1. Which of the following commands are useful for troubleshooting Active Directory replication failure due to incorrect DNS configuration?
Answers:
• ipconfig/registerdns
• dcdiag /test:registerdns /dnsdomain
• dcdiag /test:connectivity
• ntdsutil
2. You are the network administrator, and your network consists of various branch offices located at different locations which are:
Location 1
Location 2
Location 3
Location 4
You want to allow secure dynamic updates in DNS in Location 1, 2 and 3. But Location 4 should not be able to edit DNS. Which of the following statements will fit in this scenario?
Answers:
• assign Location 1, 2 and 3 'Active Directory Integrated Zone'
• assign Location 4 as secondary Zone
• assign location 4 as primary zone
• assign Location 1,2,3 as primary zone
3. You are the network administrator responsible for handling and troubleshooting the DNS server configured in Windows Server 2003. You figure out later on that the DNS server is consuming high CPU usage. Which of the following checks will you do to restrict DNS usage?
Answers:
• Check if any virus scanning software is enabled
• Check if ipconfig/flushdns command is run
• Check if sms server is installed
• Check if active directory is installed��
4. Which of the following are ways of viewing RSoP reports?
Answers:
• gpresult /z >policy.txt from command prompt
• .html file from Advanced Security Information-Policy wizard
• Performance monitor
• dcdiag.log file
5. As the network administrator of a Windows 2003 network, when you were monitoring your network securities, you discovered that most of the users have been using the same password ever since their accounts were created. You want to secure your password policies so that users must change their passwords periodically. What will be your course of action?
Answers:
• Enforce password history
• Minimum password age
• Maximum password age
• None of the above
6. Which are the other aspects that an administrator must consider for the network to run effectively after running metadata clean-up to delete the remains of a removed domain controller in Windows Server 2003?
Answers:
• Relocate FSMO roles
• DHCP clients configuration will dynamically be updated for failed DNS server
• All application servers must point to the new live Global Catalog if removed DC is a Global catalog
• DNS forwarders configuration need not to be updated for failed DNS server
7. You work as a Network Administrator for your company running on Windows 2000 Active Directory based network. One day you discover that the partition having Active Directory database is out of space. How will you move Active Directory database and log files to a new volume on a different disk?
Answers:
• Restart the Active Directory in Safe mode
• Run ntdsutil to move database to a new location
• Restart the Active Directory in Directory Services Restore Mode
• Run csvde utility to restore database to a new location
8. Which of the following commands can be used to promote the DC (Domain Controller) from a backup of the system state data of an existing DC (Domain Controller)?
Answers:
• dcpromo /restore
• dcpromo /promo
• dcpromo /system
• dcpromo /adv
9. Which of the following components are contained in the sysvol folder?
Answers:
• Active directory log files
• NETLOGON
• Windows NT 4.0 system policies
• System state data back-up
10. DNS SRV resource records map the name of a service to the name of a server offering that service.Which of the following SRV entry helps clients to find a Windows Server 2003 dom PDC FSMO role holder in a mixed-mode environment.
Answers:
• _ldap._tcp..domains._msdcs.
• _ldap._tcp.
• _ldap._tcp.._sites.
• _ldap._tcp.pdc._ms-dcs.
11. You are the network administrator for your company. One user account named Mike often needs to be moved between sales and marketing group. But the changes are not taking effect. Which of the following FSMO role may be responsible for that?
Answers:
• RID Role
• Infrastructure role
• PDC emulator role
• Domain naming role
12. Your Company has different OUs named sales, production and finance. All are child objects under Departments OU. You created a new GPO used to assign software required for all departments. Sales and production users can see the shortcut in start menu and can successfully install the software but finance users report that this shortcut is not appearing in their start menu. What will you do?
Answers:
• Publish the software instead of assign
• Remove Block-Policy Inheritance from finance OU
• Grant all finance users to Domain Admins group
• Package is corrupt so rebuild it
13. Once DNS Advanced option is enabled from DNS console View tab in Windows Server 2003, which of the following things can be done ?
