Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses and use a different DNS server than the other Web servers. She would also like to be able to modify the properties of TCP/IP for these five Web servers from a single interface. All of the Web servers are currently receiving IP address information from a server running Windows Server 2003, Standard Edition with DHCP services on the same subnet. What steps would fulfill these requirements in the most expedient manner? (Choose all that apply.) 1. Create a vendor class for the servers running Microsoft Windows Server 2003, Web Edition. 2. Configure each of the reservation's options with the IP address of the appropriate DNS servers. 3. On each of the five Web servers, assign the vendor class using the ipconfig utility. 4. Create a user class named "resvdweb". <Correct> 5. Create a single exclusion range for the IP addresses of the five Web servers. 6. Modify the options of the vendor class with the different DNS server's IP address. 7. Create a reservation for each of the five Web servers. <Correct> 8. On each of the five Web servers, assign the user class "resvdweb" using the ipconfig utility. <Correct> 9. Modify the options of the user class with the different DNS server's IP address. <Correct> To have each of the five Web servers receive a specific IP address, a reservation must be created for each server. A reservation associates the Media Access Control (MAC) address of the network card with the desired IP address. When a DHCP client requests an IP address from the DHCP server, the MAC address of the DHCP client is included in the request. This allows the DHCP server to identify the DHCP client and assign the associated IP address. Creating a user class named "resvdweb" would be a required step. Classes are configured to allow different options to be delivered to a specific set of DHCP clients within a scope. The DHCP server must have a class which matches the class configured on the DHCP client computers that need the different options. A user class would be used in this case, because a vendor class is defined by the operating system and would include the other 10 Web servers. Modifying the options of the user class with the different DNS server's IP address would be a required step. By defining a user class, all DHCP client computers that fall within this class can receive the options from a single configuration interface. On each of the five Web servers, assigning the user class "resvdweb" using the ipconfig utility would be a required step. In order to deliver the class options to the appropriate DHCP client computers, the computers must identify themselves to the DHCP server as being part of that user class. This is accomplished using the ipconfig /setclassid command on each of the DHCP client computers. The class id on each DHCP client computer must match the id specified in the user class created on the DHCP server. Exclusion ranges prevent a range of IP addresses from being handed out to DHCP client computers. This would prevent the five Web servers from receiving these IP addresses. Configuring each reservation's options does not meet the requirement for configuration from a single interface. A user class would be used in this case, because a vendor class is defined by the operating system and would include the other 10 Web servers. Implementing, Managing, and Maintaining IP Addressing Troubleshoot DHCP. - Verify DHCP reservation configuration (procedure). Dynamic Host Configuration Protocol (DHCP)
Encyclopedia of Networking, Microsoft Press D Windows 2000 Server TCP/IP Core Networking Guide Dynamic Host Configuration Protocol (DHCP) http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit /tcpip/part1/tcpch01.asp
Question Number (ID) : 2 (jaamsp_mngnwi-035) Charlie would like to reduce the amount of time it is taking for his client computers running Microsoft Windows 2000 Professional to resolve host names for a partner organization's resources. All of the computers are currently configured to use DNS services on a server running Microsoft Windows Server 2003, Standard Edition, (12.137.5.254) as their DNS server. Charlie does not have access to the partner company's DNS services, but he has determined that the partner company uses 111.71.53.1 as their primary DNS server. What is the most expedient method Charlie can use to speed up host name resolution for the partner company's resources? 1. Configure a stub zone for Charlie's domain name. 2. Add all of the resources' names and IP addresses to the "hosts" file on each of his users' computers. 