Server 2003 Network Infrastructure


1. Greg has a computer running Windows Server 2003 configured for remote access. He is configuring the encryption settings within the remote access policy. He selects Basic encryption. Which of the following encryption levels will be used? (Choose all that apply)

A. MPPE 40-bit
B. MPPE 56-bit
C. MPPE 128-bit
D. IPSec 56-bit DES
E. IPSec Triple DES (3DES)

>> !
Answer: A & D

When Basic encryption is enabled, remote access clients can connect using MPPE 40-bit or IPSec 56-bit encryption.


2. Jim, the network administrator for a small company, is concerned about security now that remote access has been configured. Jim is concerned about attackers capturing credentials being sent between remote access clients and the remote access server. All remote access clients are running Windows XP Professional. Which of the following authentication protocols should Jim disable?.

A. MS-CHAP
B. CHAP
C. PAP
D. EAP

>> !
Answer: C

The Password Authentication Protocol (PAP) uses plaintext passwords and is therefore the least secure authentication protocol.

[A: With MS-CHAP, an MD4 hash of the password is used to validate the request. The password is not sent between the remote access client and server.]

[B: With CHAP, the password is encrypted using a one-way encryption scheme.]

[D: The Extensible Authentication Protocol is an arbitrary authentication mechanism. It allows a client and server to negotiate the authentication scheme.]


3. David is installing five remote access servers on his company network. He wants to create a single remote access policy once for all remote access servers. What should he do?.

A. Create a single remote access policy on one remote access server and replicate it to the four other servers.
B. Create a single remote access policy. Place all five servers in the same OU. Apply the policy to the OU.
C. Configure the remote access policy settings. Use the Security Configuration and Analysis tool to apply the settings on each remote access server.
D. Install IAS on a server and configure the remote access servers as RADIUS clients. Configure a remote access policy on the IAS server.

>> !
Answer: D

Internet Authentication Service can be used to centralize the administration of remote access policies for multiple remote access servers.

[A: A remote access policy cannot be replicated to other remote access servers.]

[B: A remote access policy cannot be applied to an Organizational Unit. Remote access policies are stored locally on a remote access server or on a server running IAS.]

[C: The Security Configuration and Analysis tool can be used to configure group policy security settings.[


4. Amy is configuring the routing table on a computer running Windows Server 2003. She needs to add a persistent static route to the routing table. Which of the following correctly defines the syntax for adding a persistent static route to the routing table?.

A. ROUTE DESTINATION MASK SUBNETMASK GATEWAY METRIC COSTMETRIC
B. ROUTE ADD DESTINATION MASK SUBNETMASK GATEWAY METRIC COSTMETRIC
C. ROUTE ADD -P DESTINATION MASK SUBNETMASK GATEWAY METRIC COSTMETRIC
D. ROUTE -P DESTINATION MASK SUBNETMASK GATEWAY METRIC COSTMETRIC

>> !
Answer: C


5. John is configuring the IP Security Policy settings for computers on the network. SRV1 must secure all communications, SRV2 should secure all communications while still supporting non-secure clients, and remaining servers should only reply to requests for secure communications. How should John configure the IP Security Policy settings for the servers?.

A. On SRV1 enable Client (respond only).
B. On SRV1 enable Server (request security).
C. On SRV1 enable Client (respond only).
D. On SRV1 enable Server Secure (require security).

>> !
Answer: D

On all other servers enable Client (respond only). SRV1 must be configured with Server Secure (require security) so all communications are secured. SRV2 must be configured with Server (request security) so it can communicate with non-secure clients. All other servers should be configured with Client (respond only) so they will reply to any requests for secure communications.


6. James, the junior network administrator for DKP International, has been asked to ensure that the IP security policy put into place secures all communications while still allowing non-IPSec aware clients to authenticate. Which of the following IP security policies should he use?.

A. Client (respond only)
B. Server (request security)
C. Server Secure (require security)
D. Secure client (respond only)

>> !
Answer: B

Using the Server (request security) policy means that the server attempts to secure all communications while still supporting those computers that are not IPSec aware.

[A: Clients will respond only to requests for secure communications.]

[C: This policy will not allow communications with non-IPSec aware computers.]

[D: A policy such as this would only exist if it was created by an administrator.]


7. Don is the network administrator of a Windows Server 2003 network. He has enabled RIP on a computer running Windows Server 2003 configured as a router. RIP has been added. Don wants to ensure that routes learned from a network are not re-broadcasted on that to eliminate any routing loops. Which of the following RIP options should he select?.

A. Enable triggered updates
B. Enable split horizon processing
C. Periodic announcement interval
D. Clean updates

>> !
Answer: B

The split horizon feature ensures that any routes learned from a network are not sent as RIP announcements on that network

[A: Triggered updates ensure that any changes made to the routing table trigger immediate updates.]

[C: The periodic update announcement specifies the number of seconds between RIP announcements]

[D: The clean-up updates enables a router to send an announcement when it is stopping to notify other routers that the routes it was servicing are no longer available.]


8. Diane is the network administrator for a Windows Server 2003 network. She is configuring demand-dial routing between two Windows Server 2003 routers. She is creating the user account on the answering router that will be used to authenticate the calling router. When creating the use account which of the following options should be selected? (Choose all that apply)

A. Enable User Must Change Password at Next logon
B. Disable Password Never Expires
C. Enable Password Never Expires
D. Disable User Must Change Password at Next Logon

>> !
Answer: C & D

When configuring the password options for the user account, enable the Password Never Expires option and disable the User Must Change Password at Next Logon option.


9. Mary has 20 clients that will be accessing your VPN server. She needs to increase the number of available PPTP ports. How can she accomplish this?.

A. Within the Routing and Remote Access console, open the Properties window for the server and select the Ports tab.
B. Within the Routing and Remote Access console, open the Properties window for the Ports option and select the PPTP tab.
C. Within the Routing and Remote Access console, open the Properties window for the remote access policy and select the Ports tab.
D. Within the Routing and Remote Access console, open the Properties window for the Ports option.

>> !
Answer: D

To increase the number of available PPTP ports, open the properties window from within the Routing and Remote Access management console. Select PPTP and click Configure.


