file system (Dfs) root server in the main hospital building that has a child node for each satellite medical center. It will also specify adding a Dfs replica server at each satellite medical center that corresponds to the child node for that center.
35. You are the network architect for an enterprise that has offices in ten cities in the United States. The traffic on the subnet at the office in Bismarck has increased dramatically, so you recommend that a new router be added in Bismarck to create another subnet. You recommend that half of the client computers on the existing subnet be moved to the new subnet. You designate a subnet ID of 190.6.32.0 with a subnet mask of 255.255.248.0. You also recommend that a Dynamic Host Configuration Protocol (DHCP) server be installed to manage addresses for computers in Bismarck. What range of addresses should you have the network administrator configure for the DHCP scope that will contain addresses for clients on the new subnet? A. 190.6.32.1 to 190.6.39.254 B. 190.6.32.1 to 190.6.63.254 C. 190.6.32.1 to 190.6.47.254 D. 190.6.32.1 to 190.6.32.254
36. As a consultant for an advertising agency, you are helping your client design a network infrastructure to support a new web site. The agency has implemented an Active Directory domain and plans to use computers running Windows 2000 Advanced Server to support the web site and related resources. You recommend that they store the identical web site content on 4 servers and use the Network Load Balancing (NLB) feature of Windows 2000 to balance the incoming requests across the 4 servers. In testing, you notice that applications that use the ASP session object often lose the client session. What feature of NLB should you enable to avoid the client sessions being lost? A. Affinity B. Filtering modE. single host C. Load weight D. Multicast support
37. You are the network architect for your enterprise. A Windows 2000 domain has been implemented for the enterprise. The Dynamic Host Configuration Protocol (DHCP) server service is installed on two computers running Windows 2000 Server. The DHCP servers are on different subnets. Each DHCP server is configured with a scope of addresses for each of the four subnets configured at the headquarters location. All routers support BootP forwarding. The Domain Name System (DNS) zone in which records for computers on these subnets are created and managed is configured for secure dynamic updates. Most of the client computers are running Windows 95, so you select the option "Enable updates for DNS clients that do not support dynamic updates" on both DHCP servers. What step should you take to ensure that each of these DHCP servers will be able to update the DNS record for a client when leasing a new address to a client that received its initial lease from the other DHCP server? A. Create a reservation for each of these clients on both DHCP servers. B. Add the computer accounts for both DHCP servers to the group DHCP Administrators. C. Add the computer accounts for both DHCP servers to the group DNSUpdateProxy. D. Create a superscope on each DHCP server that includes the existing scopes and new scopes that define the addresses managed by the other DHCP server.
38. You have been reviewing the bandwidth that is currently available on the network as well as the background information provided by the company. Which of the following changes should your design call for implementing before the network is deployed? [view the scenario] A. Your design should call for an increase in bandwidth at the Seattle office. B. Your design should call for an increase in bandwidth for the regional offices. C. Your design should call for the creation of a mesh network between all offices in the North American region. D. Your design should call for the creation of a mesh network between all offices in each region. E. Your design should call for the creation of a mesh network between all offices worldwide.
39. You have been hired as a network consultant by the Chief Information Officer (CIO) of an enterprise that manufactures automobile parts in factories throughout the world. You learn that the enterprise uses the Open Shortest Path First (OSPF) routing protocol and needs to add two subnets to an existing area, Area1. A computer running Windows 2000 Server, Area1BR, is configured as an area border router. Area1BR is connected to Area 0.0.0.0 and to Area1. For Area 1, Area1BR advertises the summarized route 172.16.0.0/18. Which two Internet Protocol (IP) addresses define subnets that you can include in Area1? A. 172.31.96.0/18 B. 172.31.224.0/18 C. 172.31.192.0/18 D. 172.31.128.0/18 E. 172.31.160.0/18
40. The IT staff has mandated that computers should be automaticallyconfigured when brought up on the network. Keeping in mind the need for high availability, which of the following solutions could yourdesign call for? (Select all that apply) [view the scenario] A. Your design could call for a single DHCP server that has a scope configured for each subnet in the network. B. Your design could call for a DHCP cluster that is located on a single subnet with smaller scopes configured for each subnet on the network. C. Your design could call for a DHCP server on each subnet that has the primary scope for it's subnet and smaller scopes configured for every subnet on the network. D. Your design could call for a DHCP server on each subnet that has a scope configured for its subnet only. E. Your design could call for BOOTP compliant routers. F. Your design could call for a DHCP cluster on each subnet that has a scope configured for its subnet only.
41. You are the network architect for a manufacturing corporation. The servers on your network run Windows 2000 Advanced Server and belong to an Active Directory domain. Employees use computers running Windows NT 4.0 Workstation that belong to the same domain. Each employee's user account is configured to use a roaming profile, and the home directories of all employees reside on servers. You belong to a project team that is planning the rollout of Windows 2000 Professional. The current computers used by employees will be replaced with new computers. You recommend that the Remote Installation Service (RIS) be used to automate deployment of Windows 2000 Professional as well as required applications to the new computers. How should you recommend that RIS be used to automate the deployment process as well as minimize the amount of network traffic generated by the deployment effort? A. Configure one computer running Windows 2000 Advanced Server as a Dynamic Host Configuration Protocol server. Configure a second computer running Windows 2000 Advanced Server as an RIS server. Create an image of Windows 2000 Professional and the required applications using the Remote Installation Preparation Wizard. B. Configure a computer running Windows 2000 Advanced Server as a Dynamic Host Configuration Protocol server and an RIS server. Create an image of Windows 2000 Professional and the required applications using the Remote Installation Preparation Wizard. C. Configure a computer running Windows 2000 Advanced Server as a Dynamic Host Configuration Protocol server and an RIS server. Create a CD-based image and an answer file. Use a Group Policy object to assign the required applications to the client computers. D. Configure one computer running Windows 2000 Advanced Server as a Dynamic Host Configuration Protocol server. Configure a second computer running Windows 2000 Advanced Server as an RIS server. Create a CD-based image and an answer file. Use a Group Policy object to assign the required applications to the client computers.
42. You are one of the network designers for your enterprise. Your enterprise plans to implement an Active Directory infrastructure. Your network contains computers that run UNIX and the DNS Server service. Your design team has decided to maintain the existing DNS servers. To support Active Directory, the team will delegate responsibility for a zone for the Active Directory subdomain to ADDns1, a computer running Windows 2000 Advanced Server. The server Srv1 is the primary DNS server for the existing DNS domain of your enterprise. What records for ADDns1 must you define on Srv1 to ensure that requests to Srv1 for computers in the Active Directory zone can be resolved? (Choose two) A. A canonical name record B. A name server record C. A start of authority record D. A service locator record E. An address record
43. You are one of the network administrators for your corporation. The corporation contracts with 200 independent sales representatives who need access to internal corporate resources via the Internet. They use an application that relies on NetBIOS computer names, so you decide to install a Windows Internet Name Service (WINS) server in your corporate screened subnet. What ports must you enable on the firewall to support NetBIOS communications? (Choose three.) A. 139/tcp B. 161/upd C. 445/tcp and 445/udp D. 138/udp E. 137/tcp and 137/udp F. 389/tcp
44. Knowing what you do about this company, what do you feel its best routing strategy will be? [view the scenario] A. The best strategy would be to use Routing Information Protocol (RIP) version 1 on all router interfaces. B. The best strategy would be to use Routing Information Protocol (RIP) version 2 on all router interfaces. C. The best strategy would be to use Open Shortest Path First (OSPF) on all router interfaces. D. The best strategy would be to use Internet Group Management Protocol (IGMP) on all router interfaces. E. The best strategy would be to use static routes on all router interfaces.
