Chapter 8. Answer Key for Practice Exam 1

Answer B is correct. By increasing the lease duration, clients will not have to renew their IP address leases with the DHCP server as often. Answer A is incorrect because, although this would reduce the amount of DHCP traffic, it does not really address the problem at hand and decentralizes IP address administration. Answer C is incorrect because placing a second DHCP server on the network would provide load balancing but would not address the amount of traffic being generated. Answer D is incorrect because decreasing the existing lease time would only further increase traffic.

Answer D is correct. For clients to communicate outside of their local subnet, they must be configured with the IP address of the default gateway. This can be done by configuring the 003 router option on each DHCP server. Answers A and C are incorrect because the clients can successfully lease IP addresses. Answer B is incorrect because the clients are configured for DHCP, so the gateway option can be assigned dynamically when the clients are assigned an IP address.

Answer C is correct. If a DHCP server is not authorized in Active Directory, the service will be shut down when it attempts to start. Answer A is incorrect because an inactive scope will not cause the service to fail. Answer B is incorrect because the DHCP service can be installed on a member server, domain controller, or a standalone server. Answer D is incorrect because misconfigured scope information would not cause the DHCP service to fail.

Answers A and C are correct. You can manually configure IP addresses for the servers or leave them as DHCP clients. If you manually configure IP addresses, those addresses must be excluded from the scope. The other option is to configure client reservations . By configuring a client reservation for each server, the servers can remain as DHCP clients but will always be assigned the same IP address. Answer B is incorrect because scope options are used to configure DHCP clients with optional parameters. The 003 option also is used to assign clients the IP addresses of network routers. Answer D is incorrect because superscopes are used to organize existing scopes.

Answer D is correct. If a DHCP server is unavailable, clients will use Automatic Private IP Addressing and will use an IP address in the range of 169.254.0.0 to 169.254.255.255. Therefore, answers A, B, and C are incorrect.

Answer D is correct. For all clients to be able to communicate outside of the local subnet, the 003 router option must be configured at the scope level. Answers A and C are incorrect because all clients are successfully leasing IP addresses. Answer B is incorrect because optional parameters are not activated; scopes are activated.

Answer B is correct. To authorize the DHCP servers, a user must be a member of the Enterprise Admins group . Answers A, C, and D are incorrect because these groups have insufficient privileges to perform the operation.

Answer A is correct. Scope options are applied in the following order: server, scope, class, and client. Therefore, answers B, C, and D are incorrect.

Answer B is correct. To ensure that there are no address conflicts on the network, you must exclude the IP addresses already assigned to the three servers from the scope. Therefore, answers C and D are incorrect. Answer A is incorrect because client reservations ensure that certain DHCP clients are always assigned the same IP address.

Answer B is correct. To add fault tolerance to the DHCP server implementation, configure each DHCP server with a scope for each subnet. DHCP servers do not share information, so make sure that the scopes do not overlap. Answer A is incorrect because DHCP servers cannot be configured to replicate scope information. Answer C is incorrect because configuring a DHCP relay agent does not add fault tolerance, although it might be required for clients to obtain an IP address from a DHCP server on another subnet. Answer D is incorrect because clients are not configured with the IP address of a DHCP server. DHCP servers are located on the network by performing a broadcast.

Answer D is correct. During the final phase of the IP address lease process, the client receives a DHCPACK from the DHCP server. At this point, the client has successfully leased an IP address from the DHCP server. Therefore, answers A, B, and C are incorrect.

Answer A is correct. The DHCP console is used to authorize a DHCP server within Active Directory. Therefore, answers B, C, and D are incorrect.

Answers C and D are correct. Both Windows 2000 and Windows XP clients can update their own records with the DNS server. Answers A, B, and E are incorrect because these clients do not support the dynamic update feature; in such cases, the DHCP server can be configured to update the records on their behalf .

Answer C is correct. The IPCONFIG /ALL command can be used to view detailed information about TCP/IP parameters on a computer, including whether the IP address is being leased from a DHCP server. Answer A is incorrect because you cannot configure a client with the IP address of a DHCP server. Answer B is incorrect because the PING command is used to test connectivity, and it has already been determined that the client cannot communicate on the network. Answer D is incorrect because if the client is configured to dynamically obtain an IP address, it will not be listed in the TCP/IP Properties window.