10. John is the network administrator of a Windows Server 2003 network. The internetwork consists of 10 subnets. All subnets are connected using Windows Server 2003 RRAS servers. Non-persistent demand-dial connections have been configured. John does not want to manually update routing tables. John wants to configure password authentication between routers. Which of the following should he implement?.

A. Static routes
B. ICMP
C. OSPF
D. RIPv2

>> !
Answer: D

RIPv2 is a routing protocol that can be used with non-persistent connections and supports password authentication between routers.

[A: Implementing static routes means the routing tables must be updated manually.]

[B: ICMP is used for diagnostics and error reporting, it is not a routing protocol.]

[C: RIPv2 is a routing protocol that can be used with non-persistent connections and supports password authentication between routers.]


11. Which of the following parameters can be used with the ROUTE command to ensure a static route is not deleted from the routing table upon restart?.

A. /F
B. /S
C. /P
D. /R

>> !
Answer: C

The /P parameter is used to add a persistent route to the routing table. This means the route will not be removed from the routing table when the router is restarted.


12. Massa trucking has opened a new branch office. You have been asked to configure a two-way demand-dial connection between the head office and the branch office. You configure the following:

Branch Office
Interface: HeadOffice
User Account: Branch_Office
Calling Number: 18315551212
Head Office
Interface: BranchOffice
User Account: Head_Office
Calling Number: 14084441212

When you go to test your configuration, neither of the routers can establish a connection. What is causing the problem?.

A. The demand-dial interface names must be identical.
B. The user account names on each router must be identical.
C. The interface name on the calling router must be identical to the user account name on the answering router.
D. Each router must have completely different user account and demand-dial interface names.

>> !
Answer: C

For a two-way demand-dial connection to work, the user account names used for authentication must be identical to the name assigned to the demand-dial interface name on the calling routers.


13. Mary is configuring TCP/IP filtering on a remote access computer running Windows Server 2003. TCP/IP filtering can be used to permit or deny traffic based on which of the following criteria? Choose three correct answers.

A. TCP port number
B. UDP port number
C. IP address
D. IP protocol

>> !
Answer: D

When configuring TCP/IP filtering, IP traffic can be filtered based on the IP protocol, a UDP port, or a TCP port.


14. A client configured to use DHCP addressing will first attempt to renew its lease when what percentage of the lease's term has expired?.

A. 25%
B. 50%
C. 75%
D. 90%
E. 95%
F. When it expires

>> !
Answer: B


15. Katherine is a network administrator for XYZ Company. She provides support for the DHCP server and clients. A client is currently having a problem connecting to the network. Katherine notices that the current IP address is 169.254.255.29. Which phase of the DHCP lease process is the client currently in?.

A. Discovery
B. Offer
C. Request
D. Acknowledgement

>> !
Answer: A

A client will broadcast a DHCPDISCOVER message during the Discovery phase, and await the first DHCPOFFER from available servers in its local area network. If it does not receive an offer, it utilizes a private address and continue to check for available DHCP servers every five minutes until one becomes available.

[B: The Offer phase occurs when the servers send the DHCPOFFER back to the requesting client.]

[C:The Request phase occurs when the client sends a DHCPREQUEST back to the offering server.]

[D: The Acknowledgement is the phase in which the offering server responds to the client's request by providing the addressing and configuration information in a new lease.]


16. You are the network administrator at IC International. Your responsibilities include maintaining the DHCP server and clients. You have decided it is necessary to assign a specific system a particular IP address; however, you do not want to use a static IP address. What is the best solution?.

A. Create a client reservation.
B. Assign a static IP address, there is no alternative.
C. Manually renew the lease every day to ensure the correct IP address is assigned.
D. Instruct the user to leave the power on the system at all times, to ensure that the lease never expires.

>> !
Answer: A

Pre-assign a particular IP address to the system by creating a DHCP Reservation within the server's scope.

[B: Creating a reserved client allows you to assign functionally static IP addresses.]

[C: This would be very time consuming and leaves room for error. Pre-assign a particular IP address to the system by creating a DHCP Reservation within the server's scope.]

[D: Leaving the system with constant power will not achieve the required goal of ensuring the system has a specific IP address.]


17. You have been asked to review the configuration requests for a new DHCP server. The DHCP server requires a static IP address of 192.168.2.2. The required scope ranges from 192.168.2.2 to 192.168.2.254. A WINS server and DNS server reside on the subnet, so their IP addresses (192.168.2.1 and 192.168.2.13, respectively) have been excluded from the range. Six systems require specific IP addresses so they have been added as reserved clients. The network is relatively stable so the lease duration will be 14 days. The router used by the clients is using the IP address 192.168.1.16. Which configuration will cause a problem with the new DHCP server? (Choose all that apply)

A. The static IP address 192.168.2.2
B. Lease duration set to 14 days
C. The scope range from 192.168.2.2 to 192.168.2.254
D. The list of excluded IP addresses

>> !
Answer: A & D

The static IP address is required for the new DHCP server; however, the IP address falls in the range of the scope that has been defined. The DHCP server's IP address should be added to the list of excluded IP addresses. The list of excluded IP addresses does not contain the IP address assigned to the DHCP server. The IP address assigned to the DHCP server needs to be added to this list.

[B: The network has been described as relatively stable. The extension to 14 days will help reduce network traffic on the subnet.]

[C: A static IP address is required for the new DHCP server; however, the IP address falls in the range of the scope that has been defined. The DHCP server's IP address should be added to the list of excluded IP addresses. The list of excluded IP addresses does not contain the IP address assigned to the DHCP server. The IP address assigned to the DHCP server needs to be added to this list.]


18. Katherine is a network administrator at IC International. She has been asked to research the most cost effective way to implement DHCP on a new subnet that does not have a DHCP server. The network contains a subnet that contains a DHCP server but the existing router cannot forward DHCP/BOOTP broadcasts. What is the most viable solution?.

A. Install the DHCP Relay Agent on the new subnet.
B. Purchase a new DHCP server.
C. Purchase a router capable of forwarding the DHCP/BOOTP broadcasts.
D. Install a DNS Forwarder to enable the DHCP broadcasts to cross the existing router.

