290

Question 1 0 out of 1 points
How many processors does the 64-bit version of Windows Server 2003 Datacenter
Edition support?
Selected
Answer: 64
Correct Answer:
32
Feedback: The 64-bit version of Windows Server 2003 Datacenter Edition supports
up to 64 processors. (Discussion starts on page 7.)
Question
1 out of 1 points
2
Which of the following is not an edition of Windows Server 2003?
Selected Corporate
Answer:
Correct Answer: Corporate
Feedback: Windows Server 2003 is available in Standard, Enterprise, Datacenter,
and Web editions. It is not available in a Corporate edition.
(Discussion starts on page 4.)
Question
1 out of 1 points
3
What is the maximum amount of RAM supported by the 32-bit version of Windows
Server 2003 Datacenter Edition?
Selected 64 GB
Answer:
Correct Answer: 64 GB
Feedback: The 32-bit version of Windows Server 2003 Datacenter Edition
supports 64 GB of RAM. (Discussion starts on page 7.)
Question
1 out of 1 points
4
Which of the following is not an organizational element of Active Directory?
Selected Branch
Answer:
Correct Answer: Branch
Feedback: A branch is not an organizational element of Active Directory. Trees,
organizational units, and domains are all organizational elements of
Active Directory. (Discussion starts on page 27.)
Question
1 out of 1 points
5
True or False: Before you create a domain controller, a DNS server must be available
on the network.
Selected False
Answer:
Correct Answer: False
Feedback: A DNS server is required to complete the installation of a domain
controller, but it need not be present before the installation is started.
If, during the installation process, Windows Server 2003 does not find
a DNS server, you will be prompted to install DNS on the system.
Question
1 out of 1 points
6
Why is it common practice to implement more than one domain controller per
domain?
Selected To provide fault
Answer: tolerance
Correct Answer: To provide fault
tolerance
Feedback: One reason to implement more than one domain controller per domain
is to provide fault tolerance. When more than one domain controller is
used per domain, each still holds a complete copy of the Active
Directory database. The domain database is not split up. The use of
multiple administrators is not related to how many domain controllers
are in use. When more than one domain controller is used per domain,
each still holds a complete copy of the Active Directory database.
Therefore, using multiple controllers will not reduce the number of
objects stored in the database on each domain controller. (Discussion
starts on page 28.)
Question
1 out of 1 points
7
You are installing an application that requires the Active Directory schema to be
extended. The application itself does not extend the schema, but the documentation
included with the application specifies that each user account must have a property
for the personal employer ID code. What steps would you take to achieve this?
Selected Using the Active Directory Schema snap-in, add an attribute to
Answer: the user account property for Employer ID Code.
Correct Using the Active Directory Schema snap-in, add an attribute to
Answer: the user account property for Employer ID Code.
Feedback: To provide an additional property for a user account, you would use
the Active Directory Schema snap-in to add an attribute to the user
account property. You would not create a new object calledEmployer
ID Code–it is a new property that is required. (Discussion starts on
page 30.)
Question
1 out of 1 points
8
You are setting up a new server to provide file and print services for the corporate
accounting department of your company. The accounting department has 78 users
and four printers. The server assigned to the accounting department is an eight-
processor system with 2 GB of RAM. The server used to be a corporate database
server, but a recent upgrade has made the system available. What edition of
Windows Server 2003 are you most likely to install on the server?
Selected Enterprise
Answer:
Correct Answer: Enterprise
Feedback: Windows Server 2003 Enterprise Edition supports up to eight
processors. Windows Server 2003 Web Edition supports only 10
inbound SMB connections, making it unsuitable for supporting the file
and print requirements of 78 users. Additionally, the Web Edition
supports only up to two processors. Windows Server 2002 Datacenter
Edition can be purchased only preinstalled on qualified hardware.
Windows Server 2003 Standard Edition supports only up to four
processors. (Discussion starts on page 4.)
Question
1 out of 1 points
9
Which of the following is a disadvantage of using answer files to automate the
installation of Windows Server 2003 on multiple systems?
Selected Certain parameters in the file must be changed for each
Answer: installation.
Correct Answer: Certain parameters in the file must be changed for each
installation.
Feedback: The main drawback of using answer files for a mass operating system
deployment is that each computer requires its own file. This is
because some of the settings supplied during the installation must be
unique, such as the computer name and IP address. There are no
restrictions on how many copies of the answer file can be used at
once. Answer files can be used with any edition of Windows Server
2003. Answer files do not need to have RIS installed and available on
the network in order to work. (Discussion starts on page 9.)
Question
1 out of 1 points
10
Which of the following statements about Windows Server 2003 Web Edition is true?
Selected The standard Client Access License (CAL) model does not
Answer: apply to computers running the Web Edition.
Correct The standard Client Access License (CAL) model does not
Answer: apply to computers running the Web Edition.
Feedback: The standard CAL model does not apply to computers running the
Web Edition. The operating system supports an unlimited number of
Web connections, but it is limited to 10 simultaneous Server
Message Block (SMB) connections. A computer running the Web
Edition can be a member of an Active Directory domain, but it cannot
function as a domain controller. The ICF and ICS features are not
included with the Web Edition, preventing the computer from
functioning as an Internet gateway. A computer running the Web
Edition cannot function as a DHCP server. (Discussion starts on
page 5.)
Question
1 out of 1 points
11
You have assigned a junior member of your team the task of producing a
specification for upgrading a mission-critical server from Windows 2000 to Windows
Server 2003. No additional budget is available for server hardware, so one major
consideration is that you cannot upgrade hardware. The existing server is a four-
processor system with 64 GB of RAM and fault-tolerant storage and network
subsystems. The junior team member has reviewed the technical specs and
requirements and has suggested that the most appropriate choice for the server is
Windows Server 2003 Datacenter Edition. What issues, if any, can you see with this
proposal?
Selected The Datacenter Edition is available only preinstalled on OEM
Answer: equipment. It cannot be purchased separately.
Correct The Datacenter Edition is available only preinstalled on OEM
Answer: equipment. It cannot be purchased separately.
Feedback: The Datacenter Edition can be purchased only preinstalled on a
system. Therefore, an existing system cannot be upgraded to the
Datacenter Edition. The Datacenter Edition supports 64 GB of RAM
in the 32-bit version and 512 GB of RAM in the 64-bit version. The
Datacenter Edition supports up to 64-way symmetric multiprocessing
(SMP) in the 64-bit version and 32-way SMP in the 32-bit version. It
cannot be installed on a system incapable of at least eight
processors. (Discussion starts on page 7.)
Question
1 out of 1 points
12
You have been asked to recommend a server for a small programming team that
develops enterprise-level data warehousing applications. The team sometimes uses
testing processes that can diminish network performance, so it will be placed on a
separate network from the rest of the organization.To create an environment similar
to the one in which the applications they develop will be used, you intend to
purchase a four-processor Intel Itanium system with 32 GB of RAM for their
exclusive use. Aside from the operating system, you want to avoid purchasing any
additional software. They will need automatic IP address allocation, secure Internet
access, and remote administration capabilities. Which of the following solutions
would you recommend?
Selected Buy a system with Windows Server 2003 Enterprise Edition
Answer: and enable ICF, ICS, DHCP, and Terminal Services.
Correct Buy a system with Windows Server 2003 Enterprise Edition
Answer: and enable ICF, ICS, DHCP, and Terminal Services.
Feedback: Windows Server 2003 Enterprise Edition provides support for 64-bit
Intel Itanium processors, ICF, ICS, and DHCP. It also supports
Terminal Services, which provides the required remote administration
functionality. Windows Server 2003 Datacenter Edition does not
support ICF or ICS. Windows Server 2003 Standard Edition is not
available in a 64-bit version. Windows Server 2003 Web Edition does
not support 64-bit hardware or the ICF or ICS. It also does not
support any more than 2 GB RAM. (Discussion starts on page 7.)
Question
1 out of 1 points
13
You are the systems administrator for a college with more than 700 students on a
single campus. You have two servers, one running Windows Server 2003
Enterprise Edition and the other running the Standard Edition. The college has two
libraries, one for business students and another for arts students. Both libraries run
a client management application from the Enterprise Edition server over Terminal
Services. The library manager for the arts library calls to tell you that he is
experiencing performance problems with the client management application. You
call the manager of the business library, who tells you that she has been running a
client inventory program for over an hour and has had no performance problems.
Upon investigation, you determine that when the business library manager is
running the inventory program, the performance of the arts library application is
affected. Which of the following tools would you use to manage this issue?
Selected WSRM
Answer:
Correct Answer: WSRM
Feedback: The Windows System Resource Manager (WSRM) can be used to
restrict the amount of system resources that can be used by a
Terminal Server user at any one time. Microsoft Metadirectory
Services (MMS) is a means of integrating multiple information
sources into a single, unified directory. MMS makes it possible to
combine Active Directory information with other directory services
and to create a unified view of all available information about a given
resource. The Internet Connection Firewall (ICF) provides protection
for Internet connections. Network Load Balancing (NLB) allows
network traffic to be distributed among multiple network interfaces in
a single system. (Discussion starts on page 7.)
Question
1 out of 1 points
14
You are the network administrator for a customs brokerage in Columbus, Ohio. You
have been asked to recommend a server operating system to support your
company's new intranet site. The server assigned for the purpose is a dual-
processor system with 512 MB of RAM. In addition to providing support for the
intranet site, the server will also act as a departmental server for the 17-person Web
development team. Which of the following editions of Windows Server 2003 are you
most likely to recommend?
Selected Standard Edition
Answer:
Correct Answer: Standard Edition
Feedback: The best solution is most likely the Standard Edition because it
includes the functionality of Microsoft Internet Information Services
(IIS) 6, it supports the available hardware, and it can provide file and
print services for the 17 members of the Web development team.
Although the Web Edition might seem like the most obvious choice in
this situation, there is an issue with the fact that the 17-person
development team also needs to access the server. The Web Edition
accommodates only 10 inbound connections for the purposes of file
access, so it would not be suitable. There is no Corporate Edition of
Windows Server 2003. While the Enterprise Edition would meet the
needs for your intranet, your needs do not justify its purchase over
the Standard Edition. (Discussion starts on page 5.)

What TCP/IP port number is used by Terminal Services?
Selected 3389
Answer:
Correct Answer: 3389
Feedback: Terminal Services uses TCP/IP port 3389. TCP/IP port 110 is used by
the POP3 protocol. TCP/IP port 80 is used by the HTTP protocol.
TCP/IP port 1863 is used by Windows Messenger. (Discussion starts on
page 54.)
Question
1 out of 1 points
2
By default, members of which groups are assigned remote access permission?
Selected
Answer: Administrators
Correct Answer:
Administrators
Feedback: By default, only members of the Administrators group are granted
remote access permission. (Discussion starts on page 47.)
Question
1 out of 1 points
3
Which of the following folders would you share out to make the Remote Desktop
Connection client software available to users?
Selected Systemroot\System32\Clients\Tsclient\Win32
Answer:
Correct Answer: Systemroot\System32\Clients\Tsclient\Win32
Feedback: Windows Server 2003 includes the Remote Desktop Connection files
on the installation CD and also copies them to
the Systemroot\System32\Clients\Tsclient\Win32 folder. It must be
shared out to make the files in this folder available to users.
Question
1 out of 1 points
4
You are the network administrator for a large finance house. You have a user who
wants to create an invitation for you to provide him with Remote Assistance. Which of
the following is the best way for the user to supply you with the invitation and the
password for the invitation?
Selected E-mail the invitation to you as an attachment, and then call
Answer: you with the password.
Correct E-mail the invitation to you as an attachment, and then call
Answer: you with the password.
Feedback: Although there are no specific rules about the communication of
invitations and corresponding passwords, best practice dictates that
you instruct users to supply the expert with the password using a
different medium from the one they are using to send the invitation.
Question
1 out of 1 points
5
You are the senior network administrator for an insurance company in Lincoln, NE.
You want to create some customized MMC consoles for a junior administrator who
has recently joined the company. You want to prevent him from opening new
windows or accessing a portion of the console tree, and you want to allow him to
view only one window in the console. Which of the following modes would you
configure for the custom MMC console?
Selected User Mode: Limited Access, Single Window
Answer:
Correct Answer: User Mode: Limited Access, Single Window
Feedback: User Mode: Limited Access, Single Window prevents users from
opening new windows or accessing a portion of the console tree, and
it allows them to view only one window in the console. User Mode:
Limited Access, Multiple Windows prevents users from opening new
windows or accessing a portion of the console tree, but it allows them
to view multiple windows in the console. There is no console mode
called User Mode: Limited Access, Single Window, No Open. There is
also no console mode called User Mode: Full Access, Single Window.
Question
1 out of 1 points
6
Under what circumstances can you use Remote Assistance to connect to an
unattended computer?
Selected You cannot connect to an unattended computer using
Answer: Remote Assistance.
Correct You cannot connect to an unattended computer using
Answer: Remote Assistance.
Feedback: For a Remote Assistance session to be started, a user must be
present at the client console to grant the expert access. You cannot
use Remote Assistance to connect to an unattended computer.
The answer “If you are logged in as an administrator” is incorrect.
Being logged in as administrator does not allow you to open a Remote
Assistance session on an unattended computer.
The answer “If the password to the administrator account on the
unattended computer is the same as the administrator account on
your system” is also incorrect. Password synchronization between
systems is not a requirement of Remote Assistance.
The answer “If you have a valid invitation issued from that computer”
is incorrect because a valid invitation is required to connect to a
remote computer. If the computer is unattended, a Remote Assistance
session cannot be started. (Discussion starts on page 57.)
Question
1 out of 1 points
7
On a computer running Windows Server 2003, which of the following procedures
would you follow to issue an invitation for Remote Assistance?
Selected Select Help And Support from the Start menu to open the Help
Answer: And Support Center window, and then click the Remote Assistance
hyperlink
Correct Select Help And Support from the Start menu to open the Help
Answer: And Support Center window, and then click the Remote Assistance
hyperlink
Feedback: To issue an invitation for Remote Assistance, you would Select Help
And Support from the Start menu to open the Help And Support
Center window and then click the Remote Assistance hyperlink.
The answer “Select Help And Support from the Start Menu to open the
Help And Support Center window, click the Get Help hyperlink, and
then select Remote Assistance” is incorrect. There is no Get Help
hyperlink in the Help And Support Center window. Help And Support
Center is not found in Control Panel. (Discussion starts on page 55.)
Question
1 out of 1 points
8
You are the network administrator for a property management firm with its head office
in Boulder, CO. The company has 16 offices across the United States. Each site has
a Windows Server 2003 system and 4 to 16 Windows XP Professional client
computers. Each site is linked via an ISDN line, and even though this creates a
private WAN, you are implementing firewalls at each location to provide security. You
are designing the specifications for the firewall, and you decide to provide Remote
Assistance to users on the remote sites. You also decide to allow users to send
invitations for Remote Assistance to the technical support department in Boulder over
Windows Messenger. How would you configure the firewall to accommodate this
configuration?
Selected Open ports 3389 and 1863
Answer:
Correct Answer: Open ports 3389 and 1863
Feedback: You must have port 3389 open on the firewall to provide remote
desktop functionality. Port 1863 must be open on the firewall for
invitations to be sent via Windows Messenger. Opening ports 2289
and 1863 would allow Windows Messenger traffic to pass through the
firewall, but Remote Assistance traffic would not be allowed through.
Opening ports 2058 and 1863 would allow Windows Messenger traffic
to pass through the firewall, but Remote Assistance traffic would not
be allowed through. Opening ports 3389 and 2058 would allow
Terminal Services traffic through the firewall but would not allow
Windows Messenger traffic through. (Discussion starts on page 57.)

Which of the Windows Server 2003 event logs contains information about events
generated by components such as services and device drivers?
Selected
Answer: System
Correct Answer:
System
Feedback: The System log contains information about events generated by
Windows Server 2003 components such as services and device
drivers. The answer "Security" is incorrect. The Security log contains
information about security-related events, such as failed logons,
attempts to access protected resources, such as shares and file
system elements, and success or failure of audited events. The answer
"Devices" is incorrect. There is no Devices log in Windows Server
2003. The answer "Application" is also incorrect. The Application log
contains information about specific programs running on the computer,
as determined by the application developer. (Discussion starts on page
66.)
Question
1 out of 1 points
2
Which of the following methods can be used to start the Task Manager?
Selected Pressing
Answer: Ctrl+Alt+Del
Correct Answer: Pressing
Ctrl+Alt+Del
Feedback: Task Manager can be started by pressing Ctrl+Alt+Del and clicking
Task Manager. None of the other answers are ways by which you can
start Task Manager. (Discussion starts on page 71.)
Question
1 out of 1 points
3
What does the Server: Bytes Total/Sec Performance console counter reflect?
Selected The amount of data sent and received by the server over all
Answer: of its network interfaces
Correct The amount of data sent and received by the server over all
Answer: of its network interfaces
Feedback: The Server: Bytes Total/Sec Performance console counter reflects the
amount of data sent and received by the server over all of its network
interfaces. The answer "The amount of data that is being written to the
page file every second" is incorrect. The amount of data that is being
written to the page file per second is reflected by the Memory:
Pages/Sec counter. The answer "The amount of data that is being
processed by the server service each second" is incorrect. There is no
counter that specifically reflects the amount of data being processed
by the server service each second. The answer "The amount of data
being written to disk each second" is incorrect. The amount of data
being written to disk each second is reflected by the PhysicalDisk:
Disk Bytes/sec counter. (Discussion starts on page 85.)
Question
1 out of 1 points
4
In a default configuration, members of which group(s) are permitted to view entries in
the Security log?
Selected
Correct Answer:
Administrators
Feedback: By default, only members of the Administrators group are allowed to
view the Security log. All of the other answers are incorrect.
Question
1 out of 1 points
5
In Task Manager, what tab allows you to view which of the current user's processes
are running on the computer?
Selected Processes
Answer:
Correct Answer: Processes
Feedback: The Processes tab lists all of the current user's processes running on
the computer. The answer "Users" is incorrect. The Users tab lists all
of the users who are currently logged on to the computer. The answer
"Performance" is incorrect. The Performance tab displays a real-time
view of the computer's processor and memory utilization. The answer
"Applications" is incorrect. The Applications tab shows the status of
the user-level programs currently running on the computer.
Question
1 out of 1 points
6
If you have configured an event log retention setting of Do Not Overwrite Events
(Clear Log Manually), what happens when the maximum log file size is reached?
Selected Events are no longer written to the
Answer: file.
Correct Answer: Events are no longer written to the
file.
Feedback: If an event log retention setting is configured for Do Not Overwrite
Events (Clear Log Manually), when the maximum file size is reached
events will no longer be written to the file. The answer "A new file is
created with an EV1 extension" is incorrect. There is only ever one log
file per event log. The answer "The original file is copied to a BK1 file
and a new log file is started" is incorrect. There is only ever one log file
per event log. The answer "Events continue to be written to the file but
an alert is sent to the administrator prompting him or her to clear the
log manually" is incorrect. The Event Viewer does not send alerts to
the administrator when the log file is full. (Discussion starts on page
68.)
Question
1 out of 1 points
7
You are concerned that an unauthorized person has been logging into the system
with a username and password from another user, but when you check the Security
log in Event Viewer there are no events of any type recorded. What could be the
cause of this problem?
Selected Auditing has not been enabled.
Answer:
Correct Answer: Auditing has not been enabled.
Feedback: For events to be logged into the Security log, auditing must be
enabled on the system. The answer "The Security log file is full" is
incorrect. If the Security log file is full, it can still be viewed. The
answer "Only failed logon attempts are recorded in the Security log" is
incorrect. Both success and failure events can be written to the
Security log file. The answer "The system is not a domain controller
and so logon and logoff events are not recorded" is incorrect. The
status of the server as a domain controller does not affect the ability to
record logon security events. (Discussion starts on page 66.)
Question
1 out of 1 points
8
You are reconfiguring a SQL Server database application on a member server. The
reconfigurations seem to go smoothly, but after you have finished, a user calls you to
report that they are having an issue accessing certain records in the database. In
which of the following places are you most likely to look for events related to this
problem?
Selected In the Application log of Event
Answer: Viewer
Correct Answer: In the Application log of Event
Viewer
Feedback: Applications such as SQL Server write events to the Application log.
The answer "In the System log of Event Viewer" is incorrect. The
System log contains information about events generated by Windows
Server 2003 components, such as services and device drivers. It
would not contain events created by an application such as SQL
Server. The answer "In the Database log of Event Viewer" is incorrect.
Event Viewer does not have a Database log. The answer "In the
Security log of Event Viewer" is incorrect. The Security log contains
information about security-related events, such as failed logons,
attempts to access protected resources, such as shares and file
system elements, and success or failure of audited events.
Question
1 out of 1 points
9
In Event Viewer, you are configuring a filter that will display events that describe the
successful operation of an application, driver, or service, and events that relate to
significant problems, such as loss of data or loss of functionality. Which of the
following events would you include in the filter?
Selected Error,
Answer: Information
Correct Answer: Error,
Information
Feedback: Error events represent a significant problem, such as loss of data or
loss of functionality. Information events describe the successful
operation of an application, driver, or service. None of the other
answers are correct. (Discussion starts on page 67.)
Question
1 out of 1 points
10
You are troubleshooting a problem with a Windows Server 2003 system whereby
users cannot connect to the server. The server itself appears to be running, but you
notice that there is no link light on the port of the hub into which the server is
connected. As a result, you suspect that the network card in the server may have
failed. Where would you look to see events related to the network card?
Selected The System log of Event
Answer: Viewer
Correct Answer: The System log of Event
Viewer
Feedback: The system log contains information about events generated by
Windows Server 2003 components, such as services and device
drivers. In this case, if the network card driver failed to load because
the card had failed, the failure of the driver to load during system
startup would be recorded in the System log. The answer "The
Network log of Event Viewer" is incorrect. There is no Network log for
Event Viewer on Windows Server 2003. The answers "The
Application log of Event Viewer" and "The Security log of Event
Viewer" are incorrect. Events related to the network card would not
be recorded in the Application log or Security log of Event Viewer.
Question
1 out of 1 points
11
You are working on a Windows Server 2003 system that has just been installed by
another administrator. The administrator completed the installation but did not make
any configuration changes following the installation. While checking the maximum
log sizes in Event Viewer, you notice that the maximum size of the Security log is 16
MB. What does this tell you about the system?
Selected That the system is not a domain
Answer: controller
Correct Answer: That the system is not a domain
controller
Feedback: The default maximum file size for a Security log on a Windows
Server 2003 computer that is not a domain controller is 16 MB. The
answer "That Auditing has been enabled" is incorrect. The status of
auditing on the server does not affect the default size of the Security
log file. The answer "That the system is running either the DNS or
DHCP service" is incorrect. Whether DHCP or DNS is running on the
server does not influence the maximum size of the Security log file.
The answer "That the system is a domain controller" is incorrect. On
a server that is a domain controller, the size of the Security log is 128
MB. (Discussion starts on page 68.)
Question
1 out of 1 points
12
You have configured the Security log so that it must be cleared manually. One day,
while reviewing the log prior to archiving, you notice that there were a large number
of unsuccessful object accesses the previous night. You decide to save the file so
that it can be examined in Event Viewer by another administrator. Which of the
following file type(s) would you save the file as?
Selected
Answer: .evt
Correct Answer:
.evt
Feedback: The only file format that is recognized for viewing files in Event
Viewer is .evt. The answer ".evt, .txt" is incorrect. Although Event
Viewer can export files in a .txt format, these files then cannot be
viewed in Event Viewer. The answer ".evt, .txt, .csv" is incorrect.
Although Event Viewer can export files in a .txt or .csv format, these
files then cannot be viewed in Event Viewer. The answer ".evt, .csv"
is incorrect. Although Event Viewer can export files in a .csv format,
these files then cannot be viewed in Event Viewer. (Discussion starts
on page 71.)
Question
1 out of 1 points
13
You are the network administrator for a car dealership in Lexington, KY. You have a
single Windows Server 2003 system that is a domain controller, a DHCP and DNS
server, a file and print server, and the company e-mail server. The server also hosts
the company dealership database and sales and parts order processing system.
Early one morning, a user calls to report that the server appears to be running very
slowly. Using System Monitor, you examine some of the performance counters for
the server and make the following observations:
Server Work Queues: Queue Length = 9
Memory: Page Faults/Sec = 3
PhysicalDisk: % Disk Time = 45
Network Interface: Output Queue Length = 1
Which of the following system components are you most likely to examine for a
problem?
Selected
Answer: Processor
Correct Answer:
Processor
Feedback: The Server Work Queues: Queue Length counter specifies the
number of requests waiting to use a particular processor. This value
should be as low as possible, with values less than 4 being
acceptable. If the value is too high, upgrade the processor or add
another processor. The answer "Memory" is incorrect. The Memory:
Page Faults/Sec counter specifies the number of times per second
that the code or data needed for processing is not found in memory.
This value should be as low as possible, with values below 5 being
acceptable. The answer Network Interfaces is incorrect. The Network
Interface: Output Queue Length counter specifies the number of
packets waiting to be transmitted by the network interface adapter.
This value should be as low as possible, and preferably 0, although
values of 2 or less are acceptable. The answer "Hard Disk" is
incorrect. PhysicalDisk: % Disk Time counter specifies the
percentage of time that the disk drive is busy. This value should be
as low as possible, with values less than 50 percent being
acceptable. (Discussion starts on page 81.)
Question
1 out of 1 points
14
You are the network administrator for a publishing company in Portland, OR. The
network is comprised of 4 Windows Server 2003 systems and 122 workstation
systems, which are a mix of Windows XP Professional and Windows 2000
Professional systems. One morning, a user calls to report that the server seems
very slow. No changes to the server configuration have been made recently, but the
user reports that they are performing a daily database re-index. Upon inspection,
you notice that the PhysicalDisk: % Disk Time counter is 92 percent. Which of the
following would you do next?
Selected Examine memory-related
Answer: counters.
Correct Answer: Examine memory-related
counters.
Feedback: Before replacing disks or upgrading the disk subsystem, you should
first determine whether a lack of memory is causing the operating
system to access the disk too frequently. The answer "Install a larger
hard disk" is incorrect. Installing a larger hard disk would likely not
improve the situation. The PhysicalDisk: % Disk Time counter relates
to how much time the disk is in use, rather than the amount of data
that is stored on the disk. The answer "Install a faster hard disk" is
incorrect. Installing a faster hard disk may alleviate the problem, but
you would first determine why the PhysicalDisk: % Disk Time counter
is so high. The answer "Replace standalone drives with a RAID
array" is incorrect. Installing a RAID array may alleviate the problem,
but you would first determine why the PhysicalDisk: % Disk Time
counter is so high. (Discussion starts on page 81.)
Question
1 out of 1 points
15
You are one of three network administrators for a chain of garden centers, with 16
locations across the southwestern United States. All three administrators are based
at the head office in Scottsdale, AZ. Each garden center has its own Windows
Server 2003 system. The servers are all configured identically, and host the same
point-of-sale application. The servers are all linked back to the head office by a high
speed T-1 WAN link. One morning, you get a call from a user in one of the garden
centers complaining that the point-of-sale application is running very slowly. You
meet with the other administrators to determine a strategy for identifying the issue
with the server. One of the other administrators in the team suggests that you can
use Task Manager to view the performance statistics for the systems, while another
suggests that System Monitor would be a better choice. In this scenario, which of
the following is a reason why Task Manager might not work as well as System
Monitor in monitoring system resource usage?
Selected Task Manager cannot be used to monitor a remote
Answer: system.
Correct Answer: Task Manager cannot be used to monitor a remote
system.
Feedback: Task Manager can only be used to monitor the resources on the local
system. It cannot view information from other systems, which System
Monitor can. All of the other answers are incorrect. Both Task
Manager and System Monitor can be used to monitor these system
components. (Discussion starts on page 76.)
Question
1 out of 1 points
16
You are the network administrator for a glass manufacturer in Pittsburgh, PA. The
network consists of two Windows Server 2003 systems. Each server is an older
dual processor system with 768 MB of RAM. For some time now you have been
considering hardware upgrades for the servers, but budgets are tight. Both servers
are domain controllers. One server hosts DHCP and DNS server services, and is a
file and print server and the company e-mail server. The other server hosts the
company sales database and order processing system. As part of your morning
routine, you use System Monitor to view some of the performance counters for the
server and make the following observations:
Memory: Available Bytes = 3,623,676
LogicalDisk: % Free Space = 47
What, if anything, might you look into in terms of upgrading the server?
Selected Install more
Answer: memory.
Correct Answer: Install more
memory.
Feedback: The Memory: Available Bytes counter specifies the amount of
available physical memory in bytes. This value should be as high as
possible, and should not fall below 5 percent of the system's total
physical memory. In this case, the byte value of the memory installed
in the system is 768,000,000. So, the Memory: Available Bytes
counter should be no lower than 38,400,000. The answer "Install a
faster processor" is incorrect. There is nothing in the counter values
that indicates the need for a faster processor. The answer "Install a
larger hard disk" is incorrect. There is nothing in the counter values
that indicates a shortage of hard disk space. The answer "Replace
the memory" is incorrect. There is nothing in the counter values that
denotes faulty memory. (Discussion starts on page 81.)
Question
1 out of 1 points
17
You are the network administrator for a real estate company in Chicago, IL. You
have a single Windows Server 2003 system that acts as domain controller and file
and print server and also hosts an intranet-based workgroup application. You back
up the system each night at 11:00 P.M. Normally the back up takes less than two
hours, but for the past two days the backup has still been running when you have
gotten into the office at 8:00 A.M. While talking to the technical support
representative from the backup software provider, they suggest that it could be one
of a number of problems. In order to determine what the problem is they ask you to
record information about the number of times per second that the code or data
needed for processing is not found in memory while the backup job is running. They
caution you, however, that you should only record the information while the backup
job is running. Recording the information during the day could severely impact
performance of the server. Which of the following would you do to achieve this?
Selected Configure a Trace log to run between 11:00 P.M. and 6:00
Answer: A.M. and record Page Faults.
Correct Configure a Trace log to run between 11:00 P.M. and 6:00
Answer: A.M. and record Page Faults.
Feedback: The Trace log feature of Performance Logs and Alerts can be
configured to record information such as page faults. The log can
also be scheduled to run at certain times. The answer "Configure a
Trace log to run between 11:00 P.M. and 6:00 A.M. and record Page
Faults" is incorrect. Task Manager is a real-time monitoring tool. It
does not provide the facility to record information to a file. The
answer "Configure System Monitor to display information in
histogram view between 2 and 4 A.M." is incorrect. System Monitor is
a real-time performance monitoring tool. You would use it to view
recorded information, but not to create it. The answer "Configure a
Trace log to run between 2 and 4 A.M. and record Memory Errors" is
incorrect. Recording "Memory Errors" is not an option for a Trace log.
Question
1 out of 1 points
18
You are the network administrator for an outdoor equipment wholesaler in Detroit,
MI. You have three locations. One is the head office from which the ordering and
distribution is handled. The other two locations are retail outlets—one in a retail park
on the edge of the city and another in a downtown location. Each of the retail outlets
has its own Windows Server 2003 system in its own domain. The retail park location
has a new server with 1 GB of RAM and four processors. The downtown store has
an older server with 512 MB of RAM and two processors that has been installed for
some time and was originally a Windows 2000 Server system. Staff in the
downtown store have been complaining that ever since a new point-of-sale
application was installed the server seems very slow. The retail park location is not
having any problems. Using System Monitor, you monitor the server in the retail
park location and the downtown location at the same time. You monitor counters
related to processor, memory, disk, and network on each of the servers. Of all the
counters you monitor, you notice that the Server: Bytes Total/Sec counter for the
downtown location is very high, while the other counters are very similar between
servers. Which of the following strategies might you use to cure this issue?
Selected Install a faster network
Answer: adapter.
Correct Answer: Install a faster network
adapter.
Feedback: The Server: Bytes Total/Sec counter reflects the amount of data (in
bytes) sent and received by the server over all of its network
interfaces. If this figure is more than 50 percent of the total bandwidth
capacity of the network interfaces in the server, you should consider
migrating some applications to another server to reduce the network
load on the server, or upgrade to faster network interfaces if possible.
In this example, because there is only one server in that location, the
only real option would be to install a faster network adapter. The
answer "Install a faster processor" is incorrect. Installing a faster
processor is unlikely to improve the situation. The answer "Install
more memory" is incorrect. Installing more memory is unlikely to
improve the situation. The answer "Move the application to another
server" is incorrect. As there is only one server in that location,
moving the application to another server would not be possible.
Question
1 out of 1 points
19
You are the network administrator for a property development company in Salt Lake
City, UT. You have a single Windows Server 2003 system that is a domain
controller, a DHCP and DNS server, a file and print server, and the company e-mail
server. The server also hosts a document management system. One Wednesday
afternoon, without warning, the server crashes. You reboot the server and it comes
up without a problem. You examine the system performance through System
Monitor, but everything seems in order. Two weeks later, the server crashes again.
As before, you reboot the server and it comes up without any errors. Immediately
after the restart, you use System Monitor and observe the following counters and
values.
Memory: Pages/Sec = 7
Two days later, you monitor the same counter statistics and note the following:
Which of the following strategies are you likely to take with the server?
Selected Examine memory usage for each application on the
Answer: server.
Correct Answer: Examine memory usage for each application on the
server.
Feedback: A substantial decrease in the Memory: Available Bytes counter can
be caused by a memory leak. A memory leak is the result of a
program allocating memory for use but not freeing up that memory
when it is finished using it. Over time, the computer's free memory
can be totally consumed, degrading performance and ultimately
halting the system. In this scenario, the first thing you would do is
examine the memory usage for each application to determine if one
of the applications is responsible for a memory leak. The answer
"Move an application off of the server and on to another server" is
incorrect. This is not the first thing you would do in this scenario. The
answer "Upgrade the network card from a 10 Mbps card to a 100
Mbps card" is incorrect. There is nothing to indicate that network
performance is an issue. The answer "Nothing. The counter statistics
do not indicate any issues" is incorrect. There is a concern with the
statistics. (Discussion starts on page 81.)
Question
1 out of 1 points
20
You are the network administrator for an electrical goods importer in Brandon, FL.
You have a single Windows Server 2003 system that is a domain controller, a
DHCP and DNS server, a file and print server, and the company e-mail server. The
server also hosts the inventory database and sales order processing system. Early
one morning, a user calls to report that the server appears to be running very
slowly. Using System Monitor, you examine some of the performance counters for
the server and make the following observations:
Which of the following are you most likely to do to cure the problem?
Selected Install more
Answer: memory.
Correct Answer: Install more
memory.
Feedback: The Memory: Page Faults/Sec counter specifies the number of times
per second that the code or data needed for processing is not found
in memory. This value should be as low as possible, with values
below 5 being acceptable. If this value is too high, you should
determine whether the system is experiencing an inordinate number
of hard faults by examining the Memory: Pages/Sec counter. If the
number of hard page faults is excessive (above 20), you should
either determine what process is causing the excessive paging or
install more random access memory (RAM) in the system. The
answer "Replace the memory" is incorrect. There are no counters
that indicate that the memory needs to be replaced. The answer
"Install a faster network interface" is incorrect. There are no counters
that indicate that the network interface needs to be upgraded. The
answer "Install a larger hard disk" is incorrect. There are no counters
that indicate that a larger hard disk is required. (Discussion starts on
page 81.)

