| Question 1 | Abbot.com is considering a name for its DNS structure on the inside of its firewall. The company's main goal is maximum security, even if new training for users is required. Which of these names should Abbot.com use? A. abbot.com B. abbot.com.ad C. ad.abbot.com D. abbot.ad
|
| A1: | Answer D is correct. To maximize security, the company should use a name on the inside of the firewall that is totally different from its public name; therefore, answers A, B, and C are incorrect because they contain the abbott name. |
| Question 2 | You are the enterprise admin for BFE, Inc. You have a mixture of clients and are concerned with name resolution. Which of your clients can use only NetBIOS to obtain information about servers and services in a network? (Choose all that apply.) |
| A2: | Answers A and D are correct. Clients prior to Windows 2000 Professional cannot use DNS to resolve a server role such as Domain Controller or Global Catalog Server and use only NetBIOS to obtain this information about servers and services in a network; therefore, answers B, C, and E are incorrect because Windows 2000, Windows Server 2003, and Windows XP can also use SRV records. |
| Question 3 | You are the domain admin of a Windows Server 2003 network. To improve accuracy on several WINS servers while conserving available bandwidth, you've decided to replicate WINS servers only at night. Which type of WINS replication can be configured only for an interval? A. Push/pull B. Push C. Pull D. Pull/push
|
| A3: | Answer C is correct. WINS replication can be pulled on an interval or pushed after a set number of changes to the database. Therefore, answers A and B are incorrect because they can be set to push after a number of changes. Answer D is incorrect because it is not a valid type of WINS replication. |
| Question 4 | Dave is a network administrator in charge of hostname resolution. He has a mixture of clients in his network and is concerned with their registration with the DNS servers. He wants to use only clients that can register their own A (host) records on the DNS servers. Which types of clients should he use? (Choose all that apply.) |
| A4: | Answers B and C are correct. Clients prior to Windows 2000 Professional cannot register their A (host) records in the DNS zone. Therefore, answers A, D, and E are incorrect because Windows NT, Windows 98, and Windows 95 cannot register their own A (host) records. |
| Question 5 | Sandra is a network administrator for a large company. She is concerned with security in regard to DNS zones. She wants to use a type of zone that can provide secure dynamic updates. Which type of zone should she use? |
| A5: | Answer A is correct. Only Active Directory integrated zones can provide secure dynamic updates. Therefore, answers B and C are incorrect because they cannot provide secure dynamic updates. Answer D is incorrect because Caching Only is a type of server and not a type of zone. |
| Question 6 | Don is a new network administrator. He asks you to explain your choices for your current DNS design. You explain that some zones are written to directly and others are written to only through zone transfer. Which types of zones can be written to only by zone transfer? |
| A6: | Answers A and D are correct. Standard secondary zones and stub zones are actually replicas (or partial replicas, in the case of a stub zone) of a zone and can be written to only by zone transfer. Therefore, answers B and C are incorrect because both are a primary type of zone that can be written to by an administrator or by dynamic DNS. Caching Only is not a type of zone but rather a type of server that does not host a zone; therefore, answer E is incorrect. |
| Question 7 | If a domain is in native mode and the users are set to the default dial-in permissions, what will happen when users attempt to connect when all Remote Access policies have been removed? A. All attempts to access the server will succeed. B. All attempts to access the server will fail. C. Conditions will decide what happens. D. Some attempts will succeed and some will fail.
|
| A7: | Answer B is correct. When a domain is in native mode, the default dial-in permissions are Control Access Through Remote Access Policy. A policy must exist, or all attempts will be denied. Therefore, answer A is incorrect because all attempts to connect will not succeed. Answer B is incorrect because conditions are not a determining factor. Answer D is incorrect because all attempts will fail. |
| Question 8 | Jack is a user in a mixed mode domain. His dial-in permissions are set to the default setting. When Jack attempts to access the network through the Remote Access Services server, all attempts are denied. What could you do to allow Jack access to the network through the RAS? A. Change his permissions to Allow B. Change his profile to Allow C. Change his permissions to Control Access Through Remote Access Policy D. Change the domain to native mode
|
| A8: | Answer A is correct. The default dial-in permission for a user in a mixed mode domain is Deny. The only way to allow Jack to use the RAS server is to change his permissions to Allow. Therefore, answers B and C are incorrect because you cannot use Control Access Through Remote Access Policy in mixed mode. Answer D is incorrect because even if the domain were changed to native mode, Jack would still be denied admission by the default Remote Access policy. |
| Question 9 | John is an administrator in a very large network with many RAS servers. Remote Access policies have become very confusing because the same user can obtain different permissions depending on which RAS is used. John would like to use a service to centralize the authentication provided by all RAS servers. Which service should he use? |
| A9: | Answer B is correct. Internet Authentication Services (IAS) provides a means for centralizing authentication and accounting in a network with multiple RAS servers. Therefore, answer A is incorrect because another RAS server would only further complicate the issue. Answer C is incorrect because it is a term used for one of Microsoft's latest firewalls. Answer D is incorrect because it stands for Internet Information Services, which would not be of use in this scenario. |
| Question 10 | Bill is a user on a Windows Server 2003 native mode domain. His dial-in permissions are set to the default. The domain has a Remote Access policy with the following: Conditions: All users are allowed to connect on all days between 8:00 a.m. and 5:00 p.m. Profile: All users are allowed to connect on all days between 9:00 a.m. and 4:00 p.m. and all users have a maximum session time of 2 hours. Bill connects at 3:00 p.m. Which of the following will happen? (Choose all that apply.) A. Bill will be disconnected at 5:00 p.m. B. Bill can reconnect at 8:00 a.m. on the next day. C. Bill will be disconnected at 4:00 p.m. D. Bill can reconnect at 9:00 a.m. on the next day. E. It depends on Bill's idle session time-out setting
|
| A10: | Answers C and D are correct. Because Bill's permissions are set to the default of Control Access Through Remote Access Policy, the connection to the network will depend on a combination of conditions and profile. Conditions are considered only at the time of the connection, but the profile must be maintained during the entire connection. Bill's profile schedule setting will disconnect him before the maximum time expires. He will then be able to reconnect only after 9:00 a.m. the next morning. At 8:00 a.m., he meets the conditions, but not the Profile. Therefore, answers A and B are incorrect because the profile will disconnect Bill at 4:00 p.m. (not 5:00 p.m.) and allow him to reconnect at 9:00 a.m. (not 8:00 a.m.). Answer E is incorrect because the idle session time-out is not a factor in this case. |
