Exam 70-291 Preparation Questions

Exam 70-291 study material

Made available by Aonetesting.com

Free 70-291 Exam Preparation Questions

Exam 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

For Latest 70-291 Exam Questions and study guides- visit- http://www.aonetesting.com/70-291.html

http://www.aonetesting.com/70-291.html




Question:1 You have a DNS server that runs Windows Server 2003 Service Pack 2 (SP2). You enable DNS debug logging by using the default settings. You create a primary zone named Hi-Tech.com.com. You need to view all the DNS responses that the DNS server has sent. What should you do? You work as a security administrator for Microsoft. The basic network and some configurations

A. From Event Viewer, open the application log. B. From Event Viewer, open the DNS server log. C. Open %systemroot%\system32\dns\dns.log. D. Open %systemroot%\system32\dns\Hi-Tech.com.com.dns.

Answer: C Question:2 Your network consists of a single Active Directory named Hi-Tech.com.com. All servers run Windows Server 2003 Service Pack 2 (SP2). You have two DNS servers named Server1 and Server2. Server1 has a primary DNS zone for Hi-Tech.com.com. Server2 has a secondary DNS zone for Hi-Tech.com.com. You need to log all zone transfer requests and client queries made to Server1. What should you configure from the DNS snap-in on Server1? A. The debug logging settings B. The event logging settings C. The monitoring settings for the Hi-Tech.com.com zone D. The zone transfer settings for the Hi-Tech.com.com zone

Answer: A Question:3 You are the network administrator for Fabrikam, Inc. The network contains a DNS server named Server1. Server1 is configured to resolve queries for external internet resources. Server1 also hosts the fabrikam.com internal zone for Active Directory. Users report that they are directed to the wrong Web site when browsing for well-known Internet Web sites. You need to minimize the occurrence of unexpected results when users browse the Internet in the future. You also need to minimize disruption to users. What should you do? You work as a security administrator for Microsoft. The basic network and some configurations are as following:

A. Enable the Disable recursion setting in the advanced properties of Server1. B. Enable Fail on load if bad zone data setting in the advanced properties of Server1. C. Enable the Secure cache against pollution setting in the advanced properties of Server1. D. Enable the Enable automatic scavenging of stale resource records setting in the advanced properties of Server1

and set it to 7 days.

Answer: C Question:4 Your company has a main office and one branch office. All servers run Windows Server 2003 Service Pack 2 (SP2). In the main office, a server named DNS1 hosts the primary DNS zone for Hi-Tech.com.com. You configure a primary zone for west.Hi-Tech.com.com on a DNS server named DNS2 in the branch office. All servers in the branch office are configured to have the west.Hi-Tech.com.com DNS suffix. You need to ensure that users in the main office can resolve server names in the branch office. The solution must meet the following requirements: Minimize the amount of DNS zone transfer traffic between the offices. Maintain the current name resolution process for users in the main office.


What should you configure on DNS1? You work as a security administrator for Microsoft. The basic network and some configurations

A. A host record for DNS2 B. A secondary zone for the west.Hi-Tech.com.com zone C. A stub zone for the west.Hi-Tech.com.com zone D. DNS2 as a forwarder

Answer: C Question:5 Your network contains a single Active Directory domain named Hi-Tech.com.com. You have a domain controller named DC1 that runs Windows Server 2003 Service Pack 2 (SP2) that has the DNS Server Windows component installed. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2) SP2. Server1 fails to update its host (A) record for the Hi-Tech.com.com domain. You need to verify that DNS requests from Server1 are sent to DC1. What should you do? A. On Server1, restart the server, press F8, and enable boot logging. B. On Server1, open the properties of the network adapter and install the Network Monitor Driver. C. On DC1, open the DNS snap-in and configure debug logging for the DNS Server service. D. On DC1, open the DNS snap-in and configure event logging for errors and warnings for the DNS Server service.

