70-218 Braindump

1. You are the administrator of a Windows 2000 Server computer named ServerA. You install Terminal Services on serverA in remote administration
mode. You use Terminal Services to administer ServerA for four months.
After four months, you reinstall Terminal Services in application server mode. You install and configure eight user applications on ServerA, and the users
in your company being connecting to serverA by using Terminal services client software.

Three months later, users report that they cannot connect to Server. You discover that you cannot connect to ServerA by using an administrator user
account. You verify that serverA is running properly and is connected to the network.
You need to ensure that users and administrators can connect to ServerA.

What should you do?

A. Modify the default Terminal Services user properties so that all domain user accounts have permission to connect to Terminal Services.
B. In Terminal Services Configuration, delete and re-create the default RDP-RCP connection
C. Install and configure a Terminal Services Licensing server on your network. Configure ServerA to use the new licensing server.
D. Ask a domain administrator to relocate ServerA's computer account into an Organizational Unit (OU) named AuthorizedTerminalServer.

Answer: C

2. You are the administrator of four Windows 2000 Server computers in the sales department. Each server has a single Pentium III-600 processor, 192
MB of RAM, and a single 30-GB hard disk. All computers have 100-Mbps network adapter cards.
Users in the sales department report that when they attempt to access files or submit print jobs to a server named ServerA, performance becomes very
slow. You use system Monitor to monitor ServerA and discover the information that is shown in the following table: (see exhibit)
You need to improve the performance of ServerA for the users in the sales department.
What should you do?

A. Upgrade or replace the RAM in the server.

B. Upgrade or replace the hard disk in the server.
C. Upgrade or replace the processor in the server.
D. Upgrade or replace the network adapter card in the server.

Answer: B

3. You are a network administrator for your company. The network consists of a single network subnet.
The network contains a Windows 2000 Server computer named serverA, which runs the DNS server service. All client computers run Windows 2000
Professional, and they are configured with static IP addresses. The client computers are configured to use ServerA for DNS name resolution.
Another administrator, named Peter, installs Windows 2000 Server on a new computer named ServerB. He installs the DNS server service and the
DHCP server service on ServerB. Peter configures the DHCP server to issue dynamic IP addresses to client computers. He also configured the DHCP
server to configure client computers to use ServerB for DNS name resolution.
You reconfigure all client computers to use DHCP to obtain IP addressing information, and you uninstall the DNS server service from ServerA.

All users now report that they cannot access any network resources by name.
You need to ensure that users can access network resources by name.

What should you do?

A. Configure the DNS server on ServerB to include a static A (host) record that contains the name and IP address of ServerA.
B. Run the ipconfig/registerdns command on each client computer.
C. Delete the Hosts file on each client computer.
D. Reconfigure each client computer to remove ServerA's IP address from the list of DNS servers and to obtain a list of DNS servers automatically.

Answer: D

4. You are a network administrator for your company. The network is configured as shown in the Network exhibit.
You view the system log of FP01 and notice a large number of identical warning messages that state the following: "The redirector was unable to
initialize security context or query context attributes."
The IP properties for FP01 are shown in the IP Properties exhibit.

You need to prevent these warning message form occurring. What should you do?

A. Configure the default gateway for FP01 to 192.168.1.254

B. Configure the default gateway for FP01 to 192.168.2.1
C. Configure the primary DNS server for FP01 to 192.168.1.15
D. Configure the primary DNS server for FP01 to 192.168.3.15

Answer: A

5. You are the administrator of a Windows 2000 Server computer named ServerA. The server has dual Pentium II-450 processors, 192 MB of RAM, and
two hard disks, which are configured as shown in the following table: (see exhibit)
Users report that server performance is acceptable under normal working conditions, such as accessing files and printing documents. However, when a
large accounting application is run, performance becomes significantly slower. When the application is processing large amounts of data, users report
long waiting periods when they access files stored on the hard disk or when they submit print jobs.
You monitor ServerA by using System Monitor. You discover that when the accounting application is running, the sustained processor utilization on both
processors in 100 percent. There are also numerous hard pages faults. When the application is not running, sustained processor utilization drops to 50
percent, but the number of hard pages faults remains high.

You need to improve the performance of ServerA. What should you do?
A. Upgrade the memory in ServerA.
B. Upgrade the processors in ServerA.
C. Move the paging file from the system partition to drive E.
D. Increase the default size of the paging file to at least 384 MB.

Answer: A

6. You are a network administrator for your company. A user named Maria reports that her Windows 2000 Professional computer has stopped
responding.
You examine the computer and discover that it is displaying a STOP message. Maria reports that the computer has been displaying a STOP message
intermittently during the past several days. You restart the computer and it functions normally.
A few minutes later, Maria reports that the computer has stopped responding again. You investigate and discover the same STOP message. The
documentation for Maria's computer indicates that a new network adapter card was installed in the computer 10 days ago.

You set up a second Windows 2000 Professional computer for Maria to use. You need to provide access to her original computer so that she can copy
three files onto a floppy disk and copy them to the second computer. However, when you restart her original computer, it displays a STOP message after
only a few minutes.
You need to provide Maria with access to the files on her original computer.
You need to accomplish this task as quickly as possible.

What should you do?

A. Restart the original computer by using safe mode.

B. Restart the original computer by using the last known good configuration.
C. Restart the original computer by using an Emergency Repair Disk.
D. Restart the original computer by using the Windows 2000 Professional CD-ROM, and select the option to repair the installation.

Answer: A

7. You are a desktop administrator for your company. All client computers run Windows 2000 Professional. You are installing a new Plug and Play
combination scanner and print device on a user's computer. You connect the print device to the computer's parallel port. However, you discover that
Windows 2000 does not detect the new print device.
You open Device Manager on the computer and discover that there is no listing for the printer or for any unidentified devices. You run the Scan for
hardware changes command in Device Manager, but no new hardware is detected.
You want Windows 2000 Professional to detect and install drivers for the new print device.

What should you do?

A. In the system BIOS, enable Enhanced Parallel Port (EPP) support.

B. In the Driver Signing Options dialog box, set File Signature.
C. Use the Add/Remove Hardware wizard to install the manufacturer's printer driver.
D. Turn off the computer, and then turn off the print device, and then turn on the computer.

Answer: A

8. You are the administrator of an organizational unit (OU) named Operations. You create a Group Policy Object to publish an application named
CorpOps to the users in the Operations OU.
Your company frequently reassigns employees to different departments. When employees are reassigned, their Active Directory user accounts are
moved to a different OU. You need to ensure that CorpOps is uninstalled when an employee's user account is moved to a different OU.

What should you do?