Answers:
• Cached data can be deleted record by record
• Zone transfer can be done forcibly
• SOA serial number can be incremented
• nslookup command can be run directly
14. Which of the following things can be done once the DNS Advanced option is enabled from DNS console View tab in Windows Server 2003?
Answers:
• Open network monitor
• Enable Advanced in View tab of DNS console
• Use performance monitor to view DNS cache
• Use Event Viewer from DNS console
15. You are the administrator of your company.Your network is running on Windows Server 2003 domain controller and Windows XP as a clients.You have configured Software Deployment to distribute softwares to users. You have published softwares but by using Group Policies. Softwares appear in Add/remove Programs in control Panel but when users try to install them, they get an error message "The feature you are trying to install cannot be found in the setup directory" and the setup fails. Identify the cause.
Answers:
• The software was not assigned
• Users were not the members of the administrative group
• Proper permissions to users on folders containing software image were not granted
• The server was not restarted
16. You are the network administrator of a company. Your company's network has Windows 2003 Server and Windows 2000 Professional computers. You use a security policy to configure a server named Delta1. Now you have to deploy the security configuration on server Delta1 to the computers on your company's network. How will you accomplish this task by using minimum efforts?
Answers:
• Create a new GPO linked to the domain. Include all the settings used in the server (Delta1) in this GPO
• Use the Security Configuration and Analysis snap-in to export all the security settings from server Delta1 to a template file. Then, import the template file into the GPO for applying to multiple computers
• Use the Security Configuration and Analysis snap-in to export all the security settings from server Delta1 to a template file. Then, apply the template to each computer by using the Security Configuration and Analysis snap-in
• All of the above
17. You want to transfer the FSMO role. When you tried to transfer it, the transfer was unsuccessful. What will you do now?
Answers:
• Seize the role
• Delete the role
• Copy the role
• None of the above
18. You are the network administrator of a company running on Windows Server 2003 environment.The network consists of a single forest that contains two domains named Domain-A and Domain-B.You are responsible for handling Domain-A having one Active-Directory Integrated zone server .Your company policies state that name resolution traffic from Domain-B should be locally resolved by Domain-A. What should you do ?
Answers:
• Create a primary zone for Domain-B
• Configure Domain-B as a forwarder
• Create a secondary zone for Domain-B on Domain-A
• Configure Domain-B as the DNS client of Domain-A
19. You are the administrator of an OU named WebServers, created in Windows Server 2003 domain. The IPSec policies are defined at Domain level and No Override is not selected. All websites are configured to allow only anonymous users. A new GPO is applied at WebServers OU restricting local Administrators group to login locally. Users report that they are unable to access any of the Web Sites on the servers. What will you do for allowing users access to the websites from the servers in WebServers OU without affecting overall security?
Answers:
• Add all users to the Domain Admins group
• Create a GPO that allows local Administrators and Guests to login locally and link GPO to WebServers OU
• Create a GPO that allows local Administrators and Guest to login locally and link GPO to Domain level
• Set Basic Authentication in each Web Server
20. You are the network administrator of a company called Expertrating. Your company's network has a single Active Directory forest with a single domain named expertrating.com. Windows Server 2003 is running on all the servers and all the clients are Windows XP Professional computers. Your company has a test lab that contains a separate forest. You created a GPO (Group Policy Object) for testing and tested it successfully in that lab. Now, you want to implement this GPO on the network for all the computers and users in the domain. How will you accomplish this task by using minimum efforts?
Answers:
• Take a backup of the GPO created in the test lab by using the Group Policy Management Console and import it into the Domain
• Create a new GPO linked to the domain. Include all the settings used in the old GPO (which was used for testing) in this GPO
• Copy all the files in the SYSVOL folder from the test lab to the domain
• None of the above
21. A network consists of one Windows Server 2003 running as Domain Controller and 100 Windows XP Clients. The network administrator has created many OUs in domain and delegated control of OU to relevant administrators. His domain is configured with one OU, named sales, having one child, OU marketing. Two different administrators are appointed to be responsible for their respective OUs. But the marketing OU administrator complains that their OU is inheriting the Group Policies of its parent domain, even when they have blocked the inheritence. What may be the reason for that?