>> !
Answer: A

The DHCP Relay Agent will allow the new subnet to forward DHCP broadcasts to the DHCP server on the existing subnet.

[B: Implementing a new DHCP server would allow for automatic IP addressing but is not the most cost effective choice.]

[C: Implementing a new DHCP server would allow for automatic IP addressing but is not the most cost effective choice.]

[D: A DNS Forwarder is a DNS server that accepts request to resolve host names from another DNS server. It will not enable the gateway to forward DHCP/BOOTP broadcasts.


19. Sarah is a network administrator at IC International. A client has reported that his laptop cannot see other computers on the network. Sarah runs IPCONFIG /All on the laptop and finds that the current IP address is 169.254.255.13 and she is able to PING the DHCP server. What is the problem and the solution?.

A. The IP address lease has expired on the laptop. Sarah should execute the command IPCONFIG /RELEASE.
B. The IP address lease has expired on the laptop. Sarah should execute the IPCONFIG /RELEASE and IPCONFIG /RENEW commands.
C. The laptop cannot communicate with the DHCP server. Sarah should assign a static IP address and subnet mask to gain access to the network.
D. The laptop cannot communicate with the DHCP server. At a command prompt window on the laptop, she should execute the IPCONFIG /RELEASE and IPCONFIG /RENEW commands to release the current IP address and request a new lease from the DHCP server.

>> !
Answer: B

The IP address lease has expired and assigned the address of 169.254.255.29 because it has not received a new IP address from the DHCP server. At a command prompt window on the laptop, she should execute the IPCONFIG /RELEASE and IPCONFIG /RENEW commands to release the current IP address and request a new lease from the DHCP server.

[A: The IP address lease has expired but the IPCONFIG /RELEASE will only release the current IP address. A new IP address must be requested as well.]

[B & C: The laptop is able communicate with the DHCP server because PING was successful.]


20. A computer requires a specific IP address so a client reservation is set on the DHCP server. When the system releases its current IP address and requests a new IP address, an error occurs. What is the problem?.

A. The IP address that has been reserved is currently assigned to a different system.
B. The reserved IP address is not in the scope's range of IP addresses.
C. The IP address was excluded from the scope not reserved.
D. The system has lost connectivity to the DHCP server.

>> !
Answer: A

For the system to use the reserved IP address, it cannot currently be leased to another system.

[B: The error did not occur while the reservation was being configured but after the IP address was renewed. The IP address is conflicting with another system on the subnet.]

[C: The system would have been assigned the wrong IP address, not receive an error.]

[D: If connectivity to the DHCP server was lost, the system would have an IP address within the 169.254.0.0/16 range.]


21. You suspect that your DHCP database has become corrupted. You decide to back up the DHCP database before you proceed with modifications. Where is the DHCP database located?.

A. C:\WINNT\SYSTEM32\DHCP\DHCP.mdb
B. C:\WINDOWS\SYSTEM32\DHCP\DHCP.mdb
C. C:\WINNT\SYSTEM\DHCP\DHCP.mdb
D. C:\WINDOWS\SYSTEM\DHCP\DHCP.mdb

>> !
Answer: B


22. What is the valid order when a client leases an IP address?.

A. DHCPREQUEST, DHCPOFFER, DHCPDISCOVER, and DHCPACK
B. DHCPREQUEST, DHCPDISCOVER, DHCPOFFER, and DHCPACK
C. DCHPDISCOVER, DHCPREQUEST, DHCPOFFER, and DHCPACK
D. DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK

>> !
Answer: D


23. You are in charge of a growing company with two locations. You have configured each location with a single subnet that connects to the other subnet using a router. Subnet A has a DHCP server. Subnet B does not. Which solutions would allow the clients on Subnet B to use the DHCP server on Subnet A? (Choose all that apply)

A. Use a router that supports DHCP/BOOTP broadcast forwarding.
B. Add a Windows 2003 Server on Subnet B running the DHCP Relay Agent.
C. Add a Windows 2000 Professional workstation on Subnet B running the DHCP Relay Agent.
D. A superscope configured on the DHCP server on Subnet A.

>> !
Answer: A & B

Most modern routers support DHCP/BOOTP broadcast forwarding. Some routers require the feature to be configured manually. A Windows 2003 Server on Subnet B running the DHCP Relay Agent would allow for the clients on subnet B to use the DHCP server on Subnet A.

[C: A Windows 2000 Professional client cannot run the DHCP Relay Agent.]

[D: A superscope configured on Subnet A would not help the clients on Subnet B.]


24. Thomas is an employee at IC International, where you manage the network. He has moved to a new office in an adjacent building, taking his desktop computer with him. Thomas discovers that he can no longer communicate on the network from his new office, although his coworkers at the new location can communicate with the network. Both buildings have subnets using DHCP servers. What could be the problem?.

A. The DHCP server at the new location is down.
B. The DHCP lease has expired.
C. The computer has a static IP configuration.
D. The DHCP server at the new location has an incorrect default gateway set for the subnet scope.

>> !
Answer: C

With a static IP address, Thomas's system would work on the original subnet, but when he changed subnets, the old address forced his system to try using the old network ID, which does not match the new subnet's network ID.

[A & D: Co-workers at the new location can communicate with the network so the DHCP server is working.]

[B: If Thomas's system was a DHCP client, it would negotiate a new lease when the old one expired, at which point Thomas would receive a valid IP address.


25. When a Windows XP client receives an IP address from a DHCP server, what is the default behavior for notifying DNS of the change?.

A. The DHCP client sends a forward lookup resource record, and the DHCP server sends a reverse lookup resource record.
B. The DHCP client sends a forward lookup resource record, and the DHCP client sends a reverse lookup resource record.
C. The DHCP server sends both resource records.
D. The DHCP client sends both resource records.

>> !
Answer: A

The DHCP client sends a forward lookup resource record, and the DHCP server sends a reverse lookup resource record. The implementation of Dynamic DNS permits the Windows XP system to send an update message directly to the DNS server. A Windows 2003 Server running DHCP acts as a proxy for down-level Windows clients, and sends both resource records to the DNS server.