Answer: C Question:6 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. All servers on the Hi-Tech.com network run Windows Server 2003 Service Pack 2 (SP2) and all client computers run Windows XP Professional. Some of the servers at Hi-Tech.com run important business applications. After performing performance baselining on the servers that run the business applications, you notice that one of the servers have a larger number of simultaneously connected users than any of the other servers. Because of this, the performance of the server is poor. You need to identify which client computers are connected to the server. You plan to run Network Monitor to capture the packets sent to the server. The capture task must be configured so that you can reduce the size of the captured data by capturing only the packet headers. If a large number of packets are captured, the packets must be retained on the server; and the capture packets must not overwrite previously captured packets. Which of the following tasks should you perform to configure Network Monitor?

A. Configure the Network Monitor display filters and increase the Network Monitor frame size setting. B. Configure the Network Monitor capture filters and decrease the Network Monitor frame size setting. C. Increase the Network Monitor buffer size setting and decrease the Network Monitor frame size setting. D. Decrease the Network Monitor buffer size setting and increase the Network Monitor frame size setting.


Answer: C Question:7 You have DNS server named DC1 that runs Windows Server 2003 Service Pack 2 (SP2). DC1 hosts an Active Directory-integrated zone that has dynamic updates enabled. You enable aging and scavenging for the zone. You discover that stale records are not being removed from the zone. You need ensure that stale records are removed from the zone. What should you do?

A. Reduce the Refresh interval for the zone. B. Enable aging and scavenging for the server. C. Reduce the No-Refresh interval for the zone. D. Open the DNS snap-in, right -click DC1, and select Update Server Data Files.

Answer: B Question:8 You are the DNS administrator for Adventure Works.Adventure Works is an Internet service provider (ISP) that hosts Web sites for many companies. Each Adventure Works DNS server hosts multiple DNS zones for customers. Several Adventure Works administrators are allowed to add DNS zones.You want to produce a weekly report that will list all the zones that are hosted on each DNS server.What should you do?

A. Use the dnslint utility to query each DNS server. B. Use the dnscmd utility to query each DNS server. C. Use the nslookup utility to query each DNS server. D. Use the adsiedit utility to query Active Directory for a list of DNS zones.

Answer: B Question:9


Your company has a main office and one branch office. Your network consists of an Active Directory domain. You have a remote access server in the main office named Server1. You have a remote access server in the branch office named Server2. Server2 has a demand-dial interface that connects to Server1. The demand-dial interface connects by using a domain account named Ras1. You need to prevent Server2 from establishing new demand-dial connections to the main office between 18:00 and 08:00. What should you do? A. Modify the dial-in properties of the Ras1 account. B. Modify the dial-out hours on the demand-dial interface. C. Modify the IP demand-dial filters on the demand-dial interface. D. Enable Bandwidth Allocation Protocol (BAP) on Server2.

Answer: B Question:10 You have a VPN server that runs Windows Server 2003 Service Pack 2 (SP2). The VPN server supports only PPTP connections. A firewall protects the VPN server from the Internet. From a remote computer connected to the Internet, you attempt to connect to the VPN server. During the connection attempt, you receive a message that your user name and password are being verified. You then receive the following error message:"Error 721:The remote computer is not responding. " You need to ensure that you can establish a VPN connection to the VPN server from the Internet. What should you do?

A. On the VPN server, enable LAN routing. B. On the VPN server, create a demand-dial interface. C. On the firewall, allow inbound connections that use TCP port 1701. D. On the firewall, allow inbound connections that use Generic Route Encapsulation (GRE) protocol 47.

Answer: D Question:11 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. All servers on the Hi-Tech.com network run Windows Server 2003 Service Pack 2 (SP2) and all client computers run Windows XP Professional. A user named Rory Allen works in the Purchasing department. Rory Allen uses a client computer named CLIENT01. He is responsible for purchasing supplies from a particular supplier by using the Internet. The supplier's Web site should create cookies on Rory Allen's client computer. The cookies cause the Web page to display the "Last search results" hyperlink that is useful when searching for similar items during each visit to the Web site. However, Rory Allen complains that the hyperlink does not appear on CLIENT01. You log on to CLIENT01 and view the Internet Explorer Internet options. The Privacy tab is set at High. What should you do to allow cookies to display the last search results for CLIENT01? A. In the Privacy tab, click the Sites button and add the supplier's Web site to the allow list. B. In the Privacy tab, change the privacy setting to Medium High. C. In the Privacy tab, click the Advanced button and select the Override automatic cookie handling option. Then

block first-party cookies and accept third-party cookies. D. In the Privacy tab, click the Advanced button and select the Override automatic cookie handling option. Then

accept first-party cookies and block third-party cookies.