Answers:
• 'No Override' is enabled on sales OU
• 'Block Policy Inheritance' is enabled on domain
• Group policies are not refreshed
• ntdsutil is run to overcome the situation
22. You use Software deployment in Windows Server 2003 to distribute company's softwares on your Windows XP clients. The software image is clean and successfully published to clients. Clients have installed softwares in their desktops. But, when they run the setup from desktop shortcut, it gives an error message. Which of the following may be the reason for this error?
Answers:
• Software image is corrupted
• Users have read only permission in the folder containing software image
• The server gets restarted
• Users with roaming profile are logging in two computers simultaneously
23. You are the network administrator for your company running Domain Controller on Windows Server 2003. The domain has a Windows 2000 server named production. The production server is not a domain controller. You are allowed to logon locally for making the configuration. You want to run a script that will change the current environment variables setting when users log in.What would be the appropriate course of action?
Answers:
• Create a logon script and apply it on default domain group policies
• Create a logon script and apply it on local group policies
• Create a start-up script and apply it on the Default Domain Controller Group Policies
• Copy the script to NetLogon share of the production server
24. Which of the following FSMO roles mostly affects the network users functionality immediately?
Answers:
• PDC Emulator role
• Infrastructure role
• Domain name master
• RID master role
25. Your company has three domains located at different locations:
perl.com
geneva.perl.com
portland.perl.com
All three domains are in the Native Mode. Your geneva.perl.com branch is going to shut down and you want to migrate all users in that domain to perl.com. How will you move the users?
Answers:
• movetree /start /s dc1.geneva.perl.com /d dc2.perl.com /sdn cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,dc=perl,dc=com
• Move the users from Active Directory Users and Computers
• Move computer object from Active Directory Users and Computers to perl.com
• movetree /continue /s dc1.geneva.perl.com /d dc2.perl.com /sdn cn=users,dc=geneva,dc=perl,dc=com /ddn cn=users,d=perl,dc=com
26. The network of ABC TOYS company consists of Windows Server 2003 and 5000 Windows XP Clients. Sometimes, users report missing data from the server. The network administrator wants to find the user deleting the files. He created a GPO and assigned it on the ABC Toys domain. Which actions should he audit?
Answers:
• Process tracking
• Account login events
• Object access
• Privileged access
27. Your company's network has a single Active Directory domain. All servers run Windows Server 2003. You want to make an application available for all the users to install. You want to configure GPO for this. How will you complete this task?
Answers:
• Copy the application package on all the user computers one by one
• Publish the application with file extension activation
• Provide application CDs to users for manual installation
• All of the above
28. You are the network administrator of Windows 2003 domain. The domain has one OU named Sales.You are using Windows Installer to publish sales relevant software to user's workstations. Currently, only members of Sales OU can run the software.But you want all users in the domain to be able to use the software from Start menu. What should you do ?
Answers:
• Assign the Windows Installer GPO from OU instead of publishing
• Remove current GPO from Sales OU, create a new GPO that will upgrade the installed package and apply newly created GPO to sales OU
• Remove the GPO from Sales OU,assign the GPO to domain and set the permissions to assign the package to all users
• Create a new GPO and assign the package to all users in the domain. Grant the membership of Domain Admins to all the users
29. The administrator for company ABC Toys configured RIS server in Windows Server 2003 for installing operating system Image to newly branded computers. But when he started the computers for obtaining addresses from RIS, they all are unable to connect to DHCP server. Later on, he discovered all branded computers were using network adapters that were not PXE compliant. How will he connect these computers to RIS server?
Answers:
• By creating RIS Bootable floppies from rbfg.exe
• By creating RIS bootable floppies from ASR
• By using riprep for installing image to client computers
• By instaling DHCP relay Agent
30. You are the administrator of a Windows 2003 domain. The domain has 100 users working on Windows XP. You want to allow all users to change their desktop setting if they try to work on any Windows XP computer. But their altered desktops should not be saved once they log off. What should you do in this scenario?
