|
Question 1. You are the administrator of a Windows 2000 domain. The domain has an organizational unit named Help Desk. A Group Policy Object (GPO) named disable Regedit is assigned to help desktop OU. The only policy defined in the disabled Regedit GPO is the policy setting that disables the use of registry editing tools. For performance reasons, your company wants to minimize the number of GPOs that are processed as logon. The company also decides that the restriction on the use of the registry editing tools must no longer apply to the users in the help desk OU. What should you do to accomplish these goals? A. Remove the disable Regedit Group Policy Object from the help desk OU. B. Assign a new Group Policy Object to the help desk OU that enables the use of registry editing tools. C. On the computers used by user in help desk OU, edit the registry to allow the use of registry editing tools. D. On the computers used by user in help desk OU, configure the local Group Policy Object to allow the use of registry editing tools. E. On the computers used by user in help desk OU, delete the Registry.pol file from the systemroot/system32/GroupPolicy folder. Answer: A Explanation: When a Group Policy Object is no longer required it can simply be removed. This will improve the logon process, as the GPO will no longer have to be processed when a user logs on to the network. Incorrect Answers: B: Adding a GPO, which would change the settings in the existing GPO, is unnecessary as we can simply remove the existing GPO. Furthermore, the order in which these two GPOs are processed would be crucial as to which GPO settings are set. Should the disable Regedit Group Policy Object be processed after the new GPO, the setting prescribed by the disable Regedit Group Policy Object would be in effect. C: In this scenario it would not be possible to use the registry tools, as the disable Regedit Group Policy Object has disabled the Regedit utility. D: Configuring the local Group Policy Object to allow the use of registry editing tools would not solve the problem in this scenario as the disable Regedit Group Policy Object would override the local configuration. E: The Administrative Templates extension of Group Policy saves information in Registry.pol files. These files cannot be used to remove the restrictions put in place by the disable Regedit Group Policy Object. Question 2. You are the administrator for Coho Vineyard. You are using RIS to deploy Windows 2000 on your network. You want to direct your client computers to specific RIS servers for deployment. You cannot find the GUIDs on several of the client computers. You need the GUIDs to finish your deployment process. What should you do? A. Use Network Monitor to capture the DHCPDiscover frames from the client computers. Search the data fields for the GUIDs in the hexadecimal format. B. Use Network Monitor to capture the DNS frames from the client computers. Search the data fields from the GUIDs in hexadecimal format. C. Use Network Monitor to capture the DHCPRequest frames from the client computers. Search the data fields for the GUIDs in the hexadecimal format. D. Use network monitor to capture the DHCPOffer frames from the client computers. Search the data fields for the GUIDs in hexadecimal format. Answer: A Explanation: When a client requires an IP address, it broadcasts a DHCPDISCOVER packet, which includes the Global Unique Identifier (GUID), to find a DHCP server. The DHCP server then responds by sending a DHCPOFFER packet to which the client Answers: with a DHCPREQUEST packet. Finally the DHCP server acknowledges the lease with DHCPACK packet. Question 3. You are the administrator of a Windows 2000 Domain. You want to deploy a new application named finance that will be used all users in the domain. The vendors of the finance application supplied a Microsoft Windows installer package for the application. You decide to deploy the finance application in two phases. During phase 1, only members of a security group named finance pilot will use the finance application. During phase 2, all users in the domain will be able to install the finance application. You want to accomplish the following goals: During phase 1, the finance application will not be installed automatically when users logon. During phase 1, users who are members of finance group will be able to install the finance application by using a start menu short cut. During phase 1, users who are not members of the finance pilot group will not be able to install the finance application by using a start menu short cut. The finance application will be installed automatically the first time any user in the domain logs on after phase 2 has begun. You take the following actions: Create a new Group Policy Object named finance App and link the finance AppGPO to the domain. Configure the finance AppGPO to publish the finance application to users. For phase 1, configure the finance AppGPO permissions. Remove the apply group policy permission for the authenticated users group. Grant the apply group policy permission for the finance pilot group. For phase 2, configure the finance AppGPO permissions. Grant the apply group policy permissions for authenticated users group. Remove the apply group policy permissions for the finance pilot group. Which result or results do these actions produce? (Choose all that apply) A. During phase 1, the finance application will not be installed automatically when users logon. B. During phase 1, users who are members of finance pilot group can install the finance application by using a start menu short cut. C. During phase 1, users who are not members of the finance pilot group cannot install the finance application by using a start menu short cut. D. The finance application will be installed automatically the first time any user in the domain logons after phase 2 has begun. Answer: A & C