26. You set up two subnets and a DHCP server on each one. Your routers support DHCP/BOOTP broadcast forwarding, and you enable that capability on each router. How should you configure the scopes for each DHCP server to provide fault tolerance?.

A. Each DHCP server should be set up to provide the exact same sets of IP addresses.
B. Set each Windows 2000 client's TCP/IP property sheet to access the local DHCP server first and the remote DHCP server second, using the DHCP tab.
C. Set up each DHCP server to provide scopes for 75% of the local addresses and 25% of the remote addresses.
D. Set up each DHCP server to provide scopes for 25% of the local addresses and 25% of the remote addresses.

>> !
Answer: C

Fault tolerance occurs when the DHCP server scope provides IP addresses to 75% of the local addresses and 25% of the remote addresses.

[A: DHCP servers should not have overlapping IP addresses.]

[B: Windows 2000 Professional clients do not have a DHCP tab on the TCP/IP property sheet so it isn't possible to configure a primary DHCP server and a secondary one.]

[D: Fault tolerance occurs when the DHCP server scope provides IP addresses to 75% of the local addresses and 25% of the remote addresses.]


27. You have configured a DHCP server that is not authorized in the Active Directory. Which of the following statements is true?.

A. The server cannot assign any optional TCP/IP configuration details but it can assign an IP address and subnet mask.
B. The server cannot assign any TCP/IP configuration details at all.
C. The server operates normally, but creates an entry in the System event log.
D. The server operates normally, but sends an alert message to a designated network administrator.

>> !
Answer: B

A DHCP server cannot assign TCP/IP configuration details unless it is authorized in the Active Directory.


28. A number of client computers on your network are unable to connect to any network resource. From a command prompt on one of the client computers, you run IPCONFIG /ALL and determine that the client computers have not been assigned an IP address through DHCP. At the same client computer, you run IPCONFIG /RENEW. The IPCONFIG /RENEW command reports the DHCP server cannot be reached. From a Windows 200 Server on the same network segment as the client computer, you are able to PING the DHCP server successfully. You examine the DHCP server and discover that the DHCP Server service is stopped. The DHCP server is a member server in an Active Directory domain. You attempt to start the DHCP Server service but are unable to do so. What is the most likely reason you are unable to start the DHCP Server service?.

A. The DHCP server has been assigned a dynamic IP address.
B. The DHCP server has not been authorized in Active Directory service.
C. The DHCP server is unable to perform dynamic updates to an Active Directory integrated DNS zone.
D. The DHCP server has no valid DHCP scope defined.

>> !
Answer: B

Because the DHCP server is a member of an Active Directory domain, the DHCP server must be authorized in Active Directory. If the DHCP server is unauthorized, the DHCP Serer service will not start. The system event log on the DHCP server will contain a log entry that says the DHCP Server services failed to start because the DHCP server is not authorized in Active Directory.

[A: Because you are able to successfully PING the DHCP server, the DHCP server has a valid IP address. Although not recommended, the DHCP Server service can work with a dynamically assigned address.]

[C: DHCP can perform dynamic updates in an Active Directory integrated DNS zone. However, the DHCP Server service is not dependent on the ability to make dynamic updates to an Active Directory integrated DNS zone.]

[D: The DHCP server must have a valid DHCP scope defined to provide configuration to DHCP clients. The DHCP Server service will start without any DHCP scopes. The lack of DHCP scopes is not the reason the DHCP Server service will not start.]


29. Felicia is the network administrator for a Windows Server 2003 network. The network consists of four subnets. One of the subnets hosts a DHCP server. All clients should be able to obtain an IP address from the DHCP server. Felicia needs to enable the DHCP relay agent on three of the subnets. The DHCP relay agent will be enabled on computers running Windows Server 2003. How can she enable this component?.

A. Use the Add or Remove Programs applet to install the DHCP Relay Agent.
B. Within the DHCP console, right-click the DHCP server and select New DHCP Relay Agent.
C. Enable the DHCP Relay Agent through the Registry.
D. Within the RRAS console, right-click the IP Routing container, click New Routing Protocol and select the DHCP Relay Agent.

>> !
Answer: D

From within the RRAS console, you must right-click the IP Routing container, click New Routing Protocol and select the DHCP Relay Agent. The DHCP relay agent component is enabled through the RRAS console on the computer that will forward messages to the DHCP server.


30. Janet is the network administrator for a Windows Server 2003 network. There are currently five subnets. There is a single DHCP server. The DHCP server is configured with multiple scopes for the different subnets. Janet is configuring the 003 Router option on the DHCP server to be assigned to computers. At which level should she configure the 003 router option?.

A. Server
B. Scope
C. Class
D. Client

>> !
Answer: B

Configuring optional parameters at the scope level allows you to configure unique parameters for each scope. Because each subnet will have a different default gateway, the option must be configured at the scope level.

[A: Configuring a DHCP option at the server level means it will apply to all scopes.]

[C & D: Configuring optional parameters at the scope level allows you to configure unique parameters for each scope. Because each subnet will have a different default gateway, the option must be configured at the scope level.]


31. Irene is the junior administrator for a Windows Server 2003 network. The senior network administrator has assigned her the task of installing DHCP on a computer running Windows Server 2003. She installs the service then configures a scope. When she restarts the server, the service fails to start. What is causing the problem?.

A. The DHCP server has not been authorized within Active Directory.
B. The scope has not been activated.
C. The DHCP relay agent is not enabled.
D. The DHCP service is installed on a member server.

>> !
Answer: A

If the DHCP server must be authorized within Active Directory or the service will fail to start.

[B: An inactive scope will not cause the DHCP service to fail.]

[C: If a Relay Agent is not enabled, some clients may not be able to obtain IP addresses, but this would not cause the DHCP service to fail.]

[D: The DHCP service can be installed on a member server, domain controller, or stand-alone server.]


32. Felicia is the network administrator for a Windows Server 2003 network. There are 60 workstations and 7 servers. Felicia wants to centralize the administration of IP addresses on the network. She installs and configures a DHCP server. The workstations are configured as DHCP clients and the servers are all configured with static IP addresses. Three of the workstations need to lease the same IP address from the DHCP server. How should Felicia proceed? (Choose all that apply)

A. Within the DHCP console, configure a client reservation for each of the three computers.
B. Within the DHCP console, exclude the IP addresses from the scope.
C. Within the DHCP console, configure DHCP optional parameters at the client level.
D. Within the DHCP console, configure a separate scope for each of the three workstations.