45. What is the minimum number of DNS servers that should be specified in the following design? [view the scenario] A. 0 B. 1 C. 2 D. 3 E. 4 F. 5 G. 6 H. 7 I. 8 J. 9
46. Given the medical center's need for high availability, what will you specify to meet the technical requirements for their web and SQL servers? [view the scenario] A. You will specify using load balancing for the IIS and SQL servers. B. You will specify using load balancing for the IIS and clustering for the SQL Server computers. C. You will specify using standalone servers for the IIS and SQL servers along with Round Robin DNS for fault tolerance. D. You will specify using clustering for the IIS and SQL servers.
47. As a network manager for an enterprise, you are helping members of the Management Information Systems (MIS) staff plan an upgrade from Windows NT 4.0 servers to Windows 2000 servers. You learn that one of the computers running the Windows Internet Name Service (WINS) has a failed disk controller and has been removed from service. However, static entries for 50 computers running Windows NT Workstation 4.0 had been defined on that server and are still in the databases of two other WINS servers that have been upgraded to Windows 2000 Server. A new private Internet Protocol (IP) addressing scheme is being implemented, and you need to ensure that the existing static records are updated properly. Which feature of WINS should you use to allow the static records to be updated? A. Block records B. Extinction timeout C. Manual tombstoning D. Migrate on
48. As a consultant, you assist the Information Services staff members of one of your clients in planning an authentication strategy for their remote access clients. The remote access server is a computer running Windows 2000 that is a member of a Windows 2000 domain. The staff members plan to enable support for the Challenge Handshake Authentication Protocol (CHAP) in the remote access profile of one of their remote access policies. What step or steps should they take to ensure that clients who are configured to use CHAP can be authenticated? A. Configure domain passwords to be stored using reversible encryption. Reset the passwords of users who will use CHAP. B. Enable the Guest account on the Remote Access server. C. Select the option "Do not require Kerberos preauthentication" on the Accounts tab in the Properties dialog box for each user who will use CHAP. D. Add the group Everyone to the "Pre-Windows 2000 Compatible Access" domain group.
49. Your enterprise installs the Windows Internet Name Service (WINS) on 6 computers running Windows 2000: NYWINS1, NYWINS2, and NYWINS3 are in the New York office and LAWINS4, LAWINS5, and LAWINS6 are in the Los Angeles office. There is a 56 Kilobits per second (Kbps) connection between the offices in New York and Los Angeles that is operating at about 85% capacity. You ensure that the option Replicate Only With Partners is set on each WINS server. How should you configure the WINS replication partnerships? A. Configure NYWINS1 as push and pull partners of NYWINS2, NYWINS3, and LAWINS4. Configure LAWINS4 as push and pull partners of NYWINS1, LAWINS5, and LAWINS6. B. Configure each WINS server as push and pull partners of the other five WINS servers. C. Configure NYWINS1 and LAWINS4 as push and pull partners of each other. Configure NYWINS2 and LAWINS5 as push and pull partners of each other. Configure NYWINS3 and LAWINS6 as push and pull partners of each other. Configure each WINS server as push and pull partners of the other WINS servers in its city. D. Configure each WINS server in Los Angeles as push and pull partners of the other 2 WINS servers in Los Angeles. Configure each WINS server in New York as push and pull partners of the other 2 WINS servers in New York. Configure NYWINS1 and LAWINS4 as push and pull partners of each other.
50. As you look over the design specifications for DSI you ponder the background information that the company provided. What stands out as the three most significant problems that need to be addressed? [view the scenario] A. The fact that the network needs to be upgraded stands out and needs to be addressed. B. The amount of downtime that the network is currently experiencing stands out and needs to be addressed. C. The poor performance that the network is currently exhibiting stands out and needs to be addressed. D. The network's lack of scalability stands out and needs to be addressed. E. The fact that the network is very hard to manage stands out and needs to be addressed. F. The network's current lack of usability stands out and needs to be addressed. G. The fact that sensitive company data is being lost to hackers.
51. You have been hired as a consultant to assist a corporation with designing an Active Directory architecture and network infrastructure. While analyzing the current network and the corporation's plans for integrating Windows 2000 into its network, you learn that the corporation has a remote office at which 40 employees work. You learn from management that the computers at this office should be members of the corporation's Windows 2000 domain and that the employees should have access to resources both from the corporate headquarters office and from the Internet. You recommend that a computer running Windows 2000 Server and configured as a dial-on-demand router be installed. Which two protocols can be supported with this configuration that you could not support by implementing Network Address Translation (NAT)? (Choose two) A. Internet Protocol Security (IPSec) B. File Transfer Protocol (FTP) C. Remote Procedure Call (RPC) D. Point-to-Point Tunneling Protocol (PPTP) E. Kerberos
52. You are designing a remote access solution for your corporation. The corporation has four computers running Windows 2000 Server on which Routing and Remote Access has been enabled. The computers are configured as remote access servers and are members of your corporation's Windows 2000 domain. You design three remote access policies to be deployed for use throughout the domain. You want to centralize the administration of the remote access policies. What procedure should you use to centralize the administration? A. Create a security template. Use the Security Configuration and Analysis utility on each of the remote access servers to import the template and configure each of the servers. B. Install the Internet Authentication Service (IAS) on a computer running Windows 2000 Server and configure all remote access clients to connect to the IAS server. Copy the remote access policies to the IAS server. C. Design a Group Policy object (GPO). Link the GPO to the Organizational Unit (OU) or OUs to which the computer accounts for the remote access servers belong. D. Install the Internet Authentication Service (IAS) on a computer running Windows 2000 Server. Copy the remote access policies to the IAS server and configure the remote access servers as clients of the IAS server.
53. You are a network administrator for a corporation whose headquarters are in the United States. The corporation recently acquired a manufacturing facility in Paris, France. You need to design an Internet Protocol Security (IPSec) policy to protect data being transferred between headquarters and a group of research scientists at the new facility. Which authentication protocol and encryption algorithm should you use? A. Secure Hash Algorithm and 56-bit Data Encryption Standard B. Message Digest 5 and Triple Data Encryption Standard C. Secure Hash Algorithm and 40-bit Data Encryption Standard D. Message Digest 5 and 56-bit Data Encryption Standard
54. You are designing a virtual private network (VPN) solution for your corporation. Management has decided that only 15 employees should have access to the VPN. You recommend that a domain local security group named VPN-Access be created in the corporation's Windows 2000 domain. VPN-Access should contain the user accounts of the 15 employees. You recommend that Routing and Remote Access be enabled on a computer running Windows 2000 server and that the computer be configured as a VPN server. You recommend that the option "Control access through remote access policy" be enabled for each of the user accounts in VPN-Access and that the default remote access policy be deleted. What else should you recommend that the network administrators do to limit access to the VPN to only members of VPN-Access? A. Create a remote access policy and set the condition Windows-Groups to VPN-Access in the policy. B. Create a remote access policy and configure the permissions of the remote access policy object to allow Read only to VPN-Access. C. Create a remote access policy and configure the remote access profile associated with the policy to allow access only to VPN-Access. D. Configure the remote access server to use only EAP-TLS authentication.
55. The company is concerned about the security of their DHCP infrastructure. Which of the following will your design call for that will increase the security of the DHCP infrastructure and reduce the risk of having unauthorized DHCP servers on the network? (Select all that apply.) [view the scenario] A. Your design will call for adding all user accounts to the DHCP Users group. B. Your design will call for adding all user accounts to the DHCP Administrators group. C. Your design will call for installing the DHCP service only on domain controllers. D. Your design will call for adding members of the Regional administrator teams to the DHCP Administrators group. E. Your design will call for adding members of the Regional administrator teams to the DHCP Users group. F. Your design will call for replacing all DHCP servers on the network with Windows 2000 based DHCP servers. G. Your design will call for replacing all DHCP servers on the network with Windows based DHCP servers.
