You are on page 1of 11

Server 2003 FINAL

True/False
Indicate whether the statement is true or false.

____ 1. A DHCP server that is located on a member server and that is a member of a workgroup must be
authorized before it can respond to DHCPDISCOVER messages?

____ 2. The DHCP Server service is installed on Microsoft Windows Server 2003 by default.

____ 3. A DHCP database is a distributed database similar to a DNS database?

____ 4. Microsoft Windows Server 2003 DHCP Server supports both automatic and manual backups?

____ 5. When you install Microsoft Windows Server 2003, DNS is installed automatically.

____ 6. Host computers typically use iterative queries.

____ 7. A Microsoft Windows Server 2003 domain that utilizes an Active Directory–integrated DNS zone
can have a secondary DNS server running on a member server.

____ 8. When a file that has been encrypted using EFS is copied from one folder on an NTFS file system
drive to another folder on an NTFS drive, the file will remain encrypted?

____ 9. Communication partners using IPSec require identical security policies.

____ 10. SUS can be installed only on an NTFS file system partition.

Multiple Choice
Identify the choice that best completes the statement or answers the question.

____ 11. You administer a network that has 75 client computers configured to dynamically receive IP address
configuration. The DHCP server has been configured using a DHCP scope with a configured IP
address range of 170.34.32.1 to 170.34.32.255 and a 24-bit mask. The network consists of a
Microsoft Windows Server 2003 domain and Microsoft Windows XP clients configured as DHCP
clients. Users of the client computers cannot access other computers or resources on the network.
Which of the following options should you use to resolve the problem?
a. Activate the scope.
b. Reboot the DHCP server.
c. Increase lease duration.
d. Change the ending IP address to 170.34.38.255.
e. Re-create the scope using a subnet mask of 255.255.244.0.
____ 12. You are the administrator of a Microsoft Windows Server 2003 network. The network consists of
two Windows Server 2003 computers named Toledo and Cleveland and 275 Microsoft Windows XP
Professional computers. Toledo is a DHCP server. The DHCP server provides the TCP/IP
configuration for all Microsoft Windows XP computers. Toledo and Cleveland have manually
configured IP addresses. Toledo frequently hosts multicast-based video and audio conferences. You
want to dynamically allocate multicast addresses. How should you configure the network?
a. On the DHCP server, create and activate a multicast scope with a range of Class D
addresses.
b. On Toledo, configure routing and remote access to enable the Internet Group
Membership Protocol (IGMP) routing protocol in proxy mode on the LAN
interface.
c. Enable router discovery on the Windows XP Professional computers.
d. Add a route for network destination 224.0.0.0 and mask 224.0.0.0 on the Windows
XP Professional computers.
____ 13. As a network administrator, you are deploying DHCP on your Microsoft Windows Server 2003
network. You want to ensure that all of your print devices receive the same IP address each time
they initialize. What step should you take to ensure that DHCP assigns the same address to the print
devices?
a. Configure client reservations for each print device interface.
b. Configure a lease that will never expire.
c. Configure address exclusion for the print devices.
d. Statically configure the IP address for all print devices.

____ 14. Secure dynamic updates are available in which type of DNS zone?
a. Standard primary
b. Secondary
c. Active Directory–integrated
d. Standard primary and secondary

____ 15. Which DHCP management process is used to recover unused space in the DHCP database?
a. Reconciling
b. Compacting
c. Restoring
d. Removing