>> !
Answer: A & C

A client reservation ensures that a DHCP client leases the same IP address each time it must be renewed.

Optional parameters can be configured for individual DHCP clients.

[B: IP addresses that should not be leased to DHCP clients must be excluded from the scope.]

[D: A scope is a pool of IP addresses from which a DHCP server can lease to a DHCP client.]


33. James is the junior network administrator for a Windows Server 2003 network. He has been assigned the task of installing a DHCP server on the network. He installs the service and configures a new scope. Of what group must James be a member to authorize the DHCP server?.

A. Enterprise Admins
B. DHCP Administrators
C. Domain Admins
D. Administrators

>> !
Answer: A

In order to authorize a DHCP server, you must be a member of the Enterprise Admins group.


34. David is the junior network administrator for a Windows Server 2003 network. He has bee assigned the task of installing and configuring DHCP. The DHCP server will assign DHCP clients several optional parameters. The optional parameters need to be configured at the various levels. David cannot recall how DHCP options are applied. Which of the following correctly defines how DHCP options are applied?.

A. Scope, server, client, class
B. Server, client, scope, class
C. Server, scope, class, client
D. Client, class, scope server
E. Client, scope, server, client

>> !
Answer: C

Scope options configured for a client reservation override the same options configured at the server, scope, or class level.


35. Mary has enabled logging on the network DHCP server. What is the default location where the audit logs are stored?.

A. %systemroot%\system32\DHCP
B. %systemroot%\System32\DHCP\Logging
C. %systemroot%\DHCP\Logging
D. %systemroot%\system32\Logging

>> !
Answer: A

By default, the DHCP audit logs are stored in the %systemroot%\system32\DHCP directory.


36. Jim is a network administrator for a Windows Server 2003 network. A user calls to inform you that they are unable to access any resources on the local network. Jim discovers that the workstation is using the IP address of 169.254.2.10. Which of the following commands can Jim use to try to obtain an IP address from a DHCP server?.

A. IPCONFIG
B. IPCONFIG /RELEASE
C. IPCONFIG /RENEW
D. IPCONFIG /ALL

>> !
Answer: C

The IPCONFIG command used with the RENEW parameters allows you to manually try and lease an IP address from a DHCP server.


37. Brent is a junior network administrator. He installs and configures a DHCP server on an existing Windows Server 2003 member server on one subnet. He tests the configuration. All workstations on the same subnet as the DHCP server are leasing an IP address. Workstations on all other subnets are using an IP address in the range of 169.254.0.0/16. What is causing the problem?.

A. The DHCP service should be installed on a domain controller.
B. The DHCP relay agent is not configured.
C. The DHCP server has not been authorized within Active Directory.
D. The workstations are not configured as DHCP clients.

>> !
Answer: B

The DHCP relay agent is required to forward DHCP messages between DHCP clients and a DHCP server on another subnet.

[A: The DHCP service can be installed on a stand-alone server, member server, or domain controller.]

[C: If the DHCP server was not authorized, it would be unable to lease IP addresses to clients.]

[D: If a DHCP server is unavailable, DHCP clients will use an IP address in the range of 169.254.0.0/16. Because workstations are using an IP address in this range, they are already configured as DHCP clients.]


38. Jane is the network administrator for a Windows Server 2003 network. She has been running Network Monitor to capture and analyze network traffic. She notices a large amount of traffic being generated from IP address renewals. She verifies that the number of IP addresses within the scope far exceeds the number of DHCP clients on the network. How can Jane reduce the amount of network traffic associated with IP address renewals?.

A. Add a second DHCP server to the network.
B. Increase the lease duration.
C. Configure client reservations instead.
D. Decrease the lease duration.

>> !
Answer: B

The lease duration determines the frequency at which DHCP clients must renew their IP addresses. Increasing this value means clients will renew their IP addresses less often.

[A: Adding a second DHCP server to the network will not decrease the amount of traffic associated with IP address lease renewals.]

[C: Client reservations are created for those DHCP clients that need to lease the same IP address. Creating client reservations will not reduce the amount of traffic generated from IP address renewals.]

[D: Decreasing the lease duration will result in an increase in traffic because clients will have to renew IP addresses more frequently.]


39. Mary is the network administrator for a Windows Server 2003 network. There is a single DHCP server on the network. Mary wants to increase the lease duration. How should she proceed?.

A. Within the DHCP console, right-click the DHCP server and select Properties. From the Advanced tab, increase the value of the lease duration.
B. Within the DHCP console, right-click the scope and select Properties. From the Advanced tab increase the value of the lease duration.
C. Within the DHCP console, right-click the scope, and select Properties. From the General tab, increase the value of the lease duration.
D. Within the DHCP console, right-click the DHCP server, and select Properties. From the General tab, increase the value of the lease duration.

>> !
Answer: C

The lease duration is configured at the scope level. To do so, right-click the scope within the DHCP console and select Properties. From the General tab, increase the value of the lease duration.


40. Mike has installed and configured DHCP on a computer running Windows Server 2003. Three servers on the network are configured as DHCP clients but need to be assigned the same IP address each time they renew. Mike configures a scope and excludes the three IP addresses. He then configures three client reservations. He soon discovers that the three servers are not being the IP addresses defined within the reservations. How can he fix the problem?.

A. Delete the existing reservations.
B. Configure the scope options at the client level.
C. Do not exclude the three IP addresses from the scope.
D. Configure a separate scope for the reserved IP addresses.

>> !
Answer: C

If the IP addresses are excluded from the scope, the DHCP server will not lease them to DHCP clients.

[A: The client reservations are needed so certain DHCP clients can be configured with the same IP address each time they renew their lease with a DHCP server.]

[B: Scope options are configured to assign DHCP clients optional parameters.]

[D: Scopes define the IP addresses that can be leased to DHCP clients. A separate scope is not defined for client reservations.]


