|
Your network consists of two machines running Windows Server 2003 Standard Edition, one machine running Windows Server 2003 Datacenter Edition, one machine running Windows Server 2003 Web Edition, and two machines running Windows Server 2003 Enterprise Edition. You want two of these machines to be domain controllers on the network. Which machines will you promote to domain controllers and how will you configure them in this role?
Configure the two machines running Windows Server 2003 Enterprise Edition to be domain controllers using the secedit /configure tool.
Promote the Windows Server 2003 Datacenter Edition and Windows Server 2003 Web Edition using the DCPROMO tool.
Configure a machine running Windows Server 2003 Standard Edition and a machine running Windows Server 2003 Enterprise Edition to be domain controllers using the Configure Your Server Wizard.
Configure machines running Windows Server 2003 Standard Edition and Windows Server 2003 Web Edition using the Manage Your Server tool.
| ||
|
Your network is upgrading from Windows NT 4 to Windows Server 2003 and will consist of two domains in a single forest. One domain is a child of the other domain and dedicated to the Sales departments in the organization. During the upgrade, all workstations will be upgraded to Windows XP and Windows 2000 Professional. When the last BDC is removed from the network, what role will the PDC emulator play on the network?
The PDC emulator will be used to modify object classes and attributes.
The PDC emulator will receive preferred replication of password changes performed by other domain controllers in the domain.
The PDC emulator in the child domain will be used to synchronize the time on all domain controllers in the forest.
The PDC emulator will be used to add new domains and remove unneeded ones from the forest.
| ||
|
The only protocol used by your network is TCP/IP, despite the fact that workstations in the organization do not have access to the Internet. A user has been accessing files on server on your network and now wants to connect to a Web server that is used as part of the company’s intranet. The user enters the URL of the Web site into Internet Explorer. Which of the following servers will be used to provide information needed to connect to the Web server?
DHCP server
DNS server
WINS server
File server
| ||
|
You want to set up a discussion group that can be accessed over the corporate intranet, so that users can view and post messages in a forum that can be viewed by other employees. Which of the following services would you use to implement this functionality?
HTTP
FTP
NNTP
SMTP
|
Answers
|
C. Configure a machine running Windows Server 2003 Standard Edition and a machine running Windows Server 2003 Enterprise Edition to be domain controllers using the Configure Your Server Wizard. The Configure Your Server Wizard allows you to add and remove roles, including the domain controller role. This tool can be used to make servers into domain controllers, as long as the servers are running the Standard Edition, Enterprise Edition, or Datacenter Edition of Windows Server 2003. A, B, D. Answer A is incorrect because secedit /configure is a command-line tool that is used to configure the security settings of a computer. It isn’t used to promote member servers to domain controllers. Answer B is incorrect because servers running the Web Edition of Windows Server 2003 cannot be domain controllers. Answer D is incorrect for this same reason. It is also incorrect because the Manage Your Server tool can be used to invoke the Configure Your Server Wizard (which can configure servers be domain controllers), but doesn’t actually create the domain controller itself. |
|
|
B. The PDC emulator will receive preferred replication of password changes performed by other domain controllers in the domain. When a password is changed on a domain controller, it is sent to the PDC emulator. The PDC emulator is responsible for this because it can take time to replicate password changes to all domain controllers in a domain. A, C, D. Answer A is incorrect because the schema master is used for making changes to the schema, including modifying classes and their attributes. Answer C is incorrect because, although the PDC emulator synchronizes the time on domain controllers, it only does so within the domain (not the entire forest). The PDC emulator is a domain-wide operations master role and affects only the domain. Answer C is also incorrect because the PDC emulator in a child domain will look to the PDC emulator in the forest root for time synchronization. Answer D is incorrect because the domain naming master is in charge of adding new domains and removing unneeded ones from the forest. |
|
|
B. DNS servers map fully qualified domain names (like www.syngress.com) to IP addresses. When a user enters a DNS name into a Web browser or other application, it is sent to a DNS server, which looks up the IP address for the requested name. This IP address is sent back to the client, which uses it to locate and communicate with the server. A, C, D. Answer A is incorrect because DHCP servers are used to issue IP addresses to clients. Because TCP/IP is the only protocol used on the network, and the user already has been accessing resources on a file server, this means that the user already has an IP address. Answer C is incorrect because a URL has been entered and WINS servers are used to resolve NetBIOS names to IP addresses (and vice versa). Answer D is incorrect because servers configured in the role of a file server would not need to provide any information to clients accessing an intranet Web site. |
|
|
C. NNTP is the Network News Transfer Protocol. The NNTP Service in IIS allows users to distribute news messages, which can be viewed using a newsreader program. Users can browse through messages stored on the server, respond to existing messages, and post new messages. A, B, D. Answer A is incorrect because HTTP is the Hypertext Transfer Protocol, which is used by the World Wide Web Publishing Service in IIS. It allows users to access Web pages. Answer B is incorrect because FTP is the File Transfer Protocol. It is used for transferring files between clients and servers. Answer D is incorrect because SMTP is the Simple Mail Transfer Protocol, which is used for transferring e-mail. |
|
You are planning to use a server on your network as a Windows Server 2003 domain controller. The server has 128MB of RAM, 2GB of hard disk space, and four processors. Which of the following editions of Windows Server 2003 can you install on this server? (Select all that apply.)