56. You are designing a remote access solution for a corporation. You recommend that a computer running Windows 2000 Advanced Server be configured as a remote access server. Client computers include computers running Windows 2000 Professional and computers running Windows NT 4.0 Workstation. The solution should provide the most secure form of authentication that can be used by all the client computers for dial-up connections. Also, users must be able to encrypt the data that is sent between the clients and the remote access server. Which authentication protocol should you recommend as part of the remote access solution? A. MS-CHAP B. PAP C. MD5-CHAP D. MS-CHAP v2
57. You have been hired as a network consultant by the Information Services (IS) department chairperson of a college. You learn that a Windows 2000 domain has been implemented at the college. You also learn that an additional domain controller is being added to the subnet where computers in the biology research lab are installed. The IS chairperson reports that all traffic between this domain controller and the domain controller installed on the IS department subnet should be encrypted. What should you recommend about the use of Internet Protocol Security (IPSec) to protect this traffic? A. Use an IPSec policy that includes a rule configured for transport mode. Configure the rule to use certificates for authentication. B. Use an IPSec policy that includes a rule configured for tunnel mode. Configure the rule to use certificates for authentication. C. Use an IPSec policy that includes a rule configured for transport mode. Configure the rule to use Kerberos for authentication. D. Use an IPSec policy that includes a rule configured for tunnel mode. Configure the rule to use Kerberos for authentication.
58. You are the network architect for your corporation. You decide to implement ISA Server, Enterprise Edition on a single computer running Windows 2000 Advanced Server to optimize access to Internet resources for your corporation's employees. The computer is a member of a Windows 2000 domain. You want to ensure that the configuration details of the ISA Server are stored in Active Directory. What step should you take? A. Include the server in a Network Load Balancing (NLB) cluster. B. Define the Domain Name System (DNS) resource records for the ISA Server in an Active Directory-integrated zone. C. Establish a proxy array. D. Configure the ISA Server to use Active Caching.
59. You have been hired as a network consultant by the Chief Information Officer (CIO) of an enterprise that manufactures automobile parts in factories throughout the world. One of your tasks is to plan the Internet Protocol (IP) address configuration for the enterprise. You recommend that they use addresses from the private IP address block 172.16.0.0/12. You want to define a single subnet mask to be used throughout the enterprise. You need to plan for future growth up to 500 subnets with at most 2000 hosts on each subnet. Which subnet mask should you use? A. 255.255.240.0 B. 255.255.248.0 C. 255.255.224.0 D. 255.255.252.0
60. You have been retained as a network consultant by a telecommunications enterprise. The enterprise has grown steadily over the last three years by acquiring companies that have developed technologies that complement the existing technologies of the enterprise. Management reports that growth will continue over the next two years at least. You recommend that a planned electronic commerce web site for the combined businesses be implemented on a set of clustered computers running Windows 2000 Advanced Server to maximize reliability and performance. You also recommend that related services be implemented on the cluster to enhance performance. Which related service must be manually reconfigured on another server in the cluster if the primary server for the service fails? A. Dynamic Host Configuration Protocol (DHCP) B. Windows Internet Name Service (WINS) C. Proxy Server D. Domain Name System (DNS)
61. You are a member of the Information Technology (IT) team responsible for the network infrastructure of your corporation. Management has approved allowing 50 employees to work from home 2 days a week. You have caller identification hardware that is compatible with a computer running Windows 2000 Server on which Routing and Remote Access has been enabled. The server is configured as a remote access server. You configure the server to support Automatic Number Identification/Calling Line Identification (ANI/CLI). You create a user account for each of the phone numbers from which calls will be accepted. You create a remote access policy to support these ANI/CLI connections. Which option should you enable on the Authentication tab of the remote access profile for the policy? A. Unencrypted authentication B. Unauthenticated access C. Encrypted authentication D. MD5-challenge authentication
62. As a consultant for an advertising agency, you are helping your client design a network infrastructure to support a new Web site. The agency has implemented an Active Directory domain and plans to use computers running Windows 2000 Advanced Server to support the Web site and related resources. Members of the agency report that the content they would like to use for the web site currently resides on 4 servers. You recommend that a Distributed File System (Dfs) hierarchy be created to provide access to the existing content. You also recommend that a virtual directory that references the Dfs hierarchy be created as part of the Web site. What steps should you take when configuring the Dfs root to provide redundancy in case the original server on which the Dfs root is created becomes inoperable? A. Create a domain-based Dfs root and create one or more root replicas. B. Create a standalone Dfs root and create replicas of each child node in the hierarchy. C. Create a domain-based Dfs root and create replicas of each child node in the hierarchy. D. Create a standalone Dfs root and create one or more root replicas.
63. You are a network architect for your corporation. You learn that the corporation has acquired a company that does business as a marketing research facility. The computers at the office that houses the research facility currently access the Internet through a 56 Kilobit per second (Kbps) line to an Internet Service Provider (ISP). The ISP hosts a File Transfer Protocol (FTP) server that allows employees of the facility to share files with research partners. Most of the employees at the new facility are researchers who do their research on Web and FTP sites throughout the Internet. They report that access to these sites is often slow. You learn that the employees primarily use 10 key web sites for data. Managers of your corporation ask you to rework the network at the new facility to improve access times to the key sites and to move the FTP services from the ISP to the new office. A budget has been approved to upgrade the servers at the new office to Windows 2000 Advanced Server and to purchase additional software, as needed. The client computers will continue to use Windows 98. Which Microsoft technology should you recommend? A. Network Address Translation (NAT) B. Internet Connection Sharing (ICS) C. Proxy Server D. Windows Load Balancing
64. You are the network architect for your corporation. One of the branch offices of the corporation uses a T1 line to connect to the headquarters office. You decide to assign addresses to computers at the branch office from a computer running Windows 2000 Server and the Dynamic Host Configuration Protocol (DHCP) server service at the headquarters office. You have three computers running Windows 2000 Server and the Domain Name System (DNS) server service. One of the DNS servers is at the branch office and two are at the headquarters office. All of the DNS zones are configured to accept dynamic updates. The DHCP server is configured to send dynamic updates. Where should you define the list of DNS servers to which the DHCP server will send dynamic updates? A. In the DHCP scope options. B. In the Properties dialog box of the DHCP server in the DHCP console. C. In the Properties dialog box of the DHCP scope in the DHCP console. D. In the TCP/IP properties of the DHCP server.
65. You have been hired as a network consultant by the Chief Information Officer (CIO) of an enterprise that manufactures automobile parts in factories throughout the world. You learn that the enterprise has computers running Windows 2000 Server, Windows 2000 Professional, Windows 95, and OS/2 with LAN Manager 2.2c in one of the factories. The computers are all on the same subnet. You need to insure that applications on the OS/2 client that use NetBIOS names are able to resolve the NetBIOS names to IP. You recommend that the Windows Internet Name Service (WINS) be installed on one of the computers that is running Windows 2000 Server. What step should you suggest that the network administrator take to enable applications on the computer running OS/2 to resolve names to IP addresses from the WINS database? A. Configure one of the computers running Windows 2000 Professional as a WINS proxy. B. Configure a static mapping for the OS/2 client in the WINS database. C. Configure the IP address of the WINS server in the TCP/IP parameters of the OS/2 client. D. Create an LMHOSTS file on the computer running OS/2 with an entry for the WINS server.
66. You have been hired as a network consultant for a corporation that manufactures copy machines. The corporation has implemented a Windows 2000 domain. You learn that Windows Internet Name Service (WINS) servers are located in Dallas, Texas, and Tacoma, Washington, at the two main offices of the corporation. The servers are configured as replication partners, and each WINS server is configured as a secondary WINS server for computers at the remote office. There are 1400 computers at the Dallas office and 450 computers at the Tacoma office, all configured as WINS clients. Users typically power down their computers each Friday and restart them about 8:00 a.m. on Monday. You discover that some of the computers in Dallas register with the WINS server in Tacoma when starting up on Monday mornings. What should you recommend that the network administrators do to increase the likelihood that the computers in Dallas will register their names with the WINS server in Dallas? A. Modify the maximum number of records verified each period on both WINS servers. B. Modify the extinction interval on both WINS servers. C. Modify the renewal interval on the WINS server in Dallas. D. Modify the burst handling setting on the WINS server in Dallas.