41. Jim is the network administrator of a Windows Server 2003 network. There is a single subnet and a DHCP server has been added to the network. All workstations are configured as DHCP clients. Three print servers are added to the network and configured with static IP addresses. What should Jim do to ensure there are not IP address conflicts?.

A. Place the three print servers on a separate subnet from all other DHCP clients.
B. Configure a client reservation for each print server on the DHCP server.
C. Exclude the three IP addresses from the scope.
D. Enable the DHCP relay agent.

>> !
Answer: C

To ensure there are no address conflicts, the static IP addresses configured for each print server must be excluded from the scope of IP addresses on the DHCP server.

[A & B: To ensure there are no address conflicts, the static IP addresses configured for each print server must be excluded from the scope of IP addresses on the DHCP server.]

[D: The relay agent is required to forward DHCP messages between DHCP clients and a DHCP server on another subnet.]


42. Joe is the new network administrator for DKP International. He installs the DHCP server service on a Windows Server 2003 member server. The server has been authorized and a scope has been configured. When he uses the IPCONFIG command on Windows XP Professional workstations, he finds that they are all assigned IP addresses in the range of 169.254.x.x. What is causing the problem?.

A. The computers are not DHCP-enabled.
B. The DHCP scope has not been activated.
C. The DHCP server has not been activated.
D. The DHCP server service must be installed on a domain controller.

>> !
Answer: B

Once a scope is created, it must be activated.

[A: Computers that are DHCP-enabled will use an IP address in the range of 168.254.0.0/16, if the DHCP server cannot be contacted.]

[C: A DHCP server does not need to be activated. A DHCP server must be authorized.]

[D: DHCP can be installed on a stand-alone server, member server, or a domain controller.]


43. Don is the network administrator for a Windows Server 2003 network. There is a DHCP server on the network. Most clients are running Windows XP Professional; others are still running Windows 95. Don notices that the Windows XP workstations are dynamically updating their own A records with the DNS server, whereas the Windows 95 clients are not. What should he do to fix the problem?.

A. Configure the Windows 95 clients to update their own A records through the Internet Protocol (TCP/IP) Properties window.
B. Within the DHCP console, use the DNS tab for the scope properties window and configure the DHCP server to update records for clients that do not support dynamic updates.
C. Within the DHCP console, use the DNS tab for the DHCP server's properties window and configure the DHCP server to update records for those clients that do not support dynamic updates.
D. Install the Active Directory client on the Windows 95 workstations.

>> !
Answer: C

A DHCP server can be configured to update records on behalf of those clients that do not support dynamic updates. This can be done using the DNS tab from the Properties window for the DHCP server.

[A: Windows 95 clients cannot update their own A records with a DHNS server.]

[B: A DHCP server can be configured to update resources records for those clients that do not support dynamic updates through the DHCP server's Properties window. This feature is configured at the server level, not the scope level.]

[D: The Active Directory client does not provide Windows 95 workstations with the ability to update their own host records with a DNS server.]


44. You are upgrading your Windows NT 4.0 Workstation computers to Windows XP Professional. These computers have been DHCP clients of a Windows 2003 DHCP Server that has been registering the Host (A) and Pointer (PTR) records for the Windows NT 4.0 Workstations.

However, when you upgrade the Workstations to Windows XP Professional, the upgraded computers are not able to update their records with the DNS server. Why?.

A. The Windows 2003 DHCP Server must be restarted before the upgraded clients can register their records.
B. Windows XP Professional computers can update the records on a DNS Server only if they are part of a "fresh" installation. Dynamic update will not work after an upgrade installation.
C. The Windows XP Professional clients must be authorized with in the Active Directory before they can upgrade their records.
D. Windows NT 4.0 DNS clients cannot register with a DNS server. When the DHCP server updated the Workstation's DNS records, it took ownership of them.

>> !
Answer: D

Down-level clients cannot update their information on the DNS server, so the DHCP server owns the records.

[A: You do not need to restart the DHCP server to allow Windows XP clients to register their information on a DNS server.]

[B: It does not matter if the installation is an upgrade or a fresh installation, a Windows XP Professional computer has the capability to upgrade its own records on a DNS server.]

[C: Windows XP Professional clients do not need to be authorized with Active Directory, the DHCP server is required to be authorized.]


45. Katherine is the network administrator for DFB Corporation. She is responsible for the DHCP server and DHCP clients. Part of Katherine's responsibilities includes verifying the integrity of the DHCP database. What steps are required to accomplish this task?.

A. Reconcile all scopes on the DHCP server.
B. Review all the scope properties manually to verify they are referring to the correct IP address ranges.
C. Manually add all scopes on a backup DHCP server and compare the two databases.
D. Reconcile all of the scopes on the DHCP clients.

>> !
Answer: A

Right-click the DHCP server and choose Reconcile All Scopes to check the DHCP database for inconsistencies.

[B & C: Because the process of manually reviewing the DHCP scopes is time consuming and opens the possibility to human error, this is not your best choice.]

[D: The reconciliation needs to occur at the server level. Right-click the DHCP server and choose Reconcile All Scopes to check the DHCP database for inconsistencies.


46. Joe is the network administrator for a Windows Server 2003 network. The network consists of a single subnet. There are 3 servers and 20 workstations. A second subnet is being added to the existing network infrastructure. The new subnet will host two more servers and another 20 workstations. Joe wants to configure routing on a computer running Windows Server 2003. He does not want broadcasts on the network from routing table updates. Which if the following should he implement?.

A. ICMP
B. RIP version 1
C. ARP
D. RIP version 2
E. MS-CHAP
F. MS-CHAP version 2

>> !
Answer: D

RIP version 2 supports multicast announcements, so it does not rely on broadcast packets for its announcements.

[A: The Internet Control Message Protocol (ICMP) is used for diagnostics and status reporting.]

[B: RIP version 1 uses IP broadcast packets for announcements.]

[C: The Address Resolution Protocol (ARP) is used to resolve IP addresses to MAC addresses.]

[E & F: These are authentication protocols.


47. Tony is the junior network administrator. He is in charge of configuring remote access. All users on the network require remote access. All users should have the same remote access security requirements except the Administrators group. How should you configure RRAS?.

