Chapter 9. Answers to Practice Exam 1

1. A

2. B

3. A, B, C

4. C, E, G

5. C, D

6. D

7. A, C

8. A, C, D, F

9. C

10. C

11. D

12. B, D, G

13. B

14. C

15. E

16. B, F

17. A, B, D

18. B

19. C

20. A, D

21. B, D

22. B

23. D, E

24. A

25. D

26. B, C

27. D

28. B, C, F

29. D

30. A

31. D

32. C

33. A

34. E

35. E

36. B

37. C

38. D

39. D

40. A

41. D

42. D

43. C

44. B

45. C

46. A, B, C

47. D

48. A, B

49. A, C, E, G

50. A

51. C

52. B, E, F, G

53. C, D, E

54. A, C

55. A, D, F

56. A, B, E

57. A

58. E

59. C

60. D

Question 1

The correct answer is A. The conceptual design phase of the network design process takes into consideration all the company's requirements and the users' needs. The logical design phase only begins to outline a solution for the company's needs. The physical design phase outlines the services and technologies needed to meet the company's requirements and users' needs.

Question 2

The correct answer is B. The conceptual design phase of the network design process takes into consideration all the company's requirements and the users' needs. The logical design phase only begins to outline a solution for the company's needs. The physical design phase outlines the required services and technologies needed to service the company and end user needs. The physical design phase outlines the services and technologies needed to meet the company's requirements and users' needs.

Question 3

The correct answers are A, B, and C. When you are planning your physical network diagram, you must consider many factors; often they depend on your existing design and your future plans for the network. You should diagram generic physical equipment, such as your current wiring scheme and wiring types, which might include analog lines, wireless implementations (if any), Integrated Services Digital Network (ISDN) lines, Asymmetric Digital Subscriber Line (ADSL) lines, Integrate Digital Subscriber Line (IDSL) lines, Symmetric Digital Subscriber Line (SDSL) lines, fiber- optic cables, and so forth. Items such as static and dynamic IP addressing schemes and the subnet layout aren't normally included at this stage.

You should also include server information and details, such as the roles the system holds, the services it hosts on the network, the system's NetBIOS name, DNS name , and IP address. You should also indicate whether this server holds any major roles for the domain or forest and include the firmware levels of all your network devices and any special configuration requirements.

Question 4

The correct answers are C, E, and G. When you are planning details to include in your physical network diagram, you must consider many factors; often they depend on your existing design and your future plans for the network.

Your diagram should include generic physical equipment, such as your current wiring scheme. Items such as static and dynamic IP addressing schemes and the subnet layout aren't normally included at this stage.

You also need to outline where all your hubs, switches, routers, bridges, and proxy servers are on the network so that you can form a decent topology map. You should also indicate whether this server holds any major roles for the domain or forest and include the firmware levels of all your network devices and any special configuration requirements.

Question 5

The correct answers are C and D. The systems will not be able to call up Web sites via DNS name, and client systems will not be able to call up Web sites via IP name or DNS name because the high ports (above 1023) have been disabled. Ports above 1023 allow connections coming in from Web sites after traffic has left a system via port 80.

Question 6

The correct answer is D. There are three categories of NetBIOS services: the Name Service, the Session Service, and the Datagram Service. The NetBIOS name service uses TCP port 137 and allows an application to confirm its own NetBIOS name to make sure it is unique; therefore, answer B is incorrect. The NetBIOS datagram service uses UDP port 138; therefore, answer C is incorrect. Answer A is incorrect because by default the NetBIOS name service doesn't use that port.

Question 7

The correct answers are A and C. A typical IPv4 address looks like this: 123.45.67.222. Answers B and D are incorrect because an IPv4 address cannot contain a value above 255.