Answer: A Question:12 Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network. You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access. What should you do?

A. Allow dial-in access for the user accounts of all Sales group members. B. Deny dial-in access for the user accounts of all users except the Sales group members. C. Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups

condition and specify the Sales group. D. Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups

condition and specify all Active Directory groups except for Sales.

Answer: C Question:13 You have a VPN server named Server1 and a file server named Server2. Both servers run Windows Server 2003 Service Pack 2 (SP2). VPN clients report that they cannot access shares on Server2 after connecting to Server1. You confirm that VPN clients receive the appropriate IP configurations and that they have permissions to the shared folders on Server2. You need to ensure that VPN clients can access the shares on Server2 when they connect to the network by using a VPN connection. What should you do?



A. From the Routing and Remote Access snap-in on Server2, enable IP Routing. B. From the Routing and Remote Access snap-in on Server2, enable Link Control Protocol (LCP) extensions. C. From Utility Manager on Server1, enable the Start automatically when I log on option. D. In the local security policy on Server2, configure the Network Access: Shares that can be accessed anonymously

setting.

Answer: A Question:14 Your network consists of a single Active Directory domain. The remote access permission for all users is set to Control access through Remote Access Policy. You have a VPN server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). The current configuration allows all authenticated users to establish VPN connections to Server1. You create a global group named Group1. You need to prevent all members of Group1 from establishing VPN connections to Server1. What should you do?


A. From the local computer policy on Server1, modify the Account Policies settings. B. From Active Directory Users and Computers, modify the Security settings of Group1. C. From the Routing and Remote Access snap-in, create a new remote access policy. D. From the Routing and Remote Access snap-in, open the properties of Server1 and modify the security options.

Answer: C Question:15 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network contains a Windows Server 2003 Service Pack 2 (SP2) computer named SERVER01. SERVER01 connects the Hi-Tech.com network to the Internet. One morning you discover that some computers on the Hi-Tech.com network are infected by a worm. You notice that the worm sends traffic to a number of hosts on the Internet using a specific TCP port number. You must find out which computers on the Hi-Tech.com network are infected by the worm. You must also identify all traffic being sent by the worm. After you have identified an infected computer, you must send a notification to a network administrator, to specify that the computer needs to be repaired. What should you configure to achieve your goal in these circumstances? You work as a security administrator for Microsoft. The basic network and some policies as the following:

A. A WMI event trigger. B. A Network Monitor capture filter. C. A Network Monitor trigger. D. A System Monitor Alert.

Answer: C Question:16 You are the network administrator for Hi-Tech.com, Ltd. The network consists of an Active Directory forest that contains one domain named Hi-Tech.com.com. All servers run Windows Server 2003 Service Pack 2 (SP2). Hi-Tech.com has a subsidiary named A. Datum Corporation. The A. Datum network consists of an Active Directory forest that contains one domain named adatum.com. All A. Datum servers run Windows Server 2003 Service Pack 2 (SP2) SP2. Hi-Tech.com and A. Datum offices are connected by a dedicated WAN link. The relevant portion of the network is configured as shown in the exhibit. (Click the Exhibit button.) A. Datum servers are inaccessible from the Internet. You must configure DNS1 to meet the following requirements: Allow Hi-Tech.com users to resolve DNS names for adatum.com.Minimize DNS lookup traffic over the WAN link. What should you configure on DNS1?