A. Create two groups within RRAS, one for Users and one for Administrators. Create two remote access policies and use the Windows Groups condition to apply each policy to the appropriate set of users.
B. Create two groups within Active Directory User and Computers, one for Users and one for Administrators. Create two remote access policies and use the Windows Groups condition to apply each policy to the appropriate set of users.
C. Create two groups within RRAS. Configure different settings within a single policy for each group.
D. Create two remote access policies. Using the Dial-in tab for each user account, specify which remote access policy should be applied.

>> !
Answer: B

To use the Windows Groups condition, the groups must first be created within Active Directory Users and Computers. Two policies should be created and configured with the appropriate settings. Use the Windows Groups condition to specify the group of users to which the policy should be applied.

[A: To use the Windows Groups condition, the groups must first be created within Active Directory Users and Computers. Two policies should be created and configured with the appropriate settings. Use the Windows Groups condition to specify the group of users to which the policy should be applied.]

[C: A single policy cannot be configured with different settings for different groups.]

[D: You cannot specify through the account properties which remote access policy should apply to a user account.]


48. A computer running Windows Server 2003 has been enabled to provide remote access services. A remote access policy is configured to grant access. The policy determines the permissions. Permissions are not configured for each user account. Remote access users need access to an FTP server on the private network. After configuring the remote access server, John tests the configuration by attempting to dial in. He successfully connects to the remote access server but is unable to connect to the FTP server by computer name. He can access computers by IP address. What is causing the problem?.

A. The WINS proxy agent is not enabled on the remote access server.
B. The remote access permissions must be configured for each individual user account.
C. The DHCP Relay Agent component is not enabled on the remote access server.
D. The user does not have permission to access the FTP server.

>> !
Answer: C

To resolve computer names to IP addresses, the DHCP Relay Agent component must be enabled on the remote access server. Remote access clients can then be assigned the IP address of the name resolution server on the private network.

[A: A WINS proxy agent listens for NetBIOS name resolution broadcasts and forwards them to a WINS server for non-WINS-enabled clients to resolve NetBIOS names to IP addresses.]

[B: Because the user can successfully connect to the remote access server, this eliminates permissions as being the cause of the problem. Remote access permissions can be set through the account properties and through a remote access policy.]

[D: Because the user can connect to the FTP server using the IP address, this eliminates permissions as being the cause of the problem and indicates a problem with name resolution.]


49. Dayton Street Cooling has 10 users that require remote access. Sean, the network administrator, needs to allow these 10 users remote access during business hours only. Remote access clients should be allowed to dial into the company's remote access server during the hours of 8 a.m. and 6 p.m. How should Sean configure remote access?.

A. Configure the day and time restrictions using the Dial-in tab of each user account.
B. Configure the day and time restrictions by editing the conditions of the remote access policy.
C. Configure the day and time restrictions by editing the profile settings of the remote access policy.
D. Create a group for the 10 remote access users. Configure day and time restrictions through the group's properties window.

>> !
Answer: B

To put day and time restrictions in place for remote access clients, you must edit the conditions of the remote access policy.

[A: Remote access day and time restrictions cannot be configure through the account properties.]

[C & D: To put day and time restrictions on place for remote access clients, you must edit the conditions of the remote access policy.]


50. Robert is the junior network administrator. He's been asked to configure the authentication protocols on the company's remote access server. Remote access client computers all use Windows 2000 Professional so the MS-CHAP version 2 authentication protocol will be used. Robert needs to configure the remote access server for this authentication protocol. What should he do? (Choose all that apply)

A. Enable the MS-CHAP version 2 protocol through the properties of the user accounts.
B. Enable MS-CHAP version 2 through the Properties window for the remote access server.
C. Enable the MS-CHAP version 2 protocol by editing the conditions of the remote access policy.
D. Enable the MS-CHAP version 2 protocol by editing the profile settings of the remote access policy.

>> !
Answer: B & D

Authentication protocol must be enabled at the server level. This can be done from the Security tab for the remote access server's Properties window.

Authentication protocols for a remote access policy are enabled by editing the profile settings.

[A: Authentication protocols cannot be enabled through the properties of a user account.]

[C: Authentication protocols for a remote access policy are enabled by editing the profile settings.]


51. Mary has just finished making changes to the IP security policy for users on the Windows 2003 network. She wants the changes to be applied immediately. Which of the following command should she use?.

A. GPUPDATE
B. NETSH
C. SECEDIT
D. GPRESULT

>> !
Answer: A

The GPUPDATE command is used to propagate policy changes immediately.

[B: The NETSH command is used to view and modify the network configuration of a local computer or remote computer.]

[C: SECEDIT is the command used in Windows 2000 to update policy settings. It is replaced by the GPUPDATE command in Windows Server 2003.]

[D: This command is used to display group settings for a user or computer.]


52. Jim is configuring the IP security policy for a computer running Windows Server 2003. Some of the client computers on the network are not IPSec aware while others are. Jim wants all data to be encrypted and still allow those computers that do not support IPSec to authenticate. Which of the following settings should he select? (Choose all that apply)

A. Server Secure (require security)
B. Server (request security)
C. Client (respond only)
D. Client (request security)

>> !
Answer: B & C

The server will request secure communications. Unsecured communications will be allowed if the client does not support IPSec.

The server will respond to requests for secure communications but will not attempt to secure all communications.

[A: Communications will not be allowed for those clients that are not IPSec aware.]

[D: There are only three options available for IPSec policies: Client (respond only), Server (request security), and Server Secure (require security).]


53. John is the junior network administrator. He has been asked to add a new route to the routing table on a computer running Windows Server 2003. Which of the following commands should he use?.

A. ROUTE 192.168.10.0 MASK 255.255.255.0 192.168.9.1 METRIC 2
B. ROUTE ADD 192.168.10.0 MASK 255.255.255.0 192.168.9.1 METRIC 2
C. ROUTE ADD 192.168.10.0 MASK 255.255.255.0 192.168.9.1 2
D. ROUTE 192.168.10.0 MASK 255.255.255.0 GATEWAY 192.168.9.1 METRIC 2
E. ROUTE ADD 192.168.10.0 MASK 255.255.255.0 GATEWAY 192.168.9.0 METRIC 2

>> !
Answer: B


54. Mary is the network administrator for a small company. All remote access computers have recently been configured with smart cards. Which of the following authentication protocols must Mary enable?.