Answers:
• Edit GPO to set the customized desktop
• Change the ntuser.dat file to ntuser.man in profiles directory
• Schedule a batch to run at some interval to delete the user's home directory on each client computer
• Configure a roaming profile for each user in the network
31. Your company's network has a single active directory domain. The domain has an OU named Delta, which further has two child OUs named Bravo and Charlie respectively. You want to disable Windows Update Service on all the computers in the domain with the exception of computers in Charlie OU. Which of the following steps will you follow to complete this task with minimum efforts?
Answers:
• Create a new GPO linked to the Domain and disable Windows Update in User Configuration section of the GPO. Enable Block Policy inheritance setting on Charlie and Bravo OU
• Create a new GPO linked to the Domain and disable Windows Update in User Configuration section of the GPO. Enable Block Policy inheritance setting on Bravo OU
• Create a new GPO linked to the Domain and disable Windows Update in User Configuration section of the GPO. Enable Block Policy inheritance setting on Charlie OU
• Create a new GPO linked to the OUs Bravo and Charlie and disable Windows Update in User Configuration section of the GPO
32. Which of the following is a recommended tool for populating Active Directory with data from other directory services?
Answers:
• csvde
• ldifde
• ntdsutil
• ADSI Edit MMC snap-in
33. You are the back-up operator in a company and responsible for system-state data backup which is residing at two Windows Server 2003 domain controllers. How should you automate the process for every day at 12:00 mid-night?
Answers:
• Schedule a system state data backup for specified time
• Schedule a full back-up of each domain controller once a day
• Schedule a task to back-up ntds.dit file at late night
• Schedule a task to back-up the entire drive having active-directory database and log files at late night
34. When an administrator runs dcpromo command in Windows Server 2003 to
install Domain, setup fails with the following message
"Active Directory installation failed. The network location could not be
reached." What may be the problem ?
Answers:
• DNS
• Default gateway
• Network adapter
• Administrative privileges
35. You are the administrator for ExpertRating's Branch office. Your company domain is running on Windows Server 2003. Your company's HQ is located at Atlanta and contains one Active-Directory Integrated DNS Server. An administrator at HQ instructs you to install and configure the DNS server as Active Directory Integrated zone. But when DNS is installed at the Branch office and a zone is tried to be created, the option to create Active-Directory Integrated zone is unavailable. What should be done in this scenario?
Answers:
• A new secondary Zone at the branch office configured with the address of DNS server located at HQ should be created
• The HQ DNS server should be configured to approve the branch DNS server as Name Server
• It should be ensured that HQ DNS server is configured as Standard Primary Zone
• It should be ensured that Branch office server is promoted as Domain Controller, and then an Active Directory Integrated Zone should be created
36. You are the network administrator responsible for handling DNS server running on Windows server 2003. You receive a report that Windows Server 2003 CPU utilization rate is constantly exceeding 85 % of the CPU.How will you check if this problem arises only because of the DNS server?
Answers:
• Check DNS counters performance from System Monitor
• Run ipconfig/displaydns command
• Use Network Monitor to check the number of queries resolved by DNS
• Use Event Viewer to check DNS performance
37. Your network consists of one parent domain running on Windows Server 2003 and 1000 Windows XP clients.Your company's growth demands a child domain to be installed in one of the Branch Location.But when you run dcpromo command to join the child domain in parent,you get an error message that the existing domain cannot be contacted.What will you do to correct this problem?
Answers:
• Configure a domain controller of the child domain with the address of the DNS server of existing domain.
• Create an Active Directory Integrated zone of child domain in the existing domain controller
• Transfer PDC emulator role to a new child domain
• Use ntdsutil to transfer domain naming master role to child domain
38. Suppose there are network connectivity problems between your HQ at Atlanta and Branch office in Atlanta which are causing packets to drop. How will you check where and what percentage of packets is dropped from the HQ?