3. Create a secondary zone for the partner company's domain name. 4. Configure a stub zone for the partner company's domain name. <Correct> A stub zone can be used to speed up the name resolution for a specific domain by identifying to the DNS service the address of the DNS server responsible for that specific domain. Only queries for that domain will be forwarded to the server in the stub zone. While adding all of the names and IP addresses of the partner company's resources to the hosts file would in fact speed up the resolution process, other options are simpler. While creating a secondary zone for the partner company's domain would in fact speed up the resolution process, permission to transfer the data (zone transfer) would have to be obtained from the partner company. Other options are simpler. DNS service would not allow Charlie to create a stub zone with his own domain name, because that name is already in use. A stub zone can be used to speed up the name resolution for a specific domain by identifying to the DNS service the address of the DNS server responsible for that specific domain. However, the same name cannot be used for two different objects. Implementing, Managing, and Maintaining Name Resolution Install and configure the DNS Server service. - Configure DNS server options. Windows 2000 Server TCP/IP Core Networking Guide Introduction to DNS http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit /tcpip/part1/tcpch01.asp Communications Introducing Microsoft Windows Server 2003, Microsoft Press Chapter: 6 Pages: 153-153
Question Number (ID) : 3 (wmpmsp_mngnwi-068) You are the administrator for a network that supports 5,500 client computers. The network design calls for IPSec to be used on all network connections across public communication media. Which command-line tool can you use to configure IPSec on computers running Microsoft Windows Server 2003? 1. netdiag 2. ipsecmon 3. ipseccmd 4. netsh <Correct> For computers running Windows Server 2003, you can use the netsh command-line tool to run scripts for IPSec policy creation, display IPSec policy details, and make changes to IPSec configuration. The command begins with netsh ipsec and is followed by a variety of options. The netdiag tool is available to install on computers running Windows Server 2003. However, the IPSec-related functionality of netdiag no longer is available on Windows Server 2003. It has been replaced by the netsh IPSec commands. The ipseccmd command-line tool is used on computers running Windows XP to script IPSec policy creation, display IPSec policy details, and display IPSec configuration details. Ipsecmon is a command-line tool that is used to monitor IPSec on a computer running Windows 2000. It is entered from a Windows 2000 command prompt. Implementing, Managing, and Maintaining Network Security Monitor network protocol security. [56] Tools might include the IPSec Monitor MMC snap-in and Kerberos support tools. Microsoft security administration tools Using Netdiag.exe to display IPSec information and to test and view network configuration Using Netsh to change the IPSec configuration on computers running the Windows.NET Server 2003 family Using Ipseccmd.exe to manage and monitor IPSec on computers running Windows XP
Question Number (ID) : 4 (wmpmsp_mngnwi-098) You are an administrator for an organization that has servers running Microsoft Windows Server 2003. Users on the network have not reported any problems with local network connectivity. Some remote client computers cannot make connections to a Routing and Remote Access (RRAS) VPN server. You need to determine if the problem exists with the RRAS VPN server, and if so, correct it. You confirm that the RRAS server is started. You confirm that the remote access clients and the VPN server are configured to use the same authentication protocols. You check the user accounts and the VPN server's remote access policy, and verify that the remote access client computers should be able to log on any time. What is the most likely cause of the problem? 1. The VPN server is using L2TP and the remote access client computers are using PPTP. 2. The VPN server is using PPTP and the remote access client computers are using L2TP. 3. The VPN server has the wrong value set for the time. 4. Not enough ports are configured for the remote access client computers. <Correct> If you have not configured enough ports for remote access client computers to connect to the VPN server, any attempts to connect will be rejected. For example, if your RRAS VPN configuration is set up to allow 35 concurrent VPN connections, and all 35 connections have already been established, no further client connection attempts will be accepted until one of the current connections is released. This scenario indicates that the remote access client computers and the VPN server are configured to use the same authentication protocols. This could be PPTP or L2TP or both. This means that if the VPN server is using PPTP, the remote access client computers are also using PPTP. If the VPN server is using L2TP for its authentication protocol, the remote access client computers are also using L2TP. Otherwise, the remote connections would not be established. If the VPN server has the wrong value set for the time, this would not have any effect on client computers being able to log in, because the policy is set up to allow logins any time. Implementing, Managing, and Maintaining Routing and Remote Access Troubleshoot client access to remote access services. - Diagnose and resolve issues related to remote access VPNs. Troubleshooting remote access VPNs