A. A delegation record for adatum.com B. A secondary zone for adatum.com C. A stub zone for adatum.com D. DNS2 as a conditional forwarder for adatum.com

Answer: B


Question:17 Your network contains a head office and one branch office. All servers run Windows Server 2003 Service Pack 2 (SP2). The network and IP configuration for each server are configured as shown in the exhibit. (Click the Exhibit button.) Server2 has the Routing and Remote Access service and the DNS Server service installed. Routing Information Protocol (RIP v2) is enabled on Server2 and all internal routers. Server1 is unable to connect to the Internet. You need to ensure that Server1 can connect to the Internet. What should you do?

A. On Server1, configure the default gateway address as 10.10.11.1 and then run Netstat r. B. On Server2, configure the preferred DNS server address as 10.10.11.111 and then restart the DNS Server service. C. On Server1, configure the default preferred DNS server address as 127.0.0.1 and then restart the DNS Client

service. D. On Server2, remove the 10.10.11.1 default gateway address and then restart the Routing and Remote Access

service.

Answer: D Question:18 You have a VPN server that runs Windows Server 2003 Service Pack 2 (SP2). The VPN server supports only PPTP connections. A firewall protects the VPN server from the Internet. From a remote computer connected to the Internet, you attempt to connect to the VPN server. During the connection attempt, you receive a message that your user name and password are being verified. You then receive the following error message:"Error 721: The remote computer is not responding." You need to ensure that you can establish a VPN connection to the VPN server from the Internet. What should you do? A. On the VPN server, enable LAN routing. B. On the VPN server, create a demand-dial interface. C. On the firewall, allow inbound connections that use TCP port 1701. D. On the firewall, allow inbound connections that use Generic Route Encapsulation (GRE) protocol 47.

Answer: D Question:19 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. All servers on the Hi-Tech.com network run Windows Server 2003 Service Pack 2 (SP2) and all client computers run Windows XP Professional. Hi-Tech.com has it headquarters at Washington DC and a branch office at Chicago. You work at the Chicago branch office. The Chicago branch office has a DNS server named SERVER31, two member servers named SERVER32 and SERVER33, and 100 client computers. SERVER31 is configured with the IP address 192.168.1.2 and contains host (A) resource records for all network client computers that are located in the Chicago branch office. You install the DHCP server service on SERVER32 and configure it with the settings as shown in the following table. You install a DSL modem and a second network adapter in SERVER33. The network adapter that connects to the DSL modem has the IP address 131.10.26.31, and the network adapter that connects to the LAN has the IP address 192.168.0.1. You then enable Internet Connection Sharing (ICS) on SERVER33.


The ISP's DNS server has the IP address 131.107.62.9. However, Chicago branch office users complain that they cannot access the Internet through the ICS host. What should you do to ensure that all Chicago branch office users can access the Internet? A. Remove the DHCP server service from SERVER32. B. Replace the DHCP scope on SERVER32 with one that has a subnet mask of

255.255.255.128. C. Change the DHCP scope option 003 Default Gateway on SERVER32 to 131.10.26.31. D. Install the DNS service on SERVER33, and configure 131.10.26.9 as a forwarder.

Answer: A Question:20 You are the network administrator for your company. You work in the company's branch office in Chicago. The network in your office consists of 40 Windows XP Professional desktop computers and one Windows Server 2003 Service Pack 2 (SP2) computer named Server1. Server1 connects to the Internet through a 512-Kbps leased line. The main office of the company is in Seattle. Users of the desktop computers in the Chicago office are developers who are developing a new software product. You want these users to place daily builds of the product in a shared folder on Server1. You want developers in the Seattle office to be able to download the daily builds from Server1 by using FTP. You install IIS on Server1 and configure the FTP site so that it is available to the developers in the Seattle office. However, when you monitor inbound Internet connection attempts to Server1, you notice many attempted HTTP connections. You want to secure Server1 so that it is not susceptible to malicious Internet users. Server1 must also connect to the Internet to use Windows Update and to download virus definition updates. You do not want to purchase additional hardware or software. What should you do on Server1?