What is the maximum uncompressed capacity of a digital audio tape (DAT) cartridge?
Selected 20 GB
Answer:
Feedback: The maximum uncompressed capacity of a DAT cartridge is 20 GB.
Question
1 out of 1 points
2
Which of the following is not a recognized type of backup?
Selected Supplemental
Answer:
Correct Answer: Supplemental
Feedback: Supplemental is not a recognized type of backup. Incremental,
differential, and full (also called normal) are all recognized types of
backup. (Discussion starts on page 103.)
Question
1 out of 1 points
3
Which of the following media has the largest data storage capacity?
Selected DVD
Answer:
Correct Answer: DVD
Feedback: DVDs of certain formats can hold more than 4 GB of data.
Zip cartridges can hold up to only 750 MB of data.
A CD can hold up to only 650 MB of data.
A Jaz cartridge can hold up to only 2 GB of data. (Discussion starts on
page 96.)
Question
1 out of 1 points
4
On a Windows Server 2003 system, where do you enable the volume shadow copy
feature?
Selected In Local Disk, Properties, Shadow Copies tab
Answer:
Correct Answer: In Local Disk, Properties, Shadow Copies tab
Feedback: Volume shadow copy is enabled through the Local Disk, Properties,
Shadow Copies tab. The other answers are incorrect. (Discussion
starts on page 118.)
Question
1 out of 1 points
5
Why is hardware data compression for backups preferred over software data
compression?
Selected Hardware compression occurs on the tape drive and does not
Answer: burden the system processor.
Correct Hardware compression occurs on the tape drive and does not
Answer: burden the system processor.
Feedback: Hardware compression occurs on the tape drive or tape drive
controller and therefore does not use system resources.
The answer “Hardware compression is more accurate than software
compression” is incorrect. Hardware and software compression are
equally accurate.
The answer “Hardware compression can be used with any type of
backup, including differential” is incorrect. The compression method is
not dependent on the type of backup being performed.
The answer “Hardware compression can gain much higher
compression ratios than software compression” is incorrect. There is
no evidence to suggest that hardware compression can gain higher
compression ratios than software compression. (Discussion starts on
page 112.)
Question
1 out of 1 points
6
Using a typical Grandfather-Father-Son tape rotation scheme, how often do you
normally use the father tape?
Selected Once a week
Answer:
Correct Answer: Once a week
Feedback: In a typical Grandfather-Father-Son rotation, the father tape is
generally used once a week.
The son tape is generally used on a daily basis.
The grandfather tape is generally used on a monthly basis.
Question
1 out of 1 points
7
What utility do you use to mark specific Active Directory objects as authoritative?
Selected Ntdsutil.exe
Answer:
Correct Answer: Ntdsutil.exe
Feedback: The Ntdsutil.exe command-line utility is used to mark specific Active
Directory objects as authoritative. The other answers are incorrect.
Question
1 out of 1 points
8
Which of the following backup types does not alter the archive bit on a newly created
file?
Selected
Answer: Differential
Correct Answer:
Differential
Feedback: Differential backups do not change the state of the archive bit.
During a full backup, the archive bit of a file is cleared.
During an incremental backup, the archive bit of a file is cleared.
Symmetrical is not a recognized type of backup. (Discussion starts on
page 103.)
Question
1 out of 1 points
9
Which of the following statements describes how to see earlier versions of a file on a
volume that has volume shadow copy enabled?
Selected In the Properties dialog box for a file in a shadowed volume,
Answer: select the Previous Versions tab.
Correct In the Properties dialog box for a file in a shadowed volume,
Answer: select the Previous Versions tab.
Feedback: To view previous versions of a file on a volume that has volume
shadow copy enabled, from the Properties dialog box for a file in a
shadow volume, you select the Previous Versions tab.
The other answers are not correct ways to view the previous versions
of a file on a volume that has volume shadow copy enabled.
Question 1 out of 1 points
10
If you do a full backup to a single tape on a Friday night and then an incremental
backup to tape on all other days of the week (including the weekend), if a system
failure occurs, what is the maximum number of tapes required to perform a full
restore?
Selected 7
Answer:
Correct Answer: 7
Feedback: In this scenario, the maximum number of tapes required to perform a
complete restore is seven: the full backup from Friday and then the
incremental backups from Saturday, Sunday, Monday, Tuesday,
Wednesday, and Thursday. (Discussion starts on page 103.)
Question
1 out of 1 points
11
True or False: In an authoritative restore of Active Directory, the objects in the
Active Directory database are restored with updated sequence numbers that
prevent them from being overwritten during the next replication pass.
Selected True
Answer:
Correct Answer: True
Feedback: In an authoritative restore, the objects in the Active Directory
database are restored with updated sequence numbers that prevent
them from being overwritten during the next replication pass.
Question
1 out of 1 points
12
While discussing the development of a new backup strategy for your company, a
colleague uses the term target. What is she referring to?
Selected The data object to be backed up
Answer:
Correct Answer: The data object to be backed up
Feedback: In a discussion of backup strategies, the term target refers to the
data object being backed up.
The term is not used to refer to the other backup components.
Question
1 out of 1 points
13
When you configure volume shadow copy, which of the following parameters cannot
be configured?
Selected Which folders on the drive should be included in the volume
Answer: shadow copy.
Correct Which folders on the drive should be included in the volume
Answer: shadow copy.
Feedback: The volume shadow copy feature can be enabled only on a drive-by-
drive basis. It is not possible to specify specific folders that should be
included. The drives that should be included, the maximum size of
the storage area for shadowed files, and the frequency with which
shadow copies are made are all configurable parameters for volume
shadow copy. (Discussion starts on page 118.)
Question
1 out of 1 points
14
After a system failure, you restart the system in Directory Services Restore Mode to
restore Active Directory from a backup. You are prompted for a username and
password, so you enter the username and password for the Administrator account,
but you are unable to log on. You used the Administrator account the previous day,
and the password has not been changed since then. What is the most likely cause
of the problem?
Selected You must use the restore mode password for the Administrator
Answer: account that you specified when you installed Active Directory.
Correct You must use the restore mode password for the Administrator
Answer: account that you specified when you installed Active Directory.
Feedback: When Active Directory is first installed, you are prompted for a
password to access Directory Services Restore Mode. You must use
the Administrator account and this password to enter Directory
Services Restore Mode.
Using the first password ever associated with the
Administratoraccount is not the correct way to enter Directory
Services Restore Mode, nor is using the username DSRESTORE or
using an account other than Administrator. (Discussion starts on
page 120.)
Question
1 out of 1 points
15
If you do a full backup to a single tape on a Friday night and then an incremental
backup to tape on all other days of the week (including the weekend), and a system
failure occurs on Monday morning, how many tapes are required to perform a full
restore?
Selected 3
Answer:
Correct Answer: 3
Feedback: In this scenario, you need three tapes to perform a full restore. You
first restore the full backup from Friday, and then the incremental
backups from Saturday and Sunday. (Discussion starts on page
103.)
Question
1 out of 1 points
16
If you are performing a full backup each Friday to a single tape and a differential
backup to a single tape on all other days of the week (including the weekend), what
is the minimum number of tapes required to accommodate seven days worth of
backups?
Selected 2
Answer:
Correct Answer: 2
Feedback: Because all files modified or created since the last full backup are
included in a differential backup, the minimum number of tapes
required to accommodate the backup cycle is two. In the real world, it
is more common to have multiple tapes to provide for offsite storage
and fault tolerance. (Discussion starts on page 103.)
Question
1 out of 1 points
17
How does using the volume shadow copy feature of Windows Server 2003 help
system administrators?
Selected It reduces the need to restore individual files from
Answer: backup.
Correct Answer: It reduces the need to restore individual files from
backup.
Feedback: Volume shadow copy reduces the need to restore individual files by
keeping previous versions of files on the volume. If a user
accidentally overwrites a file or makes unwanted changes to the file,
the user can retrieve a previous version. Using volume shadow copy
does not reduce the need to performsystem backups, does not allow
multiple copies of a file to be writtento different locations at the same
time, and does not reduce the amount of time that it takes to perform
a backup. (Discussion starts on page 118.)
Question
1 out of 1 points
18
True or False: There is always less data included in an incremental backup than a
full backup.
Selected False
Answer:
Feedback: An incremental backup includes any files that have been changed or
created since the last full or incremental backup. If all of the files on a
drive have been changed or created since the last full or incremental
backup, the same amount of data is backed up for a full and an
incremental backup. (Discussion starts on page 103.)
Question
1 out of 1 points
19
You are the network administrator for a chemical wholesaler in Spokane,
Washington. You have a single Windows Server 2003 system with three disk drives.
One drive holds the system and boot partition, the second drive is used for file
storage, and the third drive is used to store the order processing system and sales
database. You back up the system with a full backup each Friday, and you do an
incremental backup on all other weekdays at 7 p.m. One of your suppliers sends
you electronic copies of its new product catalogs, along with ordering codes. In all,
there are 50 files named Cat1 through Cat50. You create a new folder called
Catalogs on the second drive in the server and copy the 50 catalog files into that
folder, and then you immediately create a differential backup of the entire drive and
store the tape for archive purposes. That night, you perform an incremental backup
of the drive as part of your standard backup cycle. What, if anything, will happen
during the incremental backup?
Selected The files in the Catalogs folder will be backed up, and the
Answer: archive bit will be changed from 1 to 0.
Correct The files in the Catalogs folder will be backed up, and the
Answer: archive bit will be changed from 1 to 0.
Feedback: Differential backups do not alter the state of the archive bit, so as
files are created on the drive, they are included with the incremental
backup and the archive bit is set to 0.
The answer “The files in the Catalogs folder will be backed up, and
the archive bit will be set to 1” is incorrect. Incremental backups reset
the archive bit on a file to 0 after it has been backed up.
The answer “The files in the Catalogs folder will not be backed up,
but the archive bit will be set to 1 so that those files will be backed up
the following day” is incorrect. If a backup does not take a copy of a
file, it does not alter the archive bit.
The answer “The files in the Catalog folder will not be backed up
because after you copied them to the folder you did not modify them”
is incorrect. Even though no changes were made to the files, the fact
that they are newly created on the drive would cause them to be
included in an incremental backup. (Discussion starts on page 103.)
Question
1 out of 1 points
20
You are the network administrator for a large architectural firm in New York. The
network comprises three Windows Server 2003 systems and 64 Windows XP
Professional systems. The server has four drives installed. One is used to hold the
boot and system partitions, and the other three are used for holding data. The data
drives are called DATA1, DATA2, and DATA3. Each drive is a 40 GB SCSI drive.
The DATA1 drive is 30 percent full, the DATA2 drive is 45 percent full, and the
DATA3 drive is 65 percent full.
The backup schedule consists of a full backup of each drive every Friday, and then
an incremental backup of each drive at 9 p.m. on all other days of the week. On
Thursday morning, the DATA2 drive fails completely. No replacement drive is
immediately available, so you decide that the best course of action is to restore the
data to one of the other drives. Which of the following procedures do you follow to
do this?
Selected Restore the full backup from Friday to DATA1, and then restore
Answer: the incremental backups from Monday, Tuesday, and Wednesday
to DATA1.
Correct Restore the full backup from Friday to DATA1, and then restore
Answer: the incremental backups from Monday, Tuesday, and Wednesday
to DATA1.
Feedback: When using a backup schedule with full and incremental backup
jobs, the latest full backup should be restored first, followed by the
incremental backups from the oldest to the most recent. The answer
“Restore the full backup from Friday to DATA1, and then restore the
incremental backups from Monday, Tuesday, and Wednesday to
DATA3” is incorrect. The full and incremental backups must be
restored to the same drive for the restore to be complete andup to
date. The answer “Restore the full backup from Friday to DATA3, and
then restore the incremental backups from Monday, Tuesday, and
Wednesday to DATA3” is incorrect. The DATA3 drive does not have
sufficient space to accommodate the restore. The answer “Restore
the full backup from Friday to DATA1, and then restore the
incremental backups from Wednesday, then Tuesday, then Monday
to DATA1” is incorrect. When you use a backup schedule with full
and incremental backup jobs, the latest full backup should be
restored first, followed by the incremental backups from the oldestto
the most recent. This answer choice does the reverse. (Discussion
Question
1 out of 1 points
21
You are the network administrator for a water purification company in Rhode Island.
The network consists of three Windows Server 2003 systems, with 45 Windows XP
Professional client systems and 30 Windows 2000 Professional client systems. Two
of the servers are used as domain controllers. The other server is a member server
that hosts the corporate e-mail system and a sales database. Each server has two
hard disks in it, one for the system and boot partition and another for data.
You restructure the data on the data drive of your member server, and then you
perform a copy backup job using Windows Server 2003 Backup so you can store a
copy of the data offsite. After the backup is complete, no other changes are made to
the files on that drive, but a number of new files are created. That night, you run an
incremental backup as part of your standard backup schedule. Which files will be
included in the incremental backup?
Selected All files that were modified or created since the last
Answer: incremental or full backup.
Correct All files that were modified or created since the last
Answer: incremental or full backup.
Feedback: A copy backup job does not alter the archive bit of a file. Therefore,
the incremental backup will include all files that were created or
modified since the last full or incremental backup. The answer “All
files that were created since the copy backup job, but no other files”
is incorrect. The files created since the copy backup will be included
in the incremental backup, but other files will also be included. The
answer “All files that were modified or created since the last
differential backup” is incorrect. Differential backups do not change
the archive bit. Therefore, the backup program has no way of
knowing when the last differential backup was made. The answer
“None. All files that have changed will have already been backed up
by the copy backup job” is incorrect. The incremental backup will
include files from the data drive. (Discussion starts on page 103.)
Question
1 out of 1 points
22
You are the network administrator for a bank in San Diego. The network consists of
two Windows Server 2003 systems and 55 Windows XP Professional systems. Both
servers are domain controllers. One server hosts applications, including Microsoft
Exchange and Microsoft SQL Server, and the other server is dedicated to hosting
the bank's customer service database. The database is used to store requests from
customers, such as changes of address and requests for information about banking
products. Each server has two hard disks in it, one for the system and boot partition
and another for data.
Your backup cycle for each server includes a full backup every Friday and an
incremental backup on all other days of the week. Another administrator suggests
that you do a differential backup on Tuesday so the maximum number of tapes
needed for a complete restore would be four. What issues, if any, can you see with
this solution?
Selected The solution offers no
Answer: benefits.
Correct Answer: The solution offers no
benefits.
Feedback: Because the incremental backup on Monday would clear the archive
bit on modified or created files, the differential backup on Tuesday
would not include any other data that would not otherwise be
included in an incremental backup. So, if the drive failed on
Thursday, you would still need the full backup from Friday; then the
incremental from Saturday, Sunday, and Monday; the differential
from Tuesday; and the incremental from Wednesday. Therefore, the
proposed solution does not offer any benefit. The answer “None.
The proposed solution is appropriate and valid” is incorrect. There
are issues with the proposed solution. The answer “You cannot mix
incremental and differential backups in this way” is incorrect. There
are no specific restrictions on combining incremental and differential
backups. The answer “The differential backup would not back up
any data” is incorrect. The differential backup would include any files
that were created or modified since the last full or incremental
backup. Therefore, it would have data in it. (Discussion starts on
page 103.)
Question
1 out of 1 points
23
You are the network administrator for a fruit wholesaler in Orlando, Florida. The
network consists of three Windows Server 2003 systems and 110 Windows 2000
Professional systems. All three servers are used as domain controllers. One server
also acts as a file and print server, and it hosts Dynamic Host Configuration Protocol
(DHCP) and Domain Name System (DNS) server services. One of the other servers
is dedicated to hosting the company's order processing system. The order
processing system database is stored on a single drive. Last week, at 6:30 p.m., the
drive holding the order processing system failed. Even though you had a new drive
installed and a restore from the previous night's full backup completed within an
hour, the manager of the sales department was still disappointed because an entire
day's worth of orders was lost. As a result, that manager wants to start taking
backups in the middle of the day so the maximum amount of work he can lose is a
half day rather than a whole day.
The size of the order processing system is fairly static, at around 25 GB. The
manager gives you a 30-minute backup window between 12:30 and 1:00 p.m. when
you can have exclusive access to the database to complete a backup. He gives you
the necessary budget to buy a new drive to accommodate this request. Which of the
following drive types would you implement?
Selected 8
Answer: mm
Correct Answer: 8
mm
Feedback: 8-mm tape drives have a maximum capacity of 100 GB and a data
transfer rate of up to 1400 MB per minute. In a 30-minute window,
you could back up a maximum of 42 GB—more than enough to
accommodate the 25 GB database.
Jaz drives have a maximum capacity of 2 GB.
DVD typically has a capacity of about 4 GB.
Although quarter-inch cartridge (QIC) drives have a maximum
capacity of 50 GB, the maximum data transfer rate is 600 MB per
minute. In a 30-minute window, even if the maximum transfer rate
could be attained for the whole time, you would still only be able to
backup 18 GB, which is not enough to back up the database.
Question
1 out of 1 points
24
You are the network administrator for an electrical wholesaler in Bloomington,
Indiana. You have a single Windows Server 2003 system with three disk drives.
One drive holds the system and boot partition, the second is used for file storage,
and the third is used to store the customer database. You do a full backup each
Friday and a differential backup on all other weekdays at 9 p.m. On Wednesday at
11 a.m., the drive holding the customer database fails. You replace the drive
immediately with a spare drive. How would you go about restoring the data?
Selected Obtain the full backup from Friday and then the differential
Answer: backup from Tuesday. Restore the full backup, and then restore
the differential backup.
Correct Obtain the full backup from Friday and then the differential
Answer: backup from Tuesday. Restore the full backup, and then restore
the differential backup.
Feedback: When you restore from a backup schedule that involves a full backup
and a differential backup, you should restore the full backup first and
then restore the differential backup over the top. This results in the
latest set of data.
The answer “Obtain the full backup from Friday and then the
differential backup from Tuesday. Restore the differential backup,
and then restore the full backup” is incorrect. This is not the correct
order for restor-ing data.
differential backups from Monday and Tuesday. Restore the full
backup, and then restore the differential backups from Monday and
then Tuesday” is incorrect. When you use a differential backup, you
need only the latest full backup and the latest differential backup to
perform a complete restore.
differential backups from Monday and Tuesday. Restore the
differential backups from Monday and then Tuesday. Finally, restore
the full backup from Friday” is incorrect. When you use a differential
backup, you need only the latest full backup and the latest differential
backup to perform a complete restore. (Discussion starts on page
103.)
Question
1 out of 1 points
25
You are the network administrator for a telecommunications company in Rochester,
New York. The network consists of two Windows Server 2003 systems and 57
Windows XP Professional systems. Both servers are used as domain controllers.
One server hosts DHCP and DNS server services. It is also used as a file and print
server. The other server hosts a large SQL database. Each server has two hard
disks in it, one for the system and boot partition and another for data. The backup
cycle for each server comprises a full backup each Tuesday at 7 p.m. and a
differential backup on all other days of the week at 9 p.m. You are backing up to a
digital audio tape (DAT) drive. The backups have been operating flawlessly for
some time, but one Tuesday you notice that the backup of the drive holding the SQL
database has stopped and requested another tape. Upon investigation, you
determine that the SQL database has grown to 22 GB in size. Which of the following
strategies is the most cost-effective way to cure the problem?
Selected Enable compression so twice as much data can be backed
Answer: up to a single DAT tape.
Correct Enable compression so twice as much data can be backed
Answer: up to a single DAT tape.
Feedback: The capacity of a DAT tape is 20 GB uncompressed. In this case,
because the amount of data being written to the drive is 22 GB and is
too big to fit on the tape, compression is probably not being used.
Turning on compression would be the most cost-effective solution.
The answer “Purchase another DAT drive and split the backup job so
that it writes to more than one device” is incorrect. Although this is a
valid solution, it is not the most cost-effective solution. The answer
“Perform an incremental backup on Tuesdays so less data is backed
up” is incorrect. Incremental backups must be combined with a full
backup to ensure that a complete copy of the data is available.
The answer “Implement a higher-capacity backup system so all the
data will fit on a single tape” is incorrect. Although this is a valid
solution, it is not the most cost-effective solution. (Discussion starts
on page 96.)
Question
1 out of 1 points
26
You are the network administrator for an electronics manufacturer in Springfield,
Ohio. The network consists of four Windows Server 2003 systems and 262
Windows XP Professional systems. One server is assigned to each of four
departments—sales, manufacturing, administration, and distribution. Each server
has two hard disks in it, one for the system and boot partition and another for data.
The Active Directory structure consists of a single domain. The backup cycle for
each server comprises a full backup each Wednesday at 7 p.m. and an incremental
backup on all other days of the week at 7 p.m. You are using high-speed backup
devices, and the backups finish within an hour.
On Tuesday, a user from the manufacturing department calls to report that he
overwrote a file the previous day at 2:30 p.m. The file was created on Thursday at
11:30 p.m. and modified on Saturday at 4:15 p.m. That was the last modification to
the user's file before be overwrote it. Which of the following procedures would you
follow to restore the earlier version of the user's file?
Selected Restore the file from the incremental backup from
Answer: Saturday.
Correct Answer: Restore the file from the incremental backup from
Saturday.
Feedback: Because the file was modified on Saturday, it would be included on
Saturday's backup because it was modified on Saturday before the
backup was made. Therefore, to restore the previous version of the
user's file, you can simply restore the file from the incremental
backup performed on Saturday.
The answer “Restore the file from the incremental backup from
Thursday, and then restore the file from the incremental backup from
Sunday” is incorrect. The file would not be included in Thursday's
backup because at the time of the backup the file had not yet been
created. In addition, the file would not be included in Sunday's
backup.
Thursday, and then restore the file from the incremental backup from
Saturday” is incorrect. The file would not be included in Thursday's
backup because at the time of the backup the file had not yet been
created.
Sunday” is incorrect. The file would not be included in Sunday's
backup. (Discussion starts on page 103.)

