Answer Key

Question 1

Answer B is correct. By increasing the lease duration, clients will not have to renew their IP address leases with the DHCP server as often. Answer A is incorrect because, although this would reduce the amount of DHCP traffic, it does not really address the problem at hand and decentralizes IP address administration. Answer C is incorrect because placing a second DHCP server on the network would provide load balancing but would not address the amount of traffic being generated. Answer D is incorrect because a DHCP Relay Agent is used to forward DHCP requests from one subnet to the DHCP server located on another subnet.

Question 2

Answer D is correct. For clients to communicate outside of their local subnet, they must be configured with the IP address of the default gateway. This can be done by configuring the 003 router option on each DHCP server. Answers A and C are incorrect because the clients can successfully lease IP addresses. This eliminates both of these options as the correct answer. Answer B is incorrect because the clients are configured for DHCP, so the gateway option can be assigned dynamically when the clients are assigned an IP address.

Question 3

Answer C is correct. If a DHCP server is not authorized in Active Directory, the service will be shut down when it attempts to start. Answer A is incorrect because an inactive scope will not cause the service to fail. Answer B is incorrect because the DHCP service can be installed on a member server, domain controller, or a standalone server. Answer D is incorrect because misconfigured scope information would not cause the DHCP service to fail.

Question 4

Answer A is correct. You should manually configure IP addresses for the servers and exclude those addresses from the scope. This is a better option than configuring the servers as DHCP clients because it eliminates the servers as being dependent on another server to obtain an IP address. Answer C is incorrect. By configuring a client reservation for each server, the servers can remain as DHCP clients but will always be assigned the same IP address. However, if the DHCP server is unavailable, they will not be able to obtain the IP address. Answer B is incorrect because scope options are used to configure DHCP clients with optional parameters. The 003 option also is used to assign clients the IP addresses of network routers. Answer D is incorrect because superscopes are used to organize existing scopes.

Question 5

Answer D is correct. If a DHCP server is unavailable, clients will use Automatic Private IP Addressing and will use an IP address in the range of 169.254.0.0 to 169.254.255.255. Therefore, answers A, B, and C are incorrect.

Question 6

Answer D is correct. For all clients to be able to communicate outside of the local subnet, the 003 router option must be configured at the scope level. Because there are multiple subnets, all client computers are not configured with the same default gateway. Answers A and C are incorrect because all clients are successfully leasing IP addresses. Answer B is incorrect because if the DHCP Relay Agents were configured with the incorrect IP address for the DHCP server, clients would not be able to lease IP addresses.

Question 7

Answer B is correct. To authorize the DHCP servers, a user must be a member of the Enterprise Admins group. Answers A, C, and D are incorrect because these groups have insufficient privileges to perform the operation.

Question 8

The correct order is server, scope, class, and client.

Question 9

Answer B is correct. To ensure that there are no address conflicts on the network, you must exclude the IP addresses already assigned to the three servers from the scope. Answer A is incorrect because client reservations ensure that certain DHCP clients are always assigned the same IP address. Answer C is incorrect because conflict detection is used to ensure that a DHCP server does not lease an IP address that is currently in use on the network. Answer D is incorrect because superscopes do not prevent IP addresses from being leased to clients.

Question 10

Answer B is correct. You should configure each DHCP server with a scope for each subnet. If the DHCP server on the local subnet is unavailable, clients can obtain an IP address from the DHCP server on the remote network. Answer A is incorrect. Automatic IP addressing provides limited ability to communicate on the network. Because APIPA does not assign a default gateway, communication outside of the local subnet is not possible. Answer C is incorrect because a DHCP Relay Agent is not required. Because the routers are BOOTP-enabled, they can forward IP address requests between subnets. Answer D is incorrect because this solution would require more administrative effort.

Question 11

Answer A is correct. You should increase the number of conflict detection attempts. By default this value is set to zero. When this value is increased, the DHCP server will ping an IP address before leasing it to a DHCP client. If the ping is successful, the DHCP server will not lease the IP address. Answer B is incorrect because this would require more administrative effort to identify the static IP addresses and then exclude them from the scope. Answer C is incorrect because a client reservation is created when a DHCP client requires the same IP address. The DHCP server always leases the same IP addresses to the DHCP client. Answer D is incorrect because you do not know the IP addresses that are still statically configured on client computers.

Question 12

Answer A is correct. The DHCP console is used to authorize a DHCP server within Active Directory. Therefore, answers B, C, and D are incorrect.