Answer B is correct. The default interval at which the DHCP database is backed up must be changed through the Registry by editing the HKEY_LOCAL_MACHINE\SYSTEM\Currentcontrolset\services\DHCPServer\Parameters Registry key. Therefore, answers A, C, and D are incorrect.

Answers C and D are correct. Of the platforms listed, only Windows Me and Windows XP support Automatic Private IP Addressing. Therefore, answers A, B, and E are incorrect.

Answer C is correct. If the zone is configured to accept only secure updates, you must configure the dynamic update credentials on the DHCP server. This is the username and password under which the DHCP server will perform the updates to the DNS database. Answer A is incorrect because clients are already leasing IP addresses. If the DHCP server is not authorized, the service will fail to start. Answer B is incorrect because the question already states that the zone is configured for secure updates. Answer D is incorrect because if clients are configured with static IP addresses, dynamic updates would not be required, nor would DHCP.

Answers B and D are correct. By default, Windows 2000 and Windows XP clients will dynamically register their own A records. Answer A is incorrect because the DHCP server will register the PTR records for clients. Answer C is incorrect because the DHCP server will not update A records unless requested to do so. Answer E is incorrect because a DHCP server will not update any records on behalf of legacy clients unless it is configured to do so.

Answer D is correct. A zone type can be changed using the General tab from the zone's Properties window. Select the option to store the zone in Active Directory. Answer B is incorrect because the Security tab is used to configure permissions to the zone file. Answers A and C are incorrect because a zone type cannot be changed from the DNS server's properties window.

Answer A is correct. MX records are used to identify mail servers. Answer B is incorrect because some versions of Unix support dynamic updates. However, there is no mention of what version of Unix is being used, so you can assume that dynamic updates are not configured. Answer C is incorrect because you cannot configure the IP address of a mail server through the properties of TCP/IP. Answer D is incorrect because CNAME records are used to assign alias names to an existing host.

Answer C is correct. A secondary DNS server maintains a copy of the zone file. If the primary DNS server goes offline, clients can still resolve hostnames using the secondary DNS server. Answer A is incorrect because caching-only DNS servers do not maintain zone information; they only cache records. Answer B is incorrect because a primary server already exists. Answer D is incorrect because there is no such DNS role.

Answer C is correct. Because caching-only servers do not maintain any zone information, no traffic is generated from zone transfers. As the server builds up, the contents of the cache response time will be decreased for DNS clients. Answers A and B are incorrect because primary and secondary DNS servers will generate zone-replication traffic. Answer D is incorrect because a master name server is the DNS server from which a secondary DNS server gets zone updates.

Answer D is correct. To use the nslookup command to resolve the hostname associated with an IP address, the appropriate PTR record must exist within the reverse lookup file. Answer A is incorrect because the A record is not used to resolve the hostname associated with an IP address. Answer B is incorrect because the nslookup command returns results for other queries. Answer C is incorrect because MX records are used to identify mail servers.

Answer A is correct. The Secure Updates option is available only if the DNS service is installed on a domain controller. Answers B and C are incorrect because these would not cause the Secure Updates option to not be available. Answer D is incorrect because the user already has the required permission if the user can navigate through the DNS management console.

Answer B is correct. To specify which users and groups can update the zone file, the zone must be configured for secure updates. This can be done through the zone's Properties window using the General tab. Answers A and C are incorrect because a zone cannot be configured for secure updates from the DNS server's properties window. Answer D is incorrect because the Security tab is used to configure users and groups that have permission to update the zone file.

Answer A is correct. By configuring the existing secondary DNS servers as the master name servers for the new secondary DNS servers, zone replication for the new servers can occur locally instead of across the slow link. Answer B is incorrect because the refresh interval defines only how often a secondary server will poll for updates. Answer C is incorrect because this will result in more replication traffic. Answer D is incorrect because forwarders are configured to tell a DNS server where to forward name-resolution requests .

Answer D is correct. The ipconfig /flushdns command clears the contents of the client resolver cache. Answer A is incorrect because this command displays the IP configuration for the computer. Answer B is incorrect because this command renews the IP address lease. Answer C is incorrect because this command displays the contents of the client resolver cache.

Answer B is correct. The refresh interval defines how often a secondary server will poll its master name server for updates to the zone file. Answer A is incorrect because the TTL defines how long records can remain within the cache before they must be purged. Answer C is incorrect because this defines how often the secondary server will continue to poll for updates if the master name server does not respond. Answer D is incorrect because the serial number is used to determine whether the zone file has changed.