A. Enable Internet Connection Sharing (ICS). B. Configure port filtering on the network adapter to allow only TCP port 80 and TCP port 21. C. Enable Internet Connection Firewall (ICF) and create a service setting in the Internet Connection Firewall settings

that allows internal and external TCP port 21 to Server1 internal and external TCP port 80 to Server1 D. Enable Internet Connection Firewall (ICF) and select the FTP Server check box in the Services tab. Enter Server1 as

the server hosting the FTP services.

Answer: D Question:21 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. The Hi-Tech.com network contains a DNS server named SERVER05 that runs Windows Server 2003 Service Pack 2 (SP2). Test Labs is a division of Hi-Tech.com, whose network consists of a single Active Directory domain named

testlabs.com. SERVER05 is configured as a secondary zone server for testlabs.com. You are currently monitoring notification traffic between these two domains. A record has to be kept of when the primary DNS server for testlabs.com informs SERVER05 of available changes in the testlabs.com zone. Which of the following should be carried out to meet

these requirements?

A. Use the Performance console to create a log of the DNS performance counter Notification Received on SERVER05.

B. Enable debug logging on SERVER05 and configure the log to record Notification events. C. Run the replmon command to monitor replication events on SERVER05. D. Run the dcdiag command to check DNS registration on SERVER05.



Your network contains 20 subnets. You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 has an IP address of 192.168.10.10 and is located on a subnet named Subnet10. All client computers run Windows XP Professional Service Pack 3 (SP3). Users on a subnet named Subnet1 report that they cannot connect to Server1. Users on Subnet10 report that they can connect to Server1. You log on to a computer on Subnet1. You need to identify the point of failure on the network. Which command should you run? A. Ipconfig /all B. Net view \\192.168.10.10 C. Ping 192.168.10.10 D. Tracert 192.168.10.10

Answer: D Question:23 You have a server that runs Windows Server 2003 Service Pack 2 (SP2). You create a user account named Admin1. You need to allow Admin1 to restart services and to review the security log. You must minimize the rights assigned to Admin1. Which group should you add Admin1 to?

A. Power Users B. Administrators C. HelpServicesGroup D. Remote Desktop Users

Answer: B Question:24 You are the network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain named fabrikam.com. A Windows Server 2003 Service Pack 2 (SP2) computer named Server1 functions as the DNS server for the domain. Wingtip Toys is a division of Fabrikam, Inc. The Wingtip Toys network consists of a single Active Directory domain named Hi-tech.com. Server1 is a secondary zone server for Hi-tech.com. You are monitoring notification traffic between the two domains. You need to keep a record of when the primary DNS server for Hi-tech.com informs Server1 of available changes in the Hi-tech.com zone. What should you do?


A. Use the Performance console to create a log of the DNS performance counter Notification Received on Server1. B. Enable debug logging on Server1. Configure the log to record Notification events. C. Run the replmon command to monitor replication events on Server1. D. Run the dcdiag command to check DNS registration on Server1.

Answer: B Question:25 Your network contains a Web server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2) and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users on the corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1. What should you do? A. In IIS Manager, enable the Enable client certificate mapping option. B. In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority. C. In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key. D. In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data (always).

Answer: B Question:26 Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). You need to record all attempts by domain users and local users to log on to Server1. What should you do?

A. In the Default Domain Controller Policy, enable success and failure for the Audit logon events policy setting. B. In the Default Domain Controller Policy, enable success and failure for the Audit account logon events policy setting. C. In the Local Security Policy on Server1, enable success and failure for the Audit logon events policy setting.


D. In the Local Security Policy on Server1, enable success and failure for the Audit account logon events policy setting.

Answer: C Question:27 Your company consists of a single Active Directory domain that is configured in Windows 2000 native mode. All servers run Windows Server 2003 Service Pack 2 (SP2). You deploy a Routing and Remote Access server to provide VPN access to the network. You need to ensure that only members of a group named Sales can access the network through the VPN. The solution must minimize the administrative effort required to manage remote access. What should you do?