Question 13

The correct answer is Windows 2000 and Windows XP. Any Windows 2000 and Windows XP clients can update their own records with the DNS server. The remaining clients do not support the dynamic update feature; in such cases, the DHCP server can be configured to update the records on their behalf.

Question 14

Answer C is correct. The IPCONFIG /ALL command can be used to view detailed information about TCP/IP parameters on a computer, including whether the IP address is being leased from a DHCP server. Answer A is incorrect because the nslookup command is used to troubleshoot name resolution. Answer B is incorrect because the PING command is used to test connectivity, and it has already been determined that the client cannot communicate on the network. Answer D is incorrect because if the client is configured to dynamically obtain an IP address, it will not be listed in the TCP/IP properties window.

Question 15

Answer A is correct. The #pre directive defines which entries in the LMHOSTS file should be preloaded into the local NetBIOS name cache. Answer B is incorrect because the #include directive is used to specify another LMHOSTS file from which entries should be used. Answer C is incorrect because the #mh directive is used to add multiple entries for a multihomed computer. Answer D is incorrect because the #DOM directive is used to indicate that the record is for a domain controller.

Question 16

Answers C and D are correct. Of the platforms listed, only Windows Me and Windows XP support automatic private IP addressing. Therefore, answers A, B, and E are incorrect.

Question 17

Answer C is correct. If the zone is configured to accept only secure updates, you must configure the dynamic update credentials on the DHCP server. This is the username and password under which the DHCP server will perform the updates to the DNS database. Answer A is incorrect because clients are already leasing IP addresses. If the DHCP server is not authorized, the service will fail to start. Answer B is incorrect because the DnsUpdateProxy group is used when there are multiple DHCP servers performing dynamic updates. It allows DNS records updated by one DHCP server to be updated by another DHCP server. Answer D is incorrect because if clients are configured with static IP addresses, dynamic updates would not be required, nor would DHCP.

Question 18

Answers B and D are correct. By default, Windows 2000 and Windows XP clients will dynamically register their own A records. Answer A is incorrect because the DHCP server will register the PTR records for clients. Answer C is incorrect because the DHCP server will not update A records unless requested to do so. Answer E is incorrect because a DHCP server will not update any records on behalf of legacy clients unless it is configured to do so.

Question 19

Answer D is correct. A zone type can be changed using the General tab from the zone's properties window. Select the option to store the zone in Active Directory. Answer B is incorrect because the Security tab is used to configure permissions to the zone file. Answers A and C are incorrect because a zone type cannot be changed from the DNS server's properties window.

Question 20

Answer A is correct. MX records are used to identify mail servers. Answer B is incorrect because some versions of UNIX support dynamic update. However, there is no mention of what version of UNIX is being used, so you can assume that dynamic updates are not updated. Answer C is incorrect because you cannot configure the IP address of a mail server through the properties of TCP/IP. Answer D is incorrect because CNAME records are used to assign alias names to an existing host.

Question 21

Answer C is correct. A secondary DNS server maintains a copy of the zone file. If the primary DNS server goes offline, clients can still resolve hostnames using the secondary DNS server. Answer A is incorrect because caching-only DNS servers do not maintain zone information; they only cache records as they are resolved. Answer B is incorrect because a primary server already exists. There can only be one Primary DNS server for a zone. Answer D is incorrect because the DNS service must be installed on a domain controller in order to implement Active Directoryintegrated zones.

Question 22

Answer C is correct. Because caching-only servers do not maintain any zone information, no traffic is generated from zone transfers. As the server builds up, the contents of the cache response time will be decreased for DNS clients. Answers A and B are incorrect because primary and secondary DNS servers will generate zone-replication traffic. There can only be one primary DNS server for a zone. Answer D is incorrect because a master name server is the DNS server from which a secondary DNS server gets zone updates.

Question 23

Answer D is correct. To use the nslookup command to resolve the hostname associated with an IP address, the appropriate PTR record must exist within the reverse lookup file. Answer A is incorrect because the A record is not used to resolve the hostname associated with an IP address. Answer B is incorrect because the nslookup command returns results for other queries. Answer C is incorrect because MX records are used to identify mail servers.

Question 24

Answer A is correct. Your first step should be to verify that the correct interface is added under the DHCP Relay Agent on Subnet 2. If the incorrect interface has been added, client computers will not be able to obtain an IP address from the DHCP server on Subnet 1. Answers B and C are incorrect. After you have verified that the correct interface has been added, you should then proceed to verify that the DHCP Relay Agent is configured with the correct IP address of the DHCP server on the remote subnet. Also check that the Relay DHCP Packets option is selected. Answer D is incorrect. Incorrect scope information will not prevent client computers from leasing an IP address.

