MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure [Electronic resources]: Exam 70-293 Study Guide

Michael Crosset al.

نسخه متنی -صفحه : 174/ 29
نمايش فراداده

Self Test

A Quick Answer Key follows the Self Test questions. For complete questions, answers, and explanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.

Understanding Server Roles

1.

Your network consists of two machines running Windows Server 2003 Standard Edition, one machine running Windows Server 2003 Datacenter Edition, one machine running Windows Server 2003 Web Edition, and two machines running Windows Server 2003 Enterprise Edition. You want two of these machines to be domain controllers on the network. Which machines will you promote to domain controllers and how will you configure them in this role?

Configure the two machines running Windows Server 2003 Enterprise Edition to be domain controllers using the secedit /configure tool.

Promote the Windows Server 2003 Datacenter Edition and Windows Server 2003 Web Edition using the DCPROMO tool.

Configure a machine running Windows Server 2003 Standard Edition and a machine running Windows Server 2003 Enterprise Edition to be domain controllers using the Configure Your Server Wizard.

Configure machines running Windows Server 2003 Standard Edition and Windows Server 2003 Web Edition using the Manage Your Server tool.

2.

Your network is upgrading from Windows NT 4 to Windows Server 2003 and will consist of two domains in a single forest. One domain is a child of the other domain and dedicated to the Sales departments in the organization. During the upgrade, all workstations will be upgraded to Windows XP and Windows 2000 Professional. When the last BDC is removed from the network, what role will the PDC emulator play on the network?

The PDC emulator will be used to modify object classes and attributes.

The PDC emulator will receive preferred replication of password changes performed by other domain controllers in the domain.

The PDC emulator in the child domain will be used to synchronize the time on all domain controllers in the forest.

The PDC emulator will be used to add new domains and remove unneeded ones from the forest.

3.

The only protocol used by your network is TCP/IP, despite the fact that workstations in the organization do not have access to the Internet. A user has been accessing files on server on your network and now wants to connect to a Web server that is used as part of the company’s intranet. The user enters the URL of the Web site into Internet Explorer. Which of the following servers will be used to provide information needed to connect to the Web server?

DHCP server

DNS server

WINS server

File server

4.

You want to set up a discussion group that can be accessed over the corporate intranet, so that users can view and post messages in a forum that can be viewed by other employees. Which of the following services would you use to implement this functionality?

HTTP

FTP

NNTP

SMTP

Answers

1.

C

2.

B

3.

B

4.

C

Planning a Server Security Strategy

5.

You are planning to use a server on your network as a Windows Server 2003 domain controller. The server has 128MB of RAM, 2GB of hard disk space, and four processors. Which of the following editions of Windows Server 2003 can you install on this server? (Select all that apply.)

Windows Server 2003 Standard Edition

Windows Server 2003 Enterprise Edition

Windows Server 2003 Datacenter Edition

Windows Server 2003 Web Edition

6.

You are concerned about insecure methods of authentication being used on a network. You are currently upgrading your network to Windows Server 2003, but some servers are still running Windows NT 4 and Windows 2000 Server. Even after the upgrade, some Windows 2000 Server computers will exist in the domain. You want to implement Kerberos authentication within the domain. Which of the following operating systems will be able to use it? (Select all that apply.)

Windows NT 4

Windows 2000 Server

Windows Server 2003

None of the above

7.

Your network consists of two Windows Server 2003 domain controllers, a Windows 2000 server that is used as a Web server, and a Windows NT 4 server that runs an older version of SQL Server. Your company does not have the budget to immediately replace these servers, but you want to raise the domain functional level of your domain to the highest possible level. What functional level will you raise this domain to?

Windows 2000 mixed

Windows 2000 native

Windows Server 2003 interim

Windows Server 2003

Answers

5.

A, B

6.

B, C

7.

D

Planning Baseline Security

8.

You have just promoted a Windows Server 2003 computer to be a domain controller. After the promotion, you accidentally apply the wrong security template to it. It now has security settings than that are too high. You can automatically change the security settings back to their previous configuration using which of the following security templates?

Setup security

Rootsec

Iesacls

DC security

9.

You want to apply an existing security template to the local computer policy of a Windows Server 2003 computer. Which of the following tools would allow you to do this from the command line?

Security Configuration and Analysis

secedit /configure

secedit /import

gpupdate

10.

You have performed an analysis of a Windows Server 2003 domain controller using Security Configuration and Analysis. Once the analysis is complete, a red X appears beside the Enforce Password History policy. What does this mean?

The policy does not match a corresponding setting for the associated entry in the database.

The entry in the database and the policy’s setting match.

An entry exists in the database that does not correspond to any setting on the computer.

A setting exists on the computer that does not correspond to any entry in the database.

11.

You have created a security template and now want to apply its settings to a GPO that can be linked to containers in Active Directory. Which containers can you link a GPO to in Active Directory? (Select all that apply.)

Domains

Trusts

Sites

Local computer policy

Answers

8.

D

9.

B

10.

A

11.

A, C

Customizing Server Security

12.

You have installed a new file server on the network and formatted it to use NTFS. After formatting is complete, you use EFS to encrypt a folder containing files belonging to users. If a user accesses a file belonging to him in this folder, and then copies it across the network for another user to access, which of the following will occur?

The file on the hard disk and the data sent over the network will remain encrypted.

The file on the hard disk and the data sent over the network will be decrypted and remain that way.

The file on the hard disk will be decrypted, so EFS can send it encrypted over the network.

The file on the hard disk will remain encrypted, but data sent over the network will be unencrypted.

13.

You have created a custom security template that you now want to import into a GPO that is linked to the domain level. Which of the following tools will you use to invoke the Group Policy Object Editor to view and modify the GPO at this level?

Active Directory Users and Computers

Active Directory Sites and Services

gpupdate

Securedc

14.

Your network consists of servers running Windows 2003 Server and workstations running Windows 2000 Professional. You have applied several custom security templates to GPOs linked to the OU, domain, and site levels in Active Directory. In addition to this, there are security settings that have also been applied at the local computer level of all machines that are on the network. Because several policies now affect the computer accounts within the domain, site, and OU, which of the following will occur when the user logs on to the domain?

The policy setting at the local computer level will be overwritten by the OU-level GPO, which will be overwritten by the domain-level GPO, which will finally be overwritten by the site-level GPO. For this reason, major security settings must be made at the site-level GPO; all others will be overwritten.

Security settings in the GPOs will not be applied to machines running Windows 2000 that have joined the domain.

The security settings at the local computer level will override those of the GPOs.

The policy settings will be cumulative and applied in the order of policies at the site level, domain level, and finally OU level.

15.

You apply custom security templates to the local computer policy on a member server and to a GPO linked to an OU in Active Directory. All servers on the network are running Windows Server 2003. After performing these actions, you find that the local computer policy has taken effect, but the group policy has not taken effect on member servers within the domain. Which of the following is the reason for this, and how can you fix it?

Group policy settings take effect immediately. The problem must be that the security policy was not applied properly.

Group policy settings are refreshed on member servers every 90 minutes. To force the server to refresh the group policy, use the secedit /refresh command.

Group policy settings are refreshed on servers every 5 minutes. To force the server to refresh the group policy, use the gpupdate command.

Group policy settings are refreshed on servers every 90 minutes. To force the server to refresh the group policy, use the gpupdate command.

Answers

12.

D

13.

A

14.

D

15.

D