In Active Directory Users And Computers, where do you configure logon time
restrictions for a user?
Selected The Account page of the user account
Answer: properties
Correct Answer: The Account page of the user account
properties
Feedback: Time restrictions are configured from the Logon Hours button on the
Account page of a user's properties. There is no Logon Hours page in
the user account properties. (Discussion starts on page 181.)
Question
1 out of 1 points
2
What term describes a type of user profile that the user can change but that does not
save those changes when the user logs off?
Selected Mandatory
Answer:
Correct Answer: Mandatory
Feedback: A mandatory profile can be changed by the user, but when the user
logs off, the changes are not saved. A roaming profile can be
accessed by the user no matter what system on the network she is
logging on from. Fixed and static are not profile types. (Discussion
Question
1 out of 1 points
3
Which of the following utilities can you use to modify an existing object in Active
Directory?
Selected Dsmod.exe
Answer:
Correct Answer: Dsmod.exe
Feedback: The Dsmod.exe utility allows you to modify an object in Active
Directory. The Comma Separated Value Data Exchange utility
(Csvde.exe) can be used only to import or export information to or
from the directory. It cannot be used to modify an existing directory
object. Dsadd.exe can be used only to add objects to the directory, not
to modify an existing object. There is no such utility as Adobjedit.exe.
Question
1 out of 1 points
4
Which of the following properties cannot be configured for multiple users at a single
time?
Selected Terminal Services session settings
Answer:
Correct Answer: Terminal Services session settings
Feedback: When you configure the properties of more than one user at a time,
you cannot configure the Terminal Services Session settings. All of the
other items can be edited for multiple users at once. (Discussion starts
on page 186.)
Question
1 out of 1 points
5
A user calls to report that his account has been locked after he entered the incorrect
password four times. Which tab of the user's account properties do you go to unlock
his account?
Selected Account
Answer:
Correct Answer: Account
Feedback: The Account Is Locked Out check box is in the Account tab of a user's
properties. If the account is locked as a result of settings in the
Account Lockout Policy, the check box is selected. Clearing it unlocks
the account. The Account Is Locked Out check box is not in the
General or Sessions tab of a user's account properties. There is no
tab in the user's account properties called User. (Discussion starts on
page 181.)
Question
1 out of 1 points
6
Which of the following client operating systems requires additional client software to
access the complete functionality of Active Directory?
Selected All of the above
Answer:
Correct Answer: All of the above
Feedback: All of the operating systems listed require additional client software to
access the complete functionality of Active Directory. (Discussion
Question
1 out of 1 points
7
Which of the following items is not included in a user profile?
Selected Logon time

Answer: restrictions
Correct Answer: Logon time
restrictions
Feedback: Logon time restrictions are part of a user's account properties. They
are not part of the user profile. All of the other items are included in a
user profile. (Discussion starts on page 196.)
Question
1 out of 1 points
8
If the Password Must Meet Complexity Requirements policy is enabled, which of the
following passwords is not acceptable?
Selected !!@TRPP%%
Answer:
Correct Answer: !!@TRPP%%
Feedback: For a password to meet complexity requirements, it must contain at
least three of the following four elements: uppercase alphabetic
characters, lowercase alphabetic characters, numbers, or special
characters (such as !@#). It must also be at least six characters long
and not be based on the username. The !!@TRPP%% password
contains only special characters and uppercase letters. All of the other
passwords conform to the complexity requirements. (Discussion starts
on page 168.)
Question
1 out of 1 points
9
When you configure the Password Policy, why would you enable the option to store
passwords using reversible encryption?
Selected So that other applications can access the password
Answer: information
Correct Answer: So that other applications can access the password
information
Feedback: If a password is stored using reversible encryption, it can be accessed
by other applications. This approach poses a security risk, and it
should be implemented only if absolutely necessary. There is no way
for a user account password to be recovered, nor is there any facility
in Windows Server 2003 for providing users with password clues. The
administrator cannot view users' passwords. (Discussion starts on
page 182.)
Question
1 out of 1 points
10
A user calls you because he cannot log on to the system. After verifying his identity,
you determine that he recently returned from vacation and is unsure of his
password. You decide to reset the password. How do you do accomplish this?
Selected In the Active Directory Users And Computers MMC snap-in,
Answer: select the user and then select Reset Password from the Action
menu. Enter the new password, retype the new password in the
Confirm Password box, and click OK.
Correct In the Active Directory Users And Computers MMC snap-in,
Answer: select the user and then select Reset Password from the Action
menu. Enter the new password, retype the new password in the
Confirm Password box, and click OK.
Feedback: You can reset a user account password in Active Directory Users
And Computers by selecting Reset Password from the Action menu.
You must enter and confirm the new password. You do not need to
know the existing password to reset the password. User passwords
are not reset from the Account properties page for the user, nor are
they reset from the General properties page for the user. (Discussion
Question
1 out of 1 points
11
You have set the Account Lockout Duration setting of the Account Lockout Policy to
0. What does this mean?
Selected An account that has exceeded the account lockout threshold
Answer: must be manually unlocked.
Correct An account that has exceeded the account lockout threshold
Answer: must be manually unlocked.
Feedback: A value of 0 for the Account Lockout Duration policy setting means
that any account locked out by exceeding the account lockout
threshold must be unlocked manually. This value does not cause a
locked account to immediately unlock. Resetting a password for the
user does not unlock the account. The Enforce Password History
policy is part of the Password Policy and is not related to settings in
the Account Lockout Policy. (Discussion starts on page 200.)
Question
1 out of 1 points
12
You are attempting to use the Csvde.exe tool to import a new set of user accounts
to the directory. You confirm that the import file is formatted correctly, and then you
issue the command csvde -f newusers -k. When you check in Active Directory, none
of the new user accounts appears. What is the most probable cause of the
problem?
Selected The default mode for Csvde.exe is export; if you want to
Answer: import objects, you must use the -i switch.
Correct The default mode for Csvde.exe is export; if you want to
Answer: import objects, you must use the -i switch.
Feedback: The default mode for Csvde.exe is export. Unless you use the -i
switch in the command, Csvde.exe will attempt an export to the
specified file, not an import from the file. The -k switch tells
Csvde.exe to ignore errors such as duplicate users. It does not (nor
does any other switch) determine when the user accounts should be
added. Csvde.exe can be used to import a wide range of directory
objects, including users, groups, and computer accounts. The -f
switch is correct for specifying the comma-separated value file that is
to be used for the import. (Discussion starts on page 192.)
Question
1 out of 1 points
13
What information is transferred from a user's Account tab when you copy the user's
account?
Selected Everything except the User Logon Name and User Logon
Answer: Name (Pre–Windows 2000)
Correct Everything except the User Logon Name and User Logon
Answer: Name (Pre–Windows 2000)
Feedback: All values except the Logon Name are copied from the Account tab
when a user account is copied to create a new user account. Group
Memberships are listed in the Members Of tab of the user's account
properties, not the Account tab. The logon hours are copied from the
Account tab when a user account is copied to create a new account.
The Street Address value is in the Address tab, not the Account tab.
Question
1 out of 1 points
14
You have configured Logon Hours restrictions for a specific user. The user is not a
member of any group policy objects. If the user is already logged on when the
allowed logon time ends, what happens?
Selected The user can continue
Answer: working.
Correct Answer: The user can continue
working.
Feedback: If the user is already logged on when the allowed logon time ends,
service is not interrupted—except if the security option in group policy
objects called Network Security: Force Logoff When Logon Hours
Expire is enabled. In this case, the user is forcibly disconnected when
her logon hours expire. (Discussion starts on page 181.)
Question
1 out of 1 points
15
What does setting an account lockout threshold of 0 achieve?
Selected Any account that has exceeded the account lockout

Answer: threshold is not locked out.
Correct Any account that has exceeded the account lockout
Answer: threshold is not locked out.
Feedback: The account lockout threshold specifies the number of invalid logon
attempts that triggers an account lockout. A value of 0 prevents
accounts from ever being locked out. (Discussion starts on page
200.)
Question
1 out of 1 points
16
You are looking at ways to automate the creation of user accounts. You do not have
a large turnover of staff in your organization, so you decide to use templates as a
shortcut to user creation. Which of the following statements about the use of
template user accounts is true?
Selected All new users created with the template have the same
Answer: group memberships.
Correct All new users created with the template have the same
Answer: group memberships.
Feedback: When you create a new user account from a template, group
memberships are copied to the new user. In addition, all address
information is copied except the street address. Password and file
permissions granted to the original user are not transferred over.
Question
1 out of 1 points
17
After numerous support calls from a user who is creating problems by making
changes to his Windows settings, you get management approval to configure the
user with a profile that will not allow him to save any changes. How do you go about
doing this?
Selected Locate the profile folder for the user, and rename the
Answer: Ntuser.dat file to Ntuser.man.
Correct Locate the profile folder for the user, and rename the
Answer: Ntuser.dat file to Ntuser.man.
Feedback: The basic procedure for making a profile mandatory is to locate the
Ntuser.dat file related to the user account and rename it to
Ntuser.man. There is no Set As Mandatory button in the Advanced
page of the System Properties dialog box. Although setting read-only
permissions for the user's profile folder might prevent the user from
making any changes to his profile, this is not the accepted way of
making a profile mandatory. (Discussion starts on page 199.)
Question
1 out of 1 points
18
You have recently been employed as the network administrator for a commercial
real estate company. The company is relatively small and has a highly mobile
workforce. The company has two Windows Server 2003 systems and one Windows
2000 system. Active Directory is configured at a Windows 2000 mixed domain
functional level. Many of the sales representatives spend a great deal of time on the
road and use the dial-in features of Windows Server 2003. The others are based
primarily in the office and rarely work remotely. Late one evening, a user who
normally works from the office pages you to report that he can't gain access to the
system over his dial-up link. He is calling from a hotel, where he is staying while at a
conference. He explains that he connected the previous night from home without
any problems, but this is the first time he has tried to connect from anywhere other
than his home. Since you started working with the company, you have not made
any changes to the user's account properties. Based on the information he has
provided, which of the following could be the problem?
Selected The Always Callback To property on the user's Dial-In page
Answer: has been configured with the user's home phone number.
Correct The Always Callback To property on the user's Dial-In page
Answer: has been configured with the user's home phone number.
Feedback: The most likely answer of those listed is that the Callback Options on
the Dial-In page for the user have been configured to always call
back his home phone number. When the user tries to establish a
dial-in connection, the server he is connecting to drops the
connection and then calls his home number. The Verify Caller ID
property is not available when Active Directory is configured in
Windows Server 2003 mixed mode. Static routes determine which
areas of the network are available to the user if he connects over a
dial-in or VPN connection, and what areas of the network are
inaccessible. They affect the user after he connects, not while he is
trying to connect. Also, because you have made no changes to the
account and the user was able to connect the previous day, this is
unlikely to be the problem. The telephone numbers listed on the
Telephones page of the user's account properties are unrelated to
the dial-in properties. (Discussion starts on page 186.)
Question
1 out of 1 points
19
You are the system administrator for a company that manufactures electronics
equipment for the aerospace industry. The company has more than 150 employees,
but only the administrative staff of 24 people has PCs. The other employees are
involved in production and manufacturing and do not require a PC to perform their
job. The client workstations are a mix of Windows 95, Windows 98, and Windows
2000 Professional systems. You have a single Windows Server 2003 system that
provides file and print services and runs DHCP, DNS, and WINS services. Each
employee has a browser-based e-mail account that is accessed via the company's
intranet.
Your manager has asked you to configure a single user account that will be used
to log on from three PCs in the company cafeteria so employees can access the
company intranet and their e-mail. Which of the following approaches are you most
likely to take?
Selected In the Account page of the user's properties, configure the Log On
Answer: To restrictions for the user by entering the NetBIOS machine name of
the systems the user is permitted to use. Assign the user a
mandatory profile by renaming the user account's Ntuser.dat file to
Ntuser.man and placing it on a server in the network. Configure the
user's profile path so it points to the location of the profile.
Correct In the Account page of the user's properties, configure the Log On
Answer: To restrictions for the user by entering the NetBIOS machine name of
the systems the user is permitted to use. Assign the user a
mandatory profile by renaming the user account's Ntuser.dat file to
Ntuser.man and placing it on a server in the network. Configure the
user's profile path so it points to the location of the profile.
Feedback: To configure Log On To restrictions, you enter the NetBIOS machine
names of the system that you will permit the user account to log on
from. You can assume that the company is using NetBIOS because it
has a WINS server. To create a roaming mandatory profile for the
user, you rename the Ntuser.dat file for the user to Ntuser.man. Log
On To restrictions are not configured using the IP address of the
systems that the user is permitted to log on from, nor are they
configured using the MAC address. The user profile file is not named
Ntuser.pfl. (Discussion starts on page 195.)
Question
1 out of 1 points
20
You are the network administrator for a media company with 27 employees. You
have recently implemented a new Windows Server 2003 system. Your manager is
concerned about the security of your network. She has asked you to configure an
Account Lockout Policy to provide additional security. She wants you to make sure
that if a user tries to log on with the wrong password more than four times, that
user's account is disabled. She also wants to make sure that the user must call you
when the account is locked so you can determine what the problem is before the
user can attempt to gain access to the system again. Which of the following
statements describes the Account Lockout Policy settings you would choose?
Selected Set the Account Lockout Duration policy to 0, the Account
Answer: Lockout Threshold policy to 4, and the Reset Account Lockout
Counter After policy to 30.
Correct Set the Account Lockout Duration policy to 0, the Account
Answer: Lockout Threshold policy to 4, and the Reset Account Lockout
Counter After policy to 30.
Feedback: If you set the Account Lockout Duration policy to 0, locked accounts
must be manually unlocked by the administrator. The administrator
would find out when an account becomes locked because the user
must ask the administrator to unlock the account. Setting the Account
Lockout Threshold policy to 4 causes the account to become locked
after four incorrect logon attempts. These settings would satisfy the
manager's requirements. Setting the Account Lockout Threshold
policy to 0 would cause the system to lock the account after the first
incorrect logon attempt. Setting the Account Lockout Duration policy
to 4 would cause the lockout to be cleared after 4 minutes. The
Enforce Password History policy is part of the Password Policy, not
the Account Lockout Policy. (Discussion starts on page 200.)
Question
1 out of 1 points
21
You are the network administrator for a large computer manufacturer in Portland,
Oregon. Another computer manufacturer has recently acquired the company, and
you are in the process of transitioning your IT infrastructure, including Active
Directory, to the naming standards and schemes used by the takeover company.
Your Active Directory structure uses domains with names based on geographical
locations, so no reconfiguration of domain names is necessary. However, the
domain name used for e-mail and the corporate Web page has changed. You have
been asked to reconfigure all of the user accounts with the new e-mail address and
Web page information. In total, you have to reconfigure 325 users in three
organizational units. Which of the following is the easiest way to do this?
Selected Select multiple user objects at once, and then edit the user's
Answer: properties and enter the new e-mail and Web page information.
Correct Select multiple user objects at once, and then edit the user's
Answer: properties and enter the new e-mail and Web page information.
Feedback: The Web Page field and the E-Mail Address field are available for
edit by selecting multiple users at one time. The Csvde.exe utility is
used for importing or exporting objects from the directory. It is not
used for editing the properties of existing objects. The Dsmod.exe
utility can be used for editing the properties of existing objects, but in
this case it would almost certainly be simpler to just edit the
properties of multiple objects at a time. There is no facility for user
objects inheriting values from an OU. (Discussion starts on page
188.)
Question
1 out of 1 points
22
You are the network administrator for a healthcare provider in Denver, Colorado.
The network comprises three Windows Server 2003 systems. You have recently
installed a new database application that requires a service account to be created.
This service account needs to impersonate a client to access computer resources
on behalf of other user accounts. Which of the following approaches do you take to
do this?
Selected Create a new user account. Then, in the Account properties
Answer: tab for that user, select the Account Is Trusted For Delegation
check box.
Correct Create a new user account. Then, in the Account properties
Answer: tab for that user, select the Account Is Trusted For Delegation
check box.
Feedback: When a service account is required, you should create a new user
account for that purpose. If the account needs to impersonate a client
to access computer resources on behalf of other user accounts, you
must select the Account Is Trusted For Delegation check box, which
is in the Account properties tab for a user account. (Discussion starts
on page 181.)
Question
1 out of 1 points
23
You have recently installed Microsoft Internet Information Services (IIS) on your
Windows Server 2003, Enterprise Edition server so that you can create an intranet
for your company. Anonymous access to the IIS server has been enabled. The
intranet is intended solely as a source of publicly available corporate information. It
will also contain a mirror of the company's Internet Web site.
In addition to providing access to employees, you also want the public to be
ableto access the intranet from two terminals in the reception area of the building.
The terminals will be configured with third-party software that will restrict access to
any application other than Microsoft Internet Explorer. Because employees in the
company already have user accounts for the network, you will not need to make any
changes to their configuration in order to allow access to the intranet. What do you
do with respect to user accounts to enable users in the reception area to access the
intranet?
Selected Nothing.
Answer:
Correct Answer: Nothing.
Feedback: When you install IIS, a user account is created called
IUSR_computername. This account allows anonymous users to
connect to the server and access Web pages on it. There is no need,
in this example, to create user accounts in Active Directory. There is
no Use IIS right in the General Properties tab. (Discussion starts on
page 173.)
Question
1 out of 1 points
24
You are the network administrator for a footwear distributor in Georgia. After a
recent break-in, your manager is concerned that the criminals might have been able
to access the computer systems. She asks you to tighten up security of user
accounts and passwords. She asks you to propose settings for an Account Lockout
Policy. You propose the following values for the Account Lockout Policy:
Account Lockout Threshold = 3
Account Lockout Duration = 0
Reset Account Lockout Counter After = 15
What would the result of these policies be?
Selected If a user enters the incorrect password more than three times,
Answer: the account is locked. The administrator must manually clear the
lock on the account.
Correct If a user enters the incorrect password more than three times,
Answer: the account is locked. The administrator must manually clear the
lock on the account.
Feedback: A value of 0 for the Account Lockout Duration means that a locked
account must be manually unlocked by an administrator. The Reset
Account Lockout Counter After value determines the "memory" of the
system for incorrect passwords in a given time period. In this
example, the user can enter an incorrect password twice every 15
minutes and still not lock the account. After three incorrect passwords
are entered in a 15-minute period, the account is locked. Triggering
the Account Lockout policy locks an account—it does not disable it. A
disabled account cannot be used, even with the correct password.
The policy as described allows a user three incorrect logon attempts
before the account is locked. (Discussion starts on page 200.)
Question
1 out of 1 points
25
You are the network administrator for a soft-toy manufacturer in Wisconsin. The
network comprises three Windows Server 2003 systems operating at a Windows
2000 mixed mode domain functional level. There are 135 users, each of whom has
a Windows XP Professional system.
The Sales department has been based solely in Green Bay, at the company
headquarters, but management has decided to split it into two teams, one of which
will telecommute. You are given the names of the users who will be part of the new
remote sales team, and you are asked to configure the user accounts with some
new information. Specifically, you must specify a new Manager and Department
name. You must also provide each user with dial-in capability to the system, which
they have never had. Which of the following approaches are you most likely to take?
Selected Configure the properties on multiple objects. Edit the Manager
Answer: and Department fields in the Organization Properties tab. Grant the
dial-in permission on the Dial-In tab, and configure the dial-in
permissions on a per-user basis.
Correct Configure the properties on multiple objects. Edit the Manager
Answer: and Department fields in the Organization Properties tab. Grant the
dial-in permission on the Dial-In tab, and configure the dial-in
permissions on a per-user basis.
Feedback: The Manager and Department fields can be edited on multiple
objects at a time. The dial-in permission must be edited on a per-user
basis. Configuration by Remote Access Policy is not supported on a
Windows 2000 mixed mode domain functional level. The Dsadd.exe
utility is used to add objects to Active Directory, not to edit the
properties of existing objects. (Discussion starts on page 177.)
Question
1 out of 1 points
26
You are the network administrator for a pottery distributor in Utah. You are in the
process of upgrading the corporate network from another operating system to
Windows Server 2003. You ask a junior administrator to design an effective
Password Policy. He offers the following suggestion:
Enforce Password History = 10
Maximum Password Age = 30
Minimum Password Age = 15
Minimum Password Length = 6
Password Must Meet Complexity Requirements = Yes
What would the result of this policy be?
Selected The user can use a password of $$r763 but must change it
Answer: every 30 days. She cannot change it any sooner than 15 days. She
cannot reuse the same password until she has changed her
password 10 times.
Correct The user can use a password of $$r763 but must change it
Answer: every 30 days. She cannot change it any sooner than 15 days. She
cannot reuse the same password until she has changed her
password 10 times.
Feedback: For a password to meet complexity requirements, it must include
characters from at least three of the following four categories:
uppercase letters, lowercase letters, numbers, and symbols. In this
example, the password $$r763 fulfills these requirements. The
Maximum Password Age setting requires that the user change her
password at least every 30 days, but the Minimum Password Age
value preventsthe user from changing her password any sooner than
15 days. The Enforce Password History value of 10 ensures that the
user must change her password 10 times before using a previous
password. (Discussion starts on page 168.)