A. Allow dial-in access for the user accounts of all Sales group members. B. Deny dial-in access for the user accounts of all users except the Sales group members. C. Create a remote access policy and assign the Allow - Remote Access permission. Add the Windows-Groups

condition and specify the Sales group. D. Create a remote access policy and assign the Deny - Remote Access permission. Add the Windows-Groups

condition and specify all Active Directory groups except for Sales.

Answer: C Question:28 Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 has IPSec enabled. Several users report that they cannot connect to Server1. You need to see how many IPSec connection attempts failed due to authentication failures. What should you do?

A. From IP Security Monitor, view the Main Mode Statistics. B. From Microsoft Baseline Security Analyzer, scan Server1. C. From the Security event log, view the events from the IPSec source. D. From System Monitor, add the IPSec V4 Driver : Active Security Associations counter.


Answer: A Question:29 Your network consists of a single Active Directory domain named Hi-Tech.com.com. All servers run Windows Server 2003 Service Pack 2 (SP2). All client computers run Windows XP Professional Service Pack 3 (SP3). You create an organizational unit (OU) that contains a computer account named Computer1. A Group Policy object (GPO) is linked to the OU and contains settings to enforce the use of IPSec. You log on to Computer1 by using a user account named User1. You need to verify that the IPSec settings have been applied. Which command should you run?

A. Dsquery user -name User1 B. Dsquery computer -name Computer1 C. Gpresult /s Computer1 /scope COMPUTER /v D. Gpresult /user User1 /scope USER /v

Answer: C Question:30 Your network consists of an internal network and a perimeter network. On the internal network there is a server named Server1. On the perimeter network there is a server named Server2. All servers run Windows Server 2003 Service Pack 2 (SP2). You schedule a task to transfers files from Server1 to Server2 by using FTP. You monitor the network traffic from Server1 to Server2 and notice that the user name and password used for the FTP transfer are sent as plain text. You need to ensure that all FTP traffic between Server1 and Server2 is encrypted. What should you do? A. Implement IPSec. B. Install a server certificate on Server1. C. Install a server certificate on Server2. D. Use the Encrypting File System on Server1.

Answer: A Question:31 You work as the network administrator at Hi-Tech.com. The Hi-Tech.com network consists of a single Active Directory domain named Hi-Tech.com. Hi-Tech.com utilizes a DNS namespace named Hi-Tech.com on their intranet. A total of three hundred records were manually created in the Hi-Tech.com zone for hosts that do not support dynamic updates. A Windows Server 2003 Service Pack 2 (SP2) computer, named SERVER03 hosts the Hi-Tech.com primary zone. There is currently no secondary zone configured. When Hi-Tech.com procures a new computer that will function as the primary DNS server for the Hi-Tech.com zone, Hi-Tech.com decides to name it SERVER04. Hi-Tech.com wants you to


reconfigure SERVER03 to host Hi-Tech.com as a secondary zone, once SERVER04 is configured as the primary server. You first install Windows Server 2003 Service Pack 2 (SP2) on SERVER04, and then add the DNS service. You now have to configure SERVER04 to host the primary zone for the Hi-Tech.com namespace, while retaining the records that are currently in the Hi-Tech.com namespace. You want. Which of the following is a list of procedures that you should follow to make sure that immediately after SERVER04 becomes the new primary name server for the zone, all host names can be resolved? You work as a security administrator for Microsoft. The basic network and some policies are as the following:

A. Set up a primary zone named Hi-Tech.com on SERVER04. Copy the file %systemroot%\system32\dns\Hi-Tech.com.com.dns from SERVER03 to the same location on SERVER04. Delete the Hi-Tech.com primary zone on SERVER03. Set up a secondary zone named Hi-Tech.com on SERVER03.

B. Set up a primary zone named Hi-Tech.com on SERVER04. Enable dynamic updates on the zone. Delete the Hi-Tech.com primary zone on SERVER03. Set up a secondary zone named Hi-Tech.com on SERVER03.