Explanation: In Windows 2000 we can manage the installation of software on a client computer centrally by assigning applications to users or computers or by publishing applications for users. When we assign an application to a user, the application is advertised to the user the next time the user logs on to the network regardless of which computer the user actually uses to log on. The application is installed the first time the user activates the application on the computer, either by selecting the short cut to application on the start menu or by activating a document associated with the application. When we assign an application to a computer, the application is advertised and is installed when there are no other applications running on the computer. This usually occurs when the computer next starts up. When we publish an application to a user, the application does not appear installed on the users' computers and no shortcut to it is visible on the desktop or the start menu. Instead, the application is available for the user to install using Add/Remove Programs in Control Panel or by clicking a file associated with the application. We cannot publish an application to a computer. In this scenario the application was published via a GPO that was assigned to the finance group users therefore it will not install when users log in. Question 4. You are the administrator of a Windows 2000 network. Recently, your network security was compromised and confidential data was lost. You are now implementing a stricter network security policy. You want to require encrypted TCP/IP communication on your network. What should you do? A. Create a Group Policy object (GPO) for the domain, and configure it to assign the Secure Server IPSec Policy. B. Create a Group Policy object (GPO) for the domain, and configure it to assign the Server IPSec Policy and to enable Secure channel: Require strong session key. C. Implement TCP/IP packet filtering, and open only the ports required for your network services. D. Edit the local security polices on the servers and client computers, and enable Digitally sign client and server communication. Answer: A Explanation: IPSec is an industry standard for encrypting TCP/IP traffic. By assigning the Secure Server IPSec Policy we can ensure that the computers on the network will only accept encrypted TCP/IP traffic. Incorrect Answers: B: Windows 2000 does not support a Server IPSec Policy. It only supports a Secure Server IPSec Policy. C: Implementing TCP/IP packet filtering and opening only the required ports would not encrypt the network traffic. In this scenario encryption is a requirement. D: Editing the local security policies on the servers and client computers, and enabling Digitally sign client and server communications is a huge administrative task. It is therefore not a recommended solution. Question 5. You are the administrator of a Windows 2000 network for Lucerne Real Estate. The network has 1,200 users. You are delegating part of the administration of the domain to three users. You delegate the authority to create and delete computer accounts to Carlos. You delegate the authority to change user account information to Julia. You delegate the ability to add client computers to the domain to Peter. You want to track the changes made to the directory by these three users. What should you do? A. Create a Group Policy object (GPO) for the Domain Controllers. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit directory services access and account management. B. Create a Group Policy object (GPO) for the domain. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit directory services access and audit object access. C. Create a Group Policy object (GPO) for the Domain Controllers. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit directory services access and audit object access. D. Create a Group Policy object (GPO) for the domain. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit object access and process tracking. Answer: A Explanation: To track the changes made to the directory by these three users we must audit directory services access for computer accounts and account management for user accounts. Incorrect Answers: B: Object access refers to the access to network recourses such as files and printers. Thus, auditing object access we could discover who is accessing which network resources. We must however track changes made to the directory. We should therefore audit account management and directory services access, not directory services access and audit object access. C: Object access refers to the access to network recourses such as files and printers. Thus, auditing object access we could discover who is accessing which network resources. We must however track changes made to the directory. We should therefore audit directory services access and account management, not directory services access and audit object access. D: Object access refers to the access to network recourses such as files and printers. Thus, auditing object access we could discover who is accessing which network resources. We must however track changes made to the directory. We should therefore audit account management and directory services access, not object access and process tracking. Question 6. You are the administrator of your companys network. The network consists of one Windows 2000 domain that has organizational units (OUs) as shown in the exhibit. (Click the Exhibit button.) All domain controllers in the domain are in OU1. Resources for two separate office buildings are in OU2 and OU3. Nonadministrative users, groups, and computers are in OU4 and OU5. Administrative users, computers, and resources are in OU6. You are designing a domain-wide security policy. You want to accomplish the following goals: The same password and account lockout polices will be applied to all users. Different