67. You have recently been hired as the network architect for a corporation that has manufacturing facilities and offices in four countries. You work with the Directory Services design team to determine the appropriate Domain Name System (DNS) solution for an Active Directory implementation. The forest root domain, corp.com, is already established. The DNS zone for corp.com is an Active Directory integrated zone. The DNS server service is installed on three of the five domain controllers configured for corp.com - DC1, DC2, and DC3. The zone corp.com is the only zone hosted on DC1, DC2, and DC3. The next step in the implementation of Active Directory is to establish a child domain for the facilities in Europe. The domain name for this domain is europe.corp.com. You recommend that the DNS zone for europe.corp.com also be configured as an Active Directory-integrated zone and that the DNS server service be installed on DCEU1, the domain controller for europe.corp.com. Authority for europe.corp.com will be delegated to DCEU1. You recommend that the Preferred DNS server field in the TCP/IP properties for each domain controller be configured with that domain controller's address. What should you do to insure that DCEU1 can efficiently resolve requests for names in the domain corp.com? A. Configure DC1, DC2, or DC3 as a master name server for DCEU1. B. Configure DC1, DC2, and DC3 in the root hints of DCEU1. C. Configure DC1, DC2, and DC3 as alternate DNS servers for DCEU1. D. Configure DC1, DC2, or DC3 as a forwarder for DCEU1.
68. You have recently been hired as the network architect for a corporation that has manufacturing facilities and offices in three cities in the United States. While analyzing the existing network, you learn that the company recently acquired a new facility in Miami, Florida. There is a computer named WINSB running Windows 2000 Advanced Server and the Windows Internet Name Services (WINS) at the new facility. In the corporation's facility in Denver, Colorado, the server WINSA is running Windows 2000 Advanced Server and WINS. All of the client computers in the Denver and Miami facilities are clients of their local Dynamic Host Configuration Protocol (DHCP) server. Employees in Denver and Miami will need to access computers in both cities, so you recommend that each DHCP server be configured to assign the address of the local WINS server as the primary WINS server and the remote WINS server as the secondary WINS server for addresses leased to clients. The offices will be connected by a 256 Kilobit per second (Kbps) line, so you want to minimize the amount of traffic used for WINS replication. What should you recommend as the replication configuration for WINSA and WINSB? A. Configure WINSA and WINSB as push partners of each other. Configure updates to occur after every 30 changes. B. Configure WINSA as a push partner of WINSB. Configure WINSB as a pull partner of WINSA. Configure WINSA to request changes beginning at 6:00 p.m. and every twelve hours after that. C. Configure WINSA as a pull partner of WINSB. Configure WINSB as a push partner of WINSA. Configure WINSB to request changes beginning at 6:00 p.m. and every twelve hours after that. D. Configure WINSA and WINSB as push and pull partners of each other. Configure WINSA to request changes beginning at 6:00 p.m. and every twelve hours after that. Configure WINSB to request changes beginning at 7:00 p.m. and every twelve hours after that.
69. You have recently been hired as the network architect for a corporation that has manufacturing facilities and offices throughout the United States. While analyzing the existing network, you learn that the current backup procedure for domain controllers running Windows NT Server 4.0 is to do a normal backup each Friday and Tuesday and an incremental backup each of the other days, including weekends. The domain controllers will be upgraded to Windows 2000 Server to create a Windows 2000 domain. You want to ensure that the domain controllers can be recovered if any key system data becomes corrupt. You develop procedures to use a batch file to run the ntbackup utility with the systemstate switch. Which two types of backup should you use in the batch file when saving system state data? (Choose two) A. Incremental B. Differential C. Daily D. Normal E. Copy
70. You have recently been hired as the network architect for an enterprise that has manufacturing facilities and offices in three countries. You work with the Directory Services design team to determine the appropriate Domain Name System (DNS) configuration for an Active Directory implementation that is currently in the planning stage. You learn that the enterprise uses a proxy server to access computers on the Internet. Internal communications are done over leased digital lines. You work with members of the Directory Services design team to set up a test lab to emulate the planned production environment. You install the DNS Server service on three computers running Windows 2000 Server: DNSSrv1, DNSSrv2, and DNSSrv3. You configure DNSSrv1 to host the DNS domain company.com. DNSSrv2 will host the DNS domain europe.company.com. DNSSrv3 will host the DNS domain asia.company.com. The design team plans to create three Active Directory domains using these DNS domain names. What steps should you take to enable all three DNS servers to resolve names for all of the computers in the Windows 2000 domains? A. Create a root zone on DNSSrv1. Configure the cache.dns file on DNSSrv2 and DNSSrv3 with name server records for DNSSrv1. B. Configure the cache.dns file on DNSSrv1 with name server records of the computers that maintain the root DNS domain for the Internet. Configure the cache.dns file on DNSSrv2 and DNSSrv3 with name server records for DNSSrv1. C. Create a root zone on DNSSrv1, DNSSrv2, and DNSSrv3. Configure the cache.dns file on each DNS server with name server records for the other two DNS servers. D. Create a root zone on DNSSrv1. Configure the cache.dns file on DNSSrv1 with name server records for DNSSrv2 and DNSSrv3.
71. You have recently been retained as a network consultant for a web-based information resource enterprise that specializes in publishing medical research data. You learn that management has approved the acquisition of a cluster of four servers running Windows 2000 Advanced Server. Management asks you to determine which service should be installed on the cluster to benefit from the load balancing feature of Windows 2000. What service should you recommend be installed on the clustered servers to take advantage of load balancing? A. Dynamic Host Configuration Protocol (DHCP) B. Domain Name System (DNS) C. Proxy Server D. Windows Internet Name Service (WINS)
72. You manage the servers for the Sales department of your corporation. The Information Technology department implemented Active Directory for the corporation with permissions compatible only with Windows 2000 servers. All users in the corporation have been given user accounts in the corporation's Windows 2000 mixed-mode domain. There are three Windows 2000 domain controllers and two Windows NT 4.0 Backup Domain Controllers (BDCs) in the domain. The servers and laptop computers in the Sales department run Windows NT 4.0 and cannot be upgraded to Windows 2000 until the completion of a current project. When employees of the Sales department dial in to RAS10, the Routing and Remote Access Service server that is running Windows NT 4.0 Server for their department, they are not consistently able to make a successful connection. The latest service packs are installed on RAS10. What step should you or your domain administrator take to enable the users to make a successful connection to RAS10 consistently? A. Configure support for Microsoft Handshake Authentication Protocol version 2 (MS-CHAP v2) on RAS10. B. Add the computer accounts for the BDCs to the RAS and IAS Servers group. C. Add the computer accounts for the Sales department's laptops to the Pre-Windows 2000 Compatible Access domain group. D. Add the group Everyone to the Pre-Windows 2000 Compatible Access domain group.
73. You own a network consulting company based in the United States. You specialize in servicing customers in the garment manufacturing industry. All of your customers require that their design department data be carefully protected. Two of your major customers are Acme Attire and Great Garments. Both companies are planning revisions to their current network infrastructure to support electronic commerce applications. Acme Attire has fifteen facilities throughout the United States. Great Garments has twenty facilities throughout the United States, France, Japan, and Latin America. When designing network solutions for these customers, which factor would be a greater influence on design decisions for Great Garments than on design decisions for Acme Attire? A. Encryption levels B. Government regulations C. Authentication mechanisms D. Server placement
74. You are the Network Administrator for your company. You manage a network running Windows 2000 Server, Windows 2000 Professional, Windows 95, and OS/2 with LAN Manager 2.2c. The computers are all on the same subnet. You want applications on the OS/2 client that use NetBIOS names to be able to resolve the NetBIOS names to Internet Protocol (IP) addresses from a Windows Internet Name Service (WINS) database. You install the Windows Internet Name Service on one of the computers that is running Windows 2000 Server. What simple step should you take to enable applications on the computer running OS/2 to resolve names to IP addresses from the WINS database? A. Configure one of the computers running Windows 2000 Professional as a WINS proxy. B. Create an LMHOSTS file on the computer running OS/2 with an entry for the WINS server. C. Configure the IP address of the WINS server in the TCP/IP parameters of the OS/2 client. D. Configure a static mapping for the OS/2 client in the WINS database.