C. Set up a secondary zone named Hi-Tech.com on SERVER04. Add a name server (NS) record for SERVER04 to the Hi-Tech.com primary zone. Change the zone type of the Hi-Tech.com secondary zone to a primary zone on SERVER04. Delete the Hi-Tech.com primary zone on SERVER03. Set up a secondary zone named Hi-Tech.com on SERVER03.

D. Set up a stub zone named Hi-Tech.com on SERVER04. Add a name server (NS) record for SERVER04 to the Hi-Tech.com primary zone. Change the zone type of the Hi-Tech.com stub zone to a primary zone on SERVER04. Delete the Hi-Tech.com primary zone on SERVER03. Set up a secondary zone named Hi-Tech.com on SERVER03.

Answer: C Question:32 You are currently employed as a DNS administrator at Hi-Tech.com. Hi-Tech.com is an Internet Service Provider that hosts web sites for various companies. Hi-Tech.com's DNS server hosts multiple DNS zones for customers. There are a number of Hi-Tech.com administrators that are allowed to add DNS zones. What should you do to generate a weekly report that will list all the zones that are hosted on each DNS server?


A. Use the dnslint utility to query each DNS server. B. Use the dnscmd utility to query each DNS server. C. Use the nslookup utility to query each DNS server. D. Use the adsiedit utility to query Active Directory for a list of DNS zones.


Answer: B Question:33 You have a server that runs Windows Server 2003 Service Pack 2 (SP2). You install the Windows Support Tools on the server. You need to list all of the name servers in a DNS zone named Hi-Tech.com.com. Which two possible commands should you run? (Each correct answer presents a complete solution. Choose two.) A. Dnslint /d Hi-Tech.com.com B. Netdiag /d:Hi-Tech.com.com /test:DNS C. Net view /domain:Hi-Tech.com.com D. Nslookup querytype=ns Hi-Tech.com.com

Answer: A, D Question:34 Your company has a Berkley Internet Name Domain (BIND) DNS server named Server1 that hosts the Hi-Tech.com.com DNS zone. You plan to replace Server1 with a DNS server named Server2 that runs Windows Server 2003 Service Pack 2 (SP2). You need to configure DNS onServer2 to meet the following requirements: Retain all resource records currently in the Hi-Tech.com.com zone.Allow updates to resource records for the Hi-Tech.com.com zone on Server2. What should you do? You work as a security administrator for Microsoft. The basic network and some policies are as the following:

A. On Server2, configure a primary zone for Hi-Tech.com.com. B. On Server2, configure a secondary zone for Hi-Tech.com.com. Configure the Hi-Tech.com.com zone on

Server2 as a primary zone. C. Copy the Hi-Tech.com.com.dns file from Server1 to the %systemroot%\System32\DNS folder on Server2. On

Server2, restart the DNS Server service. D. Copy the Hi-Tech.com.com.dns file from Server1 to the %systemroot%\System32\DNS folder on Server2. On

Server2, create a secondary zone for Hi-Tech.com.com.

Answer: B Question:35 Your company has a main office and one branch office. Your network consists of an Active Directory domain. You have a remote access server in the main office named Server1. You have a remote access server in the branch office named Server2. Server2 has a demand-dial interface that connects to Server1. The demand-dial interface connects by using a domain account named Ras1. You need to prevent Server2 from establishing new demand-dial connections to the main office between 18:00 and 08:00. What should you do? You work as a security administrator for Microsoft. The basic network and some policies are as the following:


A. Modify the dial-in properties of the Ras1 account. B. Modify the dial-out hours on the demand-dial interface. C. Modify the IP demand-dial filters on the demand-dial interface. D. Enable Bandwidth Allocation Protocol (BAP) on Server2.

Answer: B Question:36 Your company has a main office and two branch offices. The main office is located in Montreal. The branch offices are located in Seattle and Winnipeg. In the Montreal office, you have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2) Web Edition Service Pack 2 (SP2). Server1 is configured as a VPN router. In the Seattle office, you have a VPN server named Server2. In the Winnipeg office, you have a VPN server named Server3. On Server1, you configure a L2TP/IPSec demand-dial interface for each branch office. On each branch office server, you create a single demand-dial interface that uses L2TP/IPSec to connect to the main office. All demand-dial interfaces are configured to use a pre-shared key. You discover that only one branch office can connect to the main office at a time. You need to ensure that both branch offices can connect to the main office simultaneously. What should you do?