____ 16. You are a network administrator of a Microsoft Windows Server 2003 domain that is configured to
use secure dynamic updates for DNS. The network clients have just been updated from Microsoft
Windows NT 4 to Microsoft Windows 2000, and the DHCP server has been set to never update DNS
on behalf of clients (the DHCP server’s original setting was to always update DNS). You notice that
the Windows 2000 clients do not update DNS. Which of the following could be the cause of the
problem?
a. The DNS zones are incorrectly set to Active Directory–integrated.
b. The DHCP server is not a member of the DnsUpdateProxy security group.
c. The DNS server is not a member of the DnsUpdateProxy security group.
d. The Windows 2000 clients should be upgraded to Microsoft Windows XP
Professional.
____ 17. Your DHCP database is corrupt, and you are forced to perform a manual restore. The database
restore was successful. The week after the restore, you ask one of your junior administrators to make
a change to the DHCP server. The junior administrator is not a member of the Administrators group,
but has been given permissions to administer the DHCP database. Your assistant reports that she is
not able to administer the DHCP database. What is the most likely reason the assistant cannot
administer the database?
a. Security credentials are not backed up by DHCP. After you perform a restore, you
must reconfigure security credentials associated with the DHCP database.
b. Only members of the Administrators group can administer the DHCP server.
c. You incorrectly assigned permissions to the junior administrator’s user account.
d. The junior administrator must be a member of the Domain Administrator group to
administer the DHCP server.
____ 18. While reviewing DHCP server logs, you notice several entries with event ID 15, which indicates that
a lease was denied. You would like to determine how long this has been occurring and what is
causing this error. The DHCP server has been online for only three weeks. To begin troubleshooting
this problem, you ask your assistant to provide you with the DHCP logs from the previous three
weeks. Your DHCP server has logging enabled with the default configuration. Your assistant reports
that he cannot locate DHCP logs for the past three weeks. What is preventing your assistant from
obtaining these logs?
a. The assistant user account does not have adequate privileges.
b. The DHCP server is not a member of the DnsUpdateProxy security group.
c. A DHCP server with default configuration keeps logs for only seven days.
d. DHCP logs are erased every 24 hours.

____ 19. You are the administrator of a Microsoft Windows Server 2003 domain. Your domain has three
DNS servers, which are located on domain controllers. Currently, you can create updates on only
one of the DNS servers. You would like to be able to make changes to the DNS database on any of
the three DNS servers, and you want these changes to replicate to all other DNS servers in your
domain. You should make which configuration change?
a. Convert all DNS servers to primary DNS servers.
b. Convert all DNS server zones to Active Directory–integrated zones.
c. This cannot be accomplished.
d. Create forwarding entries on the DNS servers with secondary zone files.

____ 20. Microsoft Windows Server 2003 has three options for Active Directory–integrated zone replication.
Which of the following is not available as a replication option in Windows Server 2003?
a. Replicate to all DNS servers in the forest.
b. Replicate to all domain controllers in the domain.
c. Replicate to all domain controllers that are DNS servers in the same domain.
d. Replicate to all domain controllers that are also DNS servers in the entire forest.

____ 21. Your Microsoft Windows Server 2003 network has one primary DNS server and two secondary
DNS servers. Several changes are made to the zone database on the primary server. How will the
secondary DNS servers learn about the changes to the primary server’s zone database?
a. The master server will notify the secondary servers of zone changes.
b. The update will occur only when the zone refresh interval expires.
c. The DNS Server service is restarted on a secondary server.
d. A zone transfer is manually initiated on the secondary servers.
e. A zone transfer is automatically initiated every 60 minutes.

____ 22. You administer a private Microsoft Windows Server 2003 network that has a standard primary DNS
server and a standard secondary DNS server. Both servers are used to resolve internal DNS names.
Your network has an external DNS server that is separated from the internal network by a firewall.
Internal users complain that they cannot resolve names on the Internet. What should you do to
resolve this problem?
a. Edit the Cache.dns file.
b. Configure the internal DNS servers to forward requests to the external DNS server.
c. Remove the firewall.
d. Configure a PTR record to the external DNS server on the internal DNS servers.

____ 23. Which DNS management tool can be used to verify the consistency of a particular group of DNS
resource records on multiple DNS servers?
a. DNSLint
b. Dnscmd
c. Nslookup
d. Ipconfig

____ 24. Which command-line tool can be used to configure and analyze system security by comparing
current settings against at least one template?
a. Secedit utility
b. Gpupdate utility
c. Analyze utility
d. Ipconfig utility

____ 25. The Secedit command-line tool provides an administrator with the ability to perform functions
similar to those that can be performed using the Security Configuration And Analysis snap-in.
Which function cannot be performed using Secedit?
a. Configure
b. Authenticate
c. Analyze
d. Generate rollback