75. You are the assistant systems manager for your small company network. You are pondering whether to upgrade your RIPv1 implementation to RIPv2 or to use OSPF instead. As you consider your options, you know which of the following is true about OSPF. A. OSPF uses IP multicast to send link-state updates B. OSPF is a distance vector protocol C. OSPF offers better convergence than RIP D. OSPF allows transfer and tagging of external routes in an Autonomous System E. OSPF is less complex than RIPv2 F. OSPF uses a hop count metric to measure each time it passes through a router
76. You are the assistant systems manager for a small company's network. You are building a new satellite network at your company's new location. Your boss directs you to set up an implementation of RIPv1 using Variable Length Subnet Mask (VLSM) and hop counts of greater than 15. You also will need to optimize convergence time and use broadcast announcements. What should you tell your boss? A. RIPv1 is a link-state protocol and does not use hop counts B. RIPv1's convergence time is far superior to OSPF, so convergence should be no problem C. RIPv1 uses only multicast announcements D. The above suggested implementation can't be carried out
77. You are the assistant Systems Manager on your small company's Windows 2000 network. Your Windows 2000 Server has three network adapters and will be configured to run RIP and OSPF. What is the maximum number of default gateways you can define on the server? A. 3 B. 1 C. 4 D. 2
78. As IT manager at an accounting office, you've just finished configuring your demand-dial interfaces and your router's connections are authenticated. You now are turning your attention to the routing tables. You've decided to use an on-demand-dial connection. Which protocols may you use in this configuration? A. RIPv1 B. RIPv2 C. OSPF D. BGP E. You'll use no routing protocols
79. You are the assistant systems manager for a small company's Windows 2000 network. You're getting ready to install ICS. What should you do before you begin the install? A. Shut down any computers set to obtain an IP address automatically B. Power on all computers set to obtain an IP address automatically C. Replace all unidirectional device adapters (such as DirectPC) D. Make sure all the host computers have two network adapters E. Make sure all the computers have at least one network adapter. One is fine, so long as it's unidirectional
80. You are the assistant systems manager for your company's network. You've just completed installation and configuration of NAT and you are ready to designate which interfaces to use. What is the minimum number of interfaces you may designate? A. 1 B. 2 C. 3 D. 4 E. 5 F. 6
81. You are a tech for a network-consulting firm. You've been assigned to configure ICS for a SOHO network. The network already has a fully installed Windows 2000 Server, complete with a dial-up Internet connection. What else must a Windows 2000 Server have to run ICS? A. An internal network interface B. A unidirectional adapter C. The RIP protocol D. A null modem cable
82. You are the systems manager for a small company's Windows 2000 Network. You are pondering the benefits of switching from ICS to NAT. Which of the following are NOT benefits of NAT over ICS? A. NAT allows the use of multiple network adapters B. NAT allows the use of multiple Internet ports C. NAT allows the use of more than one IP address D. NAT is simpler to configure than ICS E. NAT is better suited to single segmented private networks of up to 254 workstations
83. You are the assistant systems manager for your company's Windows 2000 Network. Your boss directs you to a Windows 2000 Professional Computer. He instructs you to set up NAT on this computer. Your boss wants to take advantage of a pool of public Internet addresses for better availability. He also wants flexibility in how DNS names are resolved and to configure settings for dynamic mappings. Your boss is very anxious all this be made so. What do you tell your boss? A. That ICS would be a better choice on this computer and for what he wants you to do B. Name resolution will have to be done by a separate DNS server C. NAT does not offer dynamic mapping D. He'll need to provide you a Windows 2000 Server
84. You are the systems manager for a small company's Windows 2000 Network. You have been pondering the benefits of switching from ICS to NAT and you've decided to opt for NAT. What will you need to enable on your Windows 2000 Server so you can install NAT? A. RRAS B. RIP C. OSPF D. BGP E. POTS
85. You are the Network Administrator for a detective agency. Your company communicates confidential information to another high-security organization. The information sent and received to and from the other organization needs to be authenticated and encrypted. In addition, neither company wants any information about the identity of the other side to be transmitted across the network connection. The managers put together a plan based on the IPSec protocol stack in order to provide the necessary security for the communication. What IPSec authentication method should they use to meet the need? A. Kerberos V4 B. Kerberos V5 C. Public/Private Key from a certificate authority D. Shared Secrets Authentication
86. You are the assistant systems manager for a large company's Windows 2000 network. You've encountered disk problems on your Certificate Authority (CA) server and, as a result, you've lost access to file encryption certificates and private keys. You plan to use a recovery agent to recover the data by decrypting the files you can no longer access. After you've done this and the files are recovered, what should you do next? A. Revoke the data recovery certificate so no one can access the decrypted data. B. Move the data to a new partition and create new NTFS permissions. C. Use the recovery agent to delete the data recovery certificate from the system. D. Backup the files to tape and remove them from the system.
87. You are the assistant systems manager for a medium-sized company's network. You are responsible for the Certificate Authority on the Windows 2000 server. You have used the EFS recovery agent to backup the recovery certificate and private key to a secure location. You now want to delete the recovery certificate for increased security. What steps do you take to make this so? A. Revoke the policy after it is backed up to prevent unauthorized usage. B. Use CA to delete the recovery certificate from the agent's recovery policy. C. You must use the Certificates console in the MMC to view and delete certificates from the recovery agent's personal store. D. Use CA to delete the recovery certificate from the agent's personal store.
88. You are the network administrator for a medium-sized company's Windows 2000 network. The network's domain consists of domain controllers, two member servers and 765 Windows 2000 Professional workstations. Your supervisor informs you she suspects Sam, who was fired the week before last, is still accessing the network through the Internet. She wants you to put a stop to this immediately. She does not want Sam to access the network remotely at all, any more. Which of the following will keep Sam from accessing the network remotely? A. Restrict permissions in Sam's assigned certificate B. Publish the Revoked Certificate List C. Revoke Sam's previously assigned certificate D. Force Sam's certificate to expire early
89. You are the network administrator for an operation's Windows 2000 network, which consists of four domain controllers, two member servers and 462 Windows 2000 Professional workstations. Of these workstations, 143 are laptops used throughout the Midwest. You are instructed to find a way to ensure the data on these laptops and internal workstations is secure. The solution must be easy for users to understand. You also are to plan for growth and future technology. Which of the following is the best plan for securing data on this network? A. Implement a stand alone Certificate Authority. User will be mapped to a certificate that will be downloaded each time they log onto the network. B. Implement smart cards for all users, remote and local. You need do nothing else. C. Implement smart cards for all users, remote and local. Create a Certificate Authority. For each user, issue certificates that will be stored in the smart card. D. Implement smart cards for all users, remote and local. Create a root Certificate Authority. Certificates will be downloaded to users at each logon.
90. You are the assistant systems manager for a large company's Windows 2000 network. You are setting up an Enterprise Subordinate Certificate Authority on a Windows 2000 server. You must obtain a certificate for this Subordinate CA from the parent authority. However, the parent CA is offline. How can you complete your task? A. Install the CA as a root authority. When the parent becomes available, you can demoted the current role. B. You can't. The parent CA must be available during installation. C. Select "Sent Request Later." Later, when the parent CA is online, the certificate request can be sent to the active parent. D. Copy a sample certificate from the Windows 2000 Resource Kit until you can get the correct certificate from the parent CA.