Question 25

Answer B is correct. To specify which users and groups can update the zone file, the zone must be configured for secure updates. This can be done through the zone's properties window using the General tab. Answers A and C are incorrect because a zone cannot be configured for secure updates from the DNS server's properties window. Answer D is incorrect because the Security tab is used to configure users and groups that have permission to update the zone file.

Question 26

Answer A is correct. By configuring the existing secondary DNS servers as the master name servers for the new secondary DNS servers, zone replication for the new servers can occur locally instead of across the slow link. Answer B is incorrect because caching-only DNS servers do not store any zone information. They only cache results. Answer C is incorrect because this will result in more replication traffic. Answer D is incorrect because forwarders are configured to tell a DNS server where to forward name-resolution requests.

Question 27

Answer C is correct. You could use the IP address of 192.168.0.45. You can determine from the configuration on the other server that the network has been subnetted because the subnet mask is 255.255.255.240. The network address is 192.168.0.0. The following address ranges are supported by this subnet mask:

192.168.0.16192.168.0.31

192.168.0.32192.168.0.47

192.168.0.48192.168.0.63

192.168.0.64192.168.0.79

192.168.0.80192.168.0.95

192.168.0.96192.168.0.111

192.168.0.112192.168.0.127

192.168.0.128192.168.0.143

192.168.0.144192.168.0.159

192.168.0.160192.168.0.175

192.168.0.176192.168.0.191

192.168.0.192192.168.0.207

192.168.0.208192.168.0.223

192.168.0.224193.168.0.239

Because the existing server has been configured with an IP address of 192.168.0.42, the new server must be configured with an IP address from the same address range. Therefore, 192.168.0.45 is correct.

The server should not be configured with any of the other IP addresses listed because the server will then appear to be on a different subnet.

Question 28

Answer B is correct. The refresh interval defines how often a secondary server will poll its master name server for updates to the zone file. By increasing this value, the secondary DNS server will not poll the master name server as often. Answer A is incorrect because the TTL defines how long records can remain within the cache before they must be purged. Answer C is incorrect because this defines how often the secondary server will continue to poll for updates if the master name server does not respond. Decreasing this value will increase traffic on the WAN connections. Answer D is incorrect because the serial number is used to determine whether the zone file has changed.

Question 29

Answer B is correct. You should create a secondary zone for bayside.net on SRV03. You should ensure that a zone transfer is done and that all of the records for the zone replicate successfully to SRV03. You should then change the zone type to primary and select the option to store the zone in Active Directory. Answer A is incorrect. You do not need to create an Active Directory application partition for DNS to prepare DC-Main to host an Active Directoryintegrated zone for bcdtrain.com. Answer C is incorrect. You should not create a stub zone to prepare the server to host an Active Directoryintegrated zone for bayside.net. You use a stub zone to ensure that a DNS server for a zone has information about all name servers that host a zone for a DNS subdomain, even the name servers that are added after the subdomain is delegated. In this scenario, there is only a single DNS domain, so a stub zone is not necessary. Answer D is incorrect. You should not create a primary zone for bayside.net on SRV03 to prepare the server to host an Active Directoryintegrated zone. To replicate all records from the current primary server, you must create a secondary zone on SRv03. You should convert the zone to a primary zone.

Question 30

Answer C is correct. Using the Forwarders tab from the DNS server's properties window, configure the DNS server to forward all name-resolution requests for clients in the Riverside organization to the Riverside DNS servers. Answers A and D are incorrect because forwarders cannot be configured from the zone's properties window. Answer B is incorrect because you do not want all name-resolution requests forwarded to the Riverside DNS servers.

Question 31

Answer A is correct. You should create a stub zone for riverside.net on SRV01. A DNS server running Windows Server 2003 that hosts a stub zone queries a master name server for the zone periodically to obtain the name server (NS) records from the zone. The server that hosts the stub zone stores the NS records, the start of authority (SOA) record, and address (A) records of the name servers in the stub zone. Answer B is incorrect because conditional forwarding is used to define the name servers to which requests should be forwarded. This list is not updated automatically as new name servers are added to a zone. Answers C and D are incorrect. Both of these solutions would use more disk storage on SRV01 than a stub zone would use.

Question 32

Answer C is correct. Using the Monitoring tab, you can perform simple queries against the DNS server to test the configuration. Therefore, answers A, B, and D are incorrect.