Question 8

The correct answers are A, C, D, and F. There are three ways to represent IPv6 addresses as text. The following preferred form consists of hexadecimal values of the address's eight 16-bit pieces:

 FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0:0:0:8:800:200C:417A 

The valid hexadecimal characters are 0 through 9 and A through F. For example, the following addresses

 1080:0:0:0:8:800:200C:417A a unicast address FF01:0:0:0:0:0:0:101 a multicast address 0:0:0:0:0:0:0:1 the loopback address 0:0:0:0:0:0:0:0 the unspecified addresses 

Can be represented as

 1080::8:800:200C:417A a unicast address FF01::101 a multicast address ::1 the loopback address :: the unspecified addresses 

This is an IPv6 address in decimal-dot notation:

 5.40.161.101.255.255.0.0.80.191.119.8.13.201.78.118 

Using a colon -separated list of 16-bit values, the address looks like this:

 0528:a165:ff00:50bf:7708:0dc9:4d76 

In some cases, it's common for addresses to contain long strings of 0 bits. These addresses are cumbersome to write, however, so a special syntax is available to compress the zeros. Using :: indicates multiple groups of 16 bits of zeros. The :: can appear only once in an address. It can also be used to compress leading and trailing zeros in an address. The following address has long strings of 0 bits:

 ff01:8a27:030a:0000:0000:0000:3a1f 

Using the :: notation to represent all bits set to 0, the address changes to this:

 ff01:8a27:030a::3a1f 
Question 9

The correct answer is C. Given the Class A IPv4 address range of 10.0.0.0 and allowing for no more than 11 subnet bits, you can use a subnet mask of 255.224.0.0 as follows :

 IP address: 10.0.0.0 Address class: A Network address: 10.0.0.0 Subnet address: 10.0.0.0 Subnet mask: 255.224.0.0 Subnet bit mask: nnnnnnnn.nnnhhhhh.hhhhhhhh.hhhhhhhh Subnet bits: 11 Host bits: 21 Possible number of subnets: 8 Hosts per subnet : 2097150 
Question 10

The correct answer is C. Given the Class B IPv4 address range of 168.10.0.0, you can use a subnet mask of 255.255.248.0 to create at least 32 subnetworks with up to 2,046 hosts per subnet. The subnet mask 255.255.248.0 is valid for the Class B IPv4 address range; therefore, answer A is incorrect. You can create up to 32 subnetworks; therefore, answer B is incorrect. The IPv4 address 168.10.0.0 is a valid Class B address range; therefore, answer D is incorrect.

Question 11

The correct answer is D. Given the Class C IPv4 address range of 192.199.199.0, you can use a subnet mask of 255.255.255.240 and create 16 subnetworks with 14 hosts per subnet. Because the question called for at least 17 subnetworks with at least 13 hosts per subnet, however, the only correct answer is D.

Question 12

The correct answers are B, D, and G. The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP address space for private Internets:

  • 10.0.0.0 “10.255.255.255 with the subnet mask 255.0.0.0

  • 172.16.0.0 “172.31.255.255 with the subnet mask 255.240.0.0

  • 192.168.0.0 “192.168.255.255 with the subnet mask 255.255.0.0

These addresses can be used by anyone setting up internal IP networks, such as a lab or home LAN behind a NAT or proxy server or a router. It is always safe to use them because routers on the Internet never forward packets coming from these addresses. Therefore, answers A, C, E, F, and H are incorrect.

Question 13

The correct answer is B. The buffer setting threshold for inbound packets, called the TCP/IP Receive Window Size, is set to 17,520 bytes on ethernet networks by default. When this threshold is met during a communications session between two clients , the receiving system sends an acknowledgement that data has been received to the sending system and repeats this message every 17,520 bytes until all the data has been transmitted. The TCP/IP Send Window Size is not the setting that needs to be reviewed; therefore, answer A is incorrect. Maximum Transmission Units (MTUs) are based on the type of network that is installed. Therefore, answer C is incorrect. Maximum Segment Size is the largest segment that can be carried in the MTU. Therefore, answer D is incorrect.

Question 14

The correct answer is C. Packet-switching networks are more efficient than circuit-switching systems if some amount of delay is acceptable. Circuit switching is a connection-oriented network in which a dedicated circuit is established for the duration of a transmission; therefore, answer A is incorrect. Packet relays and circuit routing do not match this description; therefore, answers B and D are incorrect.

Question 15

The correct answer is E. Your primary objective is to successfully run scans on all systems in the enterprise for application vulnerability checks against Microsoft Office XP. This objective cannot be met because MBSA cannot scan Windows 98 systems locally or remotely. Therefore, none of the objectives have been met, so answers A, B, C, and D are incorrect.