Which of the following is not a domain functional level supported by Windows Server
2003?
Selected Windows Server 2003
Answer: mixed
Correct Answer: Windows Server 2003
mixed
Feedback: Windows Server 2003 mixed is not a domain functional level supported
by Windows Server 2003. All of the other answers are domain functional
levels supported by Windows Server 2003. (Discussion starts on page
212.)
Question
1 out of 1 points
2
Which of the following is not a built-in Active Directory group?
Selected Power
Answer: Users
Correct Answer: Power
Users
Feedback: Power Users is not a built-in Active Directory group. Backup
Operators, Account Operators, and Network Configuration Operators
are all valid Active Directory groups. (Discussion starts on page 226.)
Question
1 out of 1 points
3
What happens to the local Administrators group when a computer is added to the
domain?
Selected The Domain Admins global group is added to the local
Answer: Administrators group.
Correct The Domain Admins global group is added to the local
Answer: Administrators group.
Feedback: When a computer is added to the domain, the Domain Admins global
group is added to the local Administrators group. It is not possible to
add a local group to a global group, so it is not possible to add the
local Administrators group to the Domain Admins global group. When
a computer is added to the domain, the Domain Admins global group
is not added to the Power Users group. There is no local group called
Computers. (Discussion starts on page 221.)
Question
1 out of 1 points
4
Where do you change the group scope?
Selected In the General properties tab of the group in Active Directory

Answer: Users and Computers
Correct In the General properties tab of the group in Active Directory
Answer: Users and Computers
Feedback: You change group scopes in the General properties tab of the group in
Active Directory Users and Computers. There is no tab in Active
Directory Users and Computers called Scopes, nor is there one called
Type. Scope changes are not made in the Members properties tab of
Active Directory Users and Computers. (Discussion starts on page
237.)
Question
1 out of 1 points
5
Which of the following statements is not true of universal groups?
Selected Universal groups can be granted access permissions only for

Answer: resources in the domain in the forest in which they are created.
Correct Universal groups can be granted access permissions only for
Answer: resources in the domain in the forest in which they are created.
Feedback: Universal groups can be granted access permissions for resources in
any domain in the forest, and in domains in other trusted forests.
Universal groups are available only in the Windows 2000 native and
Windows Server 2003 functional levels, and universal groups can be
converted to domain local groups or to global groups, as long as they
do not have other universal groups as members. (Discussion starts on
page 218.)
Question
1 out of 1 points
6
Which of the following Active Directory built-in groups does not have the right to back
up files and directories?
Selected Account
Answer: Operators
Correct Answer: Account
Operators
Feedback: The Account Operators group does not have the right to back up files
and directories. The Server Operators, Administrators, and Backup
Operators groups all have the rights to back up files and directories.
Question
1 out of 1 points
7
Which of the following statements is true of global groups?
Selected Global groups can include only users from within their
Answer: domain.
Correct Answer: Global groups can include only users from within their
domain.
Feedback: Global groups can include only users from within their domain. They
cannot include members from other domains in the tree, the forest, or
anywhere else in the Active Directory structure. (Discussion starts on
page 217.)
Question
1 out of 1 points
8
Which of the following tools do you use to raise the domain functional level of Active
Directory?
Selected Active Directory Domains and
Answer: Trusts
Correct Answer: Active Directory Domains and
Trusts
Feedback: Active Directory Domains and Trusts is used to raise the domain
functional level of Active Directory. None of the other tools listed can
be used for this purpose. (Discussion starts on page 212.)
Question
1 out of 1 points
9
You have installed a new Windows Server 2003 system on your test network. After
completing the installation, you run the Manage Your Server Wizard and configure
the system as a domain controller. There are no other servers on the network. What
will the domain functional level of the system be?
Selected Windows 2000 mixed
Answer:
Correct Answer: Windows 2000 mixed
Feedback: Windows 2000 mixed is the default domain functional level. Windows
2000 native and Windows Server 2003 interim are valid domain
functional levels, but they are not the default domain functional levels.
Windows Server 2003 single server is not a recognized domain
functional level. (Discussion starts on page 212.)
Question
1 out of 1 points
10
A user who is connected to the system via a Remote Desktop connection
automatically becomes a member of what special identity?
Selected
Answer: Interactive
Correct Answer:
Interactive
Feedback: A user who connects to the system via a Remote Desktop
connection automatically becomes a member of the Interactive
special identity. The user does not become part of the Dialup or
Anonymous Logon special identity. Remote Users is not a
recognized special identity. (Discussion starts on page 229.)
Question
1 out of 1 points
11
You are creating a script to streamline the process of adding new groups to Active
Directory. You add the following command to the file:
dsadd group "CN=Sales,CN=Users,DC=contoso,DC=com"
–member "CN=Administrator,CN=Users,DC=contoso,DC=com" -scope g
What is the result of this command?
Selected A global group called sales.users.contoso.com is created, with
Answer: the user Administrator as a member.
Correct A global group called sales.users.contoso.com is created, with
Answer: the user Administrator as a member.
Feedback: The Dsadd command is used to add new groups to Active Directory.
The command creates a new global group called
sales.users.contoso.com, and the user Administrator is made a
member of that group. The answer "The command produces an
error" is incorrect. The syntax and usage of the command is valid.
The answer "A universal group called sales.users.constoso.com is
created, with the user Administrator as a member" is incorrect. The "-
scope g" would cause a global group to be created. The answer "The
user administrator is removed from the sales.users.contoso.com
group, and the scope is changed to global" is incorrect. Group
membership cannot be changed using the Dsadd command.
Question
1 out of 1 points
12
Under what circumstances can you convert a global group to a universal group?
Selected Only when the global group is not a member of another

Answer: global group.
Correct Only when the global group is not a member of another
Answer: global group.
Feedback: You can convert a global group to a universal group only if the global
group is not a member of any other global group. The answer "Only
when the global group contains users from only one domain" is
incorrect. By definition, a global group can contain only users from a
single domain. The answer "There are no restrictions when
converting a global group to a universal group" is incorrect. There are
restrictions on converting a global group to a universal group. The
answer "You cannot convert a global group to a universal group
under any circumstances" is incorrect. You can convert a global
group to a universal group if the global group is not a member of
another global group. (Discussion starts on page 220.)
Question
1 out of 1 points
13
The technical support department has a new member who needs rights to perform
system functions and Active Directory administration tasks such as creating new
user accounts, shutting down and restarting the server, backing up files and
directories, and loading and unloading device drivers. You want to make the user a
member of only one group, but you also want to avoid assigning more rights than
necessary. Which of the following groups should you make the new hire a member
of?
Selected
Correct Answer:
Administrators
Feedback: Of the groups listed, only the Administrators group and the Domain
Admins group have all of the required permissions. However, the
Domain Admins group also has rights that are not required by the
new hire. Therefore, the best choice is to add the user to the
Administrators group. The Server Operators group does not have
rights to create user accounts or load and unload device drivers. The
Backup Operators group does not have rights to create user
accounts or load and unload device drivers. (Discussion starts on
page 226.)
Question
1 out of 1 points
14
You have a laser printer in the Sales department. The Sales group is assigned
permissions to print to that printer. The members of the Sales department are all
members of the Sales group. No other users or groups are assigned permissions to
the printer. What happens if you delete the Sales group?
Selected The Sales group is removed from the ACL for the printer, and
Answer: members of the Sales department can no longer print.
Correct The Sales group is removed from the ACL for the printer, and
Answer: members of the Sales department can no longer print.
Feedback: When a group is deleted, access control list (ACL) entries related to
that group are removed. In this example, there are no other
permissions assigned to the printer, so members of the Sales
department can no longer print. The answer "The Sales group is
removed from the ACL for the printer, but members of the Sales
group can still print to the printer" is incorrect. If the group is removed
and the users are not assigned permissions individually, the users
cannot print. The answer "The Sales group is removed from the ACL
for the printer, but the individual user accounts that were members of
the Sales group are added to the ACL of the printer, thereby allowing
them to print" is incorrect. When you delete a group, members of that
group are not added to the ACL of any resource to which the group
was assigned permissions. The answer "Any user account that is a
member of the Sales group is deleted" is incorrect. Deleting a group
causes only that group object to be deleted. User accounts that are a
member of that group are not deleted. (Discussion starts on page
238.)
Question
1 out of 1 points
15
True or False: On a domain controller, members of the Power Users group can
create user and group accounts and modify the users and groups they have
created.
Selected False
Answer:
Feedback: Power Users is a local group. Local groups do not exist on Active
Directory domain controllers. (Discussion starts on page 221.)
Question
1 out of 1 points
16
To redistribute some of the administrative burden on your network, your manager
suggests having a member of the customer help desk act as your assistant. To
allow this person to perform account management tasks, you make him a member
of the Account Operators built-in Active Directory group. Which of the following
tasks will the user be allowed to perform?
Selected Creating new user
Answer: accounts
Correct Answer: Creating new user
accounts
Feedback: Members of the Account Operators group can create, delete, and
modify user, computer, and group objects in the Users and
Computers containers and in all OUs except domain controllers.
Members do not have permission to modify the Administrators or
Domain Admins groups, nor can they modify the accounts for
members of those groups. (Discussion starts on page 226.)
Question
1 out of 1 points
17
You want to implement group policy on your network to provide control over user
accounts on the network. Which of the following entities cannot be assigned group
policy?
Selected
Answer: Groups
Correct Answer:
Groups
Feedback: Group policy objects (GPOs) can be assigned only to Active
Directory domain, site, and OU objects. You cannot assign a group
policy object to a group. (Discussion starts on page 211.)
Question
1 out of 1 points
18
When you join a computer to the domain, what happens to the membership of the
local Guests group?
Selected The Domain Guests predefined global group is added to the
Answer: local Guests group.
Correct The Domain Guests predefined global group is added to the
Answer: local Guests group.
Feedback: When a computer is added to the domain, the Domain Guests
predefined global group is automatically added to the local Guests
group. The answer "The special identity Guests is added to the local
Guests group" is incorrect. There is no Guests special identity. The
answer "Any user accounts defined as members of the local Guests
group are added to the Domain Guests group" is incorrect. When a
computer is added to the domain, no changes are made to the
Domain Guests group. The answer "The local Guests group is
deleted" is incorrect. The local Guests group is not deleted when the
computer is added to the domain. (Discussion starts on page 221.)
Question
1 out of 1 points
19
You are the network administrator for a clothing manufacturer in Boise, Idaho. The
network comprises three domains. Each domain is assigned to a specific division in
the company. You have six Windows Server 2003 systems running Standard
Edition. Active Directory is running at a Windows Server 2003 domain functional
level. You have a group of auditors who move from department to department in the
course of their work. Because they move around, they need access to the nearest
printer at any given time. Which of the following do you do to accommodate this?
Selected Create a universal group, place the user accounts for the
Answer: auditors in that group, and then assign the universal group
permissions to all of the printers in each of the domains.
Correct Create a universal group, place the user accounts for the
Answer: auditors in that group, and then assign the universal group
permissions to all of the printers in each of the domains.
Feedback: The correct answer is "Create a universal group, place the user
accounts for the auditors in that group, and then assign the universal
group permissions to all of the printers in each of the domains." The
answer "Create a global group, place the user accounts for the
auditors in that group, and then assign the global group permissions
to all of the printers in each of the domains" is incorrect. You cannot
assign a global group permissions to resources in a domain other
than the one in which it is created. The answer "Create a universal
group, place the user accounts for the auditors in that group, and
then place the universal group into the local printer users group on
the domain controllers that host a printer" is incorrect. There is no
local printer users group. The answer "Create a universal group, and
place the user accounts for the auditors in that group. Create a global
group, and place the auditors universal group into that global group.
Finally, assign the global group permissions to the printers in each
domain" is incorrect. You cannot place a universal group into a global
group. (Discussion starts on page 218.)
Question
1 out of 1 points
20
You are the network administrator for a real estate agency in Washington, D.C. The
network comprises three Windows Server 2003 systems and 120 client systems
running Windows XP Professional. You have two domains, one representing each
of the two divisions of the company (residential and commercial). You receive a
request to create a group called Marketing that will be assigned resource access to
resources in both domains. However, when you go to create a new security group,
in the Group Scope option the Universal option button is grayed out. Which of the
following is the most likely cause of the problem?
Selected You are running at a Windows 2000 mixed domain
Answer: functional level.
Correct Answer: You are running at a Windows 2000 mixed domain
functional level.
Feedback: Universal groups are available only in the Windows 2000 native and
Windows Server 2003 domain functional levels. They are not
available in Active Directory operating at a Windows 2000 mixed
domain functional level. The answer "You have more than one
domain" is incorrect. The ability to create universal groups is not
dependent on the number of domains in the directory, although the
functionality they provide is not relevant in directory structures with
only one domain. (Discussion starts on page 212.)
Question
1 out of 1 points
21
You are the network administrator for a company that sells computer books. The
network comprises six Windows Server 2003 systems, three of which are domain
controllers. The other servers are member servers. Active Directory is operating at a
Windows Server 2003 functional level. One of the domain controllers hosts a
database application, and you need to provide users in the Sales department with
access to a folder on that server that contains the data files for the database. Which
of the following is the best approach to take?
Selected Create a domain local group called Database, and give that group
Answer: the necessary permissions to the folder containing the data file.
Create a global group called SalesData, and add the appropriate
members of the Sales department to the SalesData global group.
Add the SalesData global group to the Database domain local group.
Correct Create a domain local group called Database, and give that group
Answer: the necessary permissions to the folder containing the data file.
Add the SalesData global group to the Database domain local group.
Feedback: Best practice dictates that you identify the resource to which users
need access, and then create one or more domain local groups for
those resources. Next you assign the permissions needed for access
to the resources to the domain local group. Then you identify users
with common job responsibilities and add their user objects to a
global group. Finally, you make the global group a member of the
appropriate domain local group. The answer "Assign each user in the
Sales department access to the folder individually" is incorrect. This
would not be the best way to give users from the Sales department
access to the database. The answer "Create a global group called
Database, and give that group the necessary permissions to the
folder containing the data file. Create a domain local group called
SalesData, and add the appropriate members of the Sales
department to the SalesData domain local group. Add the SalesData
domain local group to the Database global group" is incorrect. You
cannot nest a domain local group in a global group. The answer
"Create a local group called Database on the domain controller.
Add the SalesData global group to the local group" is incorrect. You
cannot create a local group on a domain controller. (Discussion starts
on page 220.)
Question
1 out of 1 points
22
You are the network administrator for a tire wholesaler with seven offices across the
continental United States. Each site has a single Windows Server 2003 server
operating at a Windows Server 2003 domain functional level. Each site is linked to
the head office in Buffalo, New York, by a PRI-ISDN line. Each site has its own
domain. The WAN links are used by a number of applications, including a sales
order-processing system. The company is experiencing huge growth, and over the
next three months the number of staff members is set to increase from 160 to 310.
You are in the process of reorganizing the group structure on the network. Many of
the users require access to data and applications in more than one site, and up to
this point many of the assignments have been made with a user account rather than
a group. One of your fellow administrators suggests creating a number of universal
groups and adding the users to the universal groups. Permissions to resources can
then be granted via the universal groups. What issues, if any, do you see with this
solution?
Selected It might create additional traffic on the already heavily used
Answer: WAN links.
Correct It might create additional traffic on the already heavily used
Answer: WAN links.
Feedback: To use universal groups effectively, the best practice is to create a
global group in each domain, with user or computer accounts as
members, and then make the global groups members of a universal
group. This enables you to create a single universal group that is
usable throughout the enterprise, but with a membership that does
not change frequently. This method is preferable to adding users and
computers to the universal group directly, because every change to
the universal group's membership causes the entire membership to
be replicated to the global catalog, throughout the forest. Managing
the users and computers in the global groups does not affect the
universal group's membership and therefore generates no additional
replication traffic. In this scenario, with slow WAN links and universal
group memberships that are likely to change, this would be of
particular concern. The answer "None. The suggestion is practical
and valid" is incorrect. There are issues with this solution. The
answer "Universal groups are not available on a Windows Server
2003 domain functional level" is incorrect. Universal groups can be
created in Active Directory running at a Windows Server 2003
domain functional level. The answer "You can place global or domain
local groups only in a universal group, not user accounts" is incorrect.
You can place individual user accounts into a universal group,
although this is not recommended. (Discussion starts on page 218.)
Question
1 out of 1 points
23
If you are using a Windows 2000 native domain functional level, which of the
following Active Directory objects can be a member of a domain local group?
Selected User and computer accounts, universal groups, and global
Answer: groups from any domain; other domain local groups from the same
domain
Correct User and computer accounts, universal groups, and global
Answer: groups from any domain; other domain local groups from the same
domain
Feedback: When you use Active Directory at a Windows 2000 native domain
functional level, a domain local group can contain user and computer
accounts, universal groups, and global groups from any domain, as
well as other domain local groups from the same domain. All of the
other answers are incorrect. (Discussion starts on page 219.)
Question
0 out of 1 points
24
You are the network administrator for a music publishing company in Los Angeles.
The network comprises four Windows Server 2003 systems, two of which are
domain controllers. The network is operating at a Windows Server 2003 domain
functional level. You have a number of distribution groups in Active Directory that
were created for contacts in an external public relations (PR) firm. However, the PR
firm has been bought out by the firm you work for, and the entire PR operation has
been moved in-house. A new department has been created for the PR function.
Users in the new PR department need access to resources such as folders and
printers. Which of the following do you do to provide them access?
Selected Create new user accounts for users from the PR department.
Answer: Add the users to domain local groups as needed to provide access.
Correct Create new user accounts for users from the PR department.
Answer: Create a global group, and add the users to that group. Add the
global group to domain local groups as needed to provide access.
Feedback: The best practice is to add users to global groups, and then add
global groups to domain local groups that have been assigned the
appropriate access to resources. The answers "Create user accounts
to match the users listed in the distribution group, then convert the
distribution group to a global group. Assign the new global group to
domain local groups as needed to provide access" and "Convert the
distribution group to a global group. Assign the new PR global group
to the appropriate domain local group" are both incorrect. You cannot
convert a distribution group to a security group, which is what a
global group is. The answer "Create new user account for users from
the PR department. Add the users to domain local groups as needed
to provide access" is incorrect. As indicated, the best practice is to
add users to a global group, and then add global groups to domain
local groups to provide access to resources. (Discussion starts on
page 220.)
Question
1 out of 1 points
25
On a network operating at a Windows 2000 mixed domain functional level, which of
the following are limitations on converting groups?
Selected You cannot convert groups in Active Directory operating at a
Answer: Windows 2000 mixed domain functional level.
Correct You cannot convert groups in Active Directory operating at a
Answer: Windows 2000 mixed domain functional level.
Feedback: You cannot convert groups when running Active Directory at a
Windows 2000 mixed domain functional level. You can convert
groups only when you are running Active Directory at a Windows
2000 native or Windows Server 2003 functional level. All of the other
answers describe limitations on converting groups at either a
Windows 2000 native or Windows Server 2003 domain functional
level. (Discussion starts on page 220.)
Question
1 out of 1 points
26
You have recently been hired as the network administrator for a trading card
manufacturing company in New York. The network comprises four Windows Server
2003 systems, two of which are domain controllers. Active Directory is configured at
a Windows Server 2003 domain functional level. Twelve groups have been created
for each of the departments in the organization. You will soon be implementing a
new Active Directory–aware e-mail system, and your manager wants to be able to
send messages to all users in a department at one time. How do you accommodate
this?
Selected Special group configuration is not
Answer: necessary.
Correct Answer: Special group configuration is not
necessary.
Feedback: Security groups can be used as distribution groups by directory-
aware applications. Your manager can send messages to all users in
a department just by using the security group, so special group
configuration is not necessary. The answer "Copy each of the
departmental groups, and then convert the new group to a
distribution group" is incorrect. You cannot copy or convert groups.
The answer "Create a distribution group for each department, and
manually duplicate the membership of the security group for each
department" is incorrect. There is no need to create distribution
groups for each department. The answer "Convert the security group
for each department to a distribution group" is incorrect. You cannot
convert a security group to a distribution group, or vice versa.
Question
1 out of 1 points
27
You are the network administrator for a data storage device manufacturer in
Yakima, Washington. The network comprises three domains. Each domain is
assigned to a specific department in the company (Development, Sales,
Administration). You have three Windows Server 2003 systems running Standard
Edition. Active Directory is running at a Windows Server 2003 domain functional
level.
You have recently acquired a new plotter, which is to be used by the 14
electronics designers, all of whom are in the Development department and are
members of the Development global group. The manager informs you that he is
expecting to recruit two more designers in the near future. Which of the following do
you do to provide the electronics designers with access to the new plotter?
Selected Create a domain local group called Plotter. Place the
Answer: Development global group into the Plotter group.
Correct Create a domain local group called Plotter. Place the
Answer: Development global group into the Plotter group.
Feedback: Best practice dictates that global groups be added to domain local
groups that have been assigned the appropriate access to resources,
so you should create a domain local group called Plotter and place
the Development global group into the Plotter domain local group.
The answer "Create a domain local group called Plotter, create a
global group called Plotter Users, and make the Development global
group a member of the Plotter Users group" is incorrect. There is no
need to create a global group called Plotter Users in this example.
The answer "Create a domain local group called Plotter. Place the
user accounts for the users in the Development department into that
group" is incorrect. Best practice dictates that you use global groups
to group people by job function, and then use these global groups in
domain local groups to provide access to resources. The answer
"Assign the users from the Development department access to the
plotter by assigning permissions to their user accounts" is incorrect.
Best practice dictates that you use groups, not individual user
accounts, to provide access to resources. (Discussion starts on page
220.)
Question
1 out of 1 points
28
You are the network administrator for an insurance company with its head office in
San Francisco. The company has four other offices—in Detroit, New York,
Vancouver, and Dallas. The network comprises six Windows Server 2003 systems,
two in San Francisco and one at each of the other sites. Active Directory is
operating at a Windows 2000 mixed domain functional level.
The company has a sales order-processing system with a local database in each
location. The local databases are synchronized hourly with the central database in
San Francisco. Users at every site have been experiencing problems with the
database, so your manager has contracted two SQL database administrators
(DBAs) for three months to determine the problem and make recommendations for
optimizing the database. These DBAs, who will be based in San Francisco, need
direct access to the database folders in each location. Which of the following do you
do to achieve this?
Selected Create a global group called DBA in the San Francisco domain.
Answer: Create a domain local group in each of the other domains, and grant
permissions to the folders containing the database data files to the
respective domain local group. Assign the DBA global group to the
domain local groups.
Correct Create a global group called DBA in the San Francisco domain.
Answer: Create a domain local group in each of the other domains, and grant
permissions to the folders containing the database data files to the
respective domain local group. Assign the DBA global group to the
domain local groups.
Feedback: At the Windows 2000 mixed domain functional level, domain local
groups can contain global groups from any domain on the network.
The answer "Create a universal group called SQL, and assign it to
the folders containing the database data files. Create a global group
in each domain called DBAs, and add the user accounts for the
DBAs to the DBA group. Add the DBA group to the SQL universal
group" and the answer "Create a universal group called SQLDBA,
and assign it permissions to the folders containing the database data
files. Make the DBAs' user accounts members of the universal group"
are incorrect. You cannot create universal groups in Active Directory
running at a Windows 2000 mixed domain functional level. The
answer "Create a global group in each location, and assign the global
group permissions to folders containing the database data files. Add
the DBAs from San Francisco to the global group in each location" is
incorrect. On Active Directory running at a Windows 2000 mixed
domain functional level, global groups can contain user and
computer accounts only from the same domain. (Discussion starts on
page 216.)
Question
1 out of 1 points
29
On a system running Active Directory at a Windows 2000 mixed domain functional
level, what objects can be a member of a universal group?
Selected None. Universal groups are not supported at the Windows
Answer: 2000 mixed domain functional level.
Correct None. Universal groups are not supported at the Windows
Answer: 2000 mixed domain functional level.
Feedback: Universal groups are supported only at the Windows 2000 native or
Windows Server 2003 functional level. They are not supported at the
Windows 2000 mixed or Windows Server 2003 interim functional
level. (Discussion starts on page 219.)
Question
1 out of 1 points
30
You are the network administrator for a frozen foods wholesaler. The network
comprises 3 Windows 2000 Server systems and 165 workstations that run Windows
XP Professional or Windows 2000 Professional. You are planning to install a new
Windows Server 2003 system and want to configure the domain functional level for
the highest level supported by both servers. You also want to use universal security
and distribution groups, and group nesting. What domain functional level do you use
after you have installed the Windows Server 2003 system?
Selected Windows 2000 native
Answer:
Correct Answer: Windows 2000 native
Feedback: The Windows 2000 native domain functional level supports both
Windows Server 2003 and Windows 2000 servers. It also supports
universal security and distribution groups, and group nesting. The
answer "Windows Server 2003" is incorrect. The Windows Server
2003 domain functional level supports domain controllers running
Windows Server 2003 only. The answer "Windows Server 2003
interim" is incorrect. This domain functional level is used only when
you upgrade domain controllers in Windows NT 4 domains to
Windows Server 2003 domain controllers. The answer "Windows
2000 mixed" is incorrect. Although this domain functional level
supports both Windows Server 2003 and Windows 2000 Server
systems, it does not support universal security groups or group
nesting. (Discussion starts on page 212.)
Question
1 out of 1 points
1
When creating a new computer account, under what circumstances would you select
the Assign This Computer Account As A Pre–Windows 2000 Computer check box?
Selected The system you are creating an account for is running
Answer: Windows NT 4.
Correct The system you are creating an account for is running
Answer: Windows NT 4.
Feedback: You should select the check box if you are creating a computer
account for a system running Windows NT 4. MS-DOS–based
operating systems such as Windows 98 and Windows Me can log on
to Active Directory with additional client software, but they do not have
a corresponding computer account object in Active Directory.
Question
1 out of 1 points
2
If the name of a computer is salesadminsouth07, what is the default pre–Windows
2000 computer name for the system?
Selected salesadminsouth
Answer:
Correct Answer: salesadminsouth
Feedback: The pre–Windows 2000 computer name is automatically generated
using the first 15 characters of the computer name. This makes the
pre–Windows 2000 computer name salesadminsouth. (Discussion
Question
1 out of 1 points
3
On a Windows Server 2003 system, where do you go to join the computer to a
domain?
Selected Control Panel, System, Computer Name
Answer:
Correct Answer: Control Panel, System, Computer Name
Feedback: You join the computer to a domain using the Computer Name tab of
the System Properties dialog box, which is accessed by selecting
System in Control Panel. The computer name cannot be changed in
the Advanced or General tab of the System Properties dialog box.
There is no Network Identification tab in the System Properties dialog
box. (Discussion starts on page 254.)
Question
1 out of 1 points
4
What is the function of the Redircmp.exe command?
Selected It allows you to specify a different default location for new