91. You are in charge of a Windows 2000 Active Directory. Your company uses an internal certificate authority called "Mailcall." This CA can issue certificates for server authentication, client authentication, code signing and secure email. You want to use this CA only for secure email. How can you make this so? A. You can't. You must use all the certificate types provided by the server. It is integrated with Active Directory. B. Revoke the certificates for all but the secure email and publish the revoked list manually. C. Create a Certificate Trust List (CTL) and apply it to a group policy. Specify only secure email in the CTL. D. Create a subordinate CA that gets only the secure email delegation from Mailcall.
92. You are the Administrator of a medium sized Windows 2000 domain that has the main office in San Francisco, and has 3 other sites in Los Angeles, Boston, and Kansas City. You have been asked to set up DNS for all of the sites, which connect to each other over a WAN link. You want to limit the amount of time that is spent over the slow WAN link between the sites, which are all in the same Active Directory (AD) tree. How can you set up the WAN so that all sites are part of the same AD tree and intersite DNS queries are kept to a minimum? A. Set up the San Francisco office as the first level domain and set up the DNS server there. Set up the other 3 sites to be second level domains. B. Set up all four sites as second level domains and set up a DNS server at each site. C. Set up the San Francisco office as a second level domain and set up the other 3 sites to be child domains. Install DNS servers at each of the sites. D. Set up all four sites as second level domains and set up the DNS server at the San Francisco office.
93. You are the administrator of a Windows 2000 domain with 250 Windows 2000 Professional hosts and 15 servers. Management has decided to implement Active Directory on the domain, and it is your task to deploy it. At the current time you are using Hosts records in a HOSTS file for name resolution. What can you do to ensure that: name resolution will continue and you can deploy Active Directory with the least dministrative effort? A. Install and configure a DHCP server to automatically issue IP addresses. B. Install and configure a WINS server for NetBIOS Name Resolution. C. Set up the client computers with an LMHosts files in addition to the Hosts files. D. Install and configure a DNS server.
94. You are the Administrator of a medium sized Windows 2000 domain that has the main office in San Francisco, and has 3 other sites in Los Angeles, Boston, and Kansas City. You have been asked to set up DNS for all of the sites, which connect to each other over a WAN link. You want to limit the amount of time that is spent over the slow WAN link between the sites, which are all in the same Active Directory (AD) tree. How can you set up the WAN so that all sites are part of the same AD tree and intersite DNS queries are kept to a minimum? A. Set up the San Francisco office as the first level domain and set up the DNS server there. Set up the other 3 sites to be second level domains. B. Set up all four sites as second level domains and set up a DNS server at each site. C. Set up the San Francisco office as a second level domain and set up the other 3 sites to be child domains. Install DNS servers at each of the sites. D. Set up all four sites as second level domains and set up the DNS server at the San Francisco office.
95. You are the Administrator of a small Windows 2000 domain. You have been asked to set up a name resolution system that will guarantee users do not have to refer any queries to the Internet for name resolution. What can you do to assure that all name resolution occurs locally? A. Set your DNS server inside the DMZ B. Set your DNS server behind a Proxy Server C. Set up a DNS Caching Server D. Set up a Root Name Server
96. You are the Administrator of a small Windows 2000 domain. Your domain consists of 50 Windows 2000 Professional hosts on two segments, (A and B), connected by a router. Segment A has the Primary Zone DNS server, and Segment B has the Secondary Zone DNS Server. The users in both segments report that the network seems to be slow, and when you monitor the network you find that a large amount of the traffic is being generated by zone transfers from the Primary Zone to the Secondary Zone. What change do you need to make to decrease the zone transfer traffic? A. Decrease the Refresh Interval for the Start of Authority (SOA) records on the Primary Zone. B. Increase the Refresh Interval for the Start of Authority (SOA) records on the Primary Zone. C. Decrease the Time to Live (TTL) for the individual records on the Secondary Zone. D. Increase the Time to Live (TTL) for the individual records on the Secondary Zone.
97. You are the Administrator of a small Windows 2000 domain. The domain has one DNS server and 53 Windows 2000 Professional hosts, which have all been assigned static IP addresses. Your junior administrator reports that he is unable to resolve the name of host HR6 using its Fully Qualified Domain Name (FQDN), but he can use the IP to connect to it at the same time. There are no problems with using the FQDNs to contact the other hosts in the domain. What do you suspect is the problem and the solution? A. You must use DHCP and dynamic IP addresses in a domain with more than 10 hosts. B. Your DNS cache is corrupted and needs to be flushed using IPConfig /flushdns and then reloaded. C. There is no forward lookup Host record for HR6. You need to configure an A (Host) resource record. D. There is no reverse lookup Pointer record for HR6. You need to configure a PTR (Pointer) resource record.
98. You are the Administrator of a small Windows 2000 domain with one DNS server and 50 Windows 2000 Professional hosts. You receive reports from users that they are getting error messages when they attempt to connect to FileSvr1. You run Tracert nslookup on FileSvr1 and find that the Forward Lookup Zone is corrupted. You correct the Forward Lookup Zone and attempt to connect to it from one of the client hosts but still get the same error message. What needs to be done to be able to connect to FileSvr1? A. You need to run IPConfig /flushdns on all of the client hosts to clear the bad record out of their resolver caches. B. You need to reboot the DNS Server. C. You need to reboot FileSvr1. D. You need to run IPConfig /release and IPConfig /renew on FileSvr1.
99. You are the Administrator of a small Windows 2000 domain. There is a remote sales office that connects to the main office over a dialup WAN link. You find that a lot of the DNS server's time is being used to resolve DNS queries from the remote sales office. You want to alleviate the traffic over the WAN link without spending a lot of time and money. Your Primary objective is to allow the remote sales office to continue to get their DNS queries resolved without having to use the WAN link. Your secondary objectives are: a) to not spend a lot of money; and b) to not spend too much administrative time on the project. Which of the following solutions will meet your Primary and both Secondary objectives? A. Set up a caching-only server in the remote sales office. B. Set up a DNS server at the remote sales office. C. Set up a DNS relay agent at the remote sales office. D. Set up a VPN between the main office and the remote office.
100. You are an Administrator of a Windows 2000 Domain with 5 Servers and 50 Windows 2000 Professional clients. You have a DHCP Server to deliver IP addresses to all computers in the Domain. You come to work on a Monday and find that the users report that although they can communicate with each other, no users can connect to the Internet. You attempt to log onto the Internet and confirm that the connection cannot be made. When you check the Event Viewer you find the following message: "Your computer has automatically configured the IP address for the Network Card with the network address of 0900859F3C35. The IP address being used is 169.254.203.111. Why can't this computer connect to the Internet? A. The computer is configured with the wrong scope. B. The DHCP server has failed and automatic addressing is being used. C. The Internet Service Provider's server is down. D. The IP address is in an invalid class. E. The IP leases have expired.
101. You are the administrator of a small domain with 100 Windows 2000 hosts. You want to provide for a backup DHCP server in case the main DHCP server fails. What is the recommended way that you should define the scopes of each server so that they do not accidentally assign the same IP to two hosts? A. Assign 80% of the addresses to the main DHCP server and 20% of the addresses to the backup DHCP server. B. Assign 50% of the addresses to each DHCP server. C. Assign 100% of the addresses to each DHCP server and configure them to take turns assigning IP addresses. D. Assign 95% of the addresses to the main DHCP server and 5% to the backup DHCP server so that it will only assign addresses if the main DHCP server fails.
102. You are setting up a DHCP server for your domain, and you have 5 print servers and 5 file servers that you want to always have the same IP addresses. How do you set up, with the least amount of administrative effort, the DHCP server to assure that these 10 servers always have the same IP addresses? A. Manually configure the 10 servers with static IP addresses. B. Place the 10 IP addresses in the "Exclusions" option. C. Place the 10 IP addresses in a separate subscope. D. Place the 10 IP addresses in the "Reserved" option. Create 10 client reservations; one for each server.
