Study Guides and Actual Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA


Advertise

Submit Braindumps

Forum

Tell A Friend

    Contact Us

 Home

 Search

Latest Brain Dumps

 BrainDump List

 Certifications Dumps

 Microsoft

 CompTIA

 Oracle

  Cisco
  CIW
  Novell
  Linux
  Sun
  Certs Notes
  How-Tos & Practices 
  Free Online Demos
  Free Online Quizzes
  Free Study Guides
  Free Online Sims
  Material Submission
  Test Vouchers
  Users Submissions
  Site Links
  Submit Site

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Online Training Demos and Learning Tutorials for Windows XP, 2000, 2003.

 

 

 

 





Braindumps for "70-293" Exam

Microsoft Windows Server 2003 Network Infrastructure

 Question 1.
You work as a network administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. There are currently 120 Web servers running Windows 2000 Server and are contained in an Organizational Unit (OU) named ABC_WebServers ABC.com management took a decision to uABCrade all Web servers to Windows Server 2003. You disable all services on the Web servers that are not required. After running the IIS Lockdown Wizard on a recently deployed web server, you discover that services such as NNTP that are not required are still enabled on the Web server. 

How can you ensure that the services that are not required are forever disabled on the Web servers without affecting the other servers on the network? Choose two.

A. Set up a GPO that will change the startup type for the services to Automatic.
B. By linking the GPO to the ABC_WebServers OU.
C. Set up a GPO with the Hisecws.inf security template imported into the GPO.
D. By linking the GPO to the domain.
E. Set up a GPO in order to set the startup type of the redundant services to Disabled.
F. By linking the GPO to the Domain Controllers OU.
G. Set up a GPO in order to apply a startup script to stop the redundant services.

Answer: B, E

Explanation: 
Windows Server 2003 installs a great many services with the operating system, and configures a number of with the Automatic startup type, so that these services load automatically when the system starts. Many of these services are not needed in a typical member server configuration, and it is a good idea to disable the ones that the computer does not need. Services are programs that run continuously in the background, waiting for another application to call on them. Instead of controlling the services manually, using the Services console, you can configure service parameters as part of a GPO. Applying the GPO to a container object causes the services on all the computers in that container to be reconfigured. To configure service parameters in the Group Policy Object Editor console, you browse to the Computer Configuration\Windows Settings\Security Settings\System Services container and select the policies corresponding to the services you want to control.

Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 13:1-6

Question 2.
You are working as the administrator at ABC.com. ABC.com has headquarters in London and branch offices in Berlin, Minsk, and Athens. The Berlin, Minsk and Athens branch offices each have a Windows Server 2003 domain controller named ABC-DC01, ABC-DC02 and ABC-DC03 respectively. All client computers on the ABC.com network run Windows XP Professional. One morning users at the Minsk branch office complain that they are experiencing intermittent problems authenticating to the domain. You believe that a specific client computer is the cause of this issue and so need to discover the IP address client computer.

How would you capture authentication event details on ABC-DC02 in the Minsk branch office?

A. By monitoring the logon events using the SysMon utility.
B. By recording the connections to the NETLOGON share using the SysMon utility.
C. By recording the authentication events with the NetMon utility.
D. By monitoring the authentication events using the Performance and Reliability Monitor.

Answer: C

Explanation: 
The question states that you need to find out the IP address of the client computer that is the source of the problem. Using Network Monitor to capture traffic is the only way to do this.

Reference:
http://support.microsoft.com/default.aspx?scid=kb;en-us;175062
Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr.
Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructure:
Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 11, p. 826

Question 3.
You are working as the administrator at ABC.com. Part of you job description includes the deployment of applications on the ABC.com network. To this end you operate by testing new application deployment in a test environment prior to deployment on the production network. The new application that should be tested requires 2 processors and 3 GB of RAM to run successfully. Further requirements of this application also include shared folders and installation of software on client computers. You install the application on a Windows Server 2003 Web Edition computer and install the application on 30 test client computers. During routine monitoring you discover that only a small amount of client computers are able to connect and run the application. You decide to turn off the computers that are able to make a connection and discover that the computers that failed to open the application can now run the application.

How would you ensure that all client computers can connect to the server and run the application?

A. By running a second instance of the application on the server.
B. By increasing the Request Queue Limit on the Default Application Pool.
C. By modifying the test server operating system to Window Server 2003 Standard Edition.
D. By increasing the amount of RAM in the server to 4GB.