Answer: computer accounts.
Correct It allows you to specify a different default location for new
Answer: computer accounts.
Feedback: By default, computer accounts are created in the Computers
container. You can use the Redircmp command to specify an
alternative default location for the creation of computer accounts.
Redircmp does not allow you to move computers from one OU to
another, map more than one computer name to the same computer
object, or copy computer account objects. (Discussion starts on page
259.)
Question
1 out of 1 points
5
In Active Directory Users And Computers, in which tab of the Properties dialog box
for the computer account do you view the service pack version installed on the
corresponding system?
Selected Operating System
Answer:
Correct Answer: Operating System
Feedback: The Operating System tab of the computer account properties shows
the name, version, and service pack level of the currently installed
operating system. You cannot view the service pack level in the
General tab, and there is no Service Pack or Version tab for the
properties of a computer account. (Discussion starts on page 260.)
Question
1 out of 1 points
6
Which of the following utilities do you use to remove a computer account from Active
Directory?
Selected Dsrm
Answer:
Correct Answer: Dsrm
Feedback: You can use the Dsrm utility to remove objects, including computer
accounts, from Active Directory. Cmprem is not a valid Windows
Server 2003 utility. You can use the Dsmod utility to modify an existing
Active Directory object, but not to remove an object. You use the
Redircmp command to specify a new default location for computer
accounts in Active Directory, not to remove computer accounts.
Question
1 out of 1 points
7
During user logon on a Windows 2000 Professional system, which of the following is
responsible for checking to see if the computer has a corresponding account in
Active Directory?
Selected Netlogon
Answer:
Correct Answer: Netlogon
Feedback: During user logon, the Netlogon service running on the client
computer connects to the same service on the domain controller, and
then each one verifies that the other system has a valid computer
account. Dsmod, Dsadd, and Redircmp are command-line utilities
associated with the management of computer objects. They are not
services and are not used to check whether a corresponding computer
account exists in Active Directory. (Discussion starts on page 248.)
Question
1 out of 1 points
8
By default, the Add Workstations To Domain right is assigned to the Authenticated
Users special identity, thereby allowing an authenticated user to create up to how
many computer accounts in Active Directory?
Selected
Answer: 10
Correct Answer:
10
Feedback: The Default Domain Controllers Policy GPO grants a user right called
Add Workstations To Domain to the Authenticated Users special
identity. This means that any user who is successfully authenticated to
Active Directory is permitted to join up to 10 workstations to the
domain and create 10 associated computer objects, even if the user
does not possess explicit object creation permissions. (Discussion
Question
1 out of 1 points
9
True or False: The person nominated in the Name field of the Managed By tab of the
computer accounts properties must exist in Active Directory.
Selected True
Answer:
Feedback: You cannot manually edit the Name field of the Managed By tab. The
name selected must be a user account that already exists in Active
Directory. (Discussion starts on page 260.)
Question
1 out of 1 points
10
If you are joining a computer to the domain and a computer account has already
been created for that computer, which of the following rules must you obey?
Selected The name in the Computer Name field must be identical to
Answer: the already created computer account.
Correct The name in the Computer Name field must be identical to
Answer: the already created computer account.
Feedback: When you join a computer to a domain in which a computer account
has already been created for the computer, the name you enter in
the Computer Name field must be identical to the name of the
computer account. The computer does not automatically detect the
correct value for the Computer Name field. (Discussion starts on
page 260.)
Question
1 out of 1 points
11
When you use the Netdom command to create computer accounts, what happens if
you don't use the /OU switch?
Selected The computer account is created in the Computers
Answer: container.
Correct Answer: The computer account is created in the Computers
container.
Feedback: By default, the Netdom command creates computer accounts in the
Computers container. The /OU switch allows you to define where the
computer account is created. (Discussion starts on page 254.)
Question
1 out of 1 points
12
If you reinstall the operating system on a computer that is a member of the domain,
what steps, if any, must you take for that computer to reuse the existing computer
account?
Selected You must reset the computer
Answer: account.
Correct Answer: You must reset the computer
account.
Feedback: Resetting a computer account causes Active Directory to
resynchronize passwords between the computer account and the
directory. This resetting process allows you to reuse an existing
account after a new operating system installation on that computer.
You cannot manually reconfigure the SID, and Active Directory does
not automatically recognize the system. (Discussion starts on page
263.)
Question
1 out of 1 points
13
You have a user who is going on maternity leave for a month. Her work has been
reassigned to other people, and no one will be using her PC while she is away. You
want to make the network as secure as possible. What should you do to the
computer account object for her PC?
Selected Disable
Answer: it.
Correct Answer: Disable
it.
Feedback: Disabling a computer account object renders users unable to log on
to the directory from that system. If you are operating in a high-
security environment, any account (computer or user) that can gain
access to the network should be disabled if it is not to be used for an
extended period of time. Resetting the computer account does not
serve any purpose in this situation—it resynchronizes password
information with Active Directory. You would also not delete the
computer account because the account will be required in the future.
Suspending the account is not a recognized action for computer
account objects in Active Directory. (Discussion starts on page 262.)
Question
1 out of 1 points
14
When you use the Dsmod utility, you include the -p switch in the command line.
What value do you specify for this switch?
Selected The password for the user account that has privileges to
Answer: modify the computer account.
Correct The password for the user account that has privileges to
Answer: modify the computer account.
Feedback: The -p (password) switch is used in conjunction with the -u
(username) switch to specify a user account that should be used to
modify the computer accounts in the directory.
The answer "None. The -p switch indicates that the computer
account is subjected to group policy and has no values associated
with it" is incorrect. There is no switch in the Dsmod command for
specifying that the computer account is subject to group policy.
The answer "The password that the computer account will use in
Active Directory" is incorrect. The computer account password
cannot be reset using the Dsmod command.
The answer "The password for the user who will use the computer" is
incorrect. The user password is a property of the user account object
and is completely unrelated to the computer account. (Discussion
Question
1 out of 1 points
15
Which of the following commands do you use to make the default location of newly
created computer objects be the OU workstations.contoso.com?
Selected redircmp
Answer: ou=workstations,DC=contoso,dc=com
Correct Answer: redircmp
ou=workstations,DC=contoso,dc=com
Feedback: The answers "redircmp -d:ou=workstations,DC=contoso,dc=com"
and "redircmp -def:ou=workstations,DC=contoso,dc=com" are
incorrect. No switches are necessary to specify the new default
location for computer accounts. The answer "rediscmp
ou=workstations,DC=contoso,dc=com" is incorrect. Rediscmp is not
a recognized Windows Server 2003 utility or command. (Discussion
Question
1 out of 1 points
16
Why is it necessary to reset a computer account after you reinstall an operating
system on the client computer?
Selected The new computer will have a different SID than the old
Answer: one.
Correct Answer: The new computer will have a different SID than the old
one.
Feedback: A computer account, like a user account, has a SID that is used to
identify that computer account in Active Directory. When a computer
is joined to the domain, it changes its SID to match that of the
computer object. If a new operating system is installed, the SID will
be different, so it must be resynchronized with the SID of the
computer account in Active Directory. You do this by resetting the
computer account.
The answer "The information in the Operating System tab of the
computer account object must be manually refreshed" is incorrect.
The information in the Operating System tab is dynamically updated
when the computer connects to the domain.
The answer "Resetting the computer account updates the client
computer with a list of the users permitted to log on from that system"
is incorrect. Lists of permitted users are not downloaded to client
computers.
The answer "The serial number of the operating system installation
will have changed" is incorrect. The computer account object does
not have anything to do with the serial number of the operating
system software installed on the system. (Discussion starts on page
249.)
Question
1 out of 1 points
17
Which of the following commands creates a computer account for
computer1.sales.contoso.com?
Selected dsadd computer
Answer: CN=computer1,CN=sales,DC=contoso,DC=com
Correct dsadd computer
Answer: CN=computer1,CN=sales,DC=contoso,DC=com
Feedback: The command dsadd computer
CN=computer1,CN=sales,DC=contoso,DC=com creates a new
computer account in the sales.contoso.com OU.
The answer "dsadd comp
CN=computer1,CN=sales,DC=contoso,DC=com" is incorrect. The
switch for creating a computer account with Dsadd is computer, not
comp.
The answer "dsmod computer
Dsmod command is not used to create computer accounts; it can be
used only to modify existing computer accounts.
The answer "dsrm computer
Dsrm command is not used to create computer accounts; it is used to
delete computer accounts. (Discussion starts on page 253.)
Question
1 out of 1 points
18
When you create an account for a computer that is not a domain controller, what
default group memberships are assigned to it?
Selected Domain Computers group
Answer:
Correct Answer: Domain Computers group
Feedback: When a new computer account is created, it is made a member of
the Domain Computers group. It is not made a member of any other
groups. (Discussion starts on page 260.)
Question
1 out of 1 points
19
Why is it preferable to place client computer account objects in an OU rather than
the system-created Computers container?
Selected So group policy settings can be applied to the computer
Answer: accounts in one step.
Correct So group policy settings can be applied to the computer
Answer: accounts in one step.
Feedback: Group Policy Objects (GPOs) cannot be applied to system-created
container objects such as the Computers container, so you should
create OUs to hold computer accounts.
The answer "The Computers container can hold a maximum of only
100 objects" is incorrect. There is no practical limit to the number of
objects that can be created in the Computers container.
The answer "The Computers container should be used only for
computer accounts that are related to servers" is incorrect. There are
no guidelines or best practices that dictate that the Computers folder
be used only for computer accounts related to servers.
The answer "The Computers container is designed to hold computer
accounts only for domain controllers" is incorrect. Computer accounts
for domain controllers are automatically placed in the Domain
Controllers container. (Discussion starts on page 259.)
Question
1 out of 1 points
20
When you create a computer account in Active Directory Users And Computers,
what do you enter in the User Or Group field of the New Object – Computer
Wizard?
Selected The name of a user or group with permissions to join the
Answer: computer to the domain.
Correct The name of a user or group with permissions to join the
Answer: computer to the domain.
Feedback: The User Or Group field is for specifying the user or group with the
necessary permissions to join the computer to the domain. The
default value is the Domain Admins group.
The answer "The name of the user or group that will use the
computer corresponding to the computer account" is incorrect.
Computer accounts are not assigned to any one user or group during
the account creation process.
The answer "The name of a user or group with permissions to create
a computer object" is incorrect. The ability to create a computer
account is not related to this field.
The answer "The name of the user or group that will be responsible
for managing the corresponding computer system" is incorrect. It is
possible to specify the person responsible for the management of a
computer system in the Managed By tab of the computer object's
properties, but you don't specify this during the computer account
creation process. (Discussion starts on page 251.)
Question
1 out of 1 points
21
True or False: When you use Dsadd to create a computer account, the DN must be
surrounded by quotation marks in order for the account to be created successfully.
Selected False
Answer:
Feedback: The computer distinguished name (DN) requires quotation marks
around it only if there are spaces in the DN path. For example, the
DN CN=sales1,CN=sales,DC=contoso,DC=com does not require
quotation marks around it, but the DN CN=sales1,CN=sales
north,DC=contoso,DC=com does. (Discussion starts on page 253.)
Question
1 out of 1 points
22
In a default configuration, members of the Account Operators group have
permissions to create computer objects in which of the following locations?
Selected The Computers container and any new OUs you
Answer: create
Correct Answer: The Computers container and any new OUs you
create
Feedback: By default, members of the Account Operators group have
permissions to create computer accounts in the Computers container
as well as any new OUs that you create. The answers "The
Computers container and the OU in which the user account that is a
member of the Account Operators group resides" and "The
Computers container" are incorrect. Members of the Account
Operators group also have permission to create computer accounts
in any new OUs you create. The answer "Any container or OU in the
domain" is incorrect. Members of the Account Operators group have
permissions to create computer accounts only in the Computers
container and any new OUs you create. (Discussion starts on page
251.)
Question
1 out of 1 points
23
Which of the following commands disables the computer account for the object
computer1.sales.contoso.com?
Selected dsmod computer
Answer: CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes
Correct dsmod computer
Answer: CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes
Feedback: The Dsmod computer command can be used to disable a computer
account. The target computer must be identified in the command,
and the -disabled yes switch must be used.
The answer "dsmod CN=computer1,CN=sales,DC=contoso,DC=com
-disabled yes" is incorrect. Dsmod requires that you specify the type
of Active Directory object you are modifying.
The answer "dsadd computer
CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes" is
incorrect. The Dsadd command is used to add objects to Active
Directory, not to modify existing objects.
The answer "dsrm computer
CN=computer1,CN=sales,DC=contoso,DC=com -disabled yes" is
incorrect. The Dsrm command is used to remove objects from Active
Directory, not configure existing objects. (Discussion starts on page
263.)
Question
1 out of 1 points
24
You are the network administrator for a small property management company in
Boise, Idaho. The network comprises a single Windows Server 2003 system and 23
Windows XP Professional systems. Active Directory is running at the Windows
Server 2003 domain functional level. Earlier this month, you were asked to disable
the computer account for a user who was taking a month of leave to care for a sick
family member. The user account for the person was not disabled because the user
planned to dial in to the network from home while on leave. Now there is talk of the
user returning from leave early. If he does return early and goes to use his PC
before you have reenabled the computer account, what will happen?
Selected He has logged on to the domain from that system before, so he
Answer: will be able to log on to the local system but will not be able to
access domain resources.
Correct He has logged on to the domain from that system before, so he
Answer: will be able to log on to the local system but will not be able to
access domain resources.
Feedback: Because the user has previously logged on to that computer, he will
have cached credentials that will enable him to log on to the system.
However, because the computer account is disabled in the domain,
he will be unable to log on to the domain until you reestablish the
secure channel by enabling the computer account.
The answer "He has logged on to the domain from that system
before, so he will be able to log on and use the domain resources" is
incorrect. He will be able to log on to the local system, but he will not
be able to use domain resources.
The answer "When he logs on, the computer account will be
automatically enabled because his username and password are
valid" is incorrect. Computer accounts are not reenabled in this way.
The answer "He will not be able to log on to that system, even though
he has logged on to the domain from that system before" is incorrect.
He will be able to log on to the local system but will not be able to
access domain resources. (Discussion starts on page 262.)
Question
1 out of 1 points
25
You are the network administrator for a large insurance brokerage in Wichita,
Kansas. The network comprises four Windows Server 2003 systems, two of which
are configured as domain controllers. The other two servers provide file and print
services, and they host the company's document management and customer
database applications. Active Directory is configured at the Windows Server 2003
domain functional level.
You have just made a new leasing agreement with your hardware supplier, and as a
result you are in the process of upgrading the company's 450 client computers. The
existing systems are all running Windows 2000 Professional, but the new systems
will be running Windows XP Professional. Which of the following do you do to allow
the new Windows XP Professional systems to join the domain?
Selected When replacing each system, give the new computer the same
Answer: name as the one that was removed. Reset the computer account in
Active Directory.
Correct When replacing each system, give the new computer the same
Answer: name as the one that was removed. Reset the computer account in
Active Directory.
Feedback: The Reset Computer option is designed to accommodate exactly this
kind of procedure. You can reuse the existing computer account by
resetting the account, which resets its password but maintains the
account's properties.
The answer "Create a new computer account for each of the new
systems" is incorrect. There is no need to create new computer
accounts for the new systems.
The answer "When replacing each system, give the computer the
same name as the one that was removed. Disable and reenable the
computer in Active Directory" is incorrect. Disabling and reenabling
the computer account will not have the desired effect.
The answer "In Active Directory Users And Computers, locate the
computer accounts for the existing systems, select the Operating
System tab of the properties for the computer object, and type
Windows XP Professional in the Version field" is incorrect. You
cannot manually edit the fields in the Operating System tab of Active
Directory Users And Computers. This information is automatically
completed when the computer connects to the domain. (Discussion
Question
1 out of 1 points
26
You are the network administrator for an electrical goods distributor in Chicago. The
network comprises three Windows Server 2003 systems, two of which are domain
controllers. The other is a member server that hosts the sales order-processing
database. Active Directory is configured at the Windows Server 2003 domain
functional level. The company has experienced a phenomenal surge in growth that
has resulted in the hiring of 24 new employees, bringing the total staff to 114. Your
manager has realized that managing all these users, who all work on Windows XP
Professional systems, is too much for a single administrator, so he has hired a
junior administrator to help with some of the more mundane network management
tasks. One day, a request arrives to disable a computer account for a salesperson
who is taking a leave of absence. Company policy dictates that while the
salesperson is away, both her computer and user account must be disabled.
Disabling of computer accounts is not a frequently performed task, but you ask the
junior administrator to do it. Unfortunately, he accidentally resets the computer
account instead of disabling it. What action, if any, is required before the user can
log on again from that computer?
Selected .No action is
Answer: required.
Correct Answer: .No action is
required.
Feedback: Resetting the computer account causes the directory to
resynchronize with the corresponding computer system. If the
computer has not been changed, reconfigured in certain ways,
disjoined from the domain, or replaced, no action is necessary. The
answer "The account must be disabled and reenabled" is incorrect.
This is not necessary and will have no effect on the computer
account that has been reset. The answer "The operating system
must be reinstalled on the computer" is incorrect. There is no need to
perform this task in this instance. The answer "The account must be
reset again while a user with administrative rights is logged on" is
incorrect. There is no need to reset the computer account again.
Question
1 out of 1 points
27
You are the network administrator for a large kitchenware distributor in Sandusky,
Ohio. The network comprises three Windows Server 2003 systems, two of which
are configured as domain controllers. The third server is configured as a member
server and hosts the corporate sales order-processing system. Active Directory is
configured at the Windows 2000 mixed domain functional level. You are in the
process of upgrading the company's 125 client computers from Windows 98 to
Windows XP Professional. Most users will continue to use the same PC hardware,
but the operating system will be upgraded. The exception is the Sales department,
which will receive brand-new computers running Windows XP Professional. Their
existing Windows 98 systems will be donated to a local school and will not be
reused within the company. Which of the following do you do to allow the new
Windows XP Professional systems to join the domain?
Selected Create a new account in Active Directory for each new
Answer: Windows XP Professional system.
Correct Create a new account in Active Directory for each new
Answer: Windows XP Professional system.
Feedback: A new computer account will be required for each of the new
Windows XP Professional systems. The other answers are incorrect.
Windows 98 systems can connect to the domain with Active Directory
client software, but they do not have a corresponding computer
account object. (Discussion starts on page 248.)
Question
1 out of 1 points
28
You are the network administrator for a telecommunications company in Mobile,
Alabama. The network comprises three Windows Server 2003 systems, all of which
are configured as domain controllers. The company employs 134 people, and all of
them have a Windows XP Professional system. One morning, you get a call from a
user who has received the following error message:
Windows cannot connect to the domain, either because the domain controller is
down or otherwise unavailable, or because your computer account was not found.
Please try again later. If this message continues to appear, contact your system
administrator for assistance.
The user logged on to the system without any problem the previous day, and you
have received no other reports of users experiencing problems. You reset the
computer account in Active Directory Users And Computers, but the user still cannot
connect to log on to the domain. Which of the following do you try next?
Selected Change the computer system's membership to a workgroup,
Answer: and then rejoin it to the domain.
Correct Change the computer system's membership to a workgroup,
Answer: and then rejoin it to the domain.
Feedback: The final step in troubleshooting this kind of error is to change the
computer system's membership to a workgroup and then rejoin it to
the domain.
The answer "Disable and reenable the computer account" is
incorrect. This would likely have no effect on the situation.
The answer "Disable and reenable the user account" is incorrect. The
user and computer account are separate objects in Active Directory.
The error is clearly related to the computer account rather than the
user account, so disabling and enabling the user account would likely
have no effect on the problem.
The answer "Delete the existing computer account, and re-create a
new computer account with the same name" is incorrect. Deleting the
computer account is a last-resort measure. Like user accounts,
computer accounts are assigned a SID when they are created, and
the SID cannot be replicated. Even if the new computer account was
created with the same name and attributes as the account that was
deleted, the SID would still be different, and any group memberships
or permission assignments would need to be recreated. (Discussion
Question
1 out of 1 points
29
You are the network administrator for a large public relations agency in Detroit. The
company has four divisions, each of which is responsible for specific geographical
regions internationally. The company operates on four floors of an office building,
with each floor occupied by a department. The network comprises four Windows
Server 2003 systems, one on each floor, and all of them are configured as domain
controllers. Active Directory is operating at the Windows 2000 mixed domain
functional level. All of the domain controllers are in the system-created Domain
Controllers OU, but each department uses one of the servers as a file and print
server, so your manager suggests that the domain controller for each department
be moved to the corresponding OU in Active Directory. What issues, if any, can you
see with her request?
Selected The domain controller computer accounts can be moved, but
Answer: group policies must be implemented on the new OU to provide the
same configurations that the domain controllers have in the Domain
Controllers OU.
Correct The domain controller computer accounts can be moved, but
Answer: group policies must be implemented on the new OU to provide the
same configurations that the domain controllers have in the Domain
Controllers OU.
Feedback: The Domain Controllers OU has the Default Domain Controller Policy
GPO applied to it. If the domain controller computer accounts are
moved, GPOs must be applied to the new OU in order for the domain
controllers to receive the same level of protection and configuration
that they receive in the Domain Controllers OU.
The answer "None. The suggestion is easily implemented and
requires no additional work other than moving the computer
accounts" is incorrect. Additional administrative work is created by
moving the domain controller computer accounts.
The answer "Domain controller computer accounts must reside in the
system-created Domain Controllers OU. They cannot be moved to
another OU" is incorrect. Domain controller computer accounts can
be moved to other OUs if necessary.
The answer "The domain functional level must be raised to Windows
Server 2003 before the domain controllers can be moved" is
incorrect. The domain functional level does not affect whether
domain controller computer accounts can be moved. (Discussion
Question
1 out of 1 points
30
You are the network administrator for a small specialty auto parts manufacturer. The
network comprises two Windows Server 2003 systems, both of which are
configured as domain controllers. Active Directory is operating at the Windows 2000
mixed domain functional level. The company has recently created a new Research
and Development department, and 25 new Windows XP Professional systems are
being installed in that department. The users in the department will join the domain
when they first use their PCs. Rather than have the computer accounts for the
department created in the Computers container, you would like to have the
computer accounts in the R&D OU so that they can immediately be subject to the
group policy applied to that OU. Which of the following do you do to achieve this?
Selected Create the computer accounts in the R&D OU, and then have
Answer: the users join the computers to the domain.
Correct Create the computer accounts in the R&D OU, and then have
Answer: the users join the computers to the domain.
Feedback: When a computer joins the domain, it first searches Active Directory
for a computer object that relates to it. If it finds one, it uses that
computer account as its corresponding Active Directory object.
The answer "Have users create the computer accounts during the
domain joining process, and then move them from the Computers
container to the R&D OU" is incorrect. Although this is a valid way of
working with computer accounts, the accounts created in the
Computers OU would not be immediately subjected to the R&D
group policy.
The answer "Apply the same group policy that is applied to the R&D
OU to the Computers container" is incorrect. The Computers
container is a system-created container. Group policies cannot be
applied to it.
The answer "Direct the users to specify the R&D OU for the
computer account creation when they join the computers to the
domain" is incorrect. You cannot specify the location of the computer
account when the computer account is created as part of the domain
joining process. Computer accounts are placed in the default
location. (Discussion starts on page 254.)
Question
1 out of 1 points
31
You are the network administrator for a small graphic design house in Seattle,
Washington. The company also has a sales office in New York with five employees.
The network in Seattle comprises two Windows Server 2003 systems, both of which
are domain controllers. Active Directory is configured at the Windows 2000 mixed
domain functional level. The New York office, which is not yet connected to the
Seattle office, is operating its network as a workgroup with a single Windows 2000
Server system providing file and print services. You have just implemented a VPN
to create a WAN between the two sites. The plan is to eventually implement a
domain controller in New York for local authentication and disaster recovery
purposes. However, the installation of that system must wait until you can travel to
New York. In the meantime, one of the more technically capable users in New York
has been asked to join the five Windows XP Professional workstations and the
Windows 2000 server to the domain. The Windows Server 2003 system will become
a member server.
The user is able to join all five of the Windows XP Professional systems to the
domain and create the related computer accounts, but he is unable to add the
Windows 2000 server system to the domain. Which of the following is the most
likely cause of the problem?
Selected Users can create computer accounts only for workstations,
Answer: not server systems.
Correct Users can create computer accounts only for workstations,
Answer: not server systems.
Feedback: Users can create up to 10 computer accounts by virtue of the Add
Workstations To Domain user right that is granted to the
Authenticated Users special identity. However, this user right allows
only workstations, not servers, to be added to the domain. In this
example, the system is a Windows 2000 Server system, so the user
cannot join it to the domain.
The answer "Users are allowed to create only five computer accounts
in Active Directory" is incorrect. Users can create up to 10
workstation computer accounts in Active Directory.
The answer "The system is a Windows 2000 Server system and
cannot be joined to an Active Directory running at a Windows Server
2000 mixed domain functional level" is incorrect. Windows 2000
Server systems can be added as member servers to Active Directory
running at a Windows 2000 mixed domain functional level.
The answer "Users can create computer accounts only in the
Computers container, and a computer account for a server cannot be
created in the Computers container" is incorrect. In terms of
computer account creation, Active Directory does not differentiate
between computers that are member servers and computers that are
workstations. Both can be created in the Computers folder.
Question
1 out of 1 points
32
You are the network administrator for a corporate finance house in Dallas, Texas.
You are designing a network upgrade from a non-Windows operating system to
Windows Server 2003. The plan is to have seven Windows Server 2003 systems
running Active Directory at the Windows Server 2000 mixed domain functional level.
To streamline the process of creating computer accounts and joining them to the
domain, you want to create a batch file that can be run to create the computer
accounts en masse. You also want to create a batch file that can be sent to users
via e-mail, which will allow them to join their computer to the domain. You assign the
task of creating the batch file to a junior administrator. She suggests that you use
the Netdom utility for both tasks. What issues, if any, do you see with this proposed
solution?
Selected None. The solution is appropriate and
Answer: valid.
Correct Answer: None. The solution is appropriate and
valid.
Feedback: The Netdom utility can be used to both create computer accounts in
Active Directory and to join computer accounts to the domain. The
other answers are incorrect. Netdom can be used to create computer
accounts and to join computers to the domain, and it can be
configured to create computer accounts in a specific location through
the use of the /OU switch. (Discussion starts on page 254.)
Question
1 out of 1 points
33
You are the network administrator for an Internet-based craft supplies retailer. The
network comprises three Windows Server 2003 systems, both of which are domain
controllers. Active Directory is configured at the Windows 2000 mixed domain
functional level. You want to configure the network so that any new computer
accounts are created in the Workstations OU because you have created a new
group policy and linked it to that OU. Which of the following do you do to make sure
all new computer objects are created in that OU?
Selected Manually create computer accounts in the Workstations OU
Answer: before the corresponding computer systems join the domain.
Correct Manually create computer accounts in the Workstations OU
Answer: before the corresponding computer systems join the domain.
Feedback: At a Windows 2000 mixed domain functional level, you cannot
reconfigure the default location for computer accounts that are
created in the directory. To ensure that all computer accounts are
created in the Workstations OU, you must create the accounts in that
OU. Then, when a workstation is joined to the domain, it
automatically locates the corresponding computer account object and
uses it.
The answer "Use Redircmp and specify the Workstations OU as the
new default location for computer accounts" is incorrect. Redircmp
can be used only when Active Directory is running at a Windows
Server 2003 domain functional level.
The answers "Use Dsadd and specify the Workstations OU as the
new default location for computer accounts" and "Use Netdom and
specify the Workstations OU as the new default location for computer
accounts" are incorrect. Both of these utilities can be used to create
computer accounts, but neither of them can be used to configure the
default location for newly created computer accounts. (Discussion