A. Write a Microsoft Visual Basic Scripting Edition (VBScript) logoff script that uninstalls CorpOps. Assign the logoff script to the members of the
Operations OU.
B. Modify the permissions on the CorpOps installation package so that only members of the Operations OU have the Read permission.
C. Configure the Group Policy Object that publishes CorpOps to uninstall the application when it falls out of the scope of management.
D. Modify the GPO so that CorpOps is assigned instead of publishes.

Answer: C

9. You are a network administrator for your company. You need to configure offline file settings for all users in the Boston Organizational Unit. You add
two new Group Policy Objects named CompGPO and UserGPO and link them to the Boston OU. A representation of the details of the GPOs is shown in
the exhibit.
Users report that they cannot synchronize their offline files. You need to ensure that users can synchronize their offline files.

What should you do?

A. Modify the computer configuration for CompGPO by changing the Prevent use of Offline Files folder policy to Not Configured.
B. Modify the computer configuration for CompGPO by changing the Subfolders always available offline policy to Enabled.
C. Modify the user configuration for UserGPO by changing the Administratively assigned offline files policy to Enabled.
D. Modify the computer configuration for CompGPO by changing the Disable user configuration of offline files policy to Enabled.

Answer: A

10. You are the administrator of your company's Active Directory domain. The company recently expanded from one office in London to include new
offices in New York and Mexico City. All user accounts for the entire company are currently in the Users container.
Company policy states that network administrators may configure user accounts for only their respective offices. You create an Active Directory group
for each of the three offices. The user accounts of the network administrator for each office are members of each respective Active Directory group.
You need to configure Active Directory so that each administrator group can administer the user accounts in only its respective offline office.

What should you do?

A. Run the Delegation of Control wizard at the domain level and delegate the Full Control permission to all three of the administrators groups for all child
objects.
B. Create a new Organizational Unit for all of the user accounts. Move the user accounts into the new OU. Place all three of the administrators group in
the new OU.
C. Create a new organizational unit for each of the three offices. Place each of the three administrators groups in its respective OU. Run the Delegation
of Control wizard on each of these OUs and delegate the Create, delete, and manage user accounts task to the respective administrators group.
D. Create a new organizational unit for each of the three offices. Move the user accounts to the appropriate OUs. Run the Delegation of Control wizard
on each of these OUs and delegate the Create, delete, and manage user accounts task to the respective administrators group.

Answer: D

11. You are an organizational unit administrator for your company's Active Directory domain. The top-level OUs in Active Directory are organized by
physical location. All OU administrators have permissions to administer only the OUs for which they are responsible. You have organized your OUs and
user accounts based on the projects the users are working on.
The OU structure is shown in the exhibit.
The OU for your location has a Resources OU under it. The resources OU contains published shared folders and a Computers OU that contains all the
computer accounts at your location.
Multiple templates have been created for use with Microsoft Project. These templates are in a file share named Templates that is published to the
Resources OU as ProjectTemplates. The ProjectLeads group has permissions for the Template file share. All user accounts in the Project Delta OU are
members of the ProjectLeads group and therefore have access to the Templates file share.

You need to ensure that Andrea has access to the Templates file share. What should you do?

A. Delegate control of the Project Alpha OU to the ProjectLeads group.

B. Move Andrea's user account to the Project Delta OU.
C. Assign Andrea the Allow-Read permission for the Resources OU.
D. Add Andrea's user account as a member of the ProjectLeads group.

Answer: D

12. You are the administrator of a Windows 2000 Server computer named ServerA. ServerA runs a custom client/server software application. ServerA is
located in your company's New York office.
You install terminal Services on ServerA in remote Administration mode. You can connect to ServerA by using the terminal Services client software
installed on your Windows 2000 Professional computer.
A user named Marc is responsible for supporting the client/server application on ServerA. Marc needs to perform administrative tasks on ServerA. Marc
is located in your company's London office.
You need to ensure that Marc can connect to ServerA by using Terminal Services. You also need to ensure that Marc does not receive any unnecessary
administrative privileges on other servers in your company.

What should you do?

A. Ask a domain administrator to add Marc's domain user account to the Domain Admins user group. Install the Windows 2000 administrative tools on
Marc's client computer.
B. Create a local user account named Marc on ServerA. Install the Windows 2000 administrative tools on Marc's client computer.
C. Ask a domain administrator to grant Marc's domain user account permission to connect to Terminal servers. Instruct Marc to use Terminal Services to
connect to ServerA, and to log on by using his domain user account.
D. Create a local user account named Marc2 on serverA. Instruct Marc to use Terminal Services to connect to serverA, and to log on by using the Marc2
user account.
E. Add Marc's domain user account to the local Administrators group on ServerA. Instruct Marc to use Terminal Services to connect to ServerA, and to
log on by using his domain user account.

Answer: E

13. You are an Organizational unit administrator of your company's Active Directory forest. You accidentally delete the user ID of an example named
Marc. You re-create the user ID with the same name as before. Marc now reports that he does not have the same permissions that he previously had.
You need to ensure that Marc has all of the permissions he had all of the permissions he had prior to the deletion.

Which two actions should you take? (Choose two)

A. Add Marc's user account back into all the groups it was previously a member of .
B. Ask the domain administrator to move Marc's user account from the LostandFound container back into the OU it was previously a member of.
C. Ask the administrator to delete Marc's user ID from within the LostandFound container.
D. Ask the domain administrator to perform an authoritative restore of Marc's user ID from a backup.
E. Configure Marc's account so that it does not require Kerberos preauthentication.

Answer: DE

14. You are a network administrator for your company. A user named Marc has a local user account on his Windows 2000 Professional computer.
Marc is issued a USB print device. You need to configure Marc's computer so that he can install the new device and appropriate drivers. You log on to
Marc's computer and disable the restrictions on loading unsigned drivers. All other local computer policies are configured with default settings. You
restart Marc's computer.
Marc connects the print device to his computer. He reports that the printer does not appear in the Printers system folder, and he cannot print any
documents.
You need to ensure that Marc can install the printer and can print documents.

What should you do?

A. Add Marc to the local Print Operators group on his computer.

B. Add the /fastdetect switch in the Boot.ini file on Marc's computer.
C. Disable the Prevent users from installing printer driver local security policy setting.
D. In the Driver Signing Options dialog box, select the Apply setting as system default check box.

Answer: D

15. You are the administrator for one of your company's branch office. All of the company's file servers have indexing enabled, with the default values.
A user named Maria is responsible for document archiving and retrieval Maria must log the files as she archives them.
A new partition has been created on one of the file servers for archiving and retrieval. A portion of the drive space on this partition is used for other
purposes. A shared folder has been created on the partition. Users place files to be archived in this shared folder.
Maria logs the appropriate files and moves them to a compressed folder on the partition. The folder is named Archive. A portion of the contents of the
archive folder is shown in the exhibit.
Maria has Read and Modify permissions for the Archive folder. The files are backed up on tape and the tape is stored off site. Maria reports that she is
running out of space on the partition. You will not be able to purchase hardware during the next three months.