Question Number (ID) : 5 (wmpmsp_mngnwi-007) You are a system engineer who is responsible for an organization's servers. All servers are running Microsoft Windows Server 2003. The Computer Browser service will not start on one of your servers. You suspect a problem with the account under which this service is configured. How can you correct the problem? 1. Configure the Local system account from the Log On tab of the Computer Browser service properties. <Correct> 2. Configure the Local system account from the General tab of the Computer Browser service properties. 3. Configure a logon account from the Recovery tab of the Computer Browser service properties. 4. Configure a logon account from the Dependencies tab of the Computer Browser service properties. If a problem exists with the account under which the Computer Browser service is logged on, you should correct it from the Log On tab of the service properties. When the local system account is logged on, the service can be started. The local system account cannot be configured to log on for this service from the General tab of the Computer Browser service properties. The local system account cannot be configured to log on for this service from the Recovery tab of the Computer Browser service properties. The local system account cannot be configured to log on for this service from the Dependencies tab of the Computer Browser service properties. Maintaining a Network Troubleshoot server services. - Use service recovery options to diagnose and resolve service-related issues. Services Windows Server 2003 Help, Microsoft Set up recovery actions to take place when a service fails
Question Number (ID) : 6 (jaamsp_mngnwi-009) Kim is responsible for a network that was recently divided into two network segments connected by a router to minimize broadcast traffic. The first network segment has a server, running Microsoft Windows Server 2003, Enterprise Edition, using DHCP services with two scopes - one for each segment. Client computers in the second network segment are not receiving IP addresses. What is the best way for Kim to fix this problem? 1. Add the DHCP relay agent service on the existing DHCP server. 2. Add the DHCP relay agent service to a server in the second segment. <Correct> 3. Configure BootP forwarding on the router. 4. Configure a server in the second segment to receive IP packets using the BOOTP port. A DHCP relay agent on the second segment would forward DHCP requests directly to the DHCP server in the form of unicast messages instead of broadcast messages. This will allow the clients on the second segment to receive IP addresses and still minimize the broadcast traffic. While configuring BootP forwarding on the router would allow the DHCP server to receive requests from the second segment, these requests would be sent as broadcast messages. As the network was divided to stop broadcast propagation, other choices would be better in this scenario. Adding the relay agent to the DHCP server would have the server forwarding requests to itself. This would not fix the problem. Configuring a server in the second segment to receive IP packets using the BootP port would allow the second server to receive the DHCP requests, but not fulfill them. DHCP services would have to be installed to fulfill these requests. Implementing, Managing, and Maintaining IP Addressing Manage DHCP. - Manage DHCP Relay Agent. Dynamic Host Configuration Protocol (DHCP) Encyclopedia of Networking, Microsoft Press D Windows 2000 Server TCP/IP Core Networking Guide Dynamic Host Configuration Protocol http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit /tcpip/part1/tcpch01.asp
Question Number (ID) : 7 (ebcmsp_mngnwi-018) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server 2003. The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. Client computers have been having problems accessing internal Web sites, and the DNS zones do not appear to be transferring properly. You would like to monitor the DNS server to determine what is causing the problem. From the list on the right, select the System Monitor counters that would be useful in troubleshooting this problem. Place your selections in the list on the left by clicking the items in the list on the right and clicking the arrow button. You may not need to use all of the items from the list on the right. In this scenario, the problem is with the zone transfers. Because of that, you should monitor the counters in the System Monitor that will record information relating to the zone transfers. The following counters from the question above are related to zone transfers: * AXFR Requests Received indicates the number of full zone transfer requests received when operating as a Master server for a zone. * AXFR Requests Sent indicates the number of full zone transfer requests sent when operating as a Secondary zone. * IXFR Requests Received indicates the number of incremental zone transfer requests received when operating as a Master server for a zone. * IXFR Requests Sent indicates the number of incremental zone transfer requests sent when operating as a Secondary zone. * Notify Receive indicates the total number of notifies received by the secondary DNS server. * Notify Sent indicates the total number of notifies sent by the master DNS server. * Zone Transfer Failure indicates the total