Answer: C

Explanation: 
Although Windows Server 2003 Web Edition supports up to 2GB of RAM, it reserves 1GB of it for the operating system; only 1GB of RAM is available for the application. Therefore, we need to install Window Server 2003 Standard Edition or Enterprise Edition to support enough RAM.

Question 4.
You are an Enterprise administrator for ABC.com. All servers on the corporate network run Windows Server 2003 and all client computers run Windows XP. The network contains a server named ABC-SR01 that has Routing and Remote Access service and a modem installed which connects to an external phone line. A partner company uses a dial-up connection to connect to ABC-SR01 to upload product and inventory information. This connection happens between the hours of 1:00am and 2:00am every morning and uses a domain user account to log on to ABC-SR01. You have been asked by the security officer to secure the connection.

How can you ensure that the dial-up connection is initiated only from the partner company and that access is restricted to just ABC-SR01? Choose three.

A. Set up the log on hours restriction for the domain user account to restrict the log on to between the hours of 1:00am and 2:00am.
B. Set up a local user account on ABC-SR01. Have the dial-up connection configured to log on  with this account.
C. Set up the remote access policy on ABC-SR01 to allow the connection for the specified user account between the hours of 1:00am and 2:00am.
D. Set up the remote access policy with the Verify Caller ID option to only allow calling from the phone number of the partner company modem.
E. Set up the remote access policy to allow access to the domain user account only.

Answer: B, C, D

Explanation: 
To allow only the minimum amount of access to the network, ensure that only the partner's application can connect to your network over the dial-up connection, you need to first create a local account named on ABC-SR01. You need to then add this account to the local Users group and direct the partner company to use this account for remote access. You can use a local account to provide remote access to users. The user account for a standalone server or server running Active Directory contains a set of dial-in properties that are used when allowing or denying a connection attempt made by a user. You can use the Remote Access Permission (Dial-in or VPN) property to set remote access permission to be explicitly allowed, denied, or determined through remote access policies. Next, you need to configure a remote access policy on ABC-SR01 to allow the connection for only the specified user account between 1 AM and 2 AM. In all cases, remote access policies are used to authorize the connection attempt. If access is explicitly allowed, remote access policy conditions, user account properties, or profile properties can still deny the connection attempt. You need to then configure the policy to allow only the specific calling station identifier of the partner company's computer. When the Verify Caller ID property is enabled, the server verifies the caller's phone number. If the caller's phone number does not match the configured phone number, the connection attempt is denied.

Reference: 
Dial-in properties of a user account http://technet.microsoft.com/en-us/library/cc738142.aspx

Question 5.
You are an Enterprise administrator for ABC.com. The company consists of an Active Directory domain called ad.ABC.com. All servers on the corporate network run Windows Server 2003. At present there is no provision was made for Internet connectivity. A server named ABC2 has the DNS server service role installed. The DNS zones on ABC2 are shown below:
 

The corporate network also contains a UNIX-based DNS A server named ABC-SR25 hosts a separate DNS zone on a separate network called ABC.com. ABC-SR25 provides DNS services to the UNIX-based computers and is configured to run the latest version of BIND and the ABC.com contains publicly accessible Web and mail servers.
 
The company has a security policy set, according to which, the resources located on the internal network and the internal network's DNS namespace should never be exposed to the Internet. Besides this, according to the current network design, ABC-SR25 must attempt to resolve any name resolution requests before sending them to name servers on the Internet. The company plans to allow users of the internal network to access Internet-based resources. To implement the security policy of the company, you decided to send all name resolution requests for Internet-based resources from internal network computers through ABC2. You thus need to devise a name resolution strategy for Internet access as well as configuring ABC2 so that it will comply with the set criteria and restrictions.

Which two of the following options should you perform?

A. Have the Cache.dns file copied from ABC2 to ABC-SR25.
B. Have the root zone removed from ABC2.
C. ABC2 should be set up to forward requests to ABC-SR25.
D. Install Services for Unix on ABC2.
E. The root zone should be configured on ABC-SR25.
F. Disable recursion on ABC-SR25.