103. You are the administrator in a medium sized Windows 2000 domain that runs a mission critical application that must run 24x7. You want to use DHCP because you have over 2000 Windows 2000 Professional hosts. Your Primary objective is to provide a DHCP solution that guarantees that the DHCP service is always available. Your Secondary objectives are: a) To provide for automatic transfer of the namespace and all the services to a second node. b) To provide load balancing of the DHCP services. You decide to set up DHCP Clustering and to set up all of the nodes as one virtual node. This solution accomplishes which of the following? A. The Primary objective only. B. The Primary objective and one of the Secondary objectives. C. The Primary objective and both of the Secondary objectives. D. The proposed solution does not accomplish any of the objectives.
104. You are the administrator of a medium sized Windows 2000 domain that contains 10 segments with a DHCP server on each segment. You recently had to move a computer from one segment to another as a replacement for a host that failed. When you start up the computer, it receives a DHCPNAK message. What needs to occur next to get the host communicating on this segment of the network? A. The host will send out a broadcast discover message with its MAC address requesting a new IP address. B. The host will automatically be assigned the IP of the previous host at that location. C. You will have to assign the host a static IP address. D. Add a DHCP Relay Agent.
105. Your small Windows 2000 domain contains 150 hosts that receive their IP addresses from a DHCP server and you want to have them automatically update the DNS server with their new IP address when they obtain a new lease. You open the DHCP snap-in and configure the server to automatically update the DNS server by putting a check in the box to "Automatically Update DHCP Client Information in DNS" and apply your changes. Sometime later, you find that the updates are not happening. What should you do next? A. Change the setting from updating at the server level to updating at the scope level. B. Remove the checkmark from "Discard forward (name-to-address) lookups when the lease expires". C. Configure the DNS server to accept Dynamic DNS updates. D. Configure the DHCP server to "Update DNS only if DHCP client requests".
106. You are the administrator of a small domain with 250 Windows 2000 Professional hosts on a multisegment network. You are installing DHCP service for the first time, and you need to set up the DHCP server. Which of the following do you have to have configured before you can install the DHCP service? A. You must have Active Directory installed. B. You must have a static IP on the server that will be the DHCP server. C. You must have a static IP on the server that will be the DNS server. D. You must have a subnet mask on the server that will be the DHCP server. E. You must have a default gateway for the server that will be the DHCP server. F. You must have a static IP on the server that will be the WINS server.
107. As if you're not busy enough, one of the servers you must maintain is a RAS server. You are asked to configure the RAS server so that connection links are added or dropped dynamically based on traffic demand. Which of the following protocols will you use to accomplish this task? A. BAP B. RAP C. EAP D. CHAP
108. You are the assistant systems manager for an engineering company's Windows 2000 network. You are implementing a RAS server that runs Windows 2000 Server and is a member of a Windows 2000 domain. You want to define a remote access policy with an associated remote access profile for RAS. The policy will have these properties:
A. Define the use of BAP and the use of the policy by members of Development-Mgrs in the remote access profile. B. Define the maximum session length and the use of only PPP in the remote access profile. C. Define the use of only PPP and the use of the policy by members of Development-Mgrs in the remote access profile. D. Define the maximum session length, the use of BAP, and the use of MS-CHAP as the authentication protocol in the remote access profile. E. Define the use of only PPP and the use of the policy by members of Development-Mgrs as conditions of the remote access policy.
109. You are the systems manager for your large company's Windows 2000 network. Company employees frequently access the network via remote access and each of these employees have a smart card to use with the company's Cisco RADIUS server for authentication into the network. The RADIUS server and employee workstations are configured to use encrypted passwords. The network includes Windows NT and Unix Servers. You are migrating the Windows NT servers to Windows 2000. You have implemented Windows 2000 RRAS and you want to incorporate the RADIUS authentication for use with the RRAS server. Which authentication protocol should you select for the RRAS server to use with the RADIUS server? A. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) B. Kerberos C. Extensible Authentication Protocol (EAP) D. Password Authentication Protocol (PAP)
110. You are setting up a VPN with a Windows 2000 remote access server. The remote access clients are Windows 95, Windows 98, Windows NT4 workstation, and Windows 2000 computers so you need to allow for as many authentication protocols as possible. You are in the process of standardizing the protocols to be used. What remote access authentication protocols does a Windows 2000 Remote Access Server support? A. PAP B. PPoE C. CHAP D. MPPE E. SPAP F. PPTP
111. You are the network administrator for a marketing company with branches all over the world. The sales staff uses remote connections to update their sales records to a database located on the company's Windows 2000 server. The sales staff has always experienced problems making remote connections but those problems have recently become more frequent. You've tried to fix the problems by modifying the RRAS server's existing remote access configuration, but that hasn't worked. You've come to the conclusion that the existing policy is in such bad shape that it's time to start anew. But you want to do this seamlessly. No user should have any clue you are configuring the RRAS server. You've deleted all policies listed in the list of remote access policies, including the default remote access policy. What will happen to your remote users until remote policy is created? A. The RRAS server will not allow you to delete the default remote access policy, only to modify it. This means that only users allowed remote access under the conditions of the current default remote access policy will be permitted remote access. B. Since no default remote access policy exists, the RRAS server will evaluate connection requests based on the user and remote access permissions. C. All connection attempts will be rejected. D. All connection attempts will be accepted.
112. You are the network administrator for your company. You set up an RRAS server for your company's sales force. While on the road, the salespeople use Windows CE handheld devices for remote access. Windows CE supports PAP and CHAP authentication, so you enabled CHAP on the server. However, users report that they cannot connect using those devices. What you need to do to fix this problem? A. All clients using CHAP for remote authentication must change their passwords. B. Enable CHAP in the authentication filter set on the RRAS server. C. Specify that Windows CE devices can not be used for remote connections. D. Disable support for MS-CHAP v1 and v2.
113. You are administering the remote access server for your company. You receive a call from an employee, Chris, Tuesday morning. He reports that on Monday night, there were no problems accessing the network. This morning, however, he is trying to connect to the network by establishing a VPN connection but cannot connect successfully. He also reports that sometimes a connection can be established during the day, but a successful connection is more likely at night or on the weekends. He needs immediate access to a document to close a sale. What is the most likely reason that he cannot gain access to the network? A. The connection has been accepted, but is currently held in a pending state. B. The connection has been refused because the user is not authorized to connect during business hours. C. The connection has been refused because no free ports are available. D. The connection is accepted but Chris is locked out of the network.
114. Your company hired 20 developers who are going to work from a remote location. Your corporate network is a Windows 2000 environment. The developers are using Windows 2000 professional. The RRAS server used for remote connectivity over VPNs has been configured with the default configuration. You tested the remote access configuration with several of the remote computers and everything has checked out fine. You sent word to the developers yesterday that they could begin using remote access. Today you began receiving support calls from some developers complaining that they cannot connect to network. What is the most likely reason for this problem? A. The default RRAS configuration does not support L2TP, which is required by Windows 2000 clients. B. The default RRAS configuration does not support enough VPN connections. C. The Windows 2000 client default configuration does not support remote access. D. The Windows 2000 clients are not configured to support VPN.