number of failed zone transfers of the master DNS server. The other counters listed below do not play a role in the troubleshooting of this problem: * Caching Memory indicates the total amount of system memory in use by the DNS Server service for caching. * Recursive Queries indicates the total number of recursive queries received by the DNS server. * Secure Update Failure indicates the total number of secure updates that have failed on the DNS server. * Dynamic Update Rejected indicates the total number of dynamic updates rejected by the DNS server. Implementing, Managing, and Maintaining Name Resolution Monitor DNS. Tools might include System Monitor, Event Viewer, Replication Monitor, and DNS debug logs. DNS Tools http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/prod docs/entserver/sag_dns_ovr_tools.asp Monitoring DNS Server Performance http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/prod docs/entserver/sag_dns_imp_usingsystemmonitor.asp
Question Number (ID) : 8 (wmpmsp_mngnwi-056) As an administrator for an organization, you are responsible for configuring the infrastructure to deploy critical and security updates to desktop and server clients. A systems engineer has already created a software update infrastructure plan. You are tasked with implementing this plan. You must ensure that all client software updates are deployed. The plan calls for maximum administrative control over the downloading, testing, and monitoring of software updates from the Windows Update server. Which group of tasks should you choose? 1. Configure the update files to be hosted on the Windows Update server. Configure the selection and approval of content prior to publishing to Automatic Updates clients. Configure the monitoring of the Software Updates Services server and logs. 2. Configure the update files to be hosted locally on your server running Software Update Services. Configure the synchronization of approved content to additional servers. Configure the monitoring of the Software Updates Services server and logs. <Correct> 3. Configure the update files to be hosted locally on your server running Software Update Services. Configure the selection and approval of content prior to publishing to Automatic Updates clients. Configure the monitoring of the Software Updates Services server and logs. 4. Configure the update files to be hosted on the Windows Update server. Configure the synchronization of approved content to additional servers. To achieve maximum administrative control over the process of downloading and installing updates from the Windows Update server, you should download the updates to a local server first. Then you should use the local server to host updates to Automatic Updates clients. Using the Windows Update server to host update files will give you less control over the process. To achieve even more control and efficient distribution of updates, you can use additional servers to host the updates by synchronizing content with the local server that first downloaded the updates. You should evaluate and approve the updated files prior to distributing them to other servers on the network. This will give you a greater confidence in the updates, causing minimal impact to the operation of your network and the applications running on it. To track the downloading and success or failure of updates, you should configure monitoring of the Software Updates services servers and logs. You can access the data collected in the logs by using a Web server configured with Internet Information Services (IIS) 6.0 with Internet Explorer 5.5 or later. Implementing, Managing, and Maintaining Network Security Install and configure software update infrastructure. - Install and configure software update services. Software Update Services Overview White Paper Server-Side Software Update Services Software Update Services Windows Server 2003 Help, Microsoft Chapter: 4 Pages: 68-70
Question Number (ID) : 9 (ebcmsp_mngnwi-036) You are the network administrator for your company's Active Directory network. The name of the domain is contoso.com. The servers in your organization are running Microsoft Windows Server 2003. The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. Your company has two separate locations, each configured as an Active Directory site. Domain controllers for contoso.com are configured at each site. At each location, a server running Windows Server 2003 is configured to allow inbound connections using a VPN. You are concerned about the security of data that being is transferred between the two locations. You want to implement the highest level of security when data is transferred between the locations. You do not want to affect the performance of client machines at each location. The graphic exhibit shows the network. From the list on the right, select the steps to configure the security settings that are necessary to provide a solution. Place the selection in the list on the left under the appropriate node by clicking the item from the list on the right, clicking the appropriate node, and then clicking the arrow button. You may use the items from the list on the right more than once, and you do