|
70-293
This test was a difficult. Anyway, here is what I can remember:
Q. 1: You are the network
administrator for abc. The network consists of a single Active
Directory domain named abc.com. All computers on the network are
members of the domain. You administer a three-node Network Load
Balancing cluster. Each cluster node runs Windows Server
2003 and has a single network adapater.
The cluster has converged successfully. You notice that the
nodes in the cluster run at almost full capacity most of the
time. You want to add a fourth node to the cluster. You enable
and configure Network Load Balancing on the fourth node.
However, the cluster does not converge to a four-node cluster.
In the System log on the existing three nodes, you find the
exact same TCP/IP error event. The event has the following
description: “The system detected an address conflict for IP
address 10.50.8.70 with the system having network hardware
address 02:BF:0A:32:08:46.” In the System log on the new fourth
node, you find a similar TCP/error event with the following
description: “The system detected an address conflict for IP
address 10.50.8.70 with the system having network hardware
address 03:BF:0A:32:08:46.” Only the hardware address is
different in the two descriptions.
You verify that IP address
10.50.8.70 is configured as the cluster IP address on all four
nodes. You want to configure a
four-node Network Load Balancing cluster. What should you do?
A. Configure the fourth node
to use multicast mode.
B. Remove 10.50.8.70 from the
Network Connections Properties of the fourth node.
C. On the fourth node, run
the nlb.exe resume command.
8
D. On the fourth node, run
the wlbs.exe reload command.
Answer: A
Q. 2 You are the
network administrator for abc. You need to provide Internet name
resolution services for the company. You set up a Windows Server
2003 computer running the DNS Server service
to provide this network service.
During testing, you notice the following intermittent problems:
Name resolution queries sometimes
take longer than one minute to resolve.
Some valid name resolution queries
receive the following error message in the Nslookup command
and-line tool: “Non-existent domain”.
You suspect that there is a
problem with name resolution. You need to review the individual
queries that the server handles. You want to configure
monitoring on the DNS server to
troubleshoot the problem. What should you do?
A. In the DNS server
properties, on the Debug Logging tab, select the Log packets for
debugging option.
B. In the DNS server
properties, on the Event Logging tab, select the Errors and
warnings option.
C. In the System
Monitor, monitor the Recursive Query Failure counter in the DNS
object.
D. In the DNS server
properties, on the Monitoring tab, select the monitoring
options.
Answer: A
Q. 3 You are a
network administrator for abc. All domain controllers run
Windows Server 2003. The network contains 50 Windows 98 client
computers, 300 Windows 2000 Professional computers, and 150
Windows XP Professional computers.
According to the network design specification, the Kerberos
version 5 authentication protocol must be used for all client
computers on the internal network. You need to ensure that
Kerberos version 5 authentication is used for all client
computers on the internal network. What should you do?
A. On each domain
controller, disable Server Message Block (SMB) signing and
encryption of the secure channel traffic.
B. Replace all Windows
98 computers with new Windows XP Professional computers.
C. Install the Active
Directory Client Extension software on the Windows 98 computers.
D. Upgrade all Windows
98 computers to Windows NT workstation 4.0.
Answer: B
Q. 4 You are the
network administrator for abc. The company has a main office and
20 branch offices. You recently completed the design of the
company network. The network design consists of a
single Active Directory domain named
abc.com. All domain controllers will run Windows Server 2003.
The main office will contain four domain controllers, and each
branch office will contain one domain controller. The branch
office domain controllers will be administered from the main
office. You need to ensure that the domain controllers are kept
up-to-date with software updates for Windows Server 2003 after
their initial deployment. You want to ensure that the domain
controllers automatically install the updates by using the
minimum amount of administrative intervention. You also want to
configure the settings by using the minimum amount of
administrative effort. What should you do?
A. In System Properties,
on the Automatic Update tab, enable Keep my computer up to date,
and then select Download the updates automatically and notify me
when they are ready to be installed.
B. In the Default Domain
Controllers Policy Group Policy object (GPO), enable Configure
Automatic Updates with option 3 – Auto download and notify for
install.
C. In the Default Domain
Controllers Policy Group Policy object (GPO), enable Configure
Automatic Updates with option 4 – Auto download and schedule the
install.
D. In System Properties,
on the Automatic Updates tab, enable Keep my computer up to
date, and then select Automatically download the updates, and
install them on the schedule that I specify.
Answer: B
Q. 5 You are the
network administrator for abc. The network consists of an
internal network and a perimeter network. The internal network
is protected by a firewall. The perimeter network is exposed
to the Internet. You are deploying 10
Windows Server 2003 computers as Web servers. The servers will
be located in the perimeter network. The servers will host only
publicly available Web pages. You want to reduce the possibility
that users can gain unauthorized access to the servers. You are
concerned that a user will probe the Web servers and find ports
or services to attack. What should you do?
A. Disable File and Printer
Sharing on the servers.
B. Disable the IIS Admin
service on the servers.
C. Enable Server Message
Block (SMB) signing on the servers.
D. Assign the Secure Server
(Require Security) IPSec policy to the servers.
Answer: A
Q. 6 You are the
network administrator for abc. The network consists of a single
Active Directory domain
named abc.com. abc’s perimeter network contains
50 Web servers that host the company’s public Internet site. The
Web servers are not members of the domain.
The network design team
completed a new design specification for the security of servers
in specific roles. The network design requires that security
settings must be applied to Web servers. These settings include
password restrictions, audit settings, and automatic update
settings. You need to comply with the design requirements for
securing the Web servers. You also want to be able to verify the
security settings and generate a report during routine
maintenance. You want to achieve these goals by using the
minimum amount of administrative effort. What should you do?
4
A. Create a custom
security template named Web.inf that contains the required
security settings. Create a new organizational unit (OU) named
WebServers and move the Web servers into the new OU. Apply
Web.inf to the WebServers OU.
B Create a custom
security template named Web.inf that contains the required
security settings, and deploy Web.inf to each Web server by
using Security Configuration and Analysis.
C. Create an image of a
Web server that has the required security settings, and
replicate the image to each Web server.
D. Manually configure
the required security settings on each Web server.
Answer: B
Q. 7 You are the
network administrator for abc. The network consists of a single
Active Directory domain named abc.com. All computers on the
network are members of the domain. All servers run Windows
Server 2003 and all client computers run Windows XP
Professional. You are planning a
security update infrastructure. You need to find out which
computers are exposed to known vulnerabilities. You need to
collect the information on existing vulnerabilities for each
computer every night. You want this process to occur
automatically. What should you do?
A. Schedule the secedit
command to run every night.
B. Schedule the mbsacli.exe
command to run every night.
C. Install Microsoft Baseline
Security Analyzer (MBSA) on one of the servers.
Configure Automatic Updates
on all other computers to use that server.
D. Install Software Update
Services (SUS) on one of the servers.
Configure the SUS server to
update every night.
Answer: B
|