Answer: B, C

Explanation: 
To plan a name resolution strategy for Internet access and configure ABC2 so that it sends all name resolution requests for Internet-based resources from internal network computers through ABC2, you need to delete the root zone from ABC2. Configure ABC2 to forward requests to ABC-SR25 A DNS server running Windows Server 2003 follows specific steps in its name-resolution process. A DNS server first queries its cache, it checks its zone records, it sends requests to forwarders, and then it tries resolution by using root servers. The root zone indicates to your DNS server that it is a root Internet server. Therefore, your DNS server does not use forwarders or root hints in the name-resolution process. Deleting the root zone from ABC2 will allow you to first send requests to ABC2 and then forward requests to ABCSR25 by configuring forward lookup zone. If the root zone is configured, you will not be able to use the DNS server to resolve queries for hosts in zones for which the server is not authoritative and will not be able to use this DNS Server to resolve queries on the Internet. 

Reference: 
How to configure DNS for Internet access in Windows Server 2003 
http://support.microsoft.com/kb/323380
Reference: DNS Root Hints in Windows 2003
http://www.computerperformance.co.uk/w2k3/services/DNS_root_hints.htm

Question 6.
You are working as the administrator at ABC.com. The network consists of a single Active Directory domain named ABC.com with the domain functional level set at Windows Server 2003. All network servers run Windows Server 2003 and all client computers run Windows XP Professional. The ABC.com domain is divided into organizational units (OU). All the resource servers are contained in an OU named ABC_SERVERS and the workstations are contained in an OU named ABC_CLIENTS. All resource servers operate at near capacity during business hours. All workstations have low resource usage during business hours. You received instructions to configure baseline security templates for the resource servers and the workstations. To this end you configured two baseline security templates named ABC_SERVERS.inf and ABC_CLIENTS.inf respectively. The ABC_SERVERS.inf template contains many configuration settings. Applying the ABC_SERVERS.inf template would have a performance impact on the servers. The ABC_CLIENTS.inf contains just a few settings so applying this template would not adversely affect the performance of the workstations. 

How would you apply the security templates so that the settings will be periodically enforced whilst ensuring that the solution reduces the impact on the resource servers? Choose three.

A. By setting up a GPO named SERVER-GPO and link it to the ABC_SERVERS OU.
B. By having the ABC_SERVERS.inf template imported into SERVER-GPO.
C. By having the ABC_SERVERS.inf and the ABC_CLIENTS.inf templates imported into the  Default Domain Policy GPO.
D. By scheduling SECEDIT on each resource server to regularly apply the ABC_SERVERS.inf  settings during off-peak hours.
E. By having a GPO named CLIENT-GPO created and linked to the ABC_CLIENTS OU.
F. By having the ABC_CLIENTS.inf template imported into CLIENT-GPO.
G. By having SERVER-GPO and CLIENT-GPO linked to the domain.

Answer: D, E, F

Explanation: 
The question states that you need to apply the baseline security templates so that the settings will be periodically enforced. To accomplish this you must create a scheduled task so that the performance impact on resource servers is minimized. Furthermore, the question also states that ABC_CLIENTS.inf is a baseline security template for client computers. Therefore, the GPO has to be linked to the OU that contains the client computers, and the ABC_CLIENTS.inf template must be imported to the said GPO so that it can be applied. Secedit.exe is a command line tool that performs the same functions as the Security Configuration And Analysis snap-in, and can also apply specific parts of templates to the computer. You can use Secedit.exe in scripts and batch files to automate security template deployments. You can create a baseline security configuration in a GPO directly, or import a security template into a GPO. Link the baseline security GPO to OUs in which member servers’ computer objects exist.

Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapter 10 Dan Holme, and Orin Thomas, MCSA/MCSE Self-Paced Training Kit: UABCrading Your Certification to Microsoft Windows Server 2003: Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Microsoft Press, Redmond, Washington, Chapter 9

Question 7.
You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a two-node Network Load Balancing cluster, which is located in a data centre that is physically impenetrable to unauthorized persons. The cluster servers run Windows Server 2003 Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet. 

What can you do to mitigate the cluster’s most obvious security vulnerability?

A. Configure the cluster to require IPSec.
B. Configure the network cards to use packet filtering on all inbound traffic to the cluster.
C. Use EFS on the server hard disks.
D. Configure intrusion detection the servers on the DMZ.
E. Configure Mac addressing on the servers in the DMZ.

Answer: B

Explanation: 
The most sensitive element in this case is the network card that uses an Internetaddressable virtual IP address. The question doesn’t mention a firewall implementation or an intrusion detection system (Usually Hardware). Therefore, we should set up packet filtering. You can configure packet filtering to accept or deny specific types of packets. Packet headers are examined for source and destination addresses, TCP and UDP port numbers, and other information.

Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 7:

Question 8.
You are working for a administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All the servers on the network run Windows Server 2003 servers. You have configured four servers in a network load balancing cluster. You need to enable the cluster in unicast mode although each server only has one network card. After your configuration, the NLB cluster has successfully converged. You discover that you can optimize the use of the cluster by moving a specific application to each node of the cluster. However for this application to execute, all the nodes of the cluster must be configured by a Network Load Balancing Port Rule. When you open Network Load Balancing Manager on one of the NLB nodes, you receive a message saying that Network Load Balancing Manager is unable to see the other nodes in the cluster.

How can you add a port rule to the cluster nodes?

A. By opening Network Load Balancing Manager on a different host.
B. By creating an additional virtual IP address on the cluster.
C. By modifying the Network Connection Properties on every host.
D. By removing each host from the cluster before creating the port rule.

Answer: C

Explanation: 
You can configure many Network Load Balancing options through either Network Load Balancing Manager or the Network Load Balancing Properties dialog box accessed through Network Connections. However, Network Load Balancing Manager is the preferred method. Using both Network Load Balancing Manager and Network Connections together to change Network Load Balancing properties can lead to unpredictable results. 

Reference: 
Network Load Balancing Best practices / Use Network Load Balancing Manager.
http://technet.microsoft.com/en-us/library/cc740265.aspx

Question 9.
You are working as an administrator for ABC.com. The network consists of a single Active Directory domain named ABC.com. All server run Windows Server 2003 and all client computer run Windows XP Professional. The ABC.com departments are organized into organizational units (OUs). The Administration OU is named ABC_ADMIN, and the Sales OU is named ABC_SALES. All file servers for all departments are located in their respective OUs. The ABC_SALES OU is a child OU of the ABC_ADMIN OU. A new ABC.com written security policy states that servers in the ABC_ADMIN OU should be highly secure. All communications with ABC-ADMIN servers should be encrypted. The security policy also states that auditing should be enabled for file and folder deletion on Sales servers. Communications with the Sales servers should not be encrypted. 

How should you configure Group Policy for the ABC_Admin and ABC_Sales OU? Choose three.

A. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_ADMIN  OU.
B. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this GPO to the ABC_SALES OU.
C. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_Sales  OU.
D. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this  GPO to the ABC_ADMIN OU.
E. Block group policy inheritance on the ABC_ADMIN OU.
F. Block group policy inheritance on the ABC_SALES OU.

Answer: A, B, F

Explanation: 
The Hisecws.inf security template increases security on a server. One of the security settings is to require secure encrypted communications. A GPO with this template needs to be applied to the ABC_ADMIN OU. We don’t want those settings applying to the ABC_SALES OU though so we need to block inheritance on the ABC_SALES OU. We need to apply a GPO to the ABC_SALES OU to apply the auditing settings.
Audit Object Access
A user accesses an operating system element such as a file, folder, or registry key. To audit elements like these, you must enable this policy and you must enable auditing on the resource that you want to monitor. For example, to audit user accesses of a particular file or folder, you display its Properties dialog box with the Security tab active, navigate to the Auditing tab in the Advanced Security Settings dialog box for that file or folder, and then add the users or groups whose access to that file or folder you want to audit.

Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapters 9 and 10

Question 10.
You are working as an administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com which contains Windows Server 2003 servers Windows XP Professional client computers. You want to improve network security and need to pinpoint all computers that have the known vulnerabilities. 

What should you do to automate the process of collecting information on existing vulnerabilities for each computer, on a nightly basis?

A. By scheduling secedit to compare the security settings with a baseline and run on a nightly basis.
B. By installing Anti-Virus software on the computers and configuring the software to update on a  nightly basis.
C. By configuring a scheduled task to run the mbsacli utility on a nightly basis.
D. By having Microsoft Baseline Security Analyzer (MBSA) installed on a server on the network.
E. By configuring Automatic Updates to use a local SUS server and run on a nightly basis.
F. You configuring Automatic Updates to run on a nightly basis and use the Microsoft Updates  servers.

Answer: C

Explanation: 
We can schedule the mbsacli.exe command to periodically scan for security vulnerabilities.
Reference:
Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 11, p. 830


Google
 
Web www.certsbraindumps.com


Study Guides and Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA





              Privacy Policy                   Disclaimer                    Feedback                    Term & Conditions

www.helpline4IT.com

ITCertKeys.com

Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.