A. Add two more demand-dial interfaces on Server1. B. Install a computer certificate on Server1, Server2, and Server3. C. Upgrade Server1 to Windows Server 2003 Service Pack 2 (SP2) Standard Edition SP2. D. Add an additional demand-dial interface on Server2 and Server3.

Answer: C


Question:37 You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003 Service Pack 2 (SP2). All client computers in the domain run Windows XP Professional. An application named Inventory.exe is installed on all computers in the domain to remotely gather software inventory information. The application runs as a service in the security context of the Local System. The startup type of the service is set to Automatic. In the Default Domain Policy Group Policy object (GPO), the security administrator has configured a software restriction policy that is applied to all computers in the domain. The policy contains a hash rule for the Inventory.exe application, and the hash rule is configured with a security level of Unrestricted. The client computers on the network are attacked by a worm that is distributed by e-mail messages received over the Internet. The worm detects the presence of Inventory.exe on a computer, then starts a new instance of the application in the security context of the logged-on user. The worm exploits a bug in the application to cause the computer to fail. You need to ensure that Inventory.exe cannot be started by the worm, while still allowing the application to run as a service. What should you do? A. In the computer settings section of the Default Domain Policy GPO, configure a software restriction policy that

contains a zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed. B. In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a

zone rule for the Internet zone. Configure the zone rule with a security level of Disallowed. C. In the user settings section of the Default Domain Policy GPO, configure a software restriction policy that contains a

hash rule for the Inventory.exe application. Configure the hash rule with a security level of Disallowed. D. In the computer settings section of the Default Domain Policy GPO, modify the existing software restriction policy

hash rule for the Inventory.exe application so that the hash rule has a security level of Disallowed.

Answer: D Question:38 Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). The network contains two servers named Server1 and Server2. Server1 is configured as a DHCP server and has a scope that contains addresses 192.168.2.51 to 192.168.2.125. You have a reservation for a print device named Printer1. The reservation assigns the IP address of 192.168.2.100. You install DHCP on Server2 and create a scope that contains addresses 192.168.2.126 to 192.168.2.200. You need to ensure that Printer1s IP address always remains the same. What should you create on Server2?

A. An exclusion range B. A reservation C. A superscope D. A user class



Your network consists of a single Active Directory domain. You have a DHCP server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). You have a computer named Computer1 that runs Windows XP Professional Service Pack 3 (SP3). You need to administer the DHCP service on Server1 from Computer1. What should you do first? A. On Computer1, install adminpak.msi. B. On Computer1, at a command prompt run the Netsh command. C. On Server1, open the DHCP snap-in and select Export List. D. On Server1, open the DHCP snap-in and add Computer1 to the list of servers.

Answer: A Question:40 You have two stand-alone servers that run Windows Server 2003 Service Pack 2 (SP2). You assign the Secure Server (Require security) IPSec policy to both servers. From Server1, you notice that you cannot access resources on Server2. You need to ensure that you can access resources on Server2. All communications between Server1 and Server2 must be encrypted. What should you do?


A. On Server1, assign the Client (Respond only) IPSec policy. B. On Server2, assign the Server (Request Security) IPSec Policy. C. On Server1 and Server2, modify the authentication settings in the Secure Server (Require security) IPSec Policy. D. On Server1 and Server2, enable Master Key perfect forward secrecy (PFS) in the Secure Server (Require

security) IPSec Policy.

Answer: C


For complete Exam 70-291 Training kits and Self-Paced Study Material

Visit:http://www.aonetesting.com/70-291.html

http://www.aonetesting.com


http://www.aonetesting.com/



Date post:	26-Mar-2016
Category:	Documents
Upload:	mitchell-johnson
View:	221 times
Download:	0 times

Exam 70-291 Preparation Questions

Documents