Question 33

Answer A is correct. If the UNIX hosts do not support NetBIOS, WINS lookup can be enabled on the DNS server. The DNS server can query the WINS server if it cannot resolve the hostname. Answer B is incorrect because you cannot configure replication between DNS and WINS. Answer C is incorrect because a WINS proxy forwards NetBIOS broadcasts to a WINS server. Answer D is incorrect because a DHCP server cannot update NetBIOS names with a DNS server.

Question 34

Answer B is correct. You should use a subnet mask of 255.255.255.240. The will allow for a total of 14 subnets. You can determine the number of subnets by using the formula of 2^x2 where x is the number of bits taken from the host IDs and used for the subnet mask. With a subnet mask of 255.255.255.240, 4 bits have been used and 2^42 is equal to 14. Therefore, a total of 14 subnets can be created. Answers A, C, and D are incorrect. You should not use a subnet mask of 255.255.255.224 because it only allows you to create a maximum of 6 subnets. The remaining subnets should not be selected because they support far more subnets than will ever be required.

Question 35

Answer C is correct. To enable a computer as a WINS proxy, change the EnableProxy value to 1 within the local Registry. Answers A and B are incorrect because you do not have to install additional software to enable a WINS proxy. Answer D is incorrect because there is no option called WINSProxy within the Registry.

Question 36

Answer C is correct. Caching-only DNS servers do not maintain any zone information; therefore, no additional traffic would exist on the WAN link. Answer A is incorrect because a primary DNS server already exists for the zone. Answers B and D are incorrect because they maintain zone information and would result in zone transfers.

Question 37

Answer B is correct. Using the Zone Transfers tab, you can specify which secondary servers can receive zone updates. Answer A is incorrect because the Security tab is used to configure users and groups that can perform updates. Answer C is incorrect because you must configure this at the zone level. Answer D is incorrect because you do not want all secondary DNS servers to be capable of requesting updates.

Question 38

Answer A is correct. You should open the properties dialog box for the DNS server, which in this case will be BAYDNS. You should then select the Forwarders tab and configure the DNS server to forward any name resolution requests for hosts in the riverside.net domain, the RIVDNS. Answers B, C, and D are incorrect. You should not open the zone properties dialog box for bayside.net. Forwarding must be configured at the server level, not the zone level. You should not configure BAYDNS to forward all name resolution requests to RIVDNS. You only want name resolution requests for clients in the riverside.net domain forwarded to this specific DNS server.

Question 39

Answer C is correct. The IP Security Monitor utility can be used to view IPSec statistics and verify traffic is being secured. Therefore, answers A, B, and D are incorrect. You could use Network Monitor. However, this would require more administrative effort to capture the network traffic and analyze it.

Question 40

The correct answers are: Internet Explorer 5.0 (or later), IIS 5.0 (or later), and the system partition must be NTFS. The remaining answers are incorrect because they are not required to install SUS.

Question 41

Answer D is correct. To configure Automatic Updates settings through a Group Policy Object, the Automatic Updates ADM file must be loaded. Answer A is incorrect because the user is already an administrator. Answer B is incorrect because SUS can be installed on any server as long as it meets the software requirements. Active Directory is not a software requirement. Answer C is incorrect because settings can be configured locally or through a Group Policy.

Question 42

The correct answers are: Windows 2000 and Windows XP. There two platforms support the updated version of Automatic Updates.

Question 43

Answer C is correct. The Security Configuration and Analysis tool enables you to compare current security settings against those in a template. Answer A is incorrect because auditing must be enabled before you can track changes made to the server. The scenario does not indicate that auditing is being used. Answer B is incorrect because Resultant Set of Policy in logging mode is used to determine the policy settings currently applied to a computer. Answer D is incorrect because IP Security Monitor is used to monitor and troubleshoot IPSec communications.

Question 44

Answer C is correct. The simplest way to configure the same security settings on each server is to configure a security template and deploy it through a GPO. Answers A and B are incorrect because these options would require visiting each of the servers. Answer D is incorrect because SUS cannot be used to deploy security settings.

Question 45

Answer A is correct. This parameter specifies that Automatic Updates uses an SUS server. Answer B is incorrect because this option specifies how updates are downloaded and installed. Answer C is incorrect because this option specifies which SUS server updates are downloaded from. Answer D is incorrect because this option specifies which server the client will send status information to.

Question 46

Answer C is correct. This option specifies which SUS server updates will be downloaded from. Answer A is incorrect because this option enables only Automatic Updates to use an SUS server. Answer B is incorrect because this option specifies how updates are downloaded and installed. Answer D is incorrect because this option specifies which server the client will send status information to.