security settings will be applied to administrative and nonadministrative computers. Strict audit polices will be enforced for only domain controllers and servers. The number of Group Policy object (GPO) links will be minimized. You take the following actions: Create a single GPO. Create one security template that has all required settings. Import the security template into the GPO. Link the GPO to the domain. Which result or results do these actions produce? (Choose all that apply.) A. The same password and account lockout polices are applied to all users. B. Different security settings are applied to administrative and nonadministrative computers. C. Strict audit polices are enforced for only domain controllers and servers. D. The number of GPO links is minimized. Answer: A & D Explanation: As the GPO was applied to the domain, all users will be affected by it. The minimum number of GPO links is one. We cannot have less than one GPO. As we have only one GPO, the number of GPO links is minimised. Incorrect Answers: B: As the GPO was applied to the domain, all users will be affected by it and thus all users will receive the same security settings. C: As the GPO was applied to the domain, all users will be affected by it and thus all users will receive the same audit policies. Question 7. You are the administrator of a newly installed Windows 2000 network for a call centre. You need to rename the Administrator account on all computers on your network. You do not want to manually edit each account. Because of a recent security breach, you must implement this policy immediately. What should you do? (Choose all that apply.) A. Use Group Policy to rename the Administrator account at the Default Domain Group policy. B. Use Group Policy to implement a user logon script. C. Send a network message to all users to restart their computers. D. Use Group Policy to force all users to log off within 30 minutes. Answer: A & C Explanation: We can automatically rename the Administrator account on all computers on our network by using group policy at the Default Domain Group policy. We would then have to restart all the computers in the network so that the new policy can be applied. Incorrect Answers: B: It is not necessary to implement a user logon script as the passwords can be changed by using a GPO. D: It is not possible to create a Group Policy that forces users to log off within 30 minutes. Furthermore, requiring users to log off within 30 minutes would not ensure that the policy is applied immediately. Question 8. Your company's network consists of two Windows 2000 domains, contoso.com and sales.contoso.com. You are a member of the Domain Admin group in sales.contoso.com. The sales.contoso.com domain contains an Organizational Unit (OU) named Travelling. Users in the Travelling OU use portable computers to connect to the network while at home, in hotels, and in the office. You use Internet Explorer maintenance in Group Policy to apply Favourites settings for members of the Travelling OU. Users in the Travelling OU report problems with their Favourites settings when connecting to the company network. When users connect by Means of dial-up connections, Favorites settings are not updated. When users connect by Means of broadband connections from home, Favorites settings are not always updated. When users connect from the office, Favorites settings are always updated. You need to ensure that Favorites settings are always applied when users log on to the network. How can you configure the Travelling OU? (Each correct Answer: presents a complete solution. Choose two) A. Enable the Internet Explorer Maintenance policy processing policy to allow processing across a slow network connection. B. Enable the Enable Active Desktop policy. C. Enable the Group Policy slow link detection policy to change the definition of a slow connection. D. Set the Group Policy refresh interval for computers policy to 0 minutes. E. Set the Group Policy refresh interval for users policy to 0 minutes. F. Enable the Apply Group Policy for computers asynchronously during startup policy for the computer policies. G. Enable the Slow network connection timeout for user profiles policy. Answer: A & C Explanation: In this scenario we are required to apply a GPO to the portable computers of the users in the travelling OU. This GPO should be applied whenever the users connect to the network. In this scenario the policy is correctly applied when the travelling users connect from the office. However, when they connect over the broadband WAN connection the GPO is not applied at times, and is never applied when they dial into the network. By enabling the Internet Explorer Maintenance policy processing policy, and then to set it to allow processing across a slow network connection, the GPO would be allowed to be Transferred over the slow dial-in connection. In addition, by enabling the Group Policy slow link detection policy, and then change the definition of a slow connection, the Domain Controller could get proper setting so that it can decide that all broadband connections should be considered to be as slow connections. The default setting is 500kbps. This should be lowered. Incorrect Answers: B: Active Desktop settings are used to configure the Desktop, not configure slow WAN connections. D: By setting the Group Policy refresh interval for computers policy to 0 minutes, the computer tries to update the Group Policy every 7 seconds. This would require a lot of bandwidth and is not a good solution. E: By setting the Group Policy refresh interval for users policy to 0 minutes, the computer tries to update the Group Policy every 7 seconds. This would require a lot of bandwidth and is not a good solution F: On Windows 2000 clients, Group Policies are handled synchronously by default. All Group polices have to be applied before the logon process ends. By