Question 16

The correct answers are B and F. You can run ICS on your Windows 98 and Windows XP systems. Windows Me and Windows 2000 Professional support ICS, but they are not deployed in your enterprise; therefore, answers D and E are incorrect. Windows NT and 95 do not have ICS; therefore, answers A and C are incorrect.

Question 17

The correct answers are A, B, and D. Also known as thin ethernet, ThinNet, or Cheapernet, 10Base2 uses RG-58 coaxial cable in a bus topology. 10Base5 is the ethernet specification for thick coaxial cable, which transmits signals at 10Mbps with a distance limit of 500 meters per segment without the use of a repeater. Therefore, answer E is incorrect. 10Base2 is the ethernet specification for thin coaxial cable, which transmits signals at 10Mbps with a distance limit of 185 meters per segment without the use of a repeater. Therefore, answer F is incorrect.

Question 18

The correct answer is B. DHCP automatic assignment with reservations is used to "dynamically" assign a DHCP client with the same specific reserved IP address each time the client starts up by using the DHCP service. This allows administrators to automatically assign a static IP address to these systems without actually having to set each system with all the parameters (default gateway, DNS servers, and so on), as is done in manual IP address assignment. In manual IP address assignment, an administrator or similarly delegated person manually enters a static IP address and other subsequent information, such as subnet mask and default gateway, DNS server, WINS server, and so forth. Therefore, answer A is incorrect. DHCP automatic assignment is used to "dynamically" assign any DHCP clients with randomly available IP addresses from available scopes each time they start up by using the DHCP service. This allows administrators to automatically assign clients with IP addresses without actually having to set each system with all the parameters, as is done in manual IP address assignment. Therefore, answer C is incorrect. APIPA does not accomplish the objective; therefore, answer D is incorrect.

Question 19

The correct answer is C. OSPF protocol is a better choice than either version of RIP when the network is designed with redundant paths between locations or when the number of subnets in the overall design is more than 50 routers total. Therefore, answers A and B are incorrect. Border Gateway Protocol (BGP) is a protocol for exchanging routing information between gateway hosts on the Internet; therefore, answer D is incorrect.

Question 20

The correct answers are A and D. Some switches operate at the Data Link layer of the OSI model (Layer 2) and form a border to your collision domains. Bridges also work at Layer 2 and function in the same manner. Layer 3 switches, routers, and hubs are not used for setting up collision domains; therefore, answers B, C, and E are incorrect.

Question 21

The correct answers are B and D. Some switches operate at Layer 2 and form a border to your collision domains. Bridges also work at Layer 2 and function in the same manner. Layer 3 switches, routers, and hubs are not used to segment broadcast domains; therefore, answers A, C, and E are incorrect.

Question 22

The correct answer is B. You should implement Layer 3 switches to create a VLAN. Layer 2 switches, routers, and collision domains do not form a border for broadcast domains; therefore, answers A, C, and D are incorrect.

Question 23

The correct answers are D and E. You cannot connect devices through a hub that feeds back to a switch when the port on the switch is running in Full Duplex mode. Therefore, only answers D and E are correct. None of the other choices explains why user three is having connectivity problems.

Question 24

The correct answer is A. The primary objective of performing the security analysis by checking whether any user accounts are using blank or simple passwords has been met. The secondary objectives have been met by installing MBSA on one system and running scans over the network (which requires the least amount of administrative effort) and determining whether the W3SVC (WWW) and SMTPSVC (SMTP) services are installed and enabled on the systems. Because all the objectives have been met, answers B, C, and D are incorrect.

Question 25

The correct answer is D. Because MBSA cannot perform local scans of Windows NT 4 systems, you cannot meet the primary objective. Installing MBSA on each system doesn't meet the secondary objective of expending the least amount of administrative effort. Although the Check for Unnecessary Services part of the scan can check for the W3SVC (WWW) and SMTPSVC (SMTP) services to determine whether any services listed in the services.txt file are installed, it cannot be run locally on the Windows NT 4 system, so the other secondary objective of scanning all systems for these services has not been met either.