not have to use each item from the list. To provide this solution, you must enable IPSec Policies on the VPN servers and specify that they will operate in a tunnel. When you specify a tunnel endpoint, all traffic between the two VPN servers will be encrypted. Clients will communicate normally inside of each site, but, when data is destined for the remote site, the VPN servers will apply and remove IPSec, thereby ensuring the highest level of security without affecting the performance of the client computers. At VPNSRV1 the endpoint for the Tunnel Mode IPSec policy will be 131.107.1.1. At VPNSRV2 the endpoint for the Tunnel Mode IPSec policy will be 200.20.20.1. Implementing, Managing, and Maintaining Routing and Remote Access Provide secure access between private networks. Security Information for VPN http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/prod docs/entserver/sag_vpn_ovr_security.asp
Question Number (ID) : 10 (jaamsp_mngnwi-124) Mike is a systems engineer for a large department. He has recently configured a server running Microsoft Windows Server 2003, Enterprise Edition, as an application server for a mission-critical database application. Mike would like to configure the server so that the database will restart on the first and second failure, and reboot the server on any further failures. Where can Mike configure these options? 1. In the administration console for the database 2. In the System properties 3. In the properties of the database file 4. In the Services console <Correct> These settings can be set in the properties of the database service, on the "Recovery" tab, in the Services console. These settings cannot be set in the administration console for the database. These settings cannot be set in the properties of the database file. These settings cannot be set in the System properties. Maintaining a Network Troubleshoot server services. - Use service recovery options to diagnose and resolve service-related issues. Enumerating Dependent and Antecedent Services Stopping and Starting Dependent Services http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sas_ser_zhcb.asp
Question Number (ID) : 11 (jaamsp_mngnwi-013) You need to configure the DHCP services on your server running Microsoft Windows Server 2003, Standard Edition, to deliver default gateway information to the computers in your scope, in addition to the IP addresses the computers are currently receiving. Which option must you configure? 1. 003 Router <Correct> 2. 017 Root Path 3. 009 LPR Servers 4. 019 IP Layer Forwarding Configuring the 003 Router option would update the default gateway properties on computers receiving IP addresses from this scope. The default gateway is the router used to send messages beyond the local network segment. Configuring the 009 LPR Servers option would not update the default gateway properties on computers receiving IP addresses from this scope. Configuring the 017 Root Path option would not update the default gateway properties on computers receiving IP addresses from this scope. Configuring the 019 IP Layer Forwarding option would not update the default gateway properties on computers receiving IP addresses from this scope. Configuring the 075 Street Talk Servers option would not update the default gateway properties on computers receiving IP addresses from this scope. Implementing, Managing, and Maintaining IP Addressing Manage DHCP. - Manage DHCP scope options. Dynamic Host Configuration Protocol (DHCP) Encyclopedia of Networking, Microsoft Press D Windows 2000 Server TCP/IP Core Networking Guide Dynamic Host Configuration Protocol http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit /tcpip/part1/tcpch01.asp
Question Number (ID) : 12 (ebcmsp_mngnwi-014) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server 2003. The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You need to provide your users with name resolution for Internet hosts. You want to use your ISP's DNS server to resolve all external names. You want to minimize name resolution traffic between your company and the ISP. In the graphic exhibit below, click on the tab of the property sheet that will allow you to provide the desired solution. A forwarder sends DNS queries to an upstream DNS server to resolve names of computers for which it is not authoritative. This will allow the client computers to resolve the names of Internet hosts through their local DNS server. The local DNS server will resolve the names on behalf of the client. This will reduce traffic with the ISP DNS server because only the local DNS server (the computer in the exhibit) will send DNS requests out of the network. The client computers will query the local DNS server for name resolution and the local DNS server will forward those requests to the ISP's DNS server. The result of the query will then be cached for future requests, which will increase name resolution for popular sites. Implementing, Managing, and Maintaining Name Resolution Install and configure the DNS Server service. - Configure DNS forwarding. Understanding Forwarders http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/prod docs/entserver/sag_dhcp_und_relayagentconfigurations.asp
