Home      Articles     Contact Us      


 

SourceCode.

HimArticles.com

Free Source Code on ASP, Visual Basic,

C++, Java Script, Java

Our mission is to provide High Quality material

 

Source Code
Navigation

ASP

C++

Visual Basic

Java

Java Script


 

 
 

Additional Resources

Projects

Visual Basic
▪  C++
 

 

Certification Question Papers


Windows 2000 EXAM - 70-217
.........
Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure

 


1) You are the admin of a win2k Network. Your network's organizational unit (OU) structure is shown in the exhibit you grant Create Users Objects permission to Anita for the Executive OU, but she is unable to create users objects in the Users OU. Anita is able to create users objects in the Workstation OU. What should you do to enable Anita to create users objects in the Users OU?

A) Clear the Allow inheritable permissions from parent to propagate to this object 
check box in the Executive OU properties. 
B) Select the Allow inheritable permissions from parent to propagate to this object 
check box in the Users OU properties. 
C) Add Anita to the Server Operators group. D. Move the Users OU to the same level as 
the Executive OU 

Answer : B


2) You add a new domain controller named GC01 to your network to take the place of the existing global catalog server. You also enable GC01 as a global catalog. You want to use GC00, the original server, as a domain controller, but not as a GC server for the domain. You want to increase disk space on GC00. What should you do? (Choose all that apply)

A) Use the Active Directory Sites and Services. Select the NTDS settings object for the GC00 Server to clear the Global Catalog check box. 
B) On the GC00 server, run the Ntdsutil utility to defragment Active Directory. 
C) On the GC00 server, reinstall Win2k 
D) On the GC01 server, run the Ntdsutil utility to enable the global catalog server option. 


Answer : A, B

3) You add three new SCSI hard disk drives to your company's domain controller. The SCSI disks are configured in a hardware RAID-5 array. You have two other physical disks in this domain controller. You want to optimize the speed of the Active Directory database. What can you do? (Choose Two)

A) Move the Ntds.dit file to the RAID-5 array. 
B) Move the log files to a separate physical disk from the OS 
C) Move the log files and the Ntds.dit file to the RAID-5 array. 
D) Move the netlogon share to the RAID-5 array. 
E) Create a mirror volume and place the log files on the mirror. 

Answer : A.B

4) You are the administrator of the Arbor Shoes company network. There is one domain named arborshoes.com. The domain contains three sites named Geneva, Milwaukee, and Portland. Each site has two domain controllers from the arborshoes.com domain. Geneva and Portland each have 1,000 users. Milwaukee has 500 users. There are two IP site links: Geneva Portland and Milwaukee Portland. You want to add another domain controller in each site to handle all replication from each site. What should you do?

A) Configure each new domain controller to be the IP preferred bridgehead server for its site. 
B) Create a connection object from each domain controller in each site to the new domain controller in each site. 
C) Create a new site link that has a lower cost that the existing site links. 
D) Delete the existing connection objects 

Answer :A

5) You are the LAN admin for Arbor Shoes. You hire Sophie to be a LAN administrator for the Dublin office. Arbor Shoes has one domain named arborshoes.com. Each office has its own OU. Sophie needs to be able to create child OUs under only ou-Dublin, dc=arborshoes, dc=com and verify the existence of the created OUs. Which permissions should you assign to Sophie on the Dublin OU? (Choose THREE)

A) FC 
B) List Contents 
C) Create OU objects 
D) Create All Child Objects 
E) Write 
F) Read 

Answer : B, C, F

6) You are the administrator for Trey Research and A. Datum Corporation. You manage a multi domain wind2k network of 5,000 users for the two companies. The network is configured as shown in the exhibit: The two companies have a total of six departments. 
Each department is an OU in AD. Each Domain and OU has specific Group Policy settings that must applied to all of its members. Your company is reorganizing all six departments. Some, but not all, of the users in each OU have moved. Many users have changed departments, and some have changed domains. You want to accomplish the following goals in the least possible amount of time. Place the users account in the appropriate domains. Apply the existing policies for each domain or OU to the moved accounts. Do not disrupt user access to shared resources. What should you do?