____ 26. Your domain consists of servers running Microsoft Windows Server 2003, clients running Microsoft
Windows XP Professional, and clients running Microsoft Windows 98. Your company recently
started a confidential research project and all network communication related to this project must be
encrypted using IPSec. All of the client computers for employees working on this project run
Windows 98. After installing the server for the project, you configure the Secure Server (Require
Security) policy and apply the policy to the server using the local security policies. You then apply
the Client (Respond Only) policy to the OU that contains all of the client computers that are
involved in this project. You discover that none of the Windows 98 clients are able to communicate
with the server. What additional step must you take to allow the clients running Windows 98 to
communicate with the server?
a. Apply the Server (Request Security) policy to the client computers.
b. Download the legacy IPSec client for Windows 98 from the Microsoft Web site.
c. Start the IPSec Policy Agent.
d. Install Network Monitor on the client computers running Windows 98.

____ 27. You are the network administrator for the contoso.com domain. Your network consists of a
Microsoft Windows Server 2003 domain. Your corporate security policy requires that all
communication be encrypted using IPSec. Your company has a partnership with Litware, Inc.
Litware users must communicate with Contoso users; however, the Litware users are not members
of the Contoso domain, and you are not certain about which operating system the Litware computers
run. How should you configure authentication so that all communication is encrypted?
a. Configure both Contoso and Litware policies to use X.509 certificates for
authentication.
b. Configure both Contoso and Litware policies to use NTLM for authentication.
c. Configure Contoso to use Kerberos for authentication, and configure Litware to
use X.509 certificates for authentication.
d. Use the default authentication settings for both Litware and Contoso.

____ 28. You configured all of your clients running Microsoft Windows XP Professional and servers running
Microsoft Windows Server 2003 to automatically interact with the Windows Update Web site. You
notice that all of the client computers have an informative message stating, “Updates for your
computer have been downloaded from Windows Update. Click here to review these updates and to
install them.” It was not your intention to allow users to decide which updates to install or when the
updates will be installed. How can you configure your client computers to maintain the latest service
packs and security patches without user interaction?
a. Use Group Policy to enable the No Auto-Restart option for all domain computers.
b. Configure the Automatic Updates settings on the clients running Windows XP
Professional and the servers running Windows Server 2003 to Automatically
Download The Updates And Install Them On The Schedule That I Specify.
c. Configure the Automatic Updates settings only on the servers that run Windows
Server 2003 to Automatically Download The Updates, And Install Them On The
Schedule That I Specify. The servers will then update the clients when they restart.
d. Have the users log on as local administrators, and the updates will be automatically
installed.
____ 29. What is the recommended minimum level of RAM for a SUS server?
a. 512 MB
b. 256 MB
c. 1 GB
d. 128 MB per SUS client

____ 30. You configured a SUS server to synchronize with the Windows Update site daily at 7:00 A.M., and
you configured the server to store the updates locally. Your client computers are scheduled to run
Automatic Updates at 12:00 P.M. daily while employees are at lunch. When you arrive at work at
8:00 A.M., one of your coworkers informs you that the contents of one of the SUS\Contents
directories were accidentally deleted and that a critical security update was released this morning.
The client computers must receive the security update as soon as possible. With the least amount of
administrative effort, which steps could you take to allow the client computers to download the
critical update from the SUS server at the scheduled 12:00 P.M. time?
a. Open the Software Update Services Administration Web page, and choose
Schedule Synchronization from the Synchronize Server options. Schedule the SUS
server to synchronize at 12:00 P.M.
b. Open the Software Update Services Administration Web page, and choose
Synchronize Now from the Synchronize Server options.
c. Copy the SUS\Contents file from one of the SUS clients that successfully
synchronized with the SUS server prior to the deletion of the Contents folder.
d. Manually configure all client computers to contact the Windows Update site for
Automatic Updates.
Server 2003 FINAL
Answer Section

TRUE/FALSE

1. ANS: F
EXPLANATION: Dynamic Host Configuration Protocol (DHCP) servers that are part of an Active
Directory domain must be authorized. There is no authorization process for DHCP servers that are
members of a workgroup. (Discussion starts on page 13.)

PTS: 1 DIF: Application REF: Chapter 1


2. ANS: F
EXPLANATION: The Dynamic Host Configuration Protocol (DHCP) Server service can be
installed through Add And Remove Windows components in the Control Panel or through the
Configure Your Server page. (Discussion starts on page 13.)