You need to free up space on the partition.

What should you do?

A. Enable offline caching of files on the partition.

B. Disable indexing of the partition.
C. Configure a scheduled task to defragment the partition on a weekly basis.
D. Configure a scheduled task to compress the files on the partition on a nightly basis.

Answer: D

16. You are a network administrator for your company. The network consists of a single Windows 2000 Domain. All client computers run Windows 2000
Professional and are members of the domain.
Peter is a user in the graphics department. He connects a print device to his computer. He wants other users in the graphics department to be able to
find the printer in the directory and to use it to print documents from the network.
Peter reports that neither he nor any other users can find the printer in the directory and that no remote users can submit print jobs. Peter can print
documents locally.
You need to ensure that Peter and other users in the graphics department can find the printer in the directory and can print documents from the network.
What should you do?

A. In the printer properties, share the printer on Peter's computer.

B. In the printer properties, assign the Everyone group the Allow-Print permission.
C. In Active Directory users and Computers, add the printer as a child object to Peter's computer object.
D. In Active Directory users and Computers, select the Trust computer for delegation check box in Peter's computer properties.
E. In Active Directory Users and Computers, assign users in the graphics department the Allow-Read Public Information permission for Peter's computer
object.

Answer: A

17. You are the desktop administrator for your company. You need to configure one of the computers in a dual-boot configuration for Windows 98 and
Windows 2000 Professional.
The computer has a single hard disk that is partitioned into two primary partitions. The first partition is the system partition for both operating systems,
and it is 3 GB in size. The second partition is for data, and its also 3 GB is size.
You need to configure the computer so that both operating systems will function properly and will be able to access all of the space on both partitions.

Which two actions should you take? (Choose two)

A. Format the system partition as FAT.

B. Format the system partition as FAT32.
C. Format the system partition as NTFS.
D. Format the data partition as FAT.
E. Format the data partition as FAT32.
F. Format the data partition as NTFS.

Answer: BE

18. You are the administrator of a Windows 2000 file server named ServerA. ServerA is a member of a Windows 2000 Domain. A folder on ServerA
named I:\Data\ServerAdmins is shared as ServAdmin.
NTFS and share permissions are configured as shown in the following table: (see the exhibit).
Users in the built-in Domain Admins group have persistent mapped drives to ServAdmin.
You do not want users to see the shared folder when they type \\ServerA from the Run command or when they browse the network. You want domain
administrators to be able to access the resources that are in the folder.

What should you do?

A. Stop and disable the Computer Browser service on ServerA by using Computer Management
B. Modify the share permissions to assign only the Local Administrators group the Allow-Full Control permission.
C. Publish ServAdmin in Active Directory. Assign permissions for the published shared folder to only the Domain Admins group.
D. Re-create ServAdmin as ServAdmin$. Instruct the users in the Domain Admins group to delete and then re-create their persistent mapped drive
connections to ServAdmins$.

Answer: D

19. You are the administrator of your company's Windows 2000 file servers. There are 200 users in the
company.
A file server named ServerA functions as a file and print server. ServerA has a single partition that stored home folders and other shared user data.
You configure quotas for all users' home folders. After you configure quotas on ServerA, users report that they are being prevented from creating new
files in their home folders even though their home folders do not exceed the quota limit.
You need to enforce quota limits based only on home folder usage. You need to accomplish this task with the least amount of administrative effort.

What should you do?

A. Place all of the home folders on a single, separate partition and configure quotas on the new partition.
B. Create a unique partition for each user's individual home folder and configure quotas on each partition.
C. Assign the users the Allow-Take Ownership permission for their home folders and then instruct the users to take ownership of their home folders.
D. Create a quota entry for each individual user.
E. Share each home folder separately.

Answer: A

20. You are the administrator of a Windows 2000 file server named ServerA. ServerA is a member of a Windows 2000 Domain. A folder on ServerA
named I:\data\LimitedPublic is shared as LimPub. NTFS and share permissions are configured as shown in the following table: (see exhibit)
You want all users who have a valid domain account to be able to create files in the folder and to be able to subsequently update the files that they
create. You want to prevent users from accessing other users' files, but you want to allow the creator of a file to assign access for that file to other users.
Users report that they can access LimPub, but they cannot create files in the folder.
You need to configure permissions to allow appropriate access to the folder.

What should you do?

A. Configure share permissions to assign the Everyone group the Allow-Change permission. Configure NTFS permissions for the folder to assign the
Everyone group the Allow-Write permissions for the folder to assign the Creator Owner group the Allow-Full Control permission.
B. Configure share permissions to assign the Everyone group the Allow-Change permission. Configure NTFS permissions for the folder to assign the
Everyone group the Allow-Create/Write Data permission and to assign the Creator Owner group the Allow-Full Control permission.
C. Configure share permissions to assign the Everyone group the Allow-Full Control permission. Configure NTFS folder permissions for the folder to
assign the Everyone group the Allow-Create Files/Write Data permissions and to assign the Creator Owner group the Allow-Full Control permission.
D. Configure share permissions to assign the Everyone group the Allow-Full Control permission. Configure NTFS folder permissions for the folder to
assign the Everyone group the Deny-Read permission and to assign the Creator Owner group the Allow-Full Control permission.

Answer: C

21. You are the administrator of your company's Internet Web Server. The web server is a Windows 2000 Server computer that hosts several Internet
Web Sites, including the company's public internet Web site.
You want to allow employees to download company documents from the web server when the employees are away from the office. Employees will
access the web server by using Microsoft Internet Explorer.
You want to ensure that security of each employee's network user name and password when the employees are accessing the documents. You also
want to ensure that only employees can access the documents.

What should you do?

A. Create an FTP site and configure it to use only anonymous user connections.
B. Create an FTP site and configure it to use only Basic authentication for user connections.
C. Create a document Web site and configure it to use only Basic authentication. Then enable directory browsing.
D. Create a document web site and configure it to use only integrated Windows authentication. Then enable directory browsing.

Answer: D

22. You are a network administrator for your company. The network consists of a single forest that contains two Windows 2000 Domains named
wingtiptoys.com and tailspintoys.com. You administer a Windows 2000 Server computer named ServerA, which run the DNS server service. ServerA is
located in a Branch office. The branch office contains computers in both domains.
ServerA contains an Active Directory integrated zone for only wingtiptoys.com. You want ServerA to also locally resolve names for computers in
tailspintoys.com.

What should you do?

A. Create a secondary zone for tailspintoys.com on ServerA.

B. Create an Active Directory integrated zone for tailspintoys.com on ServerA.
C. Create a primary zone for tailspintoys.com on ServerA.
D. Create a reverse lookup zone for tailspintoys.com on ServerA.