A) For all users, create new user accounts in the appropriate OUs. Assign permissions to the accounts to apply the group policy settings, and the delete the old accounts. 
B) For the users moving between domains create new user accounts in the appropriate Ous. Assign permissions to the accounts to apply the Group Policy settings, and then delete the old accounts. For the users moving between Ous in the same domain, select the accounts. Then choose MOVE from the Action menu, targeting the new OU. 
C) For the users moving between domains, use the Movetree utility, specifying the source and target domains and Ous. For the users moving between Ous in the same domain select the accounts. Then choose MOVE from the ACTION menu, targeting the new OU. 
D) For the users moving between domains, create new user accounts in the appropriate 
Ous. Assign permissions to the account to apply the Group Policy settings, and then delete the old accounts. For the users moving between Ous in the same domain, select the accounts. Then choose Copy from the Action menu, entering the appropriate account information for the new users accounts. Then delete the old accounts. 

Answer : C

7) You are the administrator of a win2k network. Your win2k domain controller has been in operation for one year. During that year, you have deleted numerous objects. However, the Ntds.dit file is the same size it was before you deleted any objects. You want to reduce the size of the Ntds.dit file. What should you do? (Choose Two)
A) Delete all the log files from the NTDS folder and restart the server. 
B) Use the Ntdsutil utility to perform an authoritive restore. 
C) Run the Esentutl utility by using the /d switch. 
D. the server in directory services restore mode. 
E) Use the Ntdsutil utility to compress the database to another drive. 

Answer : C, D

8) You are the administrator of the company network for Arbor Shoes. Arbor Shoes has three domains: arborshoes.com, na.arborshoes.com, and sa.arborshoes.com. All the domains are in native mode. You are going to remove the na.arborshoes.com domain in an effort to consolidate domains. There are 300 users in na.arborshoes.com. You want to move all 300 users at the same time to arborshoes.com. What should you do?
A) At the command prompt, type the following command: Cscropt sidhist.vbs /srcdc:dc1 /srcdom:na.arborshoes.com /dstdc:dc1/dstdom:arborshoes.com 
B) At the command prompt, type the following command: Movetree /start /s dc1.na.arborshoes.com/ddc1.arborshoes.com/sdncn=users,dc=na,dc=arborshoes,dc=com /ddn cn=users, dc=arborshoes, dc=com C) In MMC, use the copy command in Active Directory Users and Computers 
D) In MMC, use the move command in Active Directory Users and Computers
answer : B

9) You are the enterprise administrator of a windows 2000 domain tree that has five domains. All domains are in native mode. Each domain has one or more users who are help desk staff. Each domain has a global group named Help Desk members that contains the help desk staff from each domain. There is an OU named Interns in the root domain. You want all help desk staff to be able to reset passwords of the users in the Inters OU. What should you do?
A) Create a new global security group named Help Desk Staff in the root domain. Place the five help desk members groups in the Help Desk staff group. Place the Help desk staff group in the Reset Interns group. On the reset Interns group, assign the Reset password permission to the Help Desk Staff group. B) Create a new global security group named Help Desk Staff in the root domain. Place 
the five help desk staff in the Help Desk Staff group. Create a new local security group named Reset Interns in the root domain. Place all users from the Interns OU in the Reset Inters group. On thee Interns OU, assign the reset Password permission to the Reset Interns group. 
C) Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk members groups in the Help Desk Staff group. Create a new local security group named reset Interns in the root domain. Place the Help Desk Staff group in the Reset Interns group. On the Interns OU, assign the reset password permission to the Reset Interns group. 
D) Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk Members groups in the Help Desk Staff group. Create a new local security group named reset Interns in the root domain. Place all users from the Interns OU in the Reset Interns group. On the reset Interns group, assign the Reset Password permission to the Help Desk staff group.
Answer : C

10) Your company's Win2k network consists of a single domain. You are the enterprise 
admin of the domain. Two administrators named Ann and Bill make changes to Active 
directory at approximately the same time at two different domain controllers named 
ServerA and ServerB. Ann deletes an empty OU named Branch1 from ServerA. Before this deletion is replicated to ServerB, Bill move five existing users from the Brach2 OU to 
the Branch1 OU at ServerB. Ten minutes later, Bill discovers that the Branch1 OU is 
deleted from Active Directory. You want to reinstate the configuration that Bill 
attempted to accomplish. What should you do?

A) Perform an authoritive restore of the Brach1 OU at ServerA 
B) Perform a nonauthoritive restore of the Branch1 OU at ServerA. 
C) Perform an authoritive restore of the five users at ServerB 
D) At ServerB, move the Branch1 OU from the LostAndFound container to its original 
location. 
E) At ServerA, create a new Branch OU. Move the five users from the Branch2 OU to the new Branch1 OU. 
F) At ServerB, create a new Branch1 OU. Move the five users from the LostAndFound 
container to the new Branch1 OU. 