Answer A is correct. A secondary server maintains a copy of the zone file. DNS clients can resolve hostnames using the secondary server if the primary DNS server goes offline. Answer B is incorrect because a caching-only server caches results only as the hostnames are resolved. Answer C is incorrect because forwarders are configured to tell a DNS server where to send name-resolution requests. Answer D is incorrect because a master name server is the DNS server from which a secondary server retrieves zone updates.

Answer C is correct. Using the Forwarders tab from the DNS server's Properties window, configure the DNS server to forward all name-resolution requests for clients in the Riverside organization to the Riverside DNS servers. Answers A and D are incorrect because forwarders cannot be configured from the zone's properties window. Answer B is incorrect because you do not want all name-resolution requests forwarded to the Riverside DNS servers.

Answer A is correct. To use secure updates, the DNS service must be running on a domain controller. Answers B and C are incorrect because when the DNS service is installed on a member server or standalone server, secure updates are not available. Answer D is incorrect because DNS cannot be installed on Windows XP.

Answer C is correct. Using the Monitoring tab, you can perform simple queries against the DNS server to test the configuration. Therefore, answers A, B, and D are incorrect.

Answer A is correct. If the Unix hosts do not support NetBIOS, WINS lookup can be enabled on the DNS server. The DNS server can query the WINS server if it cannot resolve the hostname. Answer B is incorrect because you cannot configure replication between DNS and WINS. Answer C is incorrect because a WINS proxy forwards NetBIOS broadcasts to a WINS server. Answer D is incorrect because a DHCP server cannot update NetBIOS names with a DNS server.

Answers B and C are correct. The DNS service can be installed using the Add or Remove Programs applet or the Configure Your Server Wizard. Answer A is incorrect because this would require uninstalling Active Directory. Answer D is incorrect because the DNS management console is available only after the DNS service is installed. Answer E is incorrect because Software Update Services is used only for deploying software updates.

Answer A is correct. PTR records must exist before you can use the nslookup command to resolve IP addresses to hostnames. Therefore, answers B, C, and D are incorrect.

Answer C is correct. Caching-only DNS servers do not maintain any zone information; therefore, no additional traffic would exist on the WAN link. Answer A is incorrect because a primary DNS server already exists for the zone. Answers B and D are incorrect because they maintain zone information and would result in zone transfers.

Answer B is correct. Using the Zone Transfers tab, you can specify which secondary servers can receive zone updates. Answer A is incorrect because the Security tab is used to configure users and groups that can perform updates. Answer C is incorrect because you must configure this at the zone level. Answer D is incorrect because you do not want all secondary DNS servers to be capable of requesting updates.

Answers A and B are correct. A records are used to resolve hostnames to IP addresses. PTR records are required to perform reverse lookups. Therefore, answers C and D are incorrect.

Answer C is correct. The IP Security Monitor utility can be used to view IPSec statistics. Therefore, answers A, B, and D are incorrect.

Answers A, B, and C are correct. Software Update Services requires Internet Explorer 5.0 (or later) and IIS 5.0 (or later), and the system partition must be NTFS. Answer D is incorrect because Service Pack 1 is required only to install SUS on Windows 2000.

Answer D is correct. To configure Automatic Updates settings through a Group Policy Object, the Automatic Updates ADM file must be loaded. Answer A is incorrect because the user is already an administrator. Answer B is incorrect because installing the SUS software does not automatically add the Automatic Updates settings into a Group Policy Object. Answer C is incorrect because settings can be configured locally or through a Group Policy.

Answers A and D are correct. Windows 2000 and Windows XP support the updated version of Automatic Updates. Therefore, answers B, C, and E are incorrect.

Answer C is correct. The Security Configuration and Analysis tool enables you to compare current security settings against those in a template. Answer A is incorrect because the Security Templates snap-in is used to configure existing templates and create new ones. Answer B is incorrect because System Monitor is used to monitor the real-time performance of various components and services. Answer D is incorrect because IP Security Monitor is used to monitor and troubleshoot IPSec communications.

Answer C is correct. The simplest way to configure the same security settings on each server is to configure a security template and deploy it through a GPO. Answers A and B are incorrect because these options would require visiting each of the servers. Answer D is incorrect because SUS cannot be used to deploy security settings.