Answer: A

23. You are the network administrator for your company's branch office in Chicago. The network in the Chicago office is connected by T1 line to the
network in the main office in New York. The network in the New York office contains a Windows 2000 Server computer named NYSrv04, which is a
domain controller and hosts an Active Directory integrated DNS zone. All client computers in the New York and Chicago offices use NYSrv04 for name
resolution.
The company's network manager decides to place an additional server on the network in the Chicago office to improve network performance. You
receive a new Windows 2000 Server computer named CHSrv01 from the main office. CHSRv01 is configured as a domain controller for the company
domain and as a DNS server.
You need to configure DNS on CHSrv01 and you need to configure the client computers that are on the network in the Chicago office. You need to
ensure that your configuration provides the fastest possible name resolution performance. You need to minimize the amount of DNS traffic sent between
the New York and Chicago office.
You configure the client computers in the Chicago office to use CHSrv01 for name resolution.

What should you do next?

A. Configure CHSrv01 with a new primary zone, and configure CHSrv01 to forward name resolution requests to NYSrv04.
B. Configure CHSrv01 with a new secondary zone, and configure CHSrv01 to perform zone transfers from NYSrv04.
C. Configure CHSrv01 as a caching-only server, and configure CHSrv01 to forward name resolution requests to NYSrv04.
D. Configure CHSrv01 with an Active Directory integrated zone.

Answer: D

24. You are a domain administrator for your company. You install a Windows 2000 Server computer named ServerA. ServerA is a member of the
company's Active Directory domain.
You install the DHCP service on ServerA. When you restart serverA, the DHCP service does not start.
You want to enable ServerA to start the DHCP service.

What should you do?

A. Configure the DHCP service to use a Domain Administrator account to log on to the domain.
B. Configure the DHCP service to use an Enterprise Administrator account to log on to the domain.
C. Ask a member of the Enterprise Admins group to authorize ServerA as a DHCP server.
D. Ask a member of the local Administrators group to authorize ServerA as a DHCP server.

Answer: C

25. You are the network administrator for your company's branch office. A user named Marc reports that his Windows 2000 Professional computer will
not start.
You investigate, and you discover that Marc's computer is displaying the following error message:
"Invalid disk or operating system not found."
Your computer configuration documentation indicates that Marc's computer is configured as a single NTFS logical volume.
You need to restore Marc's computer to normal operation as quickly as possible.

What should you do?

A. Restart the computer by using the Windows 2000 Professional CD-ROM, and select the option for the Recovery Console. Run the fixmbr and fixboot
commands.
B. Restart the computer by using the Windows 2000 Professional CD-ROM, and select the option for the Recovery Console. Run the enable
"Workstation" command.
C. Restart the computer by using the Windows 2000 Professional CD-ROM, and perform a parallel installation to a different folder on the hard disk
D. Restart the computer by using a floppy disk, and copy the Ntldr file from the Windows 2000 Professional CD-ROM to the root folder of Drive C.

Answer: A

26. You are a network administrator for your company. Users report that an application server named ServerA that runs a customized application is slow
to respond. You configure System Monitor on ServerA. The results are shown in the following table: (see exhibit)
You need to improve the performance of ServerA. What should you do?

A. Add additional RAM to ServerA.

B. Add an additional CPU to ServerA.
C. Add an additional network adapter to ServerA.
D. Add an additional Active Directory domain controller to the network.
E. Upgrade to a faster disk subsystem on ServerA.

Answer: A

27. You are a network administrator for your company. The network contains 2,500 Windows 2000 Professional computers, 70 Windows 2000 Server
member servers, and 5 Windows 2000 Server domain controllers. All computer accounts are in their default location in Active Directory.
You need to deploy the most recent service pack to all of the computers with the least amount of administrative effort.
What should you do?

A. Create a script named Update.bat that runs the Update.exe file from a network share. Create a Group Policy Object and link it to the Computers
container. Set the computer configuration to run the Update.bat script on startup. Restart each computer.
B. Create a Group Policy Object and link it to the Domain level. Configure the GPO to assign the Update.msi file under the user configuration logon
script. Log on to each computer as Administrator.
C. Create a Group Policy Object and link it to the Domain level. Configure the GPO to assign the Update.msi file under the user configuration logon
script. Restart each computer.
D. Create a Group Policy Object and link it to the Computer container. Configure the GPO to assign the Update.msi file under the computer
configuration. Restart each computer.

Answer: A

28. You are domain administrator for your company. The network consists of a single Windows 2000 domain. The domain contains and organizational
unit (OU) structure as shown in the OU structure exhibit.
Each department has its own departmental administrators who are responsible for the administration of resources in their respective departments.
Company Policy requires that these departmental administrators have control of the objects only in their respective OUs.
You use the Delegation of Control Wizard to delegate complete control of the each departmental OU to the administrative staff in the respective
department. The departmental administrators can successfully create users, groups, and printers in their respective OUs.
Maria is an administrator in the sales department. Maria reports that she cannot create a Group Policy Object in the Sales OU. When she attempts to
create a Group Policy new GPO in the OU, she receives the error message shown in the GROUP POLICY ERROR exhibit.
You verify that Maria has the Allow- Full Control permission for the Sales OU, but she still cannot create the GPO.

You need to resolve this problem. What should you do?

A. Add Maria to the Domain Admins Security Group.

B. Add Maria to Group Policy Creator Owner Security group.
C. Assign Maria the Allow- Create Child Objects permission for the Corp OU.
D. Assign Maria the Allow-Modify Ownership permission for the sales OU, and instruct here to take ownership of the OU.

Answer: B

29. You are a network administrator for your company. The network consists of a single Windows 2000 Domain. All servers run Windows 2000 Server.
All client computers run Windows 2000 Professional.
The manager of the accounting department reports that files located in shared folders on a server named ServerA are being deleted and must
continually be restored from backup.
You are asked to configure the local security policy on ServerA to find out who is deleting the files. You enable auditing on the affected files and folders
for all users in the domain.

Which audit policy or security policy should you enable on ServerA?

A. Audit Access of Global System Objects security policy.

B. Account Logon Events-Success audit policy.
C. Logon Events-Success audit policy.
D. Object Access-Success audit policy.
E. Privilege Use-Success audit policy.

Answer: D

30. You are a domain administrator for your company. You are installing a new Windows 2000 Server computer named ServerA, which has Internet
Information Services (IIS) installed.
You want to use ServerA to provide a corporate intrasite to your employees. You create a Web site on ServerA.
You want to enable users to access the intrasite by using the URL http://CLInfo. You want to accomplish this task with the least amount of administrative
effort.