When you work with NTFS permissions, what does a gray-shaded check box for a
permission in the Security tab of a folder mean?
Selected The permission cannot be set because you have insufficient
Answer: rights.
Correct Answer: The permission is inherited.
Feedback: A gray-shaded check box in the Security tab for a folder indicates that
the permission is inherited. All of the other answers are incorrect.
Question
0 out of 1 points
2
By default, members of which Active Directory groups can assign ownership of an
NTFS file or folder to another user?
Selected Administrators, Server Operators
Answer:
Correct Answer: Administrators, Backup Operators, Server
Operators
Feedback: The ability to assign ownership of a file or folder is derived from the
Restore Files And Directories user right. Members of the
Administrators, Server Operators, and Backup Operators groups all
receive this right via the Default Domain Controllers Policy GPO.
Question
0 out of 1 points
3
Which of the following is considered a standard NTFS permission?
Selected List Folder/Read

Answer: Data
Correct Answer: List Folder Contents
Feedback: List Folder Contents is considered a standard NTFS permission. The
others are considered special NTFS permissions. (Discussion starts
on page 295.)
Question
1 out of 1 points
4
On a workgroup or a standalone Windows Server 2003 computer, membership of
which of the following groups enables you to create a share?
Selected Power
Answer: Users
Correct Answer: Power
Users
Feedback: On a computer that is not a member of a domain, you must be logged
on as a member of the Administrators or Power Users group to create
file system shares. There is no group called Share Creators. The
Account Operators and Server Operators groups are considered
predefined Active Directory groups and so are found only on Windows
Server 2003 systems that are domain controllers. (Discussion starts
on page 283.)
Question
1 out of 1 points
5
Which of the following is a reason to create shares using the Shared Folders MMC
snap-in rather than Windows Explorer?
Selected You can create a share on a remote
Answer: computer.
Correct Answer: You can create a share on a remote
computer.
Feedback: The Shared Folders MMC snap-in allows you to create shares on a
remote system. Windows Explorer can be used to create shares only
on the local system.
The answer "You can assign permissions to the share at the same
time that you create it." is incorrect. You can assign permissions at the
same time that you create the share in Windows Explorer, just as you
can when creating the share using the Shared Folders MMC snap-in.
The answer "You can assign NTFS permissions as well as share
permissions" is incorrect. The Shared Folders MMC snap-in is not
used to assign NTFS permissions.
The answer "You automatically become the creator/owner of the folder
that is shared" is incorrect. The creator/owner designation is
associated with NTFS permissions, not share permissions. The choice
of the tool used to create a share does not change the creator/owner
designation of the folder you are sharing. (Discussion starts on page
286.)
Question
1 out of 1 points
6
What security principal is assigned as the owner of files and folders created by the
operating system?
Selected The Administrators
Answer: group
Correct Answer: The Administrators
group
Feedback: When a file or folder is created by the operating system, the
Administrators group is designated as the owner. All of the other
answers are incorrect. (Discussion starts on page 304.)
Question
1 out of 1 points
7
True or False: The Write NTFS permission, when applied to a folder, gives the user
the right to modify the folder attributes.
Selected True
Answer:
Feedback: When applied to a folder, the Write NTFS permission gives the user
the right to create new files and subfolders inside the folder, modify
the folder attributes, and view the ownership and permissions of the
folder. (Discussion starts on page 296.)
Question
1 out of 1 points
8
Fill in the blanks: Every file and folder on an NTFS drive has an ____ containing ____
that define what security principals are assigned permissions to it.
Selected ACL, ACEs
Answer:
Correct Answer: ACL, ACEs
Feedback: Every file and folder on an NTFS drive has an access control list
(ACL) containing access control entries (ACEs) that define what
security principals are assigned permissions to it. (Discussion starts
on page 295.)
Question
0 out of 1 points
9
What are the default share permission assignments for a newly created share?
Selected Everyone special identity, Full Control permission

Answer:
Correct Everyone special identity, Read permission; Administrators
Answer: group, Full Control permission
Feedback: On a newly created share, the default permissions assigned are Read
to the Everyone special identity, and Full Control to the Administrators
group. All of the other answers are incorrect. The answer "Everyone
special identity, Full Control permission" describes the default share
permission assignments on versions of Windows prior to Windows XP.
Question
0 out of 1 points
10
While browsing the shares on your system, you notice that systemroot\SYSVOL
\sysvol\domainname\SCRIPTS is shared out as NETLOGON. What does this tell
you about the system you are working on?
Selected The system is a Windows NT 4 system.
Answer:
Correct Answer: The system is a domain controller.
Feedback: When you promote a Windows Server 2003 computer to a domain
controller, the system shares the systemroot\SYSVOL\sysvol
\domainname\SCRIPTS folder as NETLOGON to provide backward
compatibility with Windows NT 4 domain controllers.
The answer "The system has at least one shared printer" is incorrect.
The system's status as a print server has no effect on the
NETLOGON share.
The answer "The system is a Windows NT 4 system" is incorrect.
You are unlikely to find a folder called systemroot\SYSVOL\sysvol
\domainname\SCRIPTS on a Windows NT 4 system.
The answer "The system is a member server" is incorrect. The
existence of a NETLOGON share indicates that the system is a
domain controller, not a member server. (Discussion starts on page
281.)
Question
0 out of 1 points
11
Which of the following tasks can be performed with the Full Control share
permission but not the Change share permission?
Selected Deleting the file
Answer:
Correct Answer: Changing file permissions
Feedback: The Full Control share permission grants the security principal all
rights to the file, including the ability to change the file permissions.
The Change share permission allows users to create folders, add
files to folders, change data in files, append data to files, change file
attributes, delete folders and files, and perform actions permitted by
the Read permission. It does not allow users to change file
permissions. (Discussion starts on page 291.)
Question
1 out of 1 points
12
If a group is assigned the Change share permission to a folder, and a user who is a
member of that group is assigned the Read share permission to that folder, what
are the effective permissions for that user to the folder?
Selected Change
Answer:
Correct Answer: Change
Feedback: In a scenario such as this, without restrictive permissions, the
permissions are combined to give the greatest set of permissions.
So, if the group is assigned the Change share permission and the
user is assigned Read, the user's effective permission (because he is
part of the group) is Change, which is the most permissive.
The answer "Read and Change" is incorrect. Effective permissions
are expressed as the most permissive permission, not a combination
of permissions.
The answer "None" is incorrect. A restrictive permission is granted by
virtue of the fact that a right is denied to a security principal, but no
restrictive permissions are assigned to a security principal in this
example.
The answer "Full Control" is incorrect. The Full Control permission is
not assigned to any security principal in this scenario. (Discussion
Question
0 out of 1 points
13
You have created a folder called SALES and shared it out as SALESSHARE. The
Sales group is assigned the Full Control share permission and the Change NTFS
permission. The Sales department is being relocated from the sixth floor to the third
floor. To place the data for the Sales group as near to them as possible, you are
going to move the SALES folder to the server on the third floor. What happens to
the share permissions on the folder after the move?
Selected They remain as Full Control for the SALES
Answer: group.
Correct Answer: They are lost.
Feedback: Share permissions are lost when a folder is moved. The other
Question
1 out of 1 points
14
If you create a share and append the $ symbol to the share name, how does this
affect the share?
Selected The share is not shown when you browse the shares
Answer: available on the system.
Correct The share is not shown when you browse the shares
Answer: available on the system.
Feedback: Appending the $ symbol to a share name marks the share as hidden.
You can still access the share with the appropriate permissions, but
you cannot browse to the share, nor does it show up in the list of
available shares for a system.
The answer "The share is available only to users with Full Control
share permissions" is incorrect. The $ symbol does not affect what
permissions are required to access the share.
The answer "The share is available only to users who are members
of the Enterprise Admins, Domain Admins, or Administrators group"
is incorrect. The $ symbol does not affect what group memberships
are required to access a share.
The answer "The share is inaccessible from any system other than
the one on which it was created" is incorrect. The purpose of creating
shares is to make them available to systems other than the one on
which they were created. (Discussion starts on page 281.)
Question
0 out of 1 points
15
Under what circumstances would you configure IIS to use Basic Authentication?
Selected You want to have the server collect user credentials and store
Answer: them on the domain controller as an MD5 hash.
Correct None of the more secure authentication options is available.
Answer:
Feedback: You should use Basic Authentication only when a more secure
authentication option is not available.
The answer "The application hosted by the server is written in the
BASIC programming language" is incorrect. The language in which
an application hosted by the system is written does not normally
affect the type of authentication system used.
The answer "You want to have the server collect user credentials and
store them on the domain controller as an MD5 hash" is incorrect.
This statement describes the Digest Authentication For Windows
Domain Servers authentication method.
The answer "You want the username and password for the user
transmitted in the form of a hash that prevents eavesdroppers from
accessing the user's credentials" is incorrect. This describes
Integrated Windows Authentication. (Discussion starts on page 312.)
Question
1 out of 1 points
16
True or False: If a user is assigned the Read NTFS permission to a file, and a group
of which the user is a member is denied all rights to the file, the user can still open
the file.
Selected False
Answer:
Feedback: Denied permissions override allowed permissions, so if a group of
which the user is a member is denied access to a file, that permission
assignment cancels out the Read permission assigned directly to that
user. (Discussion starts on page 279.)
Question
0 out of 1 points
17
You have configured a virtual directory alias of info for the E:\sales\information
folder on the server. The Web site hosted by the server is www.contoso.com. Which
of the following URLs do you use to access the virtual directory?
Selected
Answer: www.contoso.com/information
Correct Answer: www.contoso.com/info
Feedback: The virtual directory alias feature allows you to specify a directory in
another location on the network that will appear as a subdirectory of
a Web site. If the virtual directory alias is info and the main Web site
is www.contoso.com, the URL for the virtual directory is
www.contoso.com/info. All of the other answers are incorrect.
Question
1 out of 1 points
18
To view the ownership, permissions, and attributes of a file, what is the minimum
standard NTFS permission required?
Selected
Answer: Read
Correct Answer:
Read
Feedback: The minimum permission required to view the ownership,
permissions, and attributes of a file is the NTFS Read standard
permission. The Read & Execute, Modify, and Full Control standard
permissions all grant more rights than those required to view the
ownership, permissions, and attributes of a file. (Discussion starts on
page 296.)
Question
0 out of 1 points
19
You are configuring IIS on a Windows Server 2003 system. After creating a new
home page for your corporate intranet, you want to make it available to users. You
are not using redirection of any kind. Where do you place the file?
Selected C:\IIS\WWWROOT
Answer:
Correct Answer: C::\INETPUB\WWWROOT
Feedback: By default, IIS looks in the C:\INETPUB\WWWROOT folder for pages
that comprise the default Web site. If you have created a new home
page, you place it in this directory. All of the other answers are
incorrect. (Discussion starts on page 309.)
Question
1 out of 1 points
20
You want a user to take ownership of a file or folder that she did not create. Which
of the following groups do you not add her to?
Selected Creator/Owner special
Answer: identity
Correct Answer: Creator/Owner special
identity
Feedback: You cannot amend the membership of special identity groups such
as Creator/Owner. By default, the Default Domain Controllers Policy
GPO grants all of the other groups listed the Restore Files And
Directories user right, which in turn grants the ability to take
ownership of a file. However, the appropriateness of making the user
a member of one of these groups depends on policy and best
practice. (Discussion starts on page 304.)
Question
1 out of 1 points
21
Which of the following Net commands do you use to create a new share called DEV
from the C:\development folder and allow up to five users to access the share at a
time?
Selected net share DEV=c:\development /grant:users, read
Answer: /users:5
Correct Answer: net share DEV=c:\development /grant:users, read
/users:5
Feedback: The correct use of the Net command to create a share is net share
sharename=directorypath. The /grant:principals switch is used to
specify what security principals are assigned access and what
permissions are assigned. The /users:numusers switch is used to
specify how many users are allowed to access a share at one time.
All of the other answers are incorrect. (Discussion starts on page
288.)
Question
0 out of 1 points
22
A user called JohnP is experiencing problems deleting a file out of a folder on the
server. Ordinarily he just opens the file—a report generated by the database hosted
on the system—but in this case, the file has become corrupted and he needs to
delete it. JohnP cannot delete the file, even though he believes he should be able
to. You determine that he is accessing the report through a share called REPORTS,
which was created on a folder called E:\REPORTS. When you investigate, you find
the following permission assignments:
Share Permissions on REPORTS:
Everyone - Read
NTFS Permissions on E:\REPORTS:
Everyone - Read & Execute
Sales - Modify
JohnP - Full Control
What are JohnP's effective permissions to the folder E:\REPORTS?
Selected Read & Execute
Answer:
Correct Answer: Read
Feedback: When you calculate effective permissions on a folder that is
accessed via a share, the most restrictive permission applies. In this
case, the share permission for JohnP is Read by virtue of his
membership in the Everyone special identity. As a member of the
Sales group and the Everyone special identity, JohnP receives the
Modify and Read & Execute NTFS permissions, but both of these are
superseded by JohnP having the Full Control NTFS permission.
However, the effective permission is dropped down to Read because
the share permission is the most restrictive and thus becomes
effective. All of the other answers are incorrect. (Discussion starts on
page 279.)
Question
0 out of 1 points
23
You are the network administrator for a marketing company in Pensacola. One
morning, you receive a call from a user called Psmith in the Marketing department
who is experiencing problems accessing a spreadsheet in a folder. According to
your system documentation, which is up to date, Psmith is a member of the
Marketing group but holds no other group memberships. You check the permissions
to the folder and see the following entries in the ACL:
Sales - Deny All
Psmith - Read
Sjones - Modify
Everyone - Write
Based on the entries in the ACL, what should Psmith be able to do with the file?
Selected [None Given]
Answer:
Correct Answer: Open the file, make changes, and save it as a new
file.
Feedback: Psmith receives the Read permission from his user permission
assignment and the Write permission from his membership in the
Everyone special identity. These nonrestrictive permissions result in
him receiving the greatest set of permissions, which in this case is
Write. With the Write permission, Psmith can open the file, make
changes to it, and save it as a new file.
The answer "Open the file but not make any changes" is incorrect. It
would be correct only if the user did not receive the Write permission
as part of the Everyone special identity.
The answer "Open the file but not save it as a new file" is also
incorrect, for the same reason.
The answer "He should not be able to open the file" is also incorrect.
The user is not a member of the Sales group, which is denied all
access, so he has at least the Read permission assigned to his user
account. (Discussion starts on page 279.)
Question
0 out of 1 points
24
A user is assigned the Change share permission to the \\SERVER2\DATA share
that represents the C:\Data folder on Server2. The user connects to the DATA share
across the network and opens a file from the \\SERVER2\DATA\SALES folder. He
then decides that he no longer needs that file, and he tries to delete it. However, he
is unable to do so and receives an error. Which of the following is a possible
explanation for this?
Answer:
Correct Answer: NTFS permissions are restricting the user's access to the
folder.
Feedback: Of the answers listed, the only possible explanation for this situation
is that NTFS permissions are restricting the user's access to the
folder. When share and NTFS permissions are combined, the most
restrictive permission applies. In this scenario, the user might have
been assigned an NTFS permission that is more restrictive than the
Change share permission, either as a user or as a member of a
group. This would prevent the user from deleting the file.
The answer "The user is a member of a group that is assigned the
Read share permission to the DATA share" is incorrect. The user's
membership in this group would have no effect. The user's Change
permission would be effective because share permissions combine to
provide the highest level of access, which in this case is Change.
The answer "Share permissions on the SALES folder in the DATA
share are preventing the user from deleting the file" is incorrect.
When you connect to a share across the network, shared folder
permissions apply to the share and thus any folders that are
subfolders of the folder that is shared. You cannot apply a different
set of share permissions to the subfolders of the share without
creating a new share at that point. Even then, the user must connect
directly to that new share point to be subject to those share
permissions.
The answer "The user is a member of a group that has been denied
all permissions to the DATA share" is not a possible explanation.
Deny permissions overri
Question
0 out of 1 points
25
You are configuring permissions for users on your network. If a user is assigned the
Modify NTFS permission to the C:\DATA folder and the Read permission to the
C:\DATA\SALES folder, what is the user's effective permission to the C:\DATA
\SALES folder, assuming that no other NTFS permission or share permission
assignments have been made and that permission inheritance is not blocked?
Answer:
Correct Answer: Read.
Feedback: An explicit permissions assignment overrides a permission
assignment at a higher level in the directory tree. In this case, the
Read permission assigned to the user on the C:\DATA\SALES folder
overrides the Modify permission assignment on the C:\DATA folder.
Therefore, the user's permissions are Read to the C:\DATA\SALES
folder.
The answer "Modify" is incorrect. If no subsequent permission
assignment was made, the user's permission would be Modify (as
long as permission inheritance had not been blocked).
The answer "Full Control" is incorrect. In this case, the most
permissive permission assigned is Modify. No circumstances in this
scenario would grant the user Full Control permissions.
The answer "There is insufficient information to answer this question"
is incorrect. There is sufficient information to answer this question.
Question
0 out of 1 points
26
You are the network administrator for a publishing company in San Diego. One
morning, a user calls to complain that he cannot delete a file from a shared folder.
You locate the folder, and in the Advanced Security Settings dialog box, you select
the Effective Permissions tab. You see that the user should indeed be able to delete
the file. Which of the following might be the cause of the problem?
Answer:
Correct The effective permissions display does not factor in share
Answer: permissions.
Feedback: The effective permissions calculations made in the Effective
Permissions tab of the Advanced Security Settings dialog box factor
in only NTFS permissions and do not include share permissions,
which might be more restrictive. All of the other answers are
incorrect. Explicit permissions to groups, explicit permissions to
users, and explicit memberships in domain local groups are
considered in the effective permissions calculations. (Discussion
Question
0 out of 1 points
27
You have just taken over as the network administrator for a paper manufacturer in
Springfield, Ohio. You are in the process of implementing a new file structure to
better accommodate users' needs and make file access more secure. Today, you
are working on the E:\SALES folder structure, which is used by the 65 users in the
Sales department. All 65 users need the ability to read files in the folder and run
programs from that folder. In addition, three managers need the ability to edit and
delete files in that folder. All of the users and managers in the Sales department are
members of the SALES group. Which of the following statements best describes
how to configure permissions to meet these requirements?
Answer:
Correct Create a share, and assign the Full Control share permission to
Answer: the SALES group. Assign the SALES group the NTFS Read &
Execute permission. Assign the three managers in the Sales
department the NTFS Modify permission.
Feedback: Creating a share and assigning the Full Control share permission to
the SALES group eliminates the share as a restrictive permission
source for members of the group. Assigning the SALES group the
NTFS Read & Execute permission then grants the users in the
SALES group the rights needed to open files and run programs.
Finally, giving the NTFS Modify right to the three managers allows
them to read, write to, and delete files in the folder.
The answer "Create a share, and assign the Modify share permission
to the SALES group. Assign the SALES group the NTFS Read &
department the NTFS Modify permission" is incorrect. The available
permissions for a share are Read, Change, and Full Control. Modify
is not a valid share permission.
The answer "Create a share, and assign the Read share permission
to the SALES group. Assign the SALES group the NTFS Read &
department the NTFS Modify permission" is incorrect. If you assign
the Read permission to the Share for the SALES group, it becomes
the most restrictive permission. Granting any level of NTFS
permissions above Read has no effect.
The answer "Create a share, and assign the Full Control share
permission to the SALES group. Assign the SALES group the NTFS
Read permission. Assign the three managers in the Sales
department the NTFS Modify permission" is incorrect. Assigning only
the NTFS Read permi
Question
0 out of 1 points
28
You are the network administrator for a small furniture manufacturing company in
Portland, Oregon. The network comprises three Windows Server 2003 systems, all
of which are configured as domain controllers. Each server has three disk drives in
it. One drive is dedicated to the system and boot partition, and the other two drives
hold the company sales order-processing database. All of the drives use NTFS.
One day, a user reports that she has been configuring a folder that she created,
removing all of the users, including herself, from the ACL. Now she is unable to
access the files in the folder. How do you restore her access to the files in the
folder?
Answer:
Correct Answer: Have the user assign herself permission to the folder
again.
Feedback: When a user creates a file or folder, she automatically becomes the
owner of that file. The owner of a file or folder has the right to modify
the ACL, which is how the user was able to edit the ACL in the first
place. Even though she cannot see the files in the folder, she can still
access and edit the ACL for the folder and add herself and other
users back into it.
The answer "Restore the folder and its files from a backup taken
before the user made the changes" is incorrect. There is no need to
do this to restore access to the files.
The answer "Retake ownership of the folder, and reassign
permissions to the users as necessary" is incorrect. There is no need
to perform this action to restore the users' access to the files.
The answer "Assign the user to the Creator/Owner special identity so
she can edit the ACL" is incorrect. You cannot edit the membership
of a special identity such as Creator/Owner. (Discussion starts on
page 304.)
Question
0 out of 1 points
29
You are the network administrator for a small craft supplies wholesaler in Memphis.
You have a single server running Windows Server 2003. You are using the FAT file
system and rely on share permissions to control access to data. You share out the
E:\SALES folder as SALES and assign the Sales group the Full Control share
permission. You then share out the E:\SALES\REPORTS folder as REPORTS and
assign the Sales group the Read permission to the share. Which of the following
actions can users not take on a file in the E:\SALES\REPORTS folder if they
connect to the SALES share?
Answer:
Correct Answer: Change the permissions on a
file
Feedback: The ability to change file permissions is granted by the Full Control
share permission, but file permissions (NTFS) are available only on
drives that use the NTFS file system. In this case, you are using FAT,
so even though you have the Full Control share permission (by virtue
of the fact that you connected through the SALES share), you still
cannot configure file permissions. All of the other answers are
incorrect. You can open a file, delete a file, or change the attributes
of a file because your effective permissions are those granted at the
share from which you entered the file system. Even if you enter
another folder that is shared out, you are still subject to the
permissions granted at the share where you entered. (Discussion
Question
0 out of 1 points
30
You are troubleshooting a file access problem reported by a user called SallyJ from
the Sales department. As a member of that department, she is a member of the
Sales group. She is connecting to a shared folder called DATA, which is shared on
the E:\DATA folder. You examine the share permissions and NTFS permissions on
the folder and see the following:
Share permissions for DATA share:
Sales - Change
NTFS permissions for E:\DATA folder:
Sales - Write
SallyJ - Read&Execute
No permissions are applied to any files in the folder. What should SallyJ be able to
do in the folder?
Answer:
Correct Answer: Open files, make changes to those files, and create new
files.
Feedback: SallyJ's effective permission is Write because, although it is the more
powerful of the NTFS permissions, it is the most restrictive
permission of the share and NTFS permissions. Therefore, it
becomes the effective permission for SallyJ. The Write NTFS
permission allows you to open a file, make changes to that file, and
create new files. All of the other answers are incorrect. (Discussion
Question
0 out of 1 points
31
You are the network administrator for a plumbing hardware wholesaler in
Rochester, New York. The network comprises two Windows Server 2003 systems,
both of which are domain controllers. Each server has two disk drives in it, one that
holds the system and boot partitions and another, called STORAGE, that is used to
store the company's sales order-processing database, inventory database, and
files. Four shares have been created on the server: SALES, INVENTORY, DATA,
and ARCHIVE. The permissions on the shares are set to Full Control for the
Everyone special identity. Folders in the shares are controlled via NTFS
permissions.
One Monday, you arrive at work to find that the STORAGE drive has failed.
Fortunately, your regular supplier is able to deliver a replacement drive within an
hour, and you install it in the server. After formatting the drive, You restore the data
from the previous night's backup and then perform a quick check to make sure the
data restore is successful. It is, so you inform users that they can use the sales
order-processing system and the inventory database. However, it quickly becomes
apparent that users cannot access either of these applications—they receive
CANNOT READ DATAFILE errors when they try to start either application. Which of
the following might be the cause of the problem?
Answer:
Correct The shares that the users used to connect to the server
Answer: were removed.
Feedback: One disadvantage of using shares is that share information is not
included in a backup. Therefore, if you have to restore from a
backup, you must re-create shares, and the appropriate share
permissions, before users can access data via the shares.
The answer "The NTFS permissions on the folders were reset to
Read for the Everyone special identity during the restore process" is
incorrect. NTFS permissions are restored intact. They would not
change from their state when the folder was backed up.
The answer "The ACLs for the folders were re-created by the restore
process and are now empty" is incorrect. ACLs are not re-created by
the restore process.
The answer "The shares that the users used to connect to the server
were automatically set to deny access to the Everyone special
identity, as a security precaution" is incorrect. This is not the cause of
the problem. (Discussion starts on page 291.)
Question
0 out of 1 points
32
You are the network administrator for a small company that develops integrated
circuit chips for mobile communications manufacturers. The company network
comprises a single Windows Server 2003 system that provides file and print
services to the company's 25 users. Three of the users are working on a top-secret
project. They require a folder on the server that only they can access. Auditing is
enabled on the server, but the manager wants to make sure that no one, including
the Administrator, can access the files except the three engineers working on the
project.
The manager asks you to remove all entries from the ACL for the folder for users,
groups, and special identities other than the three engineers. Will this prevent all
others from seeing or opening the files in the folder?
Answer:
Correct No. Someone else might be able to open or see the files, but
Answer: you will be able to tell if this has occurred.
Feedback: Any user who is a member of the Backup Operators or Server
Operators group can take ownership of a file because they are given
this right via the Default Domain Controllers Policy GPO. However, if
a user in this group takes ownership of the file and opens it, you will
be able to tell because the ownership of the file will change and the
event will be recorded by the auditing process. (Discussion starts on
page 304.)
Question
0 out of 1 points
33
You have configured a share for the Sales department called REPORTS and
assigned all of the users in the department the Read share permission. You have
also selected the All Files And Programs That Users Open From The Share Will Be
Automatically Available Offline option in the Offline Settings dialog box. What
happens if a user has a report open from the REPORTS share and the server
becomes unavailable?
Answer:
Correct Answer: The files will be available offline but will have no security
on them.
Feedback: When the All Files And Programs That Users Open From The Share
Will Be Automatically Available Offline option is selected, any file that
the user is working on is cached locally, but security that would be
offered by the share is lost. Therefore, in this scenario the user will
be able to access the files and work on them while the server is
down, but the files will have no security on them.
The answer "The files will be available offline, but access to the files
will be controlled by the share permissions just as if they were being
accessed from the server" is incorrect. The share permissions would
no longer be effective.
The answer "The files will be available offline, but only if a connection
can be established to a domain controller that can verify the entries
in the ACL" is incorrect. Share permissions are not stored in the ACL
of a file.
The answer "The files will not be available offline" is incorrect. If the
All Files And Programs That Users Open From The Share Will Be
Automatically Available Offline option is selected in the Offline
Settings dialog box, the user will still be able to read the file if a
connection to the server is lost. (Discussion starts on page 289.)
Question
0 out of 1 points
34
You are the network administrator for a charity based in Dallas, Texas. You have a
single Windows Server 2003 system, running Active Directory, that provides file and
print server services to 50 users. The system was donated by a local business, and
while it is powerful enough for your needs, storage capacity on the server is limited.
Your manager has assured you that as soon as funds become available, you will be
able to purchase an additional disk drive, but in the meantime he has asked you to
use any available means to control the storage situation. As a result, you have
implemented disk quotas so that one user cannot monopolize all the available disk
space.
After creating a new directory structure for a user and copying a number of large
files from the user's workstation to the server, you want to make sure the files are
counted toward the user's disk quota. Which approach are you most likely to use?
Answer:
Correct While logged on as a user account that is a member of the
Answer: Server Operators group, assign ownership of the files to the user.
Feedback: Of the approaches listed, the simplest is to assign ownership of the
files to the user. To do this, you must be logged on with an account
that has the Restore files and directories user right. Members of the
Server Operators group have this right, as do members of the
Administrators and Backup Operators groups.
The answer "Make the user a member of the Administrators group,
which allows her to take ownership of the files. Once she has done
that, remove her from the Administrators group" is valid, but it is not
the most likely approach.
The answer "Make the user a member of the Creator/Owner special
identity to allow her to take ownership of the files" is incorrect. You
cannot modify the membership of the Creator/Owner special identity.
The answer "Give the user the Modify NTFS permission so she can
take ownership of the files" is incorrect. The Modify NTFS permission
does not allow the security principal in possession of the right to take
ownership of a file or folder. (Discussion starts on page 304.)