Answer : A

11) You are the admin of your company's network. Your company has two domains in six 
sites as shown in the exhibit. Each site has one or more domain controllers. For 
fault-tolerance and load-balancing purposes, on domain controller in each site is 
configured as a GC. Users report that, several times a day, network performance and 
data transfer for an application located in SiteA are extremely poor. You want to 
improve network performance. What should you do?

A) Configure at least two domain controllers in each site as GC servers. 
B) Configure the domain controllers in only one site as GC servers. 
C) Create site links between all sites and use the default replication schedulers 
D) Create site links between all sites and set the less frequent replication 
schedules. 
E) Create connection object between each domain controller. Use RPC as the transport 
protocol. 
F) Create connection objects between each domain controller. Use SMTP as the 
transport protocol. 

Answer : D

12) You are the enterprise administrator of a win2k domain named fabrikam.com. The 
domain contains three domain controllers named DCA, DCB, and DCC. DCA does not hold any operations master roles. You backed up the System state data of DCA two weeks ago. Without warning the DCA hard disk fails. You decide to replace DCA with a new computer. You install a new Win22k server computer. What should you do next?

A) Add the server to the domain. Do an authoritive restore of the original backup of 
the original DCA System State data that you made two weeks ago. 
B) Add the server to the domain. Use Windows Backup to create a backup of the DCB 
System state data, and restore this backup on the new DCA. 
C) Use the Active Directory installation wizard to make the new computer a replica in 
the domain. 
D) Use the Ntdsutil utility to copy the active Directory database from DCB to the new 
DCA. 

Answer : C

13) You are the administrator of a win2k domain. The domain has two domain controllers 
named Server1 and Server2. The volume that contains the Active Directory database file on Server1 is running out of disk space. You decide to move the database file to an 
empty volume on a different disk on Server1. What should you do?

A) Restart Server1 in directory services restore mode. Use the Ntdsutil utility to 
move the database file to the empty volume. 
B) Use windows Backup to create a backup of the System State data of Server1. Restart Server2 in directory services restore mode. Restore the system State data to the empty volume. 
C) Use the Logical disk Manager console to mount the empty volume in the folder that 
contains the Active Directory database file. 
D) Stop the Netlogon service on Server1. Use Windows Explorer to move Ntds.dit to the 
empty volume. Start the NetLogon service again. Force replication from server2 


Answer : A

14) You are the enterprise administrator of a Windows 2000 domain. The domain has three domain controllers named DC1, DC2, and DC3. Because of changed hardware requirements, you want to replace the domain controller named DC1 with a newer computer named DC4. You want DC4 to be a domain controller in the domain. You no longer want DC1 to function as a domain controller. What should you do?

A) Install DC4 as a stand-alone server in a workgroup named WG. Restore a System 
State data backup of DC1 on DC4. On DC1, Use the Active Directory Installation wizard 
to remove Active Directory from DC1. 
B) Install DC4 as a stand-alone server in a workgroup named WG. Disconnect DC1 from 
the network. Rename DC4 to DC1. On DC2, force replication of AD to all its replication 
partners. 
C) Install DC4 as a member server in the domain. On DC4, use the Active Directory 
Installation wizard to install Active Directory on DC4. On DC1 use the Active Directory 
Installation wizard to remove Active Directory from DC1. 
D) Install DC4 as a member server in the domain. On DC1 use the Ntdsutil to copy the 
Active Directory files to DC4. Use the Active Directory Installation wizard to remove 
Active Directory from DC1. 


Answer : C

15) You are the network administrator for your company. Your company's main office is 
in Seattle. Branch offices are in New York, Rome, and Tokyo. The local administrators 
at each branch office need to be able to control local resources. You want to prevent 
the local administrators from controlling resources in the other branch offices. You 
want only the administrators from the main office to be allowed to create and manage 
user accounts. You want to create an active directory structure to accomplish these 
goals. What should you do?