Which two actions should you take? (Choose two)

A. Create a DNS entry for CLInfo that specifies the TCP/IP address of ServerA.
B. Create a WINS entry for CLInfo that specifies the TCP/IP address of ServerA.
C. Create a Hosts file entry for CLInfo that specifies the TCP/IP address of ServerA. Then copy the Hosts file to each network computer.
D. Create the CLInfo Web site as virtual directory.
E. Configure hosts headers on ServerA to include CLInfo.

Answer: AE

31. You are a network administrator for your company. All servers run Windows 2000 Server.
Users in the finance department report significantly slow performance when they access a database application that is hosted on a multiprocessor server
named ServerA. The application was designed for symmetric multiprocessing (SMP) and for use with Windows NT server 4.0 computers. The
application runs constantly as a background application.
Users do not report problems when they access the same database application running on a server named ServerB. Both servers have identical
hardware.
You start task manager on serverA. You view the information that is shown in the exhibit.
You need to optimize performance for users in the finance department when they access the database application.

What should you do?

A. Configure the application to run in a separate memory space.

B. Configure the application's process to run with high priority and with affinity for the second processor only.
C. Increase the amount of physical memory and increase the size of the paging file on serverA.
D. Set processor affinity for the application to allow the application to use all available processors.

Answer: D

32. You are a network administrator for your company. A user named Marc reports a problem with his Windows 2000 Professional computer.
You examine the computer and discover that it is displaying a STOP message. The documentation for Marc's computer indicates that the computer
contains a single hard disk, which is configured as a single NTFS logical volume.
Marc reports that the computer was working normally until he connected a new USB digital camera to the computer. The computer installed the
camera's software drivers, and then restarted. After the computer restarted, it displayed the STOP message and Marc was not able to log on to the
computer.
You need to return Marc's computer to normal operation as quickly as possible.

What should you do?

A. Restart the computer by using safe mode.
B. Restart the computer by using the last known good configuration
C. Restart the computer by using the Windows 2000 Professional CD-ROM, and select the option to repair the installation.
D. Restart the computer by using the Windows 2000 Professional CD-ROM, and select the option for Recovery Console.

Answer: B

33. You are a network administrator for your company. The network consists of a single Windows 2000 Domain. The domain contains four Windows
2000 Domain controllers. The relevant portion of your network is configured as shown in the exhibit.
The domain controller named DC1 is a multihomed computer that provides DNS and DHCP services for the company intranet and only DHCP services
for a secure network used by the software development department. DC01 does not route between the two networks. The computers in the software
development department are not members of the domain.
DC01 hosts an Active Directory integrated DNS zone. DC01 is configured as shown in the following table: (see exhibit)
You discover that Active Directory replication intermittently fails between DC01 and the other domain controllers. When this occurs, you receive the
following error message: "RPC server is unavailable."
There is no consistent pattern to the replication failures. The other domain controllers do not experience this problem when replicating to each other.
You need to ensure that replication occurs normally between all domain controllers.

What should you do?

A. In the TCP/IP properties for NIC1 on DC01, disable dynamic DNS registration. Remove all A (host) records from the DNS zone for DC01 for the
address 172.30.23.1. Remove the address 172.30.23.1 from the Interfaces tab in the properties for DC01 in the DNS console.
B. In the TCP/IP properties for NIC2 on DC01, disable dynamic DNS registration. Remove all A (host) records from the DNS zone for DC01 for the
address 192.168.1.1. Remove the address 192.168.1.1 from the Interfaces tab in the properties for DC01 in the DNS console.
C. In the TCP/IP properties for NIC1 on DC01, disable dynamic DNS registration. Remove all A (host) records from the DNS zone for DC01 for the
address 192.168.1.1. Disable round robin functionality on DC01. Disable recursive queries on DC01.
D. In the TCP/IP properties for NIC2 on DC01, disable dynamic DNS registration. Remove all A (host) records from the DNS zone for DC01 for the
address 172.30.23.1. Disable round robin functionality on DC01. Disable recursive queries on DC01.

Answer: B

34. You are a network administrator for your company. You need to create a Group Policy Object that requires user accounts to have a minimum
password length of seven characters. All of the Active Directory user accounts are in the MN Organizational Unit (OU).
Under the computer configuration, you create a GPO named PasswordGPO that requires a minimum of seven characters, and you link this GPO to the
MN OU. After you link the GPO, you find out that users can create passwords that are only one character in length.
You need to ensure that all users in the MN OU are required to have a minimum password length of seven characters.

What should you do?

A. Remove the GPO link on the MN OU for PasswordGPO. At the domain level, add a link to the PasswordGPO, and ensure that the GPO has the
highest priority.
B. Create a new GPO and link it to the MN OU. Configure the password requirement for this GPO to be minimum of seven characters, and make the
GPO the highest priority.
C. Run the Secedit/refreshpolicy machine_policy/enforce command on the domain controller on which you created the GPO.
D. Run the Secedit/refreshpolicy user_policy/enforce command on the domain controller on which you created the GPO.

Answer: A

35. You are a network administrator for your company. The help desk manager reports that the help desk is receiving a large number of requests from
sales representatives who need to have their passwords reset.
The help desk manager asks you to delegate this task to someone other than help desk personnel.
The user accounts of all sales representatives are in the sales Users organizational unit. The user accounts of all sales managers are in the Sales
Manager OU and are members of the Sales Managers group. You decide to allow the Sales managers to reset the passwords for their sales
representatives when necessary.
You need to configure Active Directory without compromising overall network security.

What should you do to allow the members of the Sales Managers group to reset passwords for the sales representatives?

A. Run the Delegation of Control wizard at the domain level and delegate the Create, Delete, and manage user accounts task to the Sales Managers
group.
B. Run the Delegation of Control wizard on the Sales Users OU and delegate the Create, Delete, and manage user accounts task to the Sales
Managers group.
C. Run the Delegation of Control wizard on the Sales Users OU and delegate the Reset passwords on user accounts task to the Sales Managers group.
D. Run the Delegation of Control wizard at the domain level and delegate the Reset passwords on user accounts task to the Sales Managers group.

Answer: C

36. You are a domain administrator for your company. You are installing a Windows 2000 Server computer named ServerA and 25 Windows 2000
Professional computers in a new branch office.
You want to enable the client computers in the branch office to access the Internet as needed. You have a dial-up account with a local Internet service
provider (ISP).
You want to reduce connection charges from your ISP. Therefore, you want the connection to be active only when internet resources are requested.
Which three actions should you take? (Choose three)

A. Attach a modem to ServerA and create a dial-up connection to the ISP.

B. Attach a modem to one of the Windows 2000 Professional computers and create a dial-up connection to the ISP.
C. Configure the modem to use software handshaking.
D. Configure the modem to use hardware handshaking.
E. Configure the dial-up connection to enable on-demand dialing.
F. Configure the dial-up connection to enable Internet Connection Sharing.
G. Configure the client computers in the branch office to enable Internet Connection Sharing.