Question Number (ID) : 13 (ebcmsp_mngnwi-022) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server 2003. The client computers are running Microsoft Windows 2000 Professional. You are responsible for maintaining the client computers. You want to ensure that the client computers automatically download Windows Updates. To reduce the amount of Internet traffic that would be generated by this process, you have installed Software Update Services. The Active Directory OU structure is departmental. Each departmental OU has a computer OU that contains the client computers. The following exhibit shows a diagram of the Active Directory environment. You must configure the client computers to use Software Update Services. Your implementation must be efficient. Select from the list on the left the steps that are necessary to provide a solution. Place the steps in the list on the left in the order in which they should be performed. Place your selections in the list on the left by clicking the items in the list on the right and clicking the arrow button. You can also use the Up and Down buttons to rearrange items in the list on the left. You may not need to use all of the items from the list on the right. To allow the Windows 2000 Professional computers to use Software Update Services, you must install wuau22.msi on them. This is the automatic update client software. To install the client software, the Windows 2000 Professional computers must have Service Pack 3 installed. Instead of visiting each client computer to install wuau22.msi, it would be easier to push the software with a Group Policy. To push wuau22.msi, you should create a GPO on one OU and then link it to the other OUs that contain the other client computers. Once the software is installed, it must be configured. Again, you could visit each client computer to configure the settings, but, it would be much easier to use a Group Policy to configure the settings. You should create the GPO on one of the OUs that contains the client computers and then link it to the other OUs that also include client computers. Since this software deployment and configuration should only affect the client computers, there is no reason to deploy GPOs at the domain level. Implementing, Managing, and Maintaining Network Security Install and configure software update infrastructure. - Install and configure automatic updates client. Windows Update http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/prod docs/entserver/resources_windows_update.asp Software Distribution Overview http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/msm/swdist/pmovervw.asp Software Update Services Deployment White Paper http://www.microsoft.com/windows2000/windowsupdate/sus/susdeployment.asp
Question Number (ID) : 14 (jaamsp_mngnwi-080) Kyle is the network administrator for an enterprise network with multiple small office locations. Each of these small offices is configured with a server running Microsoft Windows Server 2003, Standard Edition, functioning as a router. The routers are connected to the corporate headquarters network through dedicated T1 lines. Kyle would like to statically configure the routing to reduce the network traffic over the T1 lines. What is the easiest way to configure the static routing from the command prompt of one of the servers functioning as routers? 1. Route add 12.53.129.0 mask 255.255.255.0 12.53.127.1 metric 1 Route add 12.53.130.0 mask 255.255.255.0 12.53.127.1 metric 1 Route add 12.53.131.0 mask 255.255.255.0 12.53.127.1 metric 1 2. Route add 0.0.0.0 mask 255.255.255.255 12.53.127.1 metric 1 <Correct> 3. Route insert 12.53.129.0 mask 255.255.255.0 12.53.127.1 metric 1 Route insert 12.53.130.0 mask 255.255.255.0 12.53.127.1 metric 1 Route insert 12.53.131.0 mask 255.255.255.0 12.53.127.1 metric 1 4. Route insert 0.0.0.0 mask 255.255.255.255 12.53.127.1 metric 1 Configuring a route to network 0.0.0.0 is adding a default route. A default route is used when the destination network is not listed in the routing table. Using a default route allows routers inside a network to not have to list routes to every network, such as on the Internet, or when there is only one path to follow. Since these remote locations have only one path for the traffic to follow, through the T1 line, this single entry would enable all the necessary routing on this server. A default route would be easier to configure than listing each destination network individually. The Route command does not use the "insert" function. The Route command does not use the "insert" function. Implementing, Managing, and Maintaining Routing and Remote Access Manage TCP/IP routing. - Manage routing tables. Understanding Unicast Routing IP routing protocols http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/prod docs/entserver/sag_rras-ch2-adv_4.asp