enabling Apply Group Policy for computers asynchronously during startup the users might access the desktop before all the group polices have been applied. This makes the logon process faster. It would not help to solve the problems with the WAN links. G: Enabling and setting the Slow network connection timeout for user profiles policy would result in a failure of the users to logon to the network once the timeout setting has expired. Users would then have to attempt to logon to the domain again. Question 9. You are the enterprise administrator of a Windows 2000 network. The network has three domains named contoso.com, west.contoso.com, and east.contoso.com. All three domains are in a site named Boston. All three domains contain OUs. You want to implement new desktop policies for all users on the network. The policies are configured in a Group Policy Object named GPdesktop. You also want to implement a logon script for users from the W2 OU. The logon script policy is configured in a GPO named GPscript. The users from the W2 OU always log on to Windows 2000 Professional computers defined in the W3 OU. You do not want to use Group Policy filtering. What should you do? To Answer Click the Select and Place button, and then drag the Gpdesktop and GPscript GPOs to the correct locations. Answer: Select & Drag The GPdesktop To Boston site. Drag GPscript To The W2 OU. Explanation: In this scenario we have a large site, which includes sites. Therefore two different Group Policy Objects must be applied to this site. The GPdesktop Group Policy The GPdesktop group policy must be implemented for all users on the network. By applying it to the site level it would be applied to the domain hierarchy including all OUs. This is the best solution with least administrative effort. The GPO could also be applied to all domains of the site. This would require more administrative effort and it is not the best solution. The GPscript Group Policy The GPscript group policy, which includes logon scripts, should be applied to users of the OU named W2. All users of the W2 OU always use computers in the W3 OU. It seems that there is a choice between the OU W2 and the OU W3. By linking the GPscript to the W2 OU only users in the W2 OU would be affected. By linking the GPscript to the W3 OU all users using computers in W3 OU would be affected. Applying the GPscript to the W2 OU is more restrictive and is therefore the preferred solution. Question 10. You are the administrator of a Windows 2000 domain. The domain has an OU named Help Desk. All users in the help desk OU use an application named PhoneID. The PhoneID application is deployed by using a Group Policy Object named Phone App on the Help Desk OU. The Phone App GPO is configured to publish the PhoneID application to users by using a Microsoft Windows installer package for the application. Currently, only the users in the Help Desk OU can start the PhoneID application. You want all users in the domain to be able to install the PhoneID application by using the Start menu shortcut. What should you do? A. Remove the Phone App GPO link to the Help Desk OU. Assign the Phone App GPO to the domain. Change the configuration of the Phone App GPO to assign the PhoneID application to users. B. Create a new GPO named Phone For All. Assign the Phone App GPO to the domain. Configure the Phone For All GPO to assign the PhoneID application to computers. C. Configure the Phone App GPO to assign the PhoneID application to users. Configure the permissions on the Phone App GPO to assign Apply Group Policy permission to the Authenticated Users group. D. Configure the Phone App GPO to assign the PhoneID application to computers. Configure the PhoneID Windows Installer package to upgrade the installed PhoneID application. Set the Windows Installer policy to disable rollback. Answer: A Explanation: In Windows 2000 we can manage the installation of software on a client computer centrally by assigning applications to users or computers or by publishing applications for users. When we assign an application to a user, the application is advertised to the user the next time the user logs on to the network regardless of which computer the user actually uses to log on. The application is installed the first time the user activates the application on the computer, either by selecting the short cut to application on the start menu or by activating a document associated with the application. When we assign an application to a computer, the application is advertised and is installed when there are no other applications running on the computer. This usually occurs when the computer next starts up. When we publish an application to a user, the application does not appear installed on the users' computers and no shortcut to it is visible on the desktop or the start menu. Instead, the application is available for the user to install using Add/Remove Programs in Control Panel or by clicking a file associated with the application. We cannot publish an application to a computer. In this scenario the GPO must be linked to the domain so that it affects all users and the app must be assigned to users so tat it appears as a shortcut in the users start menus. Incorrect Answers: B: If we assign the application to computers it will be automatically installed the next time the computer is restarted, but we only want users to be able to install it when they use a shortcut in the Start menu. C: We must link the policy to the domain to ensure that it affects all users. The application must be assigned, not published to users. D: The application should be assigned to users to not computers.
|
Question 1.
LSC validation is failing on a new SCCP IP phone that you have just added to the Cisco Unified CallManager 5.0 cluster. No other IP phones are experiencing any problems with LSC validation.
What can you do to help pinpoint the problem?