Answer: AEF

37. You are a domain administrator for your company. The network consists of a single Active Directory domain and contains a Windows 2000 Server
computer named ServerA.
ServerA has Routing and Remote Access installed. Employees use ServerA to connect to the corporate network by using a dial-up connection. The
remote access policy for ServerA change frequently.
The company is hiring 200 new employees who will work remotely. You need to add four Windows 2000 Server computers with Routing and Remote
access installed so that the new employees can dial in to the network.
You want to configure all of these Routing and Remote Access servers to use the same remote access policies. You want to configure and maintain the
remote access policies with the least amount of administrative effort.
What should you do?

A. Add the new Routing and Remote access server to the domain. Place the remote access policies on ServerA.
B. Promote ServerA to a domain controller in the domain. Add the new Routing and Remote Access Server as members of the domain.
C. Install the Internet Authentication Service (IAS) on ServerA. Configure the new Routing and Remote Access servers to use serverA for authentication
requests.
D. Create a new domain controller named ServerB. Install the Internet Authentication Server (IAS) on ServerB. Configure the new Routing and Remote
access servers to use serverB for authentication requests.

Answer: C

38. You are a domain administrator for your company. You are installing a network in a new branch office. The network contains two Windows 2000
Server computers and 10 Windows 2000 Professional computers. A Windows 2000 Server computer named ServerA provides DHCP service for the
network.
You are installing a new Windows 2000 Server computer named ServerC. You have a dial-up account with a local Internet service provider (ISP). You
connect a 56-Kbps modem to ServerC. You want to use serverC to provide shared access to the internet.
Which three actions should you take? (Choose three)

A. Install the WinSock proxy client on ServerC.

B. Install the WinSock proxy client on all of the client computers.
C. Install the DNS service on ServerC.
D. Install internet connection sharing on ServerC.
E. Uninstall the DHCP service on serverA.
F. Create a dial-up connection on ServerC and configure the connection with the ISP account information.

Answer: DEF

39. You are a domain administrator for your company. The network consists of a single Active Directory domain. The network contains 15 Windows
2000 Server computers and 150 Windows 2000 Professional computers. A server named ServerA has Routing and Remote Access Installed and is
configured for incoming dial-up connections.
You install Windows 2000 Professional on a home computer named Home1. You create a new PPP dial-up connection to connect to ServerA. You
configure the connection to use both of the external modems on Home1 and to use Multilink. You start the dial-up connection administrator connect to
ServerA. You notice that only one of the modems is connected to serverA.
What should you do?

A. Configure the dial-up connection on Home1 to use SLIP.

B. Configure ServerA to accept Multilink dial-up connections.
C. Replace the modems on ServerA with new modems that support SLIP
D. Replace the modems on Home1 with new modems that support Multilink.

Answer: B

40. You are a network administrator for your company. The network is configured as shown in the exhibit.
You notice that connectivity from the New York office to the London office is inconsistent. You need to find out where the network packets are being
dropped and what percentage of packets is being dropped.
What should you do?

A. On NYDC01, run the tracert LONDCO01 command. View the results and find out where the results time out.
B. On LONDC01, run the tracert NYDCO01 command. View the results and find out where the results time out.
C. On NYDC01, run the ping LONDC01 command. View the results.
D. On LONDC01, run the ping NYDC01 command. View the results.
E. On NYDC01, run the pathping LONDC01 command. View the results.
F. On TORDC01, run the pathping LONDC01 command. View the results.

Answer: E

41. You are a domain administrator for your company. The network contains two TCP/IP subnets that are connected by a router. The router is
configured to forward BOOTP packets. The two subnets contain a total of 180 Windows 2000 Professional computers.
A Windows 2000 Server computer named ServerA provides DHCP services for the network. The DHCP scope on ServerA is configured as shown in the
following table. (See exhibit)
You are adding a new Windows 2000 Server computer named ServerB. You install the DHCP service on ServerB. You want ServerB to provide load
balancing and redundancy for ServerA.
How should you configure DHCP on ServerB?
A. Configure one scope with an IP address range of 172.30.10.1 to 172.30.10.100. Configure a second scope with an IP address range of 172.30.11.1
to 172.30.11.100.
B. Configure one scope with an IP address range of 172.30.10.101 to 172.30.10.200. Configure a second scope with an IP address range of
172.30.11.101 to 172.30.11.200.
C. Configure one scope with an IP address range of 172.30.10.1 to 172.30.10.200. Configure an IP address exclusion of 172.30.10.1 to 172.30.10.100.
D. Configure one scope with an IP address range of 172.30.11.1 to 172.30.11.200. Configure an IP address exclusion of 172.30.11.1 to 172.30.11.100.

Answer: B

42. You are the network administrator for one of your company's branch offices. The network is your office consists of two subnets. One subnet contains
client computers and one subnet contains servers. You are using standard, classful subnet mask on the subnets. The relevant portion of the network is
shown in the exhibit.
You need to configure the client computer so that it can connect to the file server and the domain controller on the network.
How should you configure the computer?

Select And Place

A. IP address: 192.168.12.12; Subnet mask: 255.255.255.0; Default gateway: 192.168.12.1.

B. IP address: 192.168.12.1; Subnet mask: 255.255.255.0; Default gateway: 192.168.12.12.

Answer: A

43. You are the administrator of a Windows 2000 Server computer in your company's accounting department. The server runs Terminal Services in
application mode. All users in the accounting department run their business applications in Terminal Service sessions.
A manager in the accounting department runs as application on the server. The application requires three hours to process financial and accounting
data. This application must be run every Friday morning so that the data will be available to the director of accounting application to run with the least
amount of performance impact on the other business applications.
What should you do?

A. Configure all other business applications to have High priority.

B. Configure all other business applications to have RealTime priority.
C. Configure the accounting application to have AboveNormal priority.
D. Configure the accounting application to have BelowNormal priority.

Answer: D

44. You are a network administrator for your company. You are installing Windows 2000 Advanced Server on a new computer.
The server contains two PCI network adapters and a PCI video adapter. The server's motherboard has a built-in dual-channel SCSI adapter that hosts
several devices, as shown in the following table: (See exhibit)
The installation process begins normally. However, prior to copying files, Windows 2000 Setup informs you that it cannot detect any mass storage
devices on your computer. The installation will not resume.
You need to correct this problem and complete the installation.
What should you do?

A. Reconfigure the second SCSI adapter to have a SCSI device ID of 7.

B. Reconfigure the removable disk cartridge drive to have a SCSI device ID of 4.
C. Reserve an IRQ for each SCSI adapter in the system BIOS.
D. Restart setup and install the driver for the SCSI adapter during the initial file copy.
E. Configure the system BIOS boot device option to boot from the SCSI hard drive.