Windows Server 2003 Standard Edition
Windows Server 2003 Enterprise Edition
Windows Server 2003 Datacenter Edition
Windows Server 2003 Web Edition
| ||
|
You are concerned about insecure methods of authentication being used on a network. You are currently upgrading your network to Windows Server 2003, but some servers are still running Windows NT 4 and Windows 2000 Server. Even after the upgrade, some Windows 2000 Server computers will exist in the domain. You want to implement Kerberos authentication within the domain. Which of the following operating systems will be able to use it? (Select all that apply.)
Windows NT 4
Windows 2000 Server
Windows Server 2003
None of the above
| ||
|
Your network consists of two Windows Server 2003 domain controllers, a Windows 2000 server that is used as a Web server, and a Windows NT 4 server that runs an older version of SQL Server. Your company does not have the budget to immediately replace these servers, but you want to raise the domain functional level of your domain to the highest possible level. What functional level will you raise this domain to?
Windows 2000 mixed
Windows 2000 native
Windows Server 2003 interim
Windows Server 2003
|
Answers
|
You have just promoted a Windows Server 2003 computer to be a domain controller. After the promotion, you accidentally apply the wrong security template to it. It now has security settings than that are too high. You can automatically change the security settings back to their previous configuration using which of the following security templates?
Setup security
Rootsec
Iesacls
DC security
| ||
|
You want to apply an existing security template to the local computer policy of a Windows Server 2003 computer. Which of the following tools would allow you to do this from the command line?
Security Configuration and Analysis
secedit /configure
secedit /import
gpupdate
| ||
|
You have performed an analysis of a Windows Server 2003 domain controller using Security Configuration and Analysis. Once the analysis is complete, a red X appears beside the Enforce Password History policy. What does this mean?
The policy does not match a corresponding setting for the associated entry in the database.
The entry in the database and the policy’s setting match.
An entry exists in the database that does not correspond to any setting on the computer.
A setting exists on the computer that does not correspond to any entry in the database.
| ||
|
You have created a security template and now want to apply its settings to a GPO that can be linked to containers in Active Directory. Which containers can you link a GPO to in Active Directory? (Select all that apply.)
Domains
Trusts
Sites
Local computer policy
|
Answers
|
You have installed a new file server on the network and formatted it to use NTFS. After formatting is complete, you use EFS to encrypt a folder containing files belonging to users. If a user accesses a file belonging to him in this folder, and then copies it across the network for another user to access, which of the following will occur?
The file on the hard disk and the data sent over the network will remain encrypted.
The file on the hard disk and the data sent over the network will be decrypted and remain that way.
The file on the hard disk will be decrypted, so EFS can send it encrypted over the network.
The file on the hard disk will remain encrypted, but data sent over the network will be unencrypted.
| ||
|
You have created a custom security template that you now want to import into a GPO that is linked to the domain level. Which of the following tools will you use to invoke the Group Policy Object Editor to view and modify the GPO at this level?