Question 47

Answer A is correct. You must download and install the Microsoft Security Baseline Analyzer. This will scan a Windows system and identify any misconfigurations with the operating system that may affect local security. It will also identify any missing security updates. Answer B is incorrect because the HFNetChk.exe program will only identify security patches that need to be installed on a system. Answer C is incorrect because the Security Configuration and Analysis utility is used to compare existing security settings against those in a security template. However, it will not provide you with the specific information you are looking for. Answer D is incorrect because this will only be useful in identifying the security settings configured on the computer. It will not identify misconfigurations or missing security updates.

Question 48

Answer D is correct. The IP Security Monitor utility can be opened from the Microsoft Management Console. Therefore, answers A and B are incorrect. Answer C is incorrect because this is the command used in Windows 2000 to launch IPSec Monitor.

Question 49

Answer B is correct. The static IP addresses assigned to the servers must be excluded from the scope configured on the DHCP server. Therefore, answers C and D are incorrect. Answer A is incorrect because client reservations are created for DHCP clients that are required to lease the same IP address.

Question 50

Answer B is correct. The IP Security Monitor included with Windows Server 2003 cannot be used to monitor computers running Windows 2000. Therefore, answers A, C, and D are incorrect.

Question 51

Answer D is correct. You should use the subnet mask of 255.248.0.0. This subnet mask will allow for a maximum of 30 subnets, which meets the company's new addressing requirements. Answers A, B, and C are incorrect. You should not select a subnet mask of 255.192.0.0 because it will only allow for two subnets. However, the new infrastructure requires a maximum of 28. You should not select 255.224.0.0 because this subnet mask only allows for a maximum of 6 subnets, which does not meet the requirements. You should not select 255.240.0.0 because this subnet mask only allows for a maximum of 14 subnets, which does not meet the requirements.

Question 52

Answer D is correct. Software Updates Services requires that the partition on which the software will be installed be formatted with NTFS. Answer A is incorrect because no service pack is required. Answer B is incorrect because the partition on which SUS is installed must be NTFS as well. Answer C is incorrect because IIS 5.0 is required.

Question 53

Answers A, B, and C are correct. By placing a DHCP server within the branch office and configuring the remote server with 20% of the IP addresses, you can eliminate DHCP and the WAN link as points of failure. The DHCP Relay Agent is required for DHCP clients to lease an IP address from a DHCP server on a remote subnet. Answer D is incorrect because clients are not configured with the IP address of DHCP servers.

Question 54

Answer C is correct. The DHCP server must be enabled to perform updates for clients that cannot update their own host records. Answer A is incorrect because DNS is already configured for dynamic updates because the Windows XP clients are successfully performing updates. Answer B is incorrect because Windows 95 clients cannot be configured to perform dynamic updates. Answer D is incorrect because a DHCP relay agent forwards IP address lease requests to a DHCP server.

Question 55

Answer C is correct. A standalone server is not authorized in Active Directory. The Authorize option is not available on a standalone server. Therefore answers A, B, and D are incorrect.

Question 56

Answer D is correct. You do not need to do anything. When you delegate a zone, the parent zone is always aware of the name servers in the child domain. Therefore, answers A, B, and C are incorrect. Answer B is incorrect. A stub zone is only used if there are separate DNS namespaces. However, in this case, the zone is not a separate namespace.

Question 57

Answer B is correct. If the support tools have been installed, you can use Replication Monitor to ensure that replication between DNS servers is occurring on a regular basis. Answer A is incorrect because System Monitor is used to monitor the real-time performance of a DNS server. Answer C is incorrect because the DNS management console is used to configure and manage a DNS server but cannot be used to monitor DNS replication. Answer D is incorrect because there is no such tool as the DNS Monitor.

Question 58

Answer D is correct. Using the Clear Cache option from the Action menu within the DNS management console allows you to delete the contents of the cache file. Although uninstalling the service would clear the contents of the cache, it's not the easiest way to perform the task; therefore, answer A is incorrect. Answer B is incorrect because deleting the file completely removes it. Answer C is incorrect because there is no Clear Cache option available from the server's property window.

Question 59

Answer B is correct. This option enables you to configure how updates are downloaded and installed. Because Active Directory is not installed, the Automatic Updates settings must be configured through the Registry, not a Group Policy. Answer A is incorrect because this option enables Automatic Updates to use SUS. Answer C is incorrect because this option specifies the SUS server from which updates are downloaded. Answer D is incorrect because this option specifies which SUS server the client will send status information to.

Question 60

Answers A and C are correct. Network Monitor can be used to monitor and log network activity. System Monitor can also be used to monitor various network components. Therefore, answers B and D are incorrect.