Answer: D

45. You are the administrator of a Windows 2000 Server computer named ServerA. ServerA has Internet Information Services (IIS) installed and is used
to host your company's public Internet web site.
The company is developing a new web site where business partners can exchange information about customer purchases, order history, and credit card
information.
You are asked to ensure that all information transmitted between ServerA and each business partner's computers is encrypted.
What should you do?

A. Install a Web server certificate and enable Digest authentication.

B. Install a Web server certificate and enable SSL for the new Web site.
C. Configure the new web site to use Integrated Windows authentication.
D. Configure the new Web site folder to enable Encrypting File System (EFS).

Answer: B

46. You are the administrator of a Windows 2000 file and web server named ServerA. ServerA is a member of a Windows 2000 Domain. A folder on
ServerA named: I:\Data\Accounting_vacation_requests is shared as AcctVac with default NTFS and share permissions.
Users in the domain local group named AcctGrp save vacation requests as Microsoft Word documents to AcctVac by using a mapped drive.
You want other users in the domain to be able to view the vacation requests by using the URL://ServerA/Vacation.
What should you do?

A. Rename the folder to I:\Data\Vacation. Modify NTFS permissions for the folder to assign the Everyone group the Allow-Read permission and to
assign the AcctGrp group the Allow-Full Control permission.
B. Create a new share named Vacation for the folder. Modify NTFS permissions for the folder to assign the Everyone group the Allow-Read permission
and to assign the AcctGrp group the Allow-Full Control permission.
C. Configure the folder as virtual directory with the alias of Vacation. Assign the Read and the Directory browsing access permissions for the virtual
directory.
D. Create a new Web site named Vacation on ServerA. Create a virtual directory with the default settings in the new Web site.

Answer: C

47. You are the administrator of a Windows 2000 server computer that is used for software development and testing. The server contains two hard
disks, which are configured as drive C and drive D. Both are formatted as NTFS.
The server is configured with two installations of Windows 2000 Server. The server's Boot.ini file is as follows:
[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(1) \WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1) \WINDOWS="Microsoft Windows 2000 Server I" /fastdetect
multi(0)disk(0)rdisk(1)partition(1) \WINDOWS="Microsoft Windows 2000 Server II" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console"/cmdcons
You want the server to start the Windows 2000 Server installation that is located on drive D, unless an administrator selects the other installation during
startup.
Which Boot.ini file should you use?

A. [boot loader] timeout=10 default=multi(0)disk(0)rdisk(1)partition(1) \WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1) \

WINDOWS="Microsoft Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(1) \WINDOWS="Microsoft Windows 2000 Server II" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console"/cmdcons
B. [boot loader] timeout=10 default=multi(0)disk(0)rdisk(0)partition(2) \WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1) \
WINDOWS="Microsoft Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(1) \WINDOWS="Microsoft Windows 2000 Server II" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console"/cmdcons
C. [boot loader] timeout=10 default=multi(0)disk(0)rdisk(0)partition(1) \WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1) \
WINDOWS="Microsoft Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(1) \WINDOWS="Microsoft Windows 2000 Server II" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console"/cmdcons
D. [boot loader] timeout=10 default=multi(0)disk(0)rdisk(1)partition(0) \WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1) \
WINDOWS="Microsoft Windows 2000 Server I" /fastdetect multi(0)disk(0)rdisk(1)partition(0) \WINDOWS="Microsoft Windows 2000 Server II" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console"/cmdcons

Answer: A

47. You are the administrator of your company's Windows 2000 file servers. Users on the network secure some of their files by using Encrypting File
System (EFS).
An employee named Marc leaves the company. An employee named Maria needs access to some of Marc's files. The files are in a shared folder for
which all users have permission to read these files.
However, some of Marc's files are protected EFS. You need to allow Maria access to all of Marc's files.
What should you do?

A. Move the files to a partition that is formatted as either FAT or FAT32.

B. Use an EFS Recovery Agent to decrypt the files.
C. Take ownership of the files and assign Maria the Allow-Read permission for the files.
D. Assign Maria the Allow-Take Ownership permission for the files.

Answer: B

48. You are the administrator of a Windows 2000 web server named ServerA. ServerA is a member of a Windows 2000 Domain. A folder on ServerA
named I:\\WebData\Public_Information is shared as a virtual directory named Public.
You also want users to be able to access the virtual directory named Public.
You also want users to be able to access the virtual directory by using the URLs http://serverA/PI and http://ServerA/Information.
What should you do?

A. In the Web sharing properties for the folder, add the aliases PI and information.
B. Create two new shares for the folder and name PI and information.
C. Create two new folders name PI and Information. Copy the files from the existing folder to the new folders. Share each of the new folders with the
default settings.
D. Create two new Web sites named PI and Information. Configure I:\\WebData\Public_Information to be the root directory for both web sites.

Answer: A

49. You are a network administrator for Contoso Pharmaceuticals. The network contains three Windows 2000 Server computers, which run the DNS
server service, and two UNIX BIND-based DNS servers. The Windows 2000 DNS servers are domain controllers for a single domain named
ad.contoso.com. The DNS zone type for ad.contoso.com is Active Directory integrated. The zone is configured with default refresh and expire intervals
and default zone transfer properties.
Windows 2000 Server computers in the domain are configured to dynamically register with the Windows 2000 DNS servers. However, all Windows 2000
Professional and UNIX computers are configured to use the BIND-based DNS servers for name resolution.
You create secondary zones for ad.contoso.com in each of the BIND-based DNS servers, and you configure the ad.contoso.com domain controllers as
the master DNS servers. When you inspect the secondary zone on the BIND-based DNS servers the next day, there are no records in the zone.
You need to ensure that the secondary zones on the BIND-based DNS servers include up-to-date DNS records.
What should you do?

A. On one of the domain controllers, select the Allow zone transfers check box in the properties for the zone.
B. On one of the domain controllers, increase the expire interval for the ad.contoso.com zone to two days.
C. On one of the domain controllers, change the zone type for ad.contoso.com to standard primary. On the remainder of the domain controllers, change
the zone type to standard secondary.
D. On each of the domain controllers, assign the Pre-Windows 2000 Compatible Access group the Allow-Read permission for the ad.contoso.com zone.
Answer: C

50. You are a network administrator for your company. The network consists of a single Windows 2000 Domain. All client computers run Windows 2000
Professional and are members of the domain.
Client computers in the research department and the graphics department are new and have clean installs of Windows 2000 Professional. Client
computers in the other departments have been upgraded from Windows NT workstation 4.0 to Windows 2000 Professional.
The domain contains an organizational unit (OU) hierarchy, as shown in the exhibit.
You want to ensure that all upgraded computers have the same security configuration as the computers that have the clean installs. You also want to
ensure that all client computers have strong password policies applied, and that an administrator is required to unlock locked user accounts for the
research department and the human resources (HR) department.
You create a Group Policy Object named DefaultSec, which applies security setting that are required for all users and computers. You create a second
GPO named HiSec, which has the security setting that are required by the HR and the Research departments. Both GPOs use custom security
templates.
You import the Basicwk.inf security template into the Default Domain GPO.
How should you link the GPOs to the OUs?