115. You are working for a multinational company that has branches all over the world. Most user activity is confined to their local network, but sometimes users in one location need to exchange confidential information with servers in another location. Since the communication between remote locations is infrequent, you have configured RRAS to use demand dial lines to set up direct connections. Your management requires that the connection must be secure so you decide to require mutual authentication. Which of the following authentication protocols can you use in this situation? A. PAP B. SPAP C. CHAP D. MS-CHAP
116. You are the network administrator for your company. You have just finished upgrading all of the company's servers to Windows 2000. Your next project is to build the remote access system for all remote users. The requirements are that you must support remote access connections from Win98 SP1, WinNT SP3, Windows 2000 Professional and Linux workstations. Some users will dial directly into the network while others will dial their local ISPs and connect to your network via the Internet. Therefore, you want all authentication attempts to use encrypted passwords. Your manager wants you to use one authentication protocol for all remote users. What authentication Protocol should you use to satisfy these requirements? A. MS-CHAP v1 B. MS-CHAP v2 C. CHAP D. PAP
117. Axe.com and Ooc.com are merging. Axe is a Windows 2000 environment and Ooc.com is a Netware 4 environment. Since you want to minimize support at the workstation level, you install Gateway Services for Netware on one of the Windows 2000 servers and migrate all the clients to Windows 2000. You have moved Ooc's Novell Netware servers into the server room at Axe. You also have RRAS on one of the servers to allow Internet access for everyone on the new network. What protocol is necessary on the Win2000 server that is running GSNW? A. IPX/SPX B. NetBEUI C. AppleTalk D. TCP/IP
118. As the network administrator, you need to add a second IP address to one of your NICs. Which of the following statements is true about the IP address assignment? A. This is done with the Advanced button in the TCP/IP properties dialog box. B. You can only assign multiple addresses to an adapter whose MAC address is indexed on the DHCP server. C. You cannot assign more than one IP address to an adapter. D. You can add the second IP address only if you have a 10 Mbps NIC or better.
119. You are a Windows 2000 network administrator. You use the Group Policy Editor to create an Internet Protocol Security (IPSec) policy for the Group Policy object (GPO) linked to an organizational unit (OU) in your Win2000 domain. What is the first step you should take to ensure that the policy is applied to the four computers in the OU? A. Use the IP Security Policies node in Group Policy Editor to assign the policy. B. Run IPSECMON to establish the current state. C. Stop and Restart the Policy Agent on each of the four computers. D. Run SECEDIT /refresh_policy /machine_policy on each of the four computers.
120. You are working for an airline company where you are the senior network administrator. A Web logic Application Server is running on the Windows 2000 server named Fnord. Fnord has a mission critical database application that stores confidential data such as passenger information, travel plans and the passenger billing information. This data is sent through the network via port 3029. Fnord is dedicated only to this application and not for anything else. There are 10 clients who work in the branch office and connect to Fnord remotely. These clients are dedicated to work only on Fnord and do nothing else. To ensure that all communications involved are secure, which of the following steps should you take? A. Configure IP filtering to filter port 3029. B. Configure IP filtering on the firewall of your network to only allow port 3029. C. Configure Fnord to require the use of IPSec policy. D. Configure Fnord to respond to IPSec policy.
121. You are the Network Administrator for your company. You are going to migrate from WinNT4 and NetWare 4.x to Win2000. You are presently using NWLink with 250 clients. You are also going to install Active Directory to take advantage of global policies that will help manage the new Win2000 desktops. You plan to take 5 months to complete the migration of all clients. What first step do you need to perform to begin this migration? A. Install WINS to prepare for NetBIOS name resolution. B. Install TCP/IP on the servers along with the existing NWLink. C. Install Active Directory and configure it for NWLink interoperability. D. Install DHCP to allow NWLink to be merged with TCP/IP.
122. You are administering a small network. Your company has just merged with a new company, which has a network that contains several subnets connected by routers. The administrator from the acquired company sent you a preconfigured router with the network address that you provided them. After the line is installed, you connect the router and power it up. The Network Administrator of your company checks out the router connections and everything looks good - but when you try to connect to resources on remote networks, the attempts fail. All the local workstations continue to function properly but none of them can access anything across the router. What is the first tool you will use to troubleshoot this problem? A. netstat -a B. nslookup C. ipconfig D. nbtstat
123. You are the Network Administrator for your company. After a vacation, you return to your office. You get an email from your manager stating that there are some machines which have lost their network connectivity. The systems are functioning normally when examined from the console; e.g. TCP/IP properties check out as fine. What should you check first? A. If the network cards are damaged or have worn out. B. If the DNS properties have been changed in your absence. C. If one of the systems in the same network is broadcasting continuously. D. If the machines' network cables are dislodged.
124. You are the Network Administrator for a financial institution. The accounts department has policies in place to control access to sensitive information. They have learned that if certain sensitive data is compromised, then the company could be liable for damages. You are told to ensure the security of the Accounting system when information is being transmitted. However, portions of the data on those systems must remain open to staff in other departments. You implemented IPSec on the Accounting servers and employees' workstations. In order to allow regular connections to those servers from other departments, while requiring IPSec connections from the machines that deal with confidential information, what security filter actions should you specify? A. Allow Unsecured B. Allow Only Secured C. Block D. Deny
125. You are in desktop support. You are asked to install two network cards on one system. You want to configure a specific IP address on one of the cards manually. How must you configure the other card? A. One must be configured manually and the other must be allowed to accept a DHCP configuration dynamically. B. Both cards must be configured manually. C. With two cards, both must be configured dynamically. D. Both cards may be configured either manually or dynamically.
126. You learned that your company recently merged with another company. You were told that the systems of both companies need to be accessible from all the clients ASAP. The other company has a network that runs Windows 2000 Pro clients and a Netware 4.x server. Your company's network has Windows 2000 Pro clients, a Windows 2000 server and a Netware 4.x server. Your Windows 2000 server uses TCP/IP and provides DHCP services and the NetWare servers use IPX/SPX. What steps do you need to take to configure the Windows 2000 Professional machines, in addition to loading NWLink on them, so that they will be able to access all the resources on the network? A. Install TCP/IP on all clients, and configure them to obtain an IP address from the DHCP server. B. Install and manually configure TCP/IP, install NWLink IPX/SPX and set the frame type to 802.2. C. Install and manually configure TCP/IP, install NWLink IPX/SPX and set the frame type to 802.3. D. Use DHCP to assign the TCP/IP and NWLink IPX/SPX configurations.
127. You are managing Windows 2000 Servers and Windows 2000 Professional computers distributed across 5 subnets, connected by a router on your network. The servers provide file and print services to the clients. You install the WINS Server service on a server on one subnet. You configure the WINS option in a DHCP scope to configure all of the other computers on the network to register with and query the WINS server. Users on the remote subnets report that they cannot access resources located on the WINS server if they use the NetBIOS name. However, if they use other TCP/IP connectivity options, they can connect. Users on the same subnet as the WINS server have no problem connecting at all. What is likely the problem? A. You did not configure the WINS server to include its own IP address as the default gateway. B. You configured the WINS server to include its default gateway IP address as a WINS client. C. You did not configure the WINS server to include its own IP address as a WINS client. D. You configured the WINS server to include its own IP address as a WINS client.
128. You are the administrator of a Windows 2000 network. You have recently installed a second WINS server for fault tolerance. You wish to ensure that the WINS servers remain as synchronized as possible. How should you configure the replication partners? A. Configure both servers as pull partners so they can update their databases as needed. B. Configure both servers as push partners so each can update the other server as soon as changes occur. C. Configure them both as push/pull partners. D. Configure one as a push partner and one as a pull partner.
129. You are the Windows 2000 Administrator for your company. You administer a network which has three physical locations connected by WAN links. Each subnet has Windows 2000 Server and Windows 2000 Professional machines. One of the Windows 2000 Servers on each subnet is configured as a WINS server. You want all the machines on all the subnets to be able to access each other by name. How should you accomplish this task? A. Configure push/pull replication partnerships between all the WINS servers. B. Configure the clients to retrieve WINS information from just one of the WINS servers. C. Configure push replication on one of the WINS servers. D. Configure pull replication on one of the WINS servers.
130. You are the Network Administrator for your company. Your company is running WINDOWS 2000 Professional workstations in a WinNT4 domain called ABX. One subnet in a remote location is configured without a domain controller. You do not want WINS query traffic moving over the WAN connection. You understand that LMHOSTS files can be configured on each client to support logon validation over the WAN. Which of the following LMHOSTS file entries will allow clients, in the remote location, to log on to a domain controller called DC1? A. 192.168.4.2 DC1 #PRE #DOM:DC1 B. 192.168.4.2 DC1 #PRE #DOM:ABX C. 192.168.4.2 DC1 #PRE #INCLUDE_ABX D. 192.168.4.2 DC1 #PRE #ABX
|