A) Create a domain tree that has a top-level domain for the main office and a child 
domain for each branch office. Grant the local administrators membership in the Domain 
Admins group in their child domains. 
B) Create a domain tree that has a top-level domain for the main office and a child 
domain for each branch office. Grant the local administrators membership in the 
Enterprise Admins group in the domain tree. 
C) Create a single domain. Create a group named Branch Admins. Grant the local 
administrators membership in this group. Assign permissions to the local resources to 
this group. 
D) Create a single domain. Create and OU for each branch office and an additional OU 
named CorpUsers. Delegate authority for resource administration to the local 
administrators for their own OUs. Delegate authority to the CorpUsers OU only to the 
Domain Admins group. 

Answer : D

16) You are the administrator of your company's network. Your company has its main office in Seattle and branch offices in London, Paris, and Rio de Janeiro. The local admin at each branch office must be able to control users and local resources. You want to prevent the local administrators from controlling resources in branch offices other than their own. You want to create an Active Directory structure to accomplish these goals. What should you do?

A) Create a top-level OU. Delegate control of this OU to administrators at the main office. 
B) Create child OUs for each office. Delegate control of these OUs to administrators at the main office. 
C) Create child OUs for each office. Delegate control of each OU to the local administrators at each office. 
D) Add the local administrators to the Domain Admins group. 
E) Create users groups for each office. Grant the local administrators the appropriate permissions to administer these user groups. 

Answer : C

17) You install a windows 2000 Server computer on your network. You promote the computer to be a domain controller. This computer also functions as the DNS server for the domain. All client computer are running win2k Prof. When users attempt to log on they receive an error message sating that a domain controller cannot be located. You verify that Active Directory is installed and functional on the server. You want to ensure that the domain controller is available for user logons. What should you do next?

A) Check DNS for the addition of an appropriate SRV record in the zone. 
B) Check DNS for the addition of an appropriate A record in the zone. 
C) Check for the presence of an NTDS folder on the domain controller. 
D) Check for the presence of a Sysvol folder on the domain controller. 
E) On the client computers, create a hosts file that contains the SRV records for the domain controller. 
F) On the client computers, create a Hosts file that contains the A record for the DC. 

Answer : A

18) You are the admin of the Contoso, Ltd., company network. You are designing a Win2k domain. Contoso, Ltd., has an Internet presence and owns contoso.com, a registered domain name. The existing DNS zone is hosted on WinNT server 4 computers. You want to accomplish the following goals: - Internal host names will not be exposed to the Internet. - Internal users will be able to resolve external names for access to Internet-based resources. - Complexity and depth of domain names for Active Directory will be minimized. - To comply with management requirements, the existing DNS servers that host the zone for contoso.com will not be upgraded. You implement a DNS design as shown in the exhibit: Which result(s) does your implementation produce? (All that apply)

A) Internal host names will not be exposed to the Internet. 
B) Internal users will be able to resolve external names for access to Internet-based resources 
C) Complexity and depth of domain names for Active Directory will be minimized 
D) To comply with management requirements, the existing DNS servers that host the zone for Contoso.com will not be upgraded 


Answer : A, B, C

19) You are the network administrator for Arbor Shoes. Part of your multisite Windows 2000 network configuration is show in the exhibit. Server1 is configured with the primary zone for arborshoes.com. Server3 and Server5 are configured with secondary zones for arborshoes.com.You discover an error in several host records that is preventing client computers in Atlanta from accessing some shared resources. You make the necessary corrections on Server1. You want these changes to be propagated to Atlanta immediately. What should you do?

A) On the Action menu for the arborshoes.com zone, click Update Server Data Files. 
B) At Server5, perform the Transfer from master action for the arborshoes.com zone. 
C) At Server1, stop and start the DNS server service. 
D) At Server5, select Allow zone transfers on the arborshoes.com zone. 


Answer : B

20) You are the network administrator for LitWare, Inc. You are implementing Windows 2000 on your network. Part of your network configuration is shown in the exhibit. You have installed Server2 and Server4 as domain controllers for LitWare.com. You have installed Server1 and Server3 as DNS servers for the litware.com domain. Each server has a standard primary zone named litware.com.You configure the domain to run in native mode. When Server2 attempts to contact Server4 by name, it cannot establish a connection. However, you cn ping both Server2 and Server4 from any computer in either site. You need to be able to resolve names of serves in both sites. You want the information to be updated regularly. What should you do?

A) Configure Server1 and Server3 to allow dynamic updates in DNS. 
B) Configure Server1 and Server3 to allow zone transfers to any server. Then configure the DNS notification options to notify each server of updates. 
C) Reinstall Server4 as a member server in the same domain as Server2. Create a new site, and promote Server4 to a domain controller within the new site. 
D) Re-create the litware.com zone on Server3 as a secondary zone. Configure Server3 to replicate DNS data from Server1. 