Which of the following is not a standard permission that can be assigned to a printer?
Selected Manage
Answer: Properties
Correct Answer: Manage
Properties
Feedback: Manage Properties is not a standard printer permission on Windows
Server 2003. Print, Manage Printers, and Manage Documents are all
standard permissions on Windows Server 2003. (Discussion starts on
page 335.)
Question
1 out of 1 points
2
Where do you look to see if a printer is in offline mode?
Selected Printers And Faxes folder

Answer:
Correct Answer: Printers And Faxes folder
Feedback: You can see if a printer is in offline mode by looking in the Printers
And Faxes folder. You cannot determine the offline state of a printer
through Event Viewer or the Services utility. There is no Printer
Management MMC snap-in. (Discussion starts on page 345.)
Question
1 out of 1 points
3
In what tab of a printer's properties do you configure printer pooling?
Selected Ports
Answer:
Correct Answer: Ports
Feedback: Printer pooling is configured in the Ports tab of a printers properties.
All of the other answers are incorrect. (Discussion starts on page 338.)
Question
1 out of 1 points
4
Which of the following UNC paths do you use to connect to the LASERJ printer on
the SALES6 server?
Selected \\SALES6\LASERJ
Answer:
Correct Answer: \\SALES6\LASERJ
Feedback: Standard UNC naming is \\servername\sharename. In this case,
because you are connecting to the LASERJ printer on the SALES6
server, the correct UNC path is \\SALES6\LASERJ. (Discussion starts
on page 332.)
Question
1 out of 1 points
5
In what tab of a printer's properties do you configure redirection of print jobs?
Selected Ports
Answer:
Correct Answer: Ports
Feedback: Printer redirection is configured in the Ports tab of a printer's
properties. It cannot be configured in the Advanced, Device Settings,
or General tab. (Discussion starts on page 340.)
Question
1 out of 1 points
6
Where do you look to see error messages related to the spooler service?
Selected Event Viewer, System log

Answer:
Correct Answer: Event Viewer, System log
Feedback: Spooler-related events are written to the System log of Event Viewer.
They are not written to the Security or Application log. There is no
Event Viewer log called Print. (Discussion starts on page 345.)
Question
1 out of 1 points
7
Where do you configure a printer for use with A4-size paper rather than Letter?
Selected The Device Settings tab of the printer's

Answer: properties
Correct Answer: The Device Settings tab of the printer's
properties
Feedback: The paper size selection, more properly referred to as assigning forms
to trays, is performed in the Device Settings tab of the printer's
properties. All of the other answers are incorrect. (Discussion starts on
page 336.)
Question
1 out of 1 points
8
Which of the following is not a counter you can add to the Performance console when
you monitor printing activity?
Selected Offline
Answer: Errors
Correct Answer: Offline
Errors
Feedback: Offline Errors is not a Performance console counter that can be added
to the Performance console. If you needed to monitor information
about when a printer is offline, you use the Not Ready Errors counter.
All of the other answers are valid counters that can be used in the
Performance console to monitor printing. (Discussion starts on page
341.)
Question
1 out of 1 points
9
While using the Performance console to monitor printing, you notice that the Job
Errors counter for a high-performance laser printer is 15. What does this tell you?
Selected Since the spooler was started, 15 Job Errors have been
Answer: recorded.
Correct Answer: Since the spooler was started, 15 Job Errors have been
recorded.
Feedback: The Job Errors counter specifies the number of Job Errors that have
been recorded since the spooler was started.
The answers "Since the printer was last offline, 15 Job Errors have
been recorded" and "Since you started monitoring the printer, 15 Job
Errors have been recorded" are incorrect. The number of Job Errors is
measured from the last time the spooler was started.
The answer "The number of actual errors experienced by print jobs is
15" is incorrect. Although this might in fact be the case, a single print
job might experience multiple errors and only record a single Job
Error, so it is not a reliable gauge of the number of actual errors
experienced by print jobs. (Discussion starts on page 341.)
Question
1 out of 1 points
10
You create four logical printers called SALES, RESEARCH, MARKETING, and
MANAGEMENT. You assign the SALES printer a priority of 10, The RESEARCH
PRINTER a priority of 8, the MARKETING printer a priority of 5, and the
MANAGEMENT printer a priority of 2. If a document is sent to each of the logical
printers at exactly the same time, which one will print first?
Selected SALES
Answer:
Correct Answer: SALES
Feedback: In terms of printer priority, the highest value that can be assigned to a
printer is 99, and the lowest is 1. In this scenario, the SALES printer
has the highest priority. (Discussion starts on page 339.)
Question
1 out of 1 points
11
The laser printer on the third floor has failed. To provide users with some printing
capability, you decide to redirect the logical printer for the failed printer to the laser
printer on the second floor. What happens to print jobs that are already printing?
Selected They are not
Answer: printed.
Correct Answer: They are not
printed.
Feedback: When a printer is redirected, any job that is printing at the time of the
redirection is not redirected to the new printer. The print job must be
resent. The other answers are incorrect. (Discussion starts on page
340.)
Question
1 out of 1 points
12
True or False: You can use the Ping utility to prove that the printer is connected to
the network, powered on, and online.
Selected False
Answer:
Feedback: Successfully pinging a printer proves that it is connected to the
network and powered on, but it does not prove that it is online. A
printer will reply to a ping even if it is not online. (Discussion starts on
page 345.)
Question
1 out of 1 points
13
You have created a printer on a Windows Server 2003 system. During the creation
process, you shared the printer out, but now you want to configure the printer so it is
not listed in Active Directory. Which of the following is the correct way to do this?
Selected Select the printer icon in the Printers And Faxes window and,
Answer: from the File menu, select Sharing. Clear the List In The Directory
check box.
Correct Select the printer icon in the Printers And Faxes window and,
Answer: from the File menu, select Sharing. Clear the List In The Directory
check box.
Feedback: For a printer to not be listed in Active Directory, the List In The
Directory check box in the Sharing tab of the printer's properties must
be cleared. You can access this tab by selecting the printer icon in
the Printers And Faxes window and selecting Sharing from the File
menu.
The answer "Select the printer icon in the Printers And Faxes window
and, from the File menu, select Properties. In the General tab, clear
the List In The Directory check box" is incorrect. The List In The
Directory check box is in the Sharing tab, not the General tab.
The answer "Select the printer icon in the Printers And Faxes
window. Right-click the icon, and deselect List In The Directory on
the menu" is incorrect. You cannot clear the List In The Directory
option in this way.
The answer "Locate the corresponding printer object in Active
Directory Users And Computers, and delete or disable it" is incorrect.
When a printer is listed in Active Directory, a printer object for it is not
created in Active Directory. Therefore, there is no Active Directory
printer object that can be deleted through Active Directory Users And
Computers. (Discussion starts on page 330.)
Question
1 out of 1 points
14
You have created a printer called SALES LASER on the SALES server. What is the
default share name for the printer?
Selected SALESLAS
Answer:
Correct Answer: SALESLAS
Feedback: When you first share out a printer, the default share name is the first
eight nonblank characters of the printer name. In this case, because
the printer name is SALES LASER, the default share name uses
SALES, ignores the space, and then uses the first three characters of
the second word, LAS. The result is SALESLAS. All of the other
Question
1 out of 1 points
15
After you create a new printer and share it out, users can start printing to the device
even if you have not made any permission assignments for the printer. How is this
possible?
Selected The default permission assignment for a newly created
Answer: printer is Everyone, Print.
Correct The default permission assignment for a newly created
Answer: printer is Everyone, Print.
Feedback: When you create a printer on a Windows Server 2003 system, the
Everyone special identity is assigned the Print permission. This
enables users to start printing to a newly created printer without any
additional permission assignments. All of the other answers are
Question
1 out of 1 points
16
You have created a printer pool of three printers: HPLASER1, HPLASER2, and
HPLASER3. Three users print to the printer pool at exactly the same time. If one of
the jobs is significantly larger than the others, which of the printers will the print job
be output from?
Selected There is no way of
Answer: knowing.
Correct Answer: There is no way of
knowing.
Feedback: When you create a printer pool, which printer services a particular job
has nothing to do with the size of the job. All of the other answers are
Question
1 out of 1 points
17
True or False: When you install a printer that is connected directly to the Windows
Server 2003 system, the installation process does not create a logical printer device
for it.
Selected False
Answer:
Feedback: A logical printer is required for printers that are connected directly to
the network and for printers that are connected directly to a Windows
Server 2003 system. The logical printer is created when the printer is
added to the system. (Discussion starts on page 324.)
Question
1 out of 1 points
18
Your manager has asked you to configure the company's Windows Server 2003
system so users in the Sales department can be charged for the use of a high-
resolution color laser printer to which the department has exclusive access. Which
of the following are you most likely to do to achieve this?
Selected Use the Performance console to monitor printer
Answer: usage.
Correct Answer: Use the Performance console to monitor printer
usage.
Feedback: By using the Total Jobs Printed or Total Pages Printed counters, you
can get an accurate total for the printer usage.
The answer "Implement auditing on the color printer" is incorrect.
Although you can implement auditing to track how many jobs are
printed, this approach is less than ideal because a number of events
can be created for a single print job.
The answer "Enable disk quotas for the spool directory" is incorrect.
Disk quotas are implemented on a volume, not on the directory level.
They would not be an accurate measure of printer usage anyway.
The answer "Configure the properties of the printer so printed
documents are kept after they have been printed" is incorrect.
Keeping jobs that have printed is an option in the Advanced tab of a
printer's properties, but this would involve keeping a number of
potentially large print jobs on the disk, which is not a great use of
available disk space. (Discussion starts on page 340.)
Question 1 out of 1 points
19
You have installed a laser printer and connected it directly to the network. You
created logical printers on 7 of 10 Windows 98 workstations and configured the
logical printers to point to the newly installed printer. When the printer runs out of
paper, which systems receive the error message generated by the printer?
Selected Only the PC that is printing a job or has a job at the front of
Answer: the print queue
Correct Only the PC that is printing a job or has a job at the front of
Answer: the print queue
Feedback: When you are not using a print server, each system that prints to the
printer does so with no knowledge of the other users of the printer. If
the printer generates an error message, it appears only on the
system that is printing the current job. All of the other answers are
Question
1 out of 1 points
20
You are the network administrator for a small book distribution company. The
network comprises 2 Windows Server 2003 systems, 3 Windows 2000 Professional
workstations, and 11 Windows 98 systems. The company uses two laser printers
that are connected directly to the network. One of the Windows Server 2003
systems is configured as the print server for both printers. You have subscribed to
an e-mail notification system provided by the printer manufacturer, which informs
you that new printer drivers are available for Windows 98 and Windows Server
2003. No new drivers are available for Windows 2000. Which of the following
procedures do you follow to install and update the printer drivers?
Selected On the Windows Server 2003 systems, update the drivers for
Answer: both Windows Server 2003 and Windows 98. In addition, install the
Windows 98 drivers on the client systems.
Correct On the Windows Server 2003 systems, update the drivers for
Answer: both Windows Server 2003 and Windows 98. In addition, install the
Windows 98 drivers on the client systems.
Feedback: You must install the new driver on both the client and the server
because client computers running Windows 95 or Windows 98 do not
check for updated printer drivers after the initial download of the
driver. Therefore, if a new driver is available, it must be installed on
both the server and the client systems.
The answer "On the Windows Server 2003 systems, update the
drivers for both Windows Server 2003 and Windows 98" is incorrect.
You would need to install the new driver on the client systems as
well.
The answer "On the Windows Server 2003 systems, update the
drivers for both Windows Server 2003 and Windows 98. Select the
Automatic Update Of Clients option in the Sharing tab of the printer's
properties" is incorrect. There is no Automatic Update Of Clients
option in the Sharing tab of a printer's properties.
The answer "Install the new Windows 98 drivers on the Windows 98
client systems. Install the Windows Server 2003 drivers on the
server" is incorrect. You would need to update the drivers for
Windows 98 on the server system as well. (Discussion starts on page
330.)
Question
1 out of 1 points
21
You are the network administrator for a bank. The network comprises 3 Windows
Server 2003 systems, 23 Windows 98 client systems, 3 Windows NT 4 systems,
and 14 Windows XP Professional systems. You have one laser printer that is
connected directly to the network. One of the servers is configured as a print server
for the printer, and the Windows 98 and Windows XP Professional systems all have
a logical printer configured that connects to the printer via the print server. The
Windows NT 4 workstation systems print directly to the printer across the network.
You have just purchased a new printer and are in the process of configuring it. The
users on the Windows NT 4 workstation systems do not need to access it. The new
printer will be attached directly to the print server by a parallel interface. What
platforms do you install drivers for when you configure the printer?
Selected Windows Server 2003, Windows XP Professional, and
Answer: Windows 98
Correct Windows Server 2003, Windows XP Professional, and
Answer: Windows 98
Feedback: A driver must be installed for every operating system that will access
the printer through the print server. The fact that the printer is directly
attached to the print server does not change this requirement. All of
the other answers are incorrect. (Discussion starts on page 330.)
Question
1 out of 1 points
22
You are the network administrator for a large department store. The network
comprises 3 Windows Server 2003 systems and 134 workstations, and 47 of those
workstations are configured as point-of-sale terminals. There are 27 printers, all of
which are connected directly to the network. Each of the seven customer service
desks has a PC and a color laser printer. The PCs are for customers to browse the
company's online catalog and to print product information sheets. However, your
manager has learned that someone might be using one of the PCs and color laser
printers to print personal material after hours. He asks you to enable auditing on the
printer to determine if this is indeed the case. You enable auditing on the printer, but
when you review the Security log the following evening, there are no entries of any
kind, even though you know that legitimate printing was done during the day. What
is the most likely cause of the problem?
Selected Object auditing might not be enabled.
Answer:
Correct Answer: Object auditing might not be enabled.
Feedback: For printer auditing to work, you must enable the Audit Object Access
policy. If you do not, no events of any type are recorded.
The answer "Audit events are not recorded in the Security log" is
incorrect. Audit events are recorded in the Security log of Event
Viewer.
The answer "Users are creating print jobs as the special identity
Everyone and are therefore not subject to auditing" is incorrect.
Special identities are not exempted from auditing.
The answer "You cannot audit successful print jobs—only failed print
jobs" is incorrect. You can audit both failed and successful print jobs.
Question
1 out of 1 points
23
You are the network administrator for a sporting goods wholesaler. The network
comprises 2 Windows Server 2003 systems, 23 Windows 98 workstations, and 4
Windows 2000 Professional workstations. The company has two high-speed laser
printers that are connected directly to the network. A user with a Windows 98
workstation reports that he is having problems printing from Microsoft Word. When
you visit the user's workstation, you discover that he cannot print from any other
application on the workstation either, even though he was able to earlier in the day.
You log on as yourself, attempt to print, and are able to do so. In addition, the user
at the next desk, who is also using a Windows 98 workstation, is able to print from
Word and Microsoft Excel to the same printer that the user is attempting to print to.
What is the most likely cause of the problem?
Selected The user has become disconnected from the
Answer: printer.
Correct Answer: The user has become disconnected from the
printer.
Feedback: Even though it might not be apparent, the most likely answer based
on a process of elimination is that the user has become disconnected
from the printer. If the user logs back on again, the printer will
probably be reconnected and the user will be able to print.
The answer "The printer driver on the user's workstation is corrupted"
is incorrect. If you are able to print while logged on with your user ID,
the printer driver on the workstation is most likely not corrupted.
The answer "A job-specific printer configuration is preventing the
user from printing" is incorrect. Although a job-specific printer
configuration might prevent a user from printing, the user has tried to
print from two different applications, so this is unlikely to be the
problem because the incorrect job specification would have to be the
same in both applications to prevent the user from printing.
The answer "The printer driver on the server has become corrupted"
is incorrect. Given that you and the user at the next desk are both
able to print to the printer, it is unlikely that the printer driver on the
server has become corrupted. (Discussion starts on page 344.)
Question
1 out of 1 points
24
You are the network administrator for a stock brokerage. The network comprises 2
Windows Server 2003 systems and 57 Windows XP Professional workstations. You
have three network-attached printers that are hosted by one of the Windows Server
2003 systems that is configured as the print server. Two of the printers are Hewlett-
Packard LaserJet 4050s and are named Accounts and Admin. The third printer is a
Hewlett-Packard DeskJet printer, which is called Publish. The Accounts and Publish
printers are on the first floor of the building, and the Admin printer is on the second
floor.
One morning, a user from the Accounting department reports that her print job has
stopped coming out of the Accounts printer, with only 43 of 75 pages printed.
Fourteen other jobs are in the print queue behind the job that has stopped. You
check that print queue and find that the print job indeed appears to be stuck in the
print queue, with only half of it printed. You determine that the printer has actually
stopped printing altogether and will not even print a test page. You check the print
queue again and find that there are now 21 print jobs in the print queue. Which of
the following do you do next?
Selected Redirect the logical printer to the Admin printer. Tell the user to
Answer: resend her print job to the queue. Notify all of the users of the
Accounts printer that their print jobs will be printed on the Admin
printer.
Correct Redirect the logical printer to the Admin printer. Tell the user to
Answer: resend her print job to the queue. Notify all of the users of the
Accounts printer that their print jobs will be printed on the Admin
printer.
Feedback: When you have a problem such as this, you can use redirection to
send the jobs from the print queue to another printing device.
However, the printing device that you send the jobs to must use the
same printer driver as the original device, and any job that is partially
printed must be resent. In this example, only the Admin printer is of
the same type as the Accounts printer.
The answer "Redirect the logical printer to the Admin printer. Tell the
user to collect the rest of her job from the Admin printer. Notify all of
the users of the Accounts printer that their print jobs will be printed on
the Admin printer" is incorrect. The user must resend the print job
that was partially printed.
The answers that include redirecting the logical printer to the Publish
printer are incorrect. The Publish printer is a completely different type
of printer and would not use the same drivers as the original printer.
Question
1 out of 1 points
25
You are the network administrator for a large real estate company. You have
configured two logical printers with one physical printing device. One logical printer
called RESIDENTIAL is assigned to the residential sales team. The other, called
COMMERCIAL, is assigned to the commercial sales team. You assign the
COMMERCIAL printer a priority of 10 and the RESIDENTIAL printer a priority of 1.
There are currently seven jobs in the RESIDENTIAL print queue. What happens
when a print job is sent to the COMMERCIAL print queue?
Selected The currently printing job is completed, and then the print job
Answer: from the COMMERCIAL queue is printed.
Correct The currently printing job is completed, and then the print job
Answer: from the COMMERCIAL queue is printed.
Feedback: Jobs sent to a higher-priority logical printer (1 is the lowest, 99 the
highest) take precedence over jobs in a queue for a lower-priority
logical printer. However, when a job from a higher-priority queue is
sent to the printer, if a job from a lower-priority queue is already
printing, that job is allowed to finish before the higher-priority job is
printed.
The answer "The currently printing job is paused, and the print job
from the COMMERCIAL queue is printed" is incorrect. The currently
printing job is allowed to finish first.
The answers "All of the jobs in the RESIDENTIAL queue are printed,
and then the job from the COMMERCIAL queue is printed as long as
no other jobs are added to the RESIDENTIAL queue in the
meantime" and "All of the jobs and any additional jobs in the
RESIDENTIAL queue are printed. When there are no outstanding
jobs in the RESIDENTIAL queue, the job from the COMMERCIAL
queue is printed" are incorrect. The COMMERCIAL queue has a
higher priority, so jobs in that queue are printed before other jobs in
the RESIDENTIAL queue. (Discussion starts on page 339.)
Question
1 out of 1 points
26
You are the network administrator for a small computer distributor. The network
comprises a single Windows Server 2003 system, which is configured as a domain
controller, and 17 Windows XP Professional workstations. There is a single high-
performance laser printer, which is directly connected to the network. The Windows
Server 2003 system acts as a print server for the device, with a single logical
printer. You are due to take a week's vacation, and although you anticipate few
problems, you want to give a user with some technical expertise the ability to pause
and restart the printer if a printing problem arises. You also want to allow him to
manage jobs in the print queue other than his own. To give him the necessary
rights, you want to make a single group assignment for the user. If possible, though,
you do not want to add him to a group that grants him more rights than he needs.
Which of the following predefined Active Directory groups do you add him to?
Selected Print
Answer: Operators
Correct Answer: Print
Operators
Feedback: Of the groups listed, only the Administrators and Print Operators are
assigned the Manage Printers permission on a Windows Server 2003
domain controller. You do not want to make the user a member of
the Administrators group because he would receive more rights than
he needs. Therefore, you should add him to the Print Operators
group. The Power Users group is found only on Windows Server
2003 systems that are not domain controllers. Print Managers is not
a predefined Active Directory group on a Windows Server 2003
system. (Discussion starts on page 335.)
Question
1 out of 1 points
27
You are the network administrator for a media publishing company. The network
comprises 2 Windows Server 2003 systems, 15 Windows 98 systems, and 10
Windows XP Professional systems. You have one high-performance laser printer,
which is connected directly via a parallel connection to one of the Windows Server
2003 systems that is configured as a print server. One morning, a user with a
Windows 98 system reports a problem with printing. She can send the job, but when
the job is printed, it is simply a collection of blank pages. While investigating, you
successfully print a test page from an application on the print server to which the
printer is directly connected. Which of the following areas have you not eliminated
as possible sources of the problem?
Selected Printer drivers
Answer:
Correct Answer: Printer drivers
Feedback: When you print from the server, you are using a Windows Server
2003 printer driver. When the user prints, she is using a Windows 98
printer driver. Therefore, by printing directly from the server, you are
not proving that the Windows 98 printer drivers are not corrupt. You
are however, proving that the physical printing device, the spooler
service, and the available disk space on the server are not the
source of the problem. (Discussion starts on page 344.)
Question
1 out of 1 points
28
You are the network administrator for a pharmaceutical company. The network
comprises 4 Windows Server 2003 systems and 205 Windows XP Professional
client computers. Three of the servers are configured as domain controllers. The
fourth server is configured as a member server and is the sole print server for the
company. The company has five divisions: Sales, Research, Manufacturing,
Distribution, and Administration.
Users in the Research department print large reports from a database system that
was developed in-house. For some reason, these large print jobs often get stuck in
the print queue and prevent other users in the department from printing. The
developer responsible for the application, who is also based in the Research
department, is looking into the problem. In the meantime, you give another person
from that department the ability to delete print jobs for himself and other users in the
department from the print queue, which you hope will reduce the number of calls to
the support desk. However, you do not want them to be able to make any
configuration changes to the printer itself. At the same time, you want to give the
developer the ability to modify printer properties so he can attempt to isolate the
problem with the database. Company policy dictates that group membership should
be used before creating individual permissions to a resource, unless doing so grants
a user more rights than he requires. Which of the following statements describes the
best way to provide the necessary access?
Selected Grant the developer the Manage Printers permission. Make
Answer: the nominated user a member of the Print Operators group.
Correct Grant the developer the Manage Printers permission. Make
Answer: the nominated user a member of the Print Operators group.
Feedback: On a Windows Server 2003 system that is configured as a member
server, the only group that is assigned the Manage Printers
permission is Administrators. Making the developer a member of the
Administrators group would grant him far more rights than you would
want him to have just to manage the properties of a printer.
Therefore, it is best to assign his user account the Manage Printers
permission. To enable the user to manage print jobs in the queue,
making him a member of the Print Operators group is sufficient.
The answer "Make the developer a member of the Administrators
group. Make the nominated user in the Research department a
member of the Print Operators group" is incorrect. Making the
developer a member of the Administrators group would grant him too
many rights.
The answer "Make the developer a member of the Print Operators
group. Make the nominated user a member of the Print Managers
group" is incorrect. Making the developer a member of the Print
Operators group would not provide him with enough rights to modify
the configuration of the printer. There is also no such group as Print
Managers.
The answer "Make the developer a member of the Print Managers
group. Make the nominated user a member of the Document
Managers group" is incorrect. Print Managers and Document
Managers are not recognized built-in groups on a Windows Server
2003 system. (Discussion starts on page 335.)
COMPUTER NETWORK TECH 55 SEC 093 (31251) SPRING 2009 (L2009SP-CNT-55-093-31251) > COURSE MATERIALS > REVIEW
ASSESSMENT: TEST12
Review Assessment: Test12

User RAFAEL JANANIAROSALES
Submitted 5/28/09 1:30 AM
Name Test12
Status Completed
Score 0 out of 34 points
Instructions
Question
0 out of 1 points
1
Which of the following commands do you use to start the standalone Disk
Management utility?
Answer:
Correct Answer:
Diskmgmt.msc
Feedback: To start the standalone Disk Management console, you use the
Diskmgmt.msc command. (Discussion starts on page 392.)
Question
0 out of 1 points
2
What is the maximum number of partitions supported by a single dynamic disk?