PTS: 1 DIF: Demonstration REF: Chapter 1


3. ANS: F
EXPLANATION: A Dynamic Host Configuration Protocol (DHCP) database is a dynamic database
that is updated as clients are assigned or as they release Transmission Control Protocol/Internet
Protocol (TCP/IP) configuration parameters. (Discussion starts on page 39.)

PTS: 1 DIF: Demonstration REF: Chapter 2


4. ANS: T

EXPLANATION: (Discussion starts on page 40.)

PTS: 1 DIF: Demonstration REF: Chapter 2


5. ANS: F
EXPLANATION: DNS is not installed by default when you install Windows Server 2003. It can be
installed through the Configure My Server page and through Add And Remove Programs in Control
Panel. (Discussion starts on page 65.)

PTS: 1 DIF: Application REF: Chapter 3


6. ANS: F
EXPLANATION: Host computers typically request recursive queries. (Discussion starts on page
84.)

PTS: 1 DIF: Demonstration REF: Chapter 3


7. ANS: T
EXPLANATION: Windows Server 2003 supports sending a copy of the DNS zone file to a
secondary server when using Active Directory–integrated zones. (Discussion starts on page 69.)

PTS: 1 DIF: Application REF: Chapter 3


8. ANS: T
EXPLANATION: Copies of files that are encrypted using Encrypting File System (EFS) will retain
their encryption attributes if they are copied or backed up to another location on an NTFS volume.
(Discussion starts on page 161.)

PTS: 1 DIF: Synthesis REF: Chapter 5


9. ANS: F
EXPLANATION: Communicating peers using Internet Protocol Security (IPSec) do not require
identical security policies. Both peer computers must have a security policy with enough negotiation
options to establish a common set of requirements for communication. (Discussion starts on page
180.)

PTS: 1 DIF: Demonstration REF: Chapter 6


10. ANS: T

EXPLANATION: (Discussion starts on page 218.)

PTS: 1 DIF: Demonstration REF: Chapter 7

MULTIPLE CHOICE

11. ANS: A
EXPLANATION: A scope must be activated before it can be used to assign addresses, and a
Dynamic Host Configuration Protocol (DHCP) server must be authorized if it is part of an Active
Directory domain. Increasing the lease duration or re-creating the scope does not affect this situation.
(Discussion starts on page 16.)

PTS: 1 DIF: Synthesis REF: Chapter 1


12. ANS: A
EXPLANATION: Dynamic Host Configuration Protocol (DHCP) has been extended to support the
assignment of Class D multicast addresses. You should create a multicast scope. The DHCP server
would then dynamically assign multicast IP addresses to all clients that were configured to receive a
multicast address. (Discussion starts on page 18.)

PTS: 1 DIF: Synthesis REF: Chapter 1


13. ANS: A
EXPLANATION: Client reservations map a specific IP addresses to a specific hardware address.
Dynamic Host Configuration Protocol (DHCP) then assigns the same IP address to each print device
for each mapping. (Discussion starts on page 18.)

PTS: 1 DIF: Synthesis REF: Chapter 1


14. ANS: C
EXPLANATION: (Discussion starts on page 35.)

PTS: 1 DIF: Demonstration REF: Chapter 2


15. ANS: B
EXPLANATION: To recover used space in the Dynamic Host Configuration Protocol (DHCP)
database, the DHCP database is dynamically compacted. (Discussion starts on page 43.)
PTS: 1 DIF: Demonstration REF: Chapter 2
16. ANS: B
EXPLANATION: With secure dynamic updates, only the registering client can modify Domain
Name System (DNS) records. Because the Dynamic Host Configuration Protocol (DHCP) server
initially registered these clients—unless the DHCP server was a member of the DnsUpdateProxy
security group—the DHCP server would be the only computer with the right to update DNS records.
Adding the DHCP server to the DnsUpdateProxy security group allows the Windows 2000 clients to
update DNS. (Discussion starts on page 36.)

PTS: 1 DIF: Application REF: Chapter 2


17. ANS: A
EXPLANATION: When the Dynamic Host Configuration Protocol (DCHP) database is backed up
either manually or automatically, the security credentials are not saved and must be reconfigured if a
restore is required. (Discussion starts on page 40.)