Answers:
• By running tracert from HQ to Branch
• By running tracert from Branch office to HQ
• By running pathping from HQ to Branch
• By running pathping from Branch to HQ
• By running Network Monitor
39. Your network consists of three Windows 2003 Domain Controllers named DC-1, DC-2 and DC-3. DC-3 doesnot hold any FSMO roles. After backing-up the System State Data Back-up of all DCs, DC-3 disk failed. You replaced the failed disk with a new disk and installed Server 2003 on the new disk. What should you do next on DC-3?
Answers:
• Restore the System State Data back-up from Directory Services restore Mode
• Run Windows Back-up on DC-1 and restore the same on DC-3
• Run Active Directory installation wizard to make the new computer a replica in the domain
• Force replication from Active Directory Sites and Services to DC-3
40. You are planning to deploy Windows XP professional to client computers using RIS. What should you do to find out the GUIDs of all client computers?
Answers:
• Use Network Monitor to view DHCPOFFER packets
• Use Network Monitor to view DHCPDISCOVER packets
• Use performance Monitor to view DHCPREQUEST packets
• Use Event Viewer to view RIS logging
41. State whether true or false.
We can only seize a role if the domain controller that holds that role fails.
Answers:
• True
• False
42. Your company's domain consists of one OU named Sales. Sales OU consists of users from Sales Department. You need to assign one of the user of Sales OU named Paul, to create, add and modify user's objects only.They should not be able to change group's object properties.What should you do ?
Answers:
• Assign the Full Control permission on Sales OU to Paul
• Run Delegation of Control wizard on sales OU and grant him permission to create and manage user's objects
• Grant Paul the Domain Admins rights
• Run Delegation of Control wizard on the Domain and select OU objects from custom tasks to delegate option
43. Which of the following roles is responsible for the uniqueness of Active Directory objects in each domain?
Answers:
• PDC Emulator role
• RID Master role
• Schema Master role
• Infrastructure Master role
44. You are the network administrator of a Windows 2003 network having Windows XP clients.You want to secure your network by implementing a policy that supports encrypted TCP/IP communication. Which of the following is most secured?
Answers:
• Enable Internet Connection Firewall(ICF)
• Enable Network Address Translator(NAT)
• Enable secure Server IPSec POlicy
• Enable Server IPSec Policy
45. The administrator is trying to reset the external trust. But clients are unable to access resources in the domain outside of the forest. Which of the following FSMO role must be available for this reset?
Answers:
• Domain naming master
• Infrastructure role
• RID role
• PDC Emulator master
46. Some applications are deployed that uses protocols that requires knowledge of the user's password for authentication purposes. Which policy can provide the best result in this scenario ?
Answers:
• Enable 'Store password using reversible encryption' policy
• Decrease maximum service ticket lifetime for Kerberos
• Increase minimum password length
• Enable 'Enforce password policy'
47. When running dcpromo command in Windows Server 2003, the administrator changed the NetBIOS name to production. But the real FQDN is sales.microsoft.com. After setup, what would be the FQDN?
Answers:
• sales.microsoft.com
• production.microsoft.com
• microsoft.sales.com
• sales.com
48. State whether true or false.
Once the forest functional level is raised to Windows Server 2003, one cannot add a Windows 2000 domain controller to the forest.
Answers:
• True
• False
49. You are the network administrator for a company called ExpertRating. Your network contains one Windows Server 2003 Domain Controller. One day, when you reboot your DC, you receive an error message "Cannot find NTOSKERNL.EXE". Which of the following actions will you employ?
Answers:
• Automated System Recovery
• Last Known Good Configuration
• Safe Mode
• Directory Services Restore Mode
50. You are the network administrator of a company. Your company's network has a single Active Directory domain named expertrating.com. This domain has two sites and each site contains two domain controllers. You purchase two servers and use each new server as a domain controller in each site, making a total of three domain controllers at each site. You want to configure the inter site replication to flow through these new domain controllers. What will you do?
Answers:
• Configure each new domain controller as preferred IP bridgehead server
• Configure each new domain controller as preferred SMTP bridgehead server
• Configure both new domain controllers as Global Catalog servers
• All of the above