A. Check for security alarms
B. Verify that the authentication string is correct in the Cisco Unified CallManager device
configuration screen
C. View the SDI trace output
D. Use the Security configuration menu on the IP phone to verify that an LSC has been
downloaded to the IP phone
Answer: D
Question 2.
Which three capabilities can't be configured if the default dial peer is matched? (Choose three.)
A. Set preference to 1
B. Invoke a Tcl application
C. Enable dtmf-relay
D. Set codec to G.711
E. Disable DID
F. Disable VAD
Answer: B, C, F
Question 3.
When using trace output to troubleshooting a Cisco Unified CallManager 5.0 problem, how can you collect and view the trace files?
A. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and
then use the embedded RTMT tool to view the trace files
B. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and
download the RTMT plug-in from the CallManager Administration page to view the trace output
C. Download the RTMT plug-in from the Cisco Unified CallManager Serviceability page to view
the preconfigured trace files
D. Configure the proper alarms and traces on the Cisco Unified CallManager Administration page
and view the output with the RTMT plug-in
Answer: B
Question 4.
You are troubleshooting why a user can't make calls to the PSTN. You are reviewing trace files and you found where the user's IP phone initiates the call but you never see the call go out the gateway.
What is the next step in troubleshooting this issue?
A. Look in the SDL trace file to see if there is a signal to another Cisco Unified CallManager node
with the same time-stamp
B. Look in the MGCP trace file to determine which MGCP gateway the call was sent to
C. Look in the IP Voice Media Streaming APP trace file to see if an MTP was invoked
D. Look in the SDL trace file to see if there is a signal to anther Cisco Unified CallManager node
with the same TCP handle
Answer: A
Question 5.
Exhibit:
Your work as a network engineer at ITCertKeys.com. Please study the exhibit carefully.
Voice bearer traffic is mapped to which queue in FastEthernet0/2?
A. Queue 2
B. Queue 3
C. Queue 1
D. Queue 4
Answer: A
Question 6.
Exhibit:
Your work as a network engineer at ITCertKeys.com. Please study the exhibit carefully. You have received a trouble ticket stating that calls to international numbers are failing. To place an international call, users dial the access code, "9," followed by "011", the country code and the destination number. After entering the debug isdn 1931 command on the MGCP gateway, you have the user attempt the call again.
Base on the debug output, what is the most likely cause of this problem?
A. The TON in incorrect
B. The circuit is not configured correctly or has a physical layer issue
C. Cisco Unified CallManaager is not stripping the access code before sending the call to the
gateway
D. The gateway dial peer needs to prefix "011" to the called number so the PSTN knows this is
an internation call
E. The user's CSS does not permit international calls
Answer: A
Question 7.
You have developed a dial plan for Cisco Unified CallManager 5.0 solution. All the route patterns, partitions, calling search spaces and translation rules have been configured. Before starting up the system you wish to test the dial plan for errors.
Which Cisco Unified CallManager tool will simplify this testing?
A. Route Plan Report
B. Dial Plan Installer
C. Dialed Number Analyzer
D. RTMT Traces and Alarms
Answer: C
Question 8.
You have just obtained a list of the following options:
all patterns
unassigned DN
Call Park
Conference
Directory Number
Translation Pattern
Call pickup group
Route pattern
Message waiting
Voice mail
Attendant console
What have you selected in order to produce this list?
A. Route Plan > External Route Plan Wizard
B. Control Center > Feature Services
C. Route Plan > Route Plan Report
D. Dialed Number Analyzer
Answer: C
Question 9.
You have configured the Enable Keep Alive check under Trace Filter settings.
How does this change the trace output?
A. It adds the IP address of the endpoint in hex
B. It maps the unique TCP handle for the endpoint to the MAC address of the endpoint in the
trace output
C. It adds the SCCP messages and all fields sent as part of that message
D. It adds TCP socket numbers between the endpoint and Cisco Unified CallManager for the
session
Answer: B
Question 10.
When using trace output to troubleshooting a Cisco Unified CallManager 5.0 problem, how can you collect and view the trace files?
A. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and
download the RTMT plug-in from the CallManager Administration page to view the trace output
B. Configure the proper alarms and traces on the Cisco Unified CallManager Administration page
and view the output with the RTMT plug-in
C. Download the RTMT plug-in from the Cisco Unified CallManager Serviceability page to view
the preconfigured trace files
D. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and
then use the embedded RTMT tool to view the trace files
Answer: A
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.