To answer click the select and place button, and then drag the appropriate Group Policy Object to the
appropriate department OU. Note that GPOs can be used more than once.

SELECT AND PLACE

See exhibit for answer

A. Ip Address 192.168.12.12
B. Subnet Mask 255.255.255.0
C. Default Gatway 192.168.12.1

Answer: ABC

51. You are the administrator for your company's intranet web site. The web site is hosted on a Windows 2000 Server computer.
You need to install a new web server component that will be used with a new web site that is in development. The new component is an ISAPI-based
application. You install the component in a virtual directory named COMMON and configure the Read, Script, and Execute permissions.
When the developers test their applications by using the new component, they receive an error message stating that the component could not be
started.
You want to ensure that the new component functions properly on the web site.
What should you do?

A. Configure the intranet web site to remove the default application.

B. Configure the COMMON virtual directory to run with low application protection.
C. Configure the COMMON virtual directory to run with high application protection.
D. Configure the Execute permission on the intranet web site to enable Scripts only.
E. Configure the Execute permission on the intranet web site to enable Scripts and Executables.

Answer: E

52. You are a network administrator for your company. To meet the requirement of the company's new password policy, you must configure a minimum
length of eight characters for new network passwords.
On a domain controller named DC01, you modify the Default Domain Group Policy Object (GPO). You test the new configuration on your Windows 2000
Professional computer. You can still create two-character password.
You need to ensure that the password policy changes are immediately enforced for all users in the domain.
What should you do?

A. On DC01, run the Secedit/refreshpolicy machine_policy/enforce command.

B. On DC01, run the Secedit/refreshpolicy user_policy/enforce command.
C. Create a new GPO and configure the password policy. Link the new GPO to the organizational unit (OU) that contains all user accounts.
D. Create a new GPO and configure the password policy. Link the new GPO to the organizational unit (OU) that contains all computer accounts.

Answer: B

53. You are an enterprise administrator for Trey Research, a company that is based in Los Angeles. The network consists of three Windows 2000
domains in two sites, as shown in the exhibit.
Trey Research anticipates company growth of up to 200 percent during the next 12 months, and plans to add as many as three new sites and four new
child domains to the network during that time.
Company IT policy dictates that user account and password security policy settings must be applied consistently to all users throughout the company.
You configure the Group Policy Object to the treyresearch.com domain as shown in the following table: (see exhibit)
You later discover that the settings that defined in the Enterprise security GPO are being applied to users located in only the treyresearch.com domain.
You need to ensure that these settings are applied to all users in the company.
What should you do?

A. Delete the Default Domain GPO in the child domains.

B. Enable the No Override option for the Enterprise Security GPO.
C. Create a new site that contains all domains, and link the Enterprise Security GPO to the site.
D. Create and link new GPOs in the child domains with the same settings as in the root domain.

Answer: B

54. You are a network administrator for Contoso Pharmaceuticals. The network contains two Windows 2000 Server computers, which run the DNS
server service. The DNS servers are domain controllers for a single domain named ad.contoso.com.
The DNS servers use standard zone types for ad.contoso.com. The Windows 2000 Server computers and Windows 2000 Professional computers in the
domain are configured to dynamically register with the DNS servers. DNS is the only name resolution service on the network.
A Windows 2000 web server named ServerA contains an employee information Web site. Users report that they attempt to access the Web site; they
receive an error message stating that the page cannot be displayed.
You confirm that you can access the web site on ServerA by using the server's IP address. However, when you run the ping ServerA command from the
command line the reply you receive contains a different IP address.
You want to correct the name resolution problem and prevent it from happening again.
Which three actions should you take? (Choose three)

A. Disallow zone transfers for the ad.contoso.com zone.

B. Change the zone type to Active Directory integrated for the ad.contoso.com zone.
C. Allow only secure objects for the ad.contoso.com zone.
D. Disable dynamic updates for the ad.contoso.com zone.
E. Run the ipconfig/release command on the computer that responds to the ping. Run the ipconfig/renew command on ServerA.
F. Delete the current DNS entry for ServerA. Run the ipconfig/registerdns command on ServerA.

Answer: BEF

55. You are a network administrator for your company. You are responsible for a child domain in your enterprise. The human resources (HR) department
uses this child domain. The domain contains Windows 2000 domain controllers and Windows NT 4.0 member servers.
The HR department institutes a new employee review process. Under the new process, documents that are used for performance reviews will be stored
in the shared folder, and managers will be the only personnel who will have access to that shared folder.
In that organizational unit (OU) named Mgr1, existing global groups for managers are the IT Managers group, the HR Managers group, the Finance
Managers group and the Manufacturing Managers group.
You want to add these managers groups to a new security global group named All Managers. The All Managers group is in a separate OU named
AllMgr. However, when to attempt to add each of the managers groups to the All Managers group, you notice that only individual users accounts are
available to be added and the managers group are not available to be added.
What should you do?

A. Move the All Managers group to the Mgr1 OU.

B. Ask the domain administrator to switch the domain to native mode.
C. Change the All Members group from a global group to a universal group.
D. Ask the domain administrator to assign you the Allow - Change permission for each of the managers global groups.

Answer: B

56. You are the administrator of your company's Windows 2000 network. As the network is growing, there is an urgent need for facilitating network
administration. In particular, you want to group objects that require similar administrative tasks together. Your peer Jay suggests that you deploy multiple
OUs for the above purposes. You follow his suggestion and create multiple OUs under the ABC domain as follow:
SALES
ACCT
ADMIN
HR
MANAGER
SUPPORT
You realize that the amount of work is too much for you, that you need Jay and Mary to share the load. In particular, you want them to be able add and
create objects in these OUs for you. What should you do?

A. Open the Active Directory Users And Computers snap-in and select the appropriate OU. On the Action menu, click Delegate Control. Repeat this for
every OU.
B. Open the Active Directory Sites And Services snap-in and select the ABC domain. On the Action menu, click Delegate Control.
C. Open the Active Directory Domains And Trusts snap-in and select the ABC domain. On the Action menu, click Delegate Control.
D. Open the Active Directory Sites And Services snap-in and select the appropriate OU. On the Action menu, click Delegate Control. Repeat this for
every OU.
E. Open the Active Directory Domains And Trusts snap-in and select the appropriate OU. On the Action menu, click Delegate Control. Repeat this for
every OU.
F. Open the Active Directory Users And Computers snap-in and select the ABC domain. On the Action menu, click Delegate Control.

Answer: A