Answer : D


21) You are the administrator for a windows 2000 network. Your network consists of one domain and two OUs. The OUs are named Corporate and Accounting. A user recently reported that she was not able to log on to the domain. You investigate and find out that the user's account has been deleted. You have been auditing all objects in active Directory since the domain was created. But you cannot find a record of the user account deletion. You want to find a record that identifies the person who deleted the account. What should you do?

A) Search the security event logs on each domain controller for account management events. 
B) Search the security event logs on each domain controller for object access events. 
C) Search the Active Directory Users and Computers console on each domain controller for the user's previous account name. 
D) Search the Active Directory Users and Computers console on each domain controller for the user's computer account. 

Answer : A

22) You are the admin of your company's network. The network consists of one WinNT 4 domain. You create and implement a security policy that is applied to all windows 2000 Prof. Computers as they are staged and added to the network. You want this security policy to be in effect at all times on all client computers on eth network. However, you find out that administrators periodically change security settings on computers when they are troubleshooting or doing maintenance. You want to automate the security analysis and configuration of client computers on the network so that you can track changes to security policy and reapply the original security policy when it is changed. What should you do?

A) Use Windows NT System Policy to globally configure the security policy settings on the client computers. 
B) Use Windows 2000 Group Policy to globally configure the security policy settings on the client computers. 
C) Use the Security and Configuration Analysis tool on the client computers to analyze and configure the security policy. 
D) Schedule the Secedit command to run on the client computer stop analyze and configure the security policy. 

Answer : D

23) You edit the Default Domain Controllers Group Policy on the arborshoes.com domain to required passwords to be at least eight characters long. However, users are able to create passwords that do not comply with the implemented policy. What should you do?

A) Initiate replication to make sure the Group Policy containers and the Group Policy template (GPT) are replicated. 
B) Configure each client computer to have a local Group Policy that requires password to be at least eight characters long. 
C) Edit the Default Domain Group Policy to require password to be at least eight characters long. 
D) Edit the Default Domain Controllers Group Policy to force the password to meet complexity requirements. 

Answer : C

24) You are the windows 2000 network administrator for your company. You are implementing the company's network security model. You network has several servers that contain sensitive or confidential information. You want to configure security auditing on these servers to monitor access to specific folders. You also want to prevent users from gaining access to these servers when the security logs become full. What should you do?

A) Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Set up the individual objects to be audited in windows Explorer, and then customize the Event Viewer logs to limit the size of the security log to 1024 kb. 
B) Create a GPO that applies to the servers. Configure the GOP to enable auditing for directory services access. Set up the individual objects tobe audited in Windows Explorer, and then customize the Event Viewer logs to limit the size of the security log to 1024 KB. Configure the security event log so that it does not overwrite events. 
C) Create a GPO that applies to the servers. Configure the GOP to enable auditing for directory service access. Set up the individual objects to be audited in Windows Explorer. Configure the security event log so that it doesn't not overwrite events. Then configure the GPO to enable the Shut down the system immediately if enable to log security audits setting. 
D) Create a GPO that applies to the servers. Configure the GOP to enable auditing for object access. Setup the individual objects to be audited in Windows Explorer. Configure the security event log so that it does not overwrite events. Then configure the GPO to enable the Shut down the system immediately if enable to log security audits setting. 

Answer : D

25) You are the security analyst for Duluth Mutual Life. You are assessing the security weaknesses of the company's Windows 2000 network. The network consists of three sites in one domain. The domain contains three OUs and 11000 users. There are five domain controllers in the domain. You configure one of the domain controllers to meet the security requirements of the company. You need to duplicate those settings on the other four domain controllers. You want to use the least possible amount of administrative effort. What should you do?

A) Create a GPO for the domain controllers OU. Configure the GPO settings to match the settings of the secured domain controller. 
B) Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration to a template file. Copy the template file to the Sysvol folder on each domain controller. 
C) Create a GPO for the domain. Assign Domain Users Red and Apply Group Policy permissions. Configure the GPO settings to match the settings of the secured domain controller. 
D) Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration information to a template file. Open Security Configuration and Analysis on the other domain controllers, import the template file, and then select Analyze Computer Now.

Answer :A
 

Copyright 2006  - SourceCode.HimArticles.com  -  All rights reserved SourceCode