Answer A is correct. This parameter specifies that Automatic Updates uses an SUS server. Answer B is incorrect because this option specifies how updates are downloaded and installed. Answer C is incorrect because this option specifies which SUS server updates are downloaded from. Answer D is incorrect because this option specifies which server the client will send status information to.

Answer C is correct. This option specifies which SUS server updates will be downloaded from. Answer A is incorrect because this option enables only Automatic Updates to use an SUS server. Answer B is incorrect because this option specifies how updates are downloaded and installed. Answer D is incorrect because this option specifies which server the client will send status information to.

Answer A is correct. As long as auditing of policy changes has been enabled, you can monitor when changes are made to an IPSec policy using the Event Viewer. Therefore, answers B, C, and D are incorrect.

Answer D is correct. The IP Security Monitor utility can be opened from the Microsoft Management Console. Therefore, answers A and B are incorrect. Answer C is incorrect because this is the command used in Windows 2000 to launch IPSec Monitor.

Answer B is correct. The static IP addresses assigned to the servers must be excluded from the scope configured on the DHCP server. Therefore, answers C and D are incorrect. Answer A is incorrect because client reservations are created for DHCP clients that are required to lease the same IP address.

Answer B is correct. The IP Security Monitor included with Windows Server 2003 cannot be used to monitor computers running Windows 2000. Therefore, answers A, C, and D are incorrect.

Answers B and D are correct. The netsh command-line utility and IP Security Monitor can be used to view IPSec statistics. Answer A is incorrect because this command-line utility is no longer used to view IPSec-specific statistics. Answer C is incorrect because ping is used to test TCP/IP connectivity.

Answer D is correct. Software Update Services requires that the system partition be formatted with NTFS along with the partition on which the software will be installed. Answer A is incorrect because no service pack is required. Answer B is incorrect because the partition on which SUS is installed must be NTFS as well. Answer C is incorrect because IIS 5.0 is required.

Answers A, B, and C are correct. By placing a DHCP server within the branch office and configuring the remote server with 20% of the IP addresses, you can eliminate DHCP and the WAN link as points of failure. The DHCP Relay Agent is required for DHCP clients to lease an IP address from a DHCP server on a remote subnet. Answer D is incorrect because clients are not configured with the IP addresses of DHCP servers.

Answer C is correct. The DHCP server must be enabled to perform updates for clients that cannot update their own host records. Answer A is incorrect because DNS is already configured for dynamic updates because the Windows XP clients are successfully performing updates. Answer B is incorrect because Windows 95 clients cannot be configured to perform dynamic updates. Answer D is incorrect because a DHCP relay agent forwards IP address lease requests to a DHCP server.

Answer C is correct. A standalone server is not authorized in Active Directory. The Authorize option is not available on a standalone server. Therefore answers A, B, and D are incorrect.

Answer B is correct. By configuring an authoritative DNS server within bayside.net to host a stub zone for the sales.bayside.net zone, any updates made to the authoritative name server resource records will be updated within the parent zone as well. Therefore, answers A, C, and D are incorrect.

Answer B is correct. If the support tools have been installed, you can use Replication Monitor to ensure that replication between DNS servers is occurring on a regular basis. Answer A is incorrect because System Monitor is used to monitor the real-time performance of a DNS server. Answer C is incorrect because the DNS management console is used to configure and manage a DNS server but cannot be used to monitor DNS replication. Answer D is incorrect because there is no such tool as the DNS Monitor.

Answer D is correct. Using the Clear Cache option from the Action menu within the DNS management console allows you to delete the contents of the cache file. Although uninstalling the service would clear the contents of the cache, it's not the easiest way to perform the task; therefore, answer A is incorrect. Answer B is incorrect because deleting the file completely removes it. Answer C is incorrect because there is no Clear Cache option available from the server's Properties window.

Answer B is correct. This option enables you to configure how updates are downloaded and installed. Because Active Directory is not installed, the Automatic Updates settings must be configured through the Registry, not a Group Policy. Answer A is incorrect because this option enables Automatic Updates to use SUS. Answer C is incorrect because this option specifies the SUS server that updates are downloaded from. Answer D is incorrect because this option specifies which SUS server the client will send status information to.

Answers A and C are correct. Network Monitor can be used to monitor and log network activity. System Monitor can also be used to monitor various network components. Therefore, answers B and D are incorrect.