PTS: 1 DIF: Application REF: Chapter 2


18. ANS: C
EXPLANATION: When you enable logging, the Dynamic Host Configuration Protocol (DHCP)
server creates log files named DhcpSrvLog-day.log, where day is a three-letter abbreviation that
represents the day the log was created; for example, a log created on Sunday would be named
DhcpSrvLog-Sun.log. For this reason, the default configuration will keep only seven days of DHCP
logs. For example, on Sunday the DHCP log from the previous Sunday is overwritten. (Discussion
starts on page 49.)

PTS: 1 DIF: Synthesis REF: Chapter 2


19. ANS: B
EXPLANATION: Active Directory–integrated zones use multimaster replication, which allows
updates to the DNS database at any domain controller. (Discussion starts on page 69.)

PTS: 1 DIF: Synthesis REF: Chapter 3


20. ANS: A
EXPLANATION: Windows Server 2003 has three options available for replication between domain
controllers. No option exists for replicating between all DNS servers in the domain because
secondary DNS servers that might be located on member servers are not capable of receiving Active
Directory updates. (Discussion starts on page 69.)

PTS: 1 DIF: Application REF: Chapter 3


21. ANS: A
EXPLANATION: When a primary server receives updates to the zone file, it notifies the secondary
servers that it has changes. The secondary servers then request a zone transfer. (Discussion starts on
page 89.)

PTS: 1 DIF: Application REF: Chapter 3


22. ANS: B
EXPLANATION: Configuring internal DNS servers to forward queries to an external DNS server
solves this problem. Forwarders provide a method to manage name resolution for names outside of
your network. (Discussion starts on page 94.)
PTS: 1 DIF: Synthesis REF: Chapter 3
23. ANS: A
EXPLANATION: DNSLint is a tool that is used to verify the consistency of a particular set of
records on multiple Domain Name System (DNS) servers. (Discussion starts on page 106.)

PTS: 1 DIF: Demonstration REF: Chapter 4


24. ANS: A
EXPLANATION: (Discussion starts on page 166.)

PTS: 1 DIF: Demonstration REF: Chapter 5


25. ANS: B
EXPLANATION: The Secedit tool has the capability to perform the following functions: configure,
analyze, import, export, validate, and generate rollback. (Discussion starts on page 166.)

PTS: 1 DIF: Application REF: Chapter 5


26. ANS: B
EXPLANATION: Internet Protocol Security (IPSec) is available in Windows 2000, Windows XP,
and Windows Server 2003. Microsoft operating systems prior to Windows 2000 must download the
legacy IPSec client from the Microsoft Web site. (Discussion starts on page 179.)

PTS: 1 DIF: Application REF: Chapter 6


27. ANS: A
EXPLANATION: Internet Protocol Security (IPSec) relies on authentication to provide secure
communication. When the communication must occur between systems that might not use Kerberos
for authentication, X.509 certificates can be used. X.509 certificates are often used on open
networks, such as the Internet, and on intranets and extranets. (Discussion starts on page 195.)

PTS: 1 DIF: Synthesis REF: Chapter 6


28. ANS: B
EXPLANATION: Three settings on the Automatic Updates page control how updates will be
handled. The first option is Notify Me Before Downloading Any Updates And Notify Me Again
Before Installing Them On My Computer. The second option is Download The Updates
Automatically And Notify Me When They Are Ready To Be Installed The third option is
Automatically Download The Updates, And Install Them On The Schedule That I Specify. This
third option allows the client computers to automatically download and install updates without user
interaction. (Discussion starts on page 215.)

PTS: 1 DIF: Synthesis REF: Chapter 7


29. ANS: A
EXPLANATION: (Discussion starts on page 218.)

PTS: 1 DIF: Demonstration REF: Chapter 7


30. ANS: B
EXPLANATION: Choosing the Synchronize Now option allows the Software Update Services
(SUS) server to download a new copy of the Windows Update files. Manually configuring each
client computer to contact the Windows Update site also resolves the problem, but this option
involves much more administrative effort. (Discussion starts on page 224.)
PTS: 1 DIF: Application REF: Chapter 7

You might also like