Question 26

The correct answers are B and C. Bridges and Layer 2 switches operate at the Data Link layer (Layer 2 of the OSI model) and automatically forward all broadcast traffic received; therefore, subnets one and two will be part of the same broadcast domain. Although Layer 2 switches can be found at the borders of collision domains, they do not form a border of a broadcast domain. Because Layer 2 switches form the borders of collision domains, subnets one and two will be in different collision domains. Only Layer 3 devices, such as routers or Layer 3 switches, form a border of a broadcast domain. Subnets one and two will not be in different broadcast domains or be part of the same collision domain, so answers A and D are incorrect.

Question 27

The correct answer is D. Because Layer 3 devices, such as routers or Layer 3 switches, form a border of a broadcast domain, the offices will be in different broadcast domains. Layer 3 switches route packets at Layer 3 and forward frames at Layer 2. In most cases, Layer 3 switches are used to connect VLANs or to subdivide larger LANs into smaller broadcast domains; however, with very small branch offices, this solution would work, so answer A is not correct. The offices will be in different collision and broadcast domains, so answers B and C are incorrect.

Question 28

The correct answers are B, C, and F. By installing ISA Server on one server and running it in Integrated mode, you will be able to use the server as a proxy to the Internet for hosts on the network and protect them from the Internet at the same time. Configuring the IP address of the ISA server as the proxy server in Internet Explorer on each client is the only way to get all systems connected to the Internet. Installing ISA Server on one server and running it in Firewall mode protects the systems from a security standpoint, but it doesn't allow clients to connect to the Internet.

Question 29

The correct answer is D. MS-CHAP v1 is the most correct answer for this question; all the other options are either less secure or involve making changes to client systems deployed in the enterprise. The main reason that MS-CHAP v1 must be used instead of the others as the "most secure" is that the network includes Windows 98 and Windows NT 4 systems.

Question 30

The correct answer is A. Because NAT is in use and provides IP address configuration information to clients in the form of an IP address, a subnet mask, a default gateway, and the IP address of a DNS server, the main reason this solution doesn't allow systems to connect to the Internet is because static IP addressing is being used. None of the other choices entirely explains the full reason for failing to connect to the Internet.

Question 31

The correct answer is D. When you set up RRAS and enable NAT, IP addresses and TCP/UDP port numbers of packets will be forwarded between systems on your internal network and the Internet. However, this solution cannot work when systems relocated in different broadcast domains because the clients cannot obtain IP addressing from the NAT server; they end up using APIPA addressing in all locations except the broadcast domain where the NAT server is set up. In that location, this solution will work and is why answer D is the most correct answer for this question. None of the other choices entirely explains the full reason for failing to connect to the Internet.

Question 32

The correct answer is C. When you set up RRAS and enable NAT, IP addresses and TCP/UDP port numbers of packets will be forwarded between systems on your internal network and the Internet. The main problem with this configuration is that the manual DNS entry causes name resolution issues with clients because they try to resolve names via their local DNS server instead of the DNS setting they would normally receive via NAT. This is the reason for answer C being correct. None of the other choices entirely explains the full reason for failing to connect to the Internet.

Question 33

The correct answer is A. By deploying two DHCP servers at each location and using a 50/50 address rule for each scope, you deal with the single-point-of-failure issue for addressing, which happens to be the single point out of each branch office. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring there's no single point of failure. The only option is answer A, which has you deploy two DHCP servers at each location and use a 50/50 address rule for the scope. Deploying three servers, as in answers B and C, does not address your current business model needs. Answer D does not eliminate the single point of failure of a network connection because the relay agents would not be able to assign IP addresses if they cannot forward requests to the two DHCP servers on one site when there is a connectivity issue.

Question 34

The correct answer is E. The main problem with this setup is that the demand-dial router (the Linksys DSL router) will hand out IP addresses at all times, even when the demand connection is not enabled. This setup will cause connectivity issues in the two remote locations, even when the private lease line is enabled. No matter which DHCP solution is implemented, in most cases it will compete with the DSL device for handing out addresses to clients. Because you have been asked to configure a DHCP server solution for your environment that allows all clients to obtain an IP address from DHCP and that does not allow a single point of failure for addressing, the only correct answer for this question is E. None of the other choices entirely or accurately describes what needs to be accomplished in this scenario.

Question 35

The correct answer is E. You should deploy two DHCP servers at the main office and use a 50/50 address rule for the scope. This allows you to deal with the single-point-of-failure issue for IP addressing, which focuses on the DHCP servers. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure. You do not need to configure two other systems to serve as relay agents because the RFC 1542 “compliant router can be configured to forward DHCP broadcast messages on its own. You will not be able to use just a single scope because each location needs to have different DNS and default gateway information supplied; this cannot be done via a single scope. None of the other choices entirely or accurately describes what needs to be accomplished in this scenario.

Question 36

The correct answer is B. By deploying two DHCP servers in the area three (the main server area) and using a 50/50 address rule for the scope, you deal with the single-point-of-failure issue for addressing. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure. You do not need to configure two other systems to serve as relay agents because hubs forward DHCP broadcast messages on their own. This makes answer B the best solution for this scenario.

Question 37

The correct answer is C. By deploying two DHCP servers at each location and using a 50/50 address rule for each scope, you deal with the single-point-of-failure issue for addressing. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure; this makes answer C the best choice for this scenario. None of the other choices fully addresses your current business model needs or involves the least amount of administrative effort.

Question 38

The correct answer is D. The best option is to deploy two DHCP servers at the main office, create three different scopes (one for each location), and use a 50/50 address rule for each scope. When you create the necessary client reservations for each scope on both DHCP servers, you ensure that no addresses in the scope are the same as statically assigned ones and that all clients can obtain an IP address from a server hosting DHCP. This design does not allow a single point of failure for addressing because three different scopes (one for each location) are used with the 50/50 address rule for each scope. By using just two DHCP servers at the main office, the solution also addresses your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure. None of the choices fully addresses your current business model needs or makes sure the actions taken involve the least amount of administrative effort.

Question 39

The correct answer is D. By deploying two DHCP servers in the main area and using a 50/50 address rule for the scope, you deal with the single-point-of-failure issue for addressing, which is the DHCP servers. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure. None of the other choices fully addresses your current business model needs or makes sure that actions taken involve the least amount of administrative effort.

Question 40

The correct answer is A. By deploying two DHCP servers at each location and using a 50/50 address rule for each scope, you deal with the single-point-of-failure issue for addressing, which happens to be the single point out of each branch office. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure. The only option is to deploy two DHCP servers at each location and use a 50/50 address rule for the scope.

Question 41

The correct answer is D. By deploying two DHCP servers at each location and using a 50/50 address rule for each scope, you deal with the single-point-of-failure issue for addressing, which happens to be the single point out of each branch office. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure. The best option is to deploy two DHCP servers at the main office. You then need to create three different scopes (one for each location) and use a 50/50 address rule for each scope. Create the necessary client reservations for each scope on both DHCP servers. None of the other choices fully addresses your current business model needs or makes sure that the actions taken involve the least amount of administrative overhead.

Question 42

The correct answer is D. By deploying two DHCP servers in the main area and using a 50/50 address rule for the scope, you deal with the single-point-of-failure issue for addressing, which is the DHCP servers. Your configuration also meets your current business model needs, which require you to choose the least expensive option after ensuring no single point of failure.

Question 43

The correct answer is C. The DHCP service requests access to the authorized server list by IP address within Active Directory when the service starts and once every 60 minutes when the server is authorized (to maintain a check that the server is still authorized in the enterprise and that nothing has changed regarding its membership and authorization status). This is one of the main reasons that the DHCP server requires a static IP address: to find its authorization status in the Active Directory by its static IP address assignment. Answer A states that the DHCP servers will be installed and be authorized in the domain, which is not correct. Answer B states that the DHCP servers will be installed, but they will not be authorized in the domain because the DHCPINFORM messages cannot reach the domain controllers. This is not the reason they will not be authorized. Answer D is incorrect because using APIPA addressing does not allow DHCP to operate correctly.

Question 44

The correct answer is B. Windows Server 2003 DHCP servers communicate by using broadcast-based DHCPINFORM messages to access the authorized server list in Active Directory. The DHCP server needs to be able to access the Active Directory DHCPServer object to successfully review the authorized list of IP addresses to determine its own status. Answer A states that the DHCP servers will be installed and be authorized in the domain, which is not correct. Answer C is incorrect because the DHCP server needs a fixed IP address, not a dynamic one. Answer D is incorrect because using APIPA addressing does not allow DHCP to operate correctly.

Question 45

The correct answer is C. Only the members of the Domain Admins group of a domain can authorize DHCP servers in Active Directory; the DHCP Administrators group is found only on the local DHCP server and has no authority at the domain level. You would need Enterprise Administrator rights in a parent domain if you needed to change the authorization level of a DHCP server in a child domain. Answer A states that the DHCP servers will be installed and be authorized in the domain, which is not correct. Answer B states that the DHCP servers will be installed but they will not be authorized in the domain because the DHCPINFORM messages cannot reach the domain controllers. This is not the reason that they will not be authorized. Answer D is incorrect because using APIPA addressing does not allow DHCP to operate correctly.

Question 46

The correct answers are A, B, and C. Some other issues that need to be addressed for this DNS server are the options under answers A, B, and C. The number of DHCP server authorization checks and the number of Global Catalog server references the DNS server needs to address have no direct bearing in this scenario; therefore, answers D and E are incorrect.

Question 47

The correct answer is D. Approximately 4MB of RAM is used when the DNS server is started without any zones; for each zone or resource record added to the server, more RAM should be added to the system. For resource records added to a server zone, 100 bytes is the number used for DNS server memory calculations. For this question, a zone containing a maximum of 250,000 resource records requires 25MB of additional RAM to be installed or considered for DNS service on this server. Therefore, only answer D is correct, as none of the other options specify this amount of RAM.

Question 48

The correct answers are A and B. Situations in which a local DNS server stops responding and traffic is generated during zone transfers affect DNS server placement. The number of DHCP server authorization checks and the number of Global Catalog server references the DNS server needs to address have no direct bearing in this scenario, so answers C and D are incorrect.

Question 49

The correct answers are A, C, E, and G. Because you cannot simply change the subnet mask, you must delete the current scope and then re-create it on any server that holds this scope. Also, you need to re-create any client reservations and IP address exclusions as required. For these reasons, the correct answers are A, C, E, and G. The remaining options do not indicate the steps to make the necessary changes.

Question 50

The correct answer is A. Caching-only DNS servers perform DNS lookups for DNS clients and then cache the results. After the first DNS client has made a request to resolve a name, the caching-only DNS server has this information ready for remaining clients that might also need that name resolution. These types of DNS servers are not configured to be authoritative for a zone, and they do not store Standard Primary or Standard Secondary zones. This has the added benefit of having the most up-to-date information in the cache as the demand for name resolution changes on the network. It also limits the amount of traffic the DNS server creates; because it does not hold any zone information, it does not produce any replication traffic. For this reason, answer A is the best choice.

Question 51

The correct answer is C. A forward-only DNS server stores a cache of lookups and uses this cache to attempt to resolve hostnames. Forwarding-only DNS servers allow you to secure DNS traffic between your network and the Internet by configuring the firewall so that only the forwarding DNS server performs lookups with Internet-based DNS servers. For this reason, answer C the best choice.

Question 52

The correct answers are B, E, F, and G. Low-level security is a DNS configuration that has no security precautions set and is used only when integrity of DNS data isn't a concern. (Normally, this configuration should not be used, considering the untrustworthiness of the open Internet.) A low-level security DNS configuration has UDP and TCP port 53 open on your network firewall for source and destination addresses and exposes the organization's DNS infrastructure to all DNS clients. Standard DNS resolution is performed by all DNS servers in your network, and all the DNS servers are configured with root hints pointing to the root servers for the Internet. All DNS servers are configured to listen on all their IP addresses, and they will permit zone transfers to any server. Dynamic updating is allowed for all DNS zones on DNS servers configured with low-level security. Cache pollution prevention will not be enabled.

Question 53

The correct answers are C, D, and E. Medium-level security is a DNS configuration that has no security precautions set and is used only when integrity of DNS data isn't a concern. Answers C, D, and E demonstrate a medium-level