Question Number (ID) : 15 (ebcmsp_mngnwi-042) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server 2003. The client computers are running Microsoft Windows XP Professional, Microsoft Windows 2000 Professional, Microsoft Windows 98, and Windows NT 4.0 Workstation. Because there are legacy clients on the network, you have implemented a WINS server. All of the computers on the network are configured to use the WINS server for name resolution. The network is made up of four different locations connected by routers. Clients have complained that they cannot browse resources on other subnets. After capturing packets on the network, you believe that the problem is related to WINS. In the exhibit below, click on the area in Network Monitor that leads you to believe the problem is with the WINS server. The exhibit displays traffic that was generated by NetBIOS name resolution. When client computers attempt to resolve NetBIOS names, they will first look into their NetBIOS cache to see if they have communicated with the destination computer before. If there is no entry in cache for the destination, the client computers will then send a query to a WINS server. Frames1 and 2 show the WINS packet going from the client to the WINS server. If the WINS server cannot resolve the name, the client then broadcasts for name resolution. Frame 3 shows the broadcast packet for NetBIOS name resolution. Since the broadcast occurred, the WINS server was not able to resolve the name. Since this is a subnetted network that is connected with routers, the broadcast name resolution traffic will not be passed by the router, which will prevent clients from browsing or connecting to remote computers by using NetBIOS. Maintaining a Network Monitor network traffic. Tools might include Network Monitor and System Monitor. Monitoring Network Traffic http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/prod docs/entserver/ctasks017.asp
Question Number (ID) : 16 (jaamsp_mngnwi-026) You are the administrator for an enterprise network consisting of 10,000 computers running Microsoft Windows XP Professional, and 200 servers running Microsoft Windows Server 2003. One of the servers with DHCP services installed is running out of hard drive space on the system/boot partition. Through the DHCP console, what options are available to store DHCP generated data on a different volume? (Select all that apply.) 1. Move the Temporary files to a different volume. 2. Move the Service to a different volume. 3. Move the Application to a different volume. 4. Move the Database to a different volume. <Correct> 5. Move the Audit log to a different volume. <Correct> 6. Move the Backup to a different volume. <Correct> The DHCP Audit log, Database, and Backup can all be transferred to another volume or partition through the advanced properties of the DHCP server. Doing this would free up the disk space used by these files. Any temporary files generated specifically by the DHCP service cannot be assigned a different location. The DHCP service itself cannot be assigned an alternative location to run from. The DHCP application cannot be transferred to another location through the DHCP console. Implementing, Managing, and Maintaining IP Addressing Troubleshoot DHCP. - Check the system event log and DHCP server audit log files for related events. Windows 2000 Server TCP/IP Core Networking Guide Dynamic Host Configuration Protocol http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit /tcpip/part1/tcpch01.asp
Question Number (ID) : 17 (jaamsp_mngnwi-042) Question: Stan would like to reduce the amount of replication traffic across the WAN connections between his network's primary location and the branch offices. At each of the remote sites, he has a server running Microsoft Windows Server 2003, Standard Edition, with Active Directory, DNS services, and Global Catalog installed to reduce lookup and authentication traffic. In accordance with the corporate security policy, which specifies that all DNS zone transfer traffic be encrypted, Stan's DNS zones are all configured as Active Directory integrated zones. What further step could be taken to reduce replication traffic while still conforming to the corporate security policy? 1. Set dynamic updates to "Secure only." 2. Reconfigure the zones in the remote sites as standard secondary. 3. Reconfigure the zones in the remote sites as standard primary. 4. Create an application directory partition for each zone. <Correct> Creating a separate portion of the Active Directory database (an application directory partition) to store only DNS information will reduce replication traffic. The objects in an application directory partition are not listed in the Global Catalog, so any changes made will not be replicated to Global Catalog servers. More importantly, each zone can be configured to replicate only to other servers with the same DNS zone (therefore the same application directory partition). Reconfiguring the zones in the remote sites as standard secondary zones would allow for reduced replication traffic (by replicating with only the zone's primary), but that would violate the security policy, sending non-encrypted zone transfers. Reconfiguring the zones in the remote sites as standard primary zones would allow for reduced replication traffic (by replicating with only designated secondary zones), but that would violate the security policy, sending non-encrypted zone transfers. Secure updates being set to "Secure only" would have no effect upon DNS replication. Dynamic updates register the client computers' current IP address information. Setting dynamic updates to "No" could actually decrease replication traffic because there would be fewer changes to the DNS database, at the cost of sacrificing the functionality of Dynamic DNS. Implementing, Managing, and Maintaining Name Resolution Manage DNS. - Manage DNS zone settings. Windows 2000 Server TCP/IP Core Networking Guide Introduction to DNS http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit /tcpip/part1/tcpch01.asp Communications Introducing Microsoft Windows Server 2003, Microsoft Press Chapter: 6 Pages: 151-153