Answer:
Correct Answer: 1
Feedback: All dynamic disks consist of only one partition, which encompasses its
entire usable storage space. The partition can then be divided up into
volumes. A basic disk can have a maximum of four partitions. All of
the other answers are incorrect. (Discussion starts on page 390.)
Question
0 out of 1 points
3
In Disk Management, what status is assigned to a dynamic disk that has been
removed from another system and added to this system but has not yet been
imported?
Answer:
Correct Answer: Foreign
Feedback: A drive that has been removed from another system but that has not
yet been imported into the current system's configuration is given a
status of Foreign in Disk Management. A status of Not Initialized
would be assigned to a drive that does not contain a valid signature.
Neither Unknown nor Alien is a disk status in Disk Management.
Question
0 out of 1 points
4
How much free disk space is required for a complete defragmentation to be run on a
volume?
Answer:
Correct Answer: 15 percent
Feedback: To be completely defragmented, a volume must have at least 15
percent free space. All of the other answers are incorrect. (Discussion
Question
0 out of 1 points
5
When you view information for a volume in Disk Management, what does the
Overhead statistic represent?
Answer:
Correct The percentage of the volume's capacity devoted to storing
Answer: redundant data
Feedback: In Disk Management, the Overhead statistic represents the
percentage of the volume's capacity devoted to storing redundant
data. The percentage of the volume's capacity that is free is
represented by the % Free statistic. The volume type is represented
by the Layout field. The Fault Tolerance field indicates whether the
volume type provides fault tolerance. (Discussion starts on page 392.)
Question
0 out of 1 points
6
When you run the Chkdsk command-line utility, which of the following switches do
you use to automatically fix file system errors?
Answer:
Correct Answer: /f
Feedback: When you use the Chkdsk command line utility, you can use the /f
switch to automatically fix file system errors that are found by the
utility. The /r switch is used to instruct Chkdsk to attempt the recovery
of any bad sectors it finds. The /fx and /fs switches are not recognized
Chkdsk command switches. (Discussion starts on page 407.)
Question
0 out of 1 points
7
What is the maximum number of partitions you can have on a single basic disk?

Answer:
Correct Answer: 4
Feedback: A single basic disk can have up to four partitions. These can be four
primary partitions, or three primary partitions and an extended
partition. (Discussion starts on page 389.)
Question
0 out of 1 points
8
Fill in the blank: You can create a spanned volume using storage space from up to
____ physical disks.
Answer:
Correct Answer: 32
Feedback: A spanned volume includes space on more than one physical disk.
You can create a spanned volume using storage space from up to 32
physical disks, and the amount of space used on each disk can be
different. All of the other answers are incorrect. (Discussion starts on
page 390.)
Question
0 out of 1 points
9
You are using RAID-1 on your server. After a hard disk failure, you replace the failed
disk with a new one and restart the system. When you look in Disk Management,
what would you expect the status of the newly replaced volume to be while the mirror
data is being written to the new drive?
Answer:
Correct Answer: Resynching
Feedback: A status of Resynching for a volume indicates that a mirrored volume
is in the process of re-creating data on a newly restored disk.
Remirroring and Reraiding are not recognized status messages in
Disk Management. A status of Regenerating indicates that a RAID-5
volume is in the process of re-creating data on a newly restored disk.
Question
0 out of 1 points
10
You have a spanned volume that uses space from three disks. If the third drive in
the volume fails, which of the following is the easiest way to get the data back?
Answer:
Correct Answer: Replace the failed disk. Restore the data from a
backup.
Feedback: Spanned volumes are not fault tolerant. If a drive in a spanned
volume fails, the data is lost. After you replace the failed drive, the
data must be restored from a backup. All of the other answers are
Question
0 out of 1 points
11
Which of the following is a limitation of mounting a volume to a folder path?

Answer:
Correct Answer: The folder in which you are mounting the volume must be
empty.
Feedback: Although the disk containing the folder to which you mount the
volume must use NTFS, a mounted volume can use any file system.
It can also be part of a spanned or striped volume or be hosted on or
be part of a RAID-1 or RAID-5 array. However, the folder into which
you mount the volume must be empty. (Discussion starts on page
403.)
Question
0 out of 1 points
12
After installing a new disk, you start the Disk Management snap-in but find that the
newly installed drive is not shown. What do you do next?
Answer:
Correct Answer: Run Rescan Disks from the Action menu in Disk
Management.
Feedback: After you install a new disk in the system, if the disk is not recognized
in Disk Management, you can run Rescan Disks from the Action
menu. Dsscan is not a recognized Windows Server 2003 utility.
There is no /rs switch for starting Disk Management. Although
powering down the system, disconnecting, and reconnecting the
drive might cause the new drive to be recognized, this is not the first
thing you should do if a drive is not recognized in Disk Management.
Question
0 out of 1 points
13
You have three 16-GB drives in your server. Two of the drives have 6 GB of
unallocated space, and the third drive has 10 GB of unallocated space. What is the
largest spanned volume you can create?
Answer:
Feedback: Spanned volumes can use any amount of space from each of the
drives. In this example, the total available space is 22 GB. All of the
other answers are incorrect. (Discussion starts on page 398.)
Question
0 out of 1 points
14
You have three 20-GB drives in your server configured in a RAID-0 array. Each
drive has a single partition that uses the entire drive. How much space is available
for the storage of files?
Answer:
Feedback: RAID-0 is a non–fault tolerant RAID level, so no disk space is lost for
the storage of parity information or duplicate data. Therefore, in a
three-disk RAID-0 array using 20-GB disks, the space available for
the storage of files would be 60 GB. (Discussion starts on page 398.)
Question
0 out of 1 points
15
How can you determine that a user has reached or exceeded her disk quota limit?

Answer:
Correct Answer: View the System log in Event Viewer.
Feedback: There are only two ways to determine whether a user has reached or
exceeded her disk quota limit. One is to view the Quota Entries
dialog box, which displays the current disk storage utilization per
user. The other is to look for disk quota events in the System log of
Event Viewer. Information on a user's disk quota usage cannot be
viewed through the Application log of Event Viewer, through Disk
Management, or from the Properties dialog box of a user account in
Active Directory Users And Computers. (Discussion starts on page
412.)
Question
0 out of 1 points
16
True or False: If you specify an allocation unit size other than the default, you
cannot use file or folder compression.
Selected [None
Answer: Given]
Feedback: To use the file or folder compression feature, the allocation unit size
must be 4 KB (the default) or smaller. If a larger allocation unit size is
specified, file or folder compression cannot be used. (Discussion
Question
0 out of 1 points
17
When you configure disk quotas, which of the following cannot be configured?

Answer:
Correct Answer: The disk space available to a specific
group
Feedback: Disk quotas can be configured only on a per-user basis, not a per-
group basis. You can use disk quotas to configure warnings for users
and to configure whether users can continue to write to a drive after
they have reached their quota. (Discussion starts on page 410.)
Question
0 out of 1 points
18
When you use basic disks on a Windows Server 2003 domain controller, where is
the information about the partitions on the drive stored?
Answer:
Correct Answer: The MBR
Feedback: On a basic disk, information about the partitions on the drive is stored
in the Master Boot Record, or MBR. On a dynamic disk, information
about volumes is stored in the LDM database. Disk information is not
stored in Active Directory. Information about partitions is not stored in
the Master File Table (MFT). (Discussion starts on page 390.)
Question
0 out of 1 points
19
You are about to convert a basic disk to a dynamic disk. Which of the following
should you do before proceeding?
Answer:
Correct Answer: Make sure you have a complete backup of the data on the
drive.
Feedback: Before performing any operations that could lead to damage or
cause you to lose data, you should ensure that you have a complete
and valid backup of the drive. Deleting volumes and removing any
spanned or striped volumes is necessary only if you are converting
from a dynamic disk to a basic disk. You do not need to perform
these tasks when converting from a basic disk to a dynamic disk. The
same is true if you are removing any logical drives in a partition.
Question
0 out of 1 points
20
You are the network administrator for a building supplies wholesaler. You have a
single Windows Server 2003 system that has three 16-GB IDE disk drives in it.
Each disk has three volumes on it that together use 100 percent of the available
space. The first volume on disk 0 (C:) is the system and boot volume for the server.
This volume is mirrored to the first volume on disk 1. The second volume on the first
disk is configured as E:, and the third volume on the first disk is configured as F:.
The second and third volumes on the second drive are G: and H:, respectively. The
first, second, and third volumes on the third disk are called I:, J:, and K:,
respectively.
Recently you have experienced disk-related performance problems with the
server and are looking at ways to address this. One reliable source suggests
placing the Active Directory database and log files on separate disks. After
consulting the documentation that was created when the server was installed, you
determine that the Active Directory log files are indeed stored on the same volume
as the Active Directory database. Which of the following volumes do you move the
Active Directory log files to?
Answer:
Correct Answer: J:
Feedback: Best practice dictates that the Active Directory database and log files
be stored on separate physical drives. In this example, however, the
system and boot volume is mirrored to the second drive in the
system, so placing the log files on the second drive would not result
in any performance benefit because the log file updates would be
recorded to both physical drives. The best thing to do is to place the
log files on the third drive, which would keep them off of the drives
being used by the Active Directory database. Therefore, of the
answers listed, only J: is the right choice. (Discussion starts on page
388.)
Question
0 out of 1 points
21
You are the network administrator for an architectural design firm. The company
recently created a new materials analysis department, and you have been asked to
specify a new server for the department's use. The manager wants you to specify a
server that is as fault tolerant as possible and provides sufficient storage for a large
materials database. The database will be hosted on a RAID-5 array, and the system
and boot volume will be mirrored. The database will be around 80 GB, growing to
around 100 GB after the architects add their data. It is unlikely to grow beyond that
size, but the manager wants at least 20 percent free space within the array to allow
for future growth. The server you are considering for the department has capacity
for up to five drives. You decide to purchase two 20-GB drives to hold the system
and boot partitions. What is the minimum size of drives you should specify for the
RAID array?
Answer:
Feedback: With three drives in the RAID-5 array and a required capacity of 120
GB (100 GB + 20 percent), you need three 60-GB drives. An amount
of space equal to one entire drive is lost to the storage of parity
information. Therefore, the amount of space available for data
storage on the 60 GB drives is 120 GB. All of the other answers are
Question
0 out of 1 points
22
You are the network administrator for a community college. The network comprised
of three Windows Server 2003 systems and more than 200 Windows XP
Professional workstations. Each server has four 12-GB drives in it. Each drive has
two 4-GB partitions on it that were created using FAT. The rest of the disk is free
space. No fault-tolerant storage measures are in place, but after a recent disk failure
and a time-consuming restore process, your manager has asked you to implement
a fault-tolerant strategy that can be rolled out to each of the existing servers. He is
aware that this will use available disk space. No budget is available for new drives,
so you must create a solution using only the existing hardware. You decide to
create a RAID-5 array using the unused 4 GB of space on each drive. Which of the
following steps must you perform before you can complete this task?
Answer:
Correct Answer: Convert the disks to dynamic
disks.
Feedback: To create a RAID-5 array, the disks must be dynamic. In this
example, each drive has two 4-GB partitions on it, and only basic
disks allow more than one partition per disk. Therefore, the drives are
basic and must be converted before they can be used in a RAID-5
array. The answer "Convert the drives to NTFS" is incorrect. Both
FAT and NTFS file systems can be used in a RAID array. The
answer "Export any quotas that are in place" is incorrect. If the file
system on the drives is FAT, disk quotas cannot be used. The
answer "Disable compression" is incorrect. Compression is available
only on drives formatted with the NTFS file system. (Discussion starts
on page 397.)
Question
0 out of 1 points
23
You are the network administrator for a small biological research company. The
network comprised of a single Windows Server 2003 system that has two 20-GB
drives installed. Both disks are dynamic and are formatted with NTFS. One drive is
assigned as the system and boot volume, the other drive (called DATA) is assigned
to file storage and application hosting. The DATA drive is shared by 50 users in the
Sales department, 27 users in the Marketing department, and 4 users in the
Research department.
While viewing the information on the drive, you notice that the amount of free
space on the drive has fallen below 10 percent. Your manager agrees with you that
you need more storage space and has authorized the purchase of a new drive, but
she asks that you control the amount of data on the new drive. At the same time,
she wants to make sure that users in the Research department are not limited in the
amount of data they can store. Which of the following solutions do you implement?
Answer:
Correct Enable disk quotas. Configure quota entries for each user in
Answer: the Research department.
Feedback: Quotas are created on a per-volume basis. Quota limits apply to all
users unless a specific quota entry is created to give users in that
group more or less space. In this scenario, because the Research
department has so few users, the best approach is to enable quotas
on the volume and then create quota entries for the four people in the
Research department. This allows users in the Research department
more space while preventing the users in the Sales and Marketing
departments from accessing the new drive. The other answers are
incorrect. You cannot create quota entries for group objects.
Question
0 out of 1 points
24
You are planning to buy a new server for your department, and a supplier offers you
a large discount on a system with four 20-GB drives in it. Your manager approves
the purchase and asks you to recommend a strong fault-tolerant storage strategy
that uses all of the disks. You decide to create a 10-GB mirrored volume for the
system and boot volume and then devote the rest of the available space to a RAID-
5 array. Assuming that you create the largest possible RAID-5 array for this
scenario, how much space will be available for data storage within the array?
Answer:
Feedback: In this scenario, the largest RAID-5 array that could be created would
be 40 GB (10 GB from each of the four drives). With four disks, you
would lose
25 percent of the available space to the storage of parity information,
so the amount of storage space available would be 30 GB. Even
though the system and boot volume is mirrored, the 10 GB free on
each drive can still be included in the RAID-5 array. (Discussion
Question
0 out of 1 points
25
You have been hired as the first network administrator for a small horticultural
wholesaler. The network comprised of a single Windows Server 2003 system, which
was recently installed by the owner of the company. He has little technical
knowledge, so the server has a very simple configuration. A single 10-GB drive is
installed in the system, and it is configured as a basic disk with a single partition
using FAT. When you discuss the configuration of the server with the manager, you
advise adding a second drive in the server for storing data to keep it separate from
the system and boot partition, and that the system and boot partition be mirrored to
provide fault tolerance. He authorizes you to purchase a new disk drive and create a
mirror, but he wants you to take only the steps necessary to put the mirror in place,
and nothing more, as he wants to understand and approve any changes you make.
Which of the following best describes the procedure you should follow to do this?
Answer:
Correct Install, initialize, and format the new drive. Back up the data
Answer: from the existing drive. Convert the existing disk from basic to
dynamic. Convert the new drive from basic to dynamic. Create the
mirror.
Feedback: To create a mirror, both of the disks in the mirror must be dynamic
disks. Because the default for Windows Server 2003 is basic disks,
you must convert both drives before creating a mirror. The answer
"Install, initialize, and format the new drive. Convert the existing disk
from FAT to NTFS. Create the mirror" is incorrect. The ability to
create a mirror is not dependent on the file system in use. The
answer "Install, initialize, and format the new drive. Remove the data
from the existing disk, convert the existing disk from basic to
dynamic. Restore the data. Convert the new disk from basic to
dynamic. Create the mirror" is incorrect. To convert from basic to
dynamic disks, you do not need to remove the data from the drive.
The answer "Install, initialize, and format the new drive. Back up the
data from the existing drive, remove the partitions from the drive,
convert the disk from basic to dynamic, restore the data, and create
the mirror" is incorrect. To convert from basic to dynamic disks, you
do not need to remove the partitions from the drive. (Discussion
Question
0 out of 1 points
26
True or False: If you move a dynamic disk that is part of a striped volume from one
Windows Server 2003 system and install it in another system, the data on the drive
will be available on the new system.
Selected [None
Answer: Given]
Feedback: In a striped volume, if any one of the drives in the striped volume is
removed or fails, the entire volume will be unavailable. If the drive is
moved to another system, none of the data in the striped volume
area on any of the disks will be available. (Discussion starts on page
398.)
Question
0 out of 1 points
27
You have recently purchased a new Pentium 4 system with six 60-GB drives. Your
manager has asked you to design a fault-tolerant storage strategy that provides the
largest amount of protected storage. You decide to create a 30-GB mirrored volume
for the system and boot partition and then create the largest RAID-5 array possible.
In this scenario, what is the maximum amount of storage space that will be available
in the RAID-5 array?
Answer:
Feedback: In this example, the largest RAID-5 array would be created by using
the four disks that are not part of the system/boot partition mirror.
With four 60-GB drives, the amount of data storage space available
in the array would be 180 GB because an amount of space equal to
one drive in the array would be lost to the storage of parity
information. If the available space on the drives holding the system
and boot partition mirror were used in the RAID-5 array, a RAID-5
array with 150 GB of available storage space would be created,
which is less than the 180 GB that could be created by using the
unallocated drives. (Discussion starts on page 398.)
Question
0 out of 1 points
28
You are the network administrator for an automotive manufacturer. The company
has a central parts reference database that is hosted on a dedicated Windows
Server 2003 system. The database is updated only once every six months because
it contains parts information for past models and is used by the dealership support
team only for reference purposes. The server currently has three 4-GB SCSI drives
in it, but your manager has asked you to reconfigure the server and add two
additional drives. He wants to create fault tolerance for the system and boot volume
and reconfigure the drives hosting the database application for optimal read
performance. Given the static nature of the database, he is not concerned with
providing fault tolerance for it. Which of the following strategies do you implement?
Answer:
Correct RAID-1 for the system/boot volume, RAID-0 for the
Answer: database drives
Feedback: In this scenario, the best way to provide fault tolerance for the system
and boot volume is to create a mirror. To provide the highest levels of
read performance when no fault tolerance is required, you would use
RAID-0. All of the other answers are incorrect. (Discussion starts on
page 401.)
Question
0 out of 1 points
29
You are the network administrator for a household goods wholesaler. The network
comprised of a single server with four hard disks in it. All four disks are basic and
were formatted with FAT. After a recent hard disk failure, your manager has asked
you to suggest a fault-tolerant strategy for your server. He wants to ensure that the
server can endure the failure of any one of the four disks without the server failing,
requiring a restart, or the users noticing that the drive is unavailable. Which of the
following is the easiest way to do this?
Answer:
Correct Answer: Implement hardware-based
RAID.
Feedback: When you use hardware RAID, you can include all of the drives in the
system in a single RAID array. You can also include the system and
boot volume. In a RAID-5 array, if one of the drives becomes
unavailable, users generally do not notice because missing data is
calculated on the fly using the parity. (Discussion starts on page
401.)
Question
0 out of 1 points
30
You are the network administrator for a publishing company. The network
comprised of two Windows Server 2003 systems and 62 Windows XP Professional
systems. Each server has two 40-GB SCSI disk drives, which are configured in
Windows Server 2003 as dynamic disks. On each drive is a 30-GB volume; the rest
of the space on the drive is unallocated. On one server, the first drive, which holds
the system and boot volume, is formatted with the NTFS file system, and disk
quotas have been implemented. Even so, you are running low on free space in the
volume and have decided to extend it. Which of the following will prevent you from
doing this?
Answer:
Correct Answer: The volume is the system and boot volume.
Feedback: To extend a volume, you must be using dynamic disks with NTFS.
However, you cannot extend a system or boot volume. Whether disk
quotas are enabled on a volume has no bearing on whether it can be
extended. (Discussion starts on page 406.)
Question
0 out of 1 points
31
You are the network administrator for a public relations agency. The network
comprised of a single Windows Server 2003 system with two disks. Each disk has a
single partition on it. The first disk drive in the system is configured as the system
and boot volume. The second disk drive is used for file storage and application
hosting.
Over the past few weeks, a number of users have commented that retrieving and
saving files to the server seems to be getting slower. You check the status of the
disk drive in Disk Management and find that it is online and healthy. You also notice
that the Overhead value is 6 percent. You run Check Disk, but no errors are
reported. Which of the following do you do next?
Answer:
Correct Answer: Defragment the disk drive.
Feedback: If users are experiencing performance issues retrieving files from a
server but there are no apparent problems with the disk drive,
defragmenting the disk drive is a logical next step. Removing data
from the disk drive or implementing disk quotas is unlikely to help.
You would not reinitialize a disk drive that is installed in the server
and functioning correctly. (Discussion starts on page 408.)
Question
0 out of 1 points
32
You are the network administrator for a bicycle manufacturer. You have a single
Windows Server 2003 system with two 16-GB disk drives in it. Each drive has a
single partition on it that uses 100 percent of the available space. However, there is
less than 20 percent free space available on each drive. Your manager suggests
that you purchase an additional 16-GB drive and then mirror the drive that holds the
system and boot volume to the new drive. That way, the additional expense will not
only gain you extra space but will also add a degree of fault tolerance to the storage
subsystem on the server. What would you tell your manager?
Answer:
Correct The strategy will provide fault tolerance but no additional
Answer: disk space.
Feedback: When you add a new drive to create a mirror set, an amount of disk
space equal to the size of the partition that is being mirrored will be
lost to the storage of the mirrored data. In this example, because the
partition on each drive uses 100 percent of the available space on
the 16-GB drive, using a new 16-GB drive would cause the entire
available space on the new drive to be assigned to the mirrored
volume. The answer "The strategy seems appropriate and valid" is
incorrect. There are issues with this strategy. The answer "The
system and boot partition cannot be included in a mirror set" is
incorrect. System and boot partitions can be included in a mirror set.
The answer "The strategy can be implemented, but it will create only
3.2 GB of additional free space" is incorrect. Volumes are mirrored
on a like-for-like basis. If a 16-GB volume is mirrored, it will use 16
GB on the mirrored drive. Even though there might still be free space
within the volume, this space will not be available as additional
storage space. (Discussion starts on page 398.)
Question
0 out of 1 points
33
Which of the following RAID levels is not supported by Windows Server 2003?

Answer:
Correct Answer: RAID-3
Feedback: Windows Server 2003 supports RAID-0 (disk striping), RAID-1 (disk
mirroring), and RAID-5 (disk striping with parity). It does not support
RAID-3 (disk striping with single-disk parity). (Discussion starts on
page 401.)
Question
0 out of 1 points
34
When you create a dynamic volume, which of the following volume types does not
require you to use the same amount of space on each disk that will be included in
the volume?
Answer:
Correct Answer: Spanned
Feedback: You can create spanned volumes using any amount of space from
each drive that will be included in the volume. Mirrored, striped, and
RAID-5 volumes require that the drives use the identical amount of
space. (Discussion starts on page 398.)

290

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

290

Caricato da

Copyright:

Formati disponibili

Question 1 0 out of 1 points

Question 1 1 out of 1 points

Question 1 1 out of 1 points

Question 1 1 out of 1 points

Question 1 1 out of 1 points

Selected Logon time

Selected Any account that has exceeded the account lockout

Question 1 1 out of 1 points

Selected In the General properties tab of the group in Active Directory

Selected Universal groups can be granted access permissions only for

Selected Only when the global group is not a member of another

Selected It allows you to specify a different default location for new

Question 1 0 out of 1 points

Selected List Folder/Read

Selected Everyone special identity, Full Control permission

Question 1 1 out of 1 points

Selected Printers And Faxes folder

Selected Event Viewer, System log

Selected The Device Settings tab of the printer's

Review Assessment: Test12

Selected [None Given]

Selected [None Given]

Selected [None Given]

Selected [None Given]

Selected [None Given]

Selected [None Given]

Potrebbero piacerti anche