A. MS-CHAP
B. IPSec
C. PAP
D. EAP
E. SPAP

>> !
Answer: D

The Extensible Authentication Protocol is an authentication mechanism that allows authentication scheme to be negotiated between a remote access client and a remote access server or RADIUS server. It is required for smart card authentication.

MS-CHAP is a password-based authentication protocol.

IPSec is a protocol used to encrypt data.

PAP is a password-based authentication protocol. PAP sends credentials clear text. Therefore it is not recommended.

SPAP is a password-based authentication protocol used by Shiva clients or Windows clients that must authenticate to Shiva LAN Rover.


55. Mike is the network administrator for a growing company. Due to the increase in the number of remote access clients, two more remote access servers have been added to the network infrastructure. Mike wants to install Internet Authentication Services on a server to centralize authentication and accounting. What should he do? (Choose all that apply)

A. Install IAS using the Routing and Remote Access snap-in.
B. Install IAS using the Internet Authentication Services snap-in.
C. Install IAS using the Add or Remove Programs applet.
D. Install IAS using the Configure Your Server wizard.

>> !
Answer: C & D

IAS can be installed using the Add or Remove Programs applet or using the Configure Your Server wizard.

IAS can be installed using the Add or Remove Programs applet or using the Configure Your Server wizard.

[A: IAS can be installed using the Add or Remove Programs applet or using the Configure Your Server wizard.]

[B: The Internet Authentication Service snap-in is not available until IAS is installed. It can be used to configure and manage the service.]


56. John has recently added three remote access servers to the existing network infrastructure. He now wants to centralize the authentication and accounting for all remote access servers. Which of the following services should he install?.

A. IAS
B. IIS
C. ISA
D. RRAS

>> !
Answer: A

The Internet Authentication Service is used to centralize the authentication and accounting for remote access servers that are configured as RADIUS client.

[B: Internet Information Service is used for Web services.]

[C: Internet Security and Acceleration service is used for firewall and caching services.]

[D: Routing and Remote Access is used to configure a computer as a remote access server and network router.]


57. Mary has configured two remote access policies. The first policy applies to members of the Sales group. The conditions of this policy specify that users only have remote access during the hours of 8 A.M. to 6 P.M. The second policy applies to members of the Managers group. There are no day and time restrictions configured for this policy. Jim is a member of the Sales group and the Managers group. However, when he tries to gain remote access after 6 P.M. he is denied access. What should Mary do? Choose the best answer.

A. Grant Jim remote access permissions through his user account properties.
B. Remove Jim from the Sales group.
C. Remove the day and time restrictions for the remote access policy.
D. Change the order in which the policies are evaluated.
E. Configure the day and time restrictions through Jim's user account properties.

>> !
Answer: D

By changing the order in which policies are evaluated, Jim's connection attempt will match the conditions of the policy created for the Managers and he will not be affected by the policy created for the Sales group.

[A: Because Jim already has remote access permission, this will not solve the problem.]

[B: Removing Jim from the Sales group would solve the problem. The policy created for the Managers group would be the only one to affect him. However, Jim may need to remain a member of the Sales group for other purposes.]

[C: Although this would solve the problem for Jim, members of the Sales group require day and time restrictions.]

[E: Day and time restrictions cannot be configured through a user's account properties.]


58. Joe is configuring security for a Windows Server 2003 router. IP routing is enabled on the Internet interface. Joe wants only PPTP traffic on the Internet interface routed to the private network. What should he do?.

A. Configure packet filtering on the interface connected to the private network to allow all traffic except PPTP.
B. Configure the PPTP ports to allow only PPTP traffic.
C. Configure packet filtering on the private interface to deny all traffic except PPTP.
D. Configure packet filtering on the public interface to deny all traffic except PPTP.

>> !
Answer: D

To block unwanted Internet based traffic, packet filtering must be configured on the interface connected to the Internet. All traffic should be blocked except for PPTP.

[A: To block unwanted Internet based traffic, packet filtering must be configured on the interface connected to the Internet. All traffic should be blocked except for PPTP.]

[B: Packet filtering cannot be configured for a port. It is configure for a network interface.]

[C: To block unwanted Internet based traffic, packet filtering must be configured on the interface connected to the Internet. All traffic should be blocked except for PPTP.]


59. John is the network administrator for a medium sized company. There are 10 subnets in total connected by Windows Server 2003 computers configured as routers. Each subnet is connected by a non-persistent demand-dial connection. John does not want the administrative overhead associated with updating the routing tables manually. With this in mind, which routing option should he choose?.

A. OSPF
B. RIP
C. ICMP
D. MS-CHAP

>> !
Answer: B

The Routing Information Protocol is the best choice for updating the routing tables automatically.

[A: The OSPF routing protocol does not support non-persistent demand-dial connections.]

[C: The Internet Control Management Protocol (ICMP) is used for diagnostics and status reporting.]

[D: MS-CHAP is a password based authentication protocol.]


60. Doug has configures remote access on a computer running Windows Server 2003. Remote access clients can successfully dial into the server. You notice, however, that remote access computers are not being assigned a default gateway or the IP address of the DNS server on the private network. What is causing the problem?.

A. Remote access clients are not configured to use DHCP.
B. The remote access server does not have the DHCP Relay Agent component configured.
C. Optional parameters are not configured on the remote access server.
D. The WINS proxy agent is not enabled on the remote access server.
E. The DHCP Relay Agent component is not enabled on the DHCP server on the private network.

>> !
Answer: B

The DHCP Relay Agent component is required for DHCPInform messages to be forwarded between remote access computers and the DHCP server on the private network.

[A: Clients are already establishing remote access connections and obtaining IP addresses.]

[C: A remote access server can be configured only with a static range of IP addresses to assign remote access computers. It cannot assign remote access clients any optional parameters.]

[D: A WINS proxy agent is used to forward NetBIOS name resolution requests for non-WINS enabled clients to a WINS server on another subnet.]

[E: The DHCP Relay Agent component must be enabled on the remote access server.]