Question Number (ID) : 18 (wmpmsp_mngnwi-058) You are the administrator for an organization. You want to configure a computer running Microsoft Windows Server 2003 to automatically download critical and security updates as an Automatic Updates client, and receive a notification when the updates are ready to be installed. Which group of users has permission to perform this configuration? (Choose all that apply.) 1. Users 2. Domain Users 3. Domain Admins <Correct> 4. Administrators <Correct> 5. Domain Guests Only a local administrator can configure an Automatic Updates client to receive updates. Therefore, since a local administrator is a member of the Administrators group, he or she has permission to perform the configuration. Since a member of the Domain Admins group can perform administrative functions locally, he or she also has permission to perform the configuration. The valid configuration settings are: Notify me before downloading any updates, and notify me again before installing them on my computer Download the updates automatically, and notify me when they are ready to be installed Automatically download the updates, and install them on the schedule that I specify A member of the Users group does not have administrative permission and cannot configure an Automatic Updates client. A member of the Domain Users group has permission to perform tasks that all other users in the domain can perform. A member of the Domain Users group does not have administrative permissions and cannot configure an Automatic Updates client. A member of the Domain Guests group has the same permission as all guests in the domain. A member of the Domain Guests group does not have administrative permissions and cannot configure an Automatic Updates client. Implementing, Managing, and Maintaining Network Security Install and configure software update infrastructure. - Install and configure automatic updates client. Software Update Services Overview White Paper Chapter: Client-Side Automatic Updates Pages: 7-15 Default Groups Windows Server 2003 Help, Microsoft
Question Number (ID) : 19 (wmpmsp_mngnwi-091) You are the administrator for an organization that has a large enterprise network infrastructure of 65 interconnected network segments, both local and remote. You need to implement the Routing Information Protocol (RIP) protocol for routing in the network infrastructure. One of your network's servers is configured as a Routing and Remote Access server running Microsoft Windows Server 2003. What is the maximum number of Point-to-Point Tunneling Protocol (PPTP) ports you can configure for a VPN on the server? 1. 256 2. 1,000 <Correct> 3. 2 4. 1 You can configure 1,000 PPTP ports for a VPN on a computer running Windows Server 2003. The VPN supports up to 1,000 concurrent VPN connections Windows Server 2003, Web Edition, only supports one connection at a time. PRI ISDN supports two concurrent channels (ports). Implementing, Managing, and Maintaining Routing and Remote Access Manage TCP/IP routing. - Manage routing ports. Routing and Remote Access Routing interfaces, devices, and ports
Question Number (ID) : 20 (jaamsp_mngnwi-107) Ken is the network administrator for a large organization. He is attempting to troubleshoot a network problem with Network Monitor, using a computer running Microsoft Windows XP Professional. However, when he attempts to run the program in promiscuous mode, he receives an error message indicating that he must use a different version of Network Monitor. What version of Network Monitor will run in promiscuous mode? 1. The version that come with Microsoft SMS (Systems Management Server) <Correct> 2. The full retail version 3. The version that comes with Microsoft ISA (Internet Security and Acceleration) Server 4. The version that comes with Windows Server 2003 The only version of Network Monitor that allows functions such as promiscuous mode is the version that comes with SMS. The version that ships with Microsoft's operating systems only allows the viewing of traffic to or from the computer the program is running on. Microsoft ISA Server does not include a version of Network Monitor. Network Monitor has not been released as a standalone retail product. The version of Network Monitor released with Windows Server 2003 does not allow advanced features, such as running in promiscuous mode. Maintaining a Network Monitor network traffic. Tools might include Network Monitor and System Monitor. Monitoring network activity http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/sag_ MPmonperf_21.asp