|
70-294
Passed the 70-294 exam yesterday. All the questions were from
www.exams.ws study material. I got 90 % marks. That’s
sufficient for me. I am satisfied with it.
Q. 1 You
are the network administrator for abc. The network consists of a single
Active Directory domain named abc.com. All servers run Windows Server
2003. All client computers run Windows XP Professional.
abc has one office in
Hong Kong and
another office in Beijing. Each office is configured as an Active
Directory site. Each site contains two domain controllers. The network
is configured to display a legal notice on the computer screens of all
users before they log on to their client computers. At the request of
the legal department, you make changes to the wording of the notice by
changing the settings in a Group Policy object (GPO). The GPO is linked
to the domain. The legal department reports that not all users are
receiving the new notice. You discover that users in the Beijing office
receive the new notice, but users in the Hong Kong office receive the
old notice. The problem continues for several days. You need to ensure
that the new notice appears correctly on all computers in the network.
What should you do?
A. Create a new security
group that contains the computer accounts for all computers in the Hong
Kong site. Grant permissions to this security group to read and apply
the GPO.
B. Temporarily assign
one of the domain controllers in the Hong Kong site to the Beijing site.
Wait 24 hours, and then reassign the domain controller to the Hong Kong
site.
C. Force replication of
Active Directory between the two sites.
D. Log on to one of the
domain controllers in the Hong Kong site, and seize the infrastructure
master role.
Answer: C
Q. 2 You
are the network administrator for abc. The network consists of a single
Active Directory domain named abc.com. All servers run Windows Server
2003. All client computers run either Windows XP Professional or Windows
2000 Professional. All client computer accounts are located in
an
organizational unit (OU) named Workstation. A written company policy
states that the Windows 2000 Professional computers must not use offline
folders. You create a Group Policy object (GPO) to enforce this
requirement. The settings in the GPO exist for both Windows 2000
Professional computers and Windows XP Professional computers. You need
to configure the GPO to apply only to Windows 2000 Professional
computers. What are two possible ways to achieve this goal? (Each
correct answer presents a complete solution. Choose two)
A. Create a WMI filter
that will apply the GPO to computers that are running Windows 2000
Professional.
B. Create a WMI filter
that will apply the GPO to computers that are not running Windows XP
Professional.
C. Create two OUs under
the Workstation OU. Place the computer accounts for the Windows XP
Professional computers in one OU, and place the computer accounts for
the Windows 2000 Professional computers in the other OU. Link the GPO to
the Workstation OU.
D. Create a group
that includes the Windows XP Professional computers. Assign the group
the Deny – General Resultant Set of Policy(Logging) permission.
Answer: A, B
Q.3
You are the network administrator for abc. The network consists of a
Single Active Directory domain with three sites. There is a domain
controller at each site. All servers run Windows
Server 2003. Each client computer runs
either Windows 2000 Professional or Windows XP Professional. The IT
staff is organized into four groups. The IT staff works at the three
different sites. The computers for the IT staff must be configured by
using scripts. The script or scripts must run differently based on which
site the IT staff user is logging on to and which of the four groups the
IT staff user is a member of. You need to ensure that the correct logon
script is applied to the IT staff users based on group membership and
site location. What should you do?
A. Create four Group
Policy objects (GPOs). Create a script in each GPO that corresponds to
one of the four groups. Link the four new GPOs to all three sites. Grant
each group permissions to apply only the GPO that was created for the
group.
B. Create a single
script that performs the appropriate configuration based on the user’s
group membership. Place the script in the Netlogon shared folders on the
domain controllers.
C. Configure a Group
Policy object (GPO) with a startup script that configures computers
based on IT staff group. Link the GPO to the three sites.
D. Create a script that
configures the computers based on IT staff group membership and site.
Create and link a GPO to the Domain Controllers OU to run the script.
Answer: A
Q. 4 You
are the network administrator for abc. The network consists of a single
Active Directory forest that contains five domains. The functional level
of the forest is Windows 2000. You have not
configured any universal groups in the
forest. One domain is a child domain named us A. abc.com that contains
two domain controllers and 50 client computers. The functional level of
the domain is Windows Server 2003. The network includes an Active
Directory site named Site1 that contains two domain controllers. Site1
represents a remote clinic, and the location changes every few months.
All of the computers in us A. abc.com are located in the remote clinic.
The single WAN connection that connects the remote clinic to the main
network is often saturated or unavailable. Site1 does not include any
global catalog servers.
You create several new user
accounts on the domain controllers located in Site1. You need to ensure
that users in the remote clinic can always quickly and successfully log
on to the domain. What should you do?
A. Enable universal
group membership caching in Site1.
B. Add the
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCFailures
key to the registry on both domain controllers in Site1.
C. Add the
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCFailures
key to the registry on all global catalog servers in the forest.
D. Raise the functional
level of the forest to Windows Server 2003.
Answer: B
Q.5
You are a network administrator for abc. The network consists of a
single Active Directory domain with two sites. The Active Directory
database is backed up every evening. A network administrator in Site1
deletes an empty organizational unit (OU) named Projects. At about
the same time, a
network administrator in Site2 moves 20 existing user accounts into the
Projects OU. Later, the administrator in Site2 discovers that the
Projects OU was deleted from Active Directory. He cannot see the user
accounts that he moved into the OU. You need to provide an OU named
Projects and add the 20 user accounts to the Projects OU. The users’
access to network resources must not be affected by this process. What
should you do?
A. Perform an
authoritative restore operation of the Projects OU and the user accounts
on a domain controller in Site2.
28
B. Perform a
nonauthoritative restore operation of the Projects OU and the user
accounts on a domain controller in Site2.
C. Create a new OU named
Projects. Create 20 new user accounts that have the same user principal
name (UPN) prefix. Move the user accounts into the new Projects OU.
D. Create a new OU named
Projects. Move the 20 user accounts from the LastAndFound container to
the new Projects OU.
Answer: D
Q. 6 You
are the network administrator for abc. The network consists of a single
Active Directory forest that contains three domains. Each domain
contains domain controllers that run Windows 2000 Server and domain
controllers that run Windows Server 2003. The DNS Server service is
installed on all
domain
controllers. All client computers run Windows XP Professional. You need
to add an additional DNS zone that is hosted on at least one DNS server
on each domain. You want to configure the zone to allow secure updates
only. What should you do?
A. Configure the new
zone on DNS servers in the root domain. Configure stub zones that refer
to DNS servers in another two domains.
B. Configure the new
zone as a primary zone on one DNS server. Configure other DNS servers in
the three domains as secondary servers for this zone. Enable the DNS
Security Extensions (DNSSEC) protocol.
C. Configure the new
zone as an Active Directory-integrated zone on DNS servers in the three
domains. Store the zone data in the DNS directory partition named
DomainDNSZones.
D. Configure the new
zone as an Active Directory-integrated zone on DNS servers in the three
domains. Store the zone data in the DNS directory partition named
ForestDNSZones.
Answer: D
Q. 7 You
are a network administrator for abc. The network consist of a single
Active Directory domain. The domain name is abc.com. The network
contains three Windows Server 2003 domain controllers. You are creating
the recovery plan for the company. According to the existing backup
plan,
domain
controllers are backed up by using normal backups each night. The normal
backups of the domain controllers include the system state of each
domain controller. Your recovery plan must incorporate the following
organization requirements:
·
Active Directory objects that
are accidentally or maliciously deleted must be recoverable.
·
Active Directory must be restored to its most recent state of quickly as
possible.
·
Active Directory database replication must be minimized.
You need to create a
plan to restore a deleted organizational unit (OU). Which two actions
should you include in your plan? (Each correct answer presents part of
the solution.
Choose two)
A. Restart a domain
controller in Directory Services Restore Mode.
B. Restart a domain
controller in Safe Mode.
C. Use the Ntdsutil to
perform an authorative restore operation of the Active Directory
database.
D. Restore the system
state by using the Always replace the file on my computer option.
E. Use the
Ntdsutil utility to perform an authoritative restore operation of the
appropriate subtree.
Answer: A, E
|