Active Directory Users and Computers
Active Directory Sites and Services
gpupdate
Securedc
| ||
|
Your network consists of servers running Windows 2003 Server and workstations running Windows 2000 Professional. You have applied several custom security templates to GPOs linked to the OU, domain, and site levels in Active Directory. In addition to this, there are security settings that have also been applied at the local computer level of all machines that are on the network. Because several policies now affect the computer accounts within the domain, site, and OU, which of the following will occur when the user logs on to the domain?
The policy setting at the local computer level will be overwritten by the OU-level GPO, which will be overwritten by the domain-level GPO, which will finally be overwritten by the site-level GPO. For this reason, major security settings must be made at the site-level GPO; all others will be overwritten.
Security settings in the GPOs will not be applied to machines running Windows 2000 that have joined the domain.
The security settings at the local computer level will override those of the GPOs.
The policy settings will be cumulative and applied in the order of policies at the site level, domain level, and finally OU level.
| ||
|
You apply custom security templates to the local computer policy on a member server and to a GPO linked to an OU in Active Directory. All servers on the network are running Windows Server 2003. After performing these actions, you find that the local computer policy has taken effect, but the group policy has not taken effect on member servers within the domain. Which of the following is the reason for this, and how can you fix it?
Group policy settings take effect immediately. The problem must be that the security policy was not applied properly.
Group policy settings are refreshed on member servers every 90 minutes. To force the server to refresh the group policy, use the secedit /refresh command.
Group policy settings are refreshed on servers every 5 minutes. To force the server to refresh the group policy, use the gpupdate command.
Group policy settings are refreshed on servers every 90 minutes. To force the server to refresh the group policy, use the gpupdate command.
|
Answers
|
D. The file on the hard disk will remain encrypted, but data sent over the network will be unencrypted. EFS only encrypts data on NTFS volumes. When data that is encrypted with EFS is sent over the network, it isn’t encrypted. For data to be encrypted during transmission, other methods like IPSec are needed. A, B, C. Answer A is incorrect because EFS only encrypts data on hard disks. It does not encrypt data transmitted over the network. Answer B is incorrect because when a file is transmitted over the network, the original file on the hard disk isn’t decrypted and left that way. EFS will keep the file on the hard disk encrypted, so others cannot access it. Answer C is incorrect, because EFS isn’t used for transmitting encrypted data over the network. |
|
|
A. Active Directory Users and Computers is used to view GPOs linked at this level. Active Directory Users and Computers can then be used to invoke the Group Policy Object Editor, where you can import security templates into group policies at the domain and OU levels. B, C, D. Answer B is incorrect because Active Directory Sites and Services is used to access GPOs at the site level and can be used to invoke the Group Policy Object Editor to edit these objects. Answer C is incorrect because gpupdate is used to refresh group policies on Windows Server 2003. Answer D is incorrect because securedc is a security template that can be applied to domain controllers. |
|
|
D. The policy settings will be cumulative and applied in the order of policies at the site level, domain level, and finally OU level. A, B, C. Answer A is incorrect because policy settings are cumulative and applied in the following order to computer accounts: site-level GPOs, domain-level GPOs, OU- and sub-OU level GPOs. Answer B is incorrect because GPOs can be applied to any Windows 2000 or later computer that has joined a domain. Answer C is incorrect because security settings configured in GPOs override those made at the local computer level. |
|
|
D. Group policy settings are refreshed on servers every 5 minutes. To force the server to refresh the group policy, use the gpupdate command. Local computer policies are stored on the computer, and they take effect immediately. Group policy settings are stored in Active Directory and need to be downloaded to the machine. Because of this, the group policy settings are refreshed at regular intervals. To force a refresh, the gpupdate command can be used. A, B, C. Answer A is incorrect because group policy settings do not take effect immediately. The group policy settings are refreshed on computers at regular intervals. Workstations have group policy settings refreshed every 90 minutes, member servers are refreshed every 90 minutes, and domain controllers are refreshed every 5 minutes. Answer B is incorrect because the secedit /refresh command isn’t used in Windows Server 2003. It has been replaced by the gpupdate command. Answer C is incorrect because member servers are refreshed every 90 minutes. Domain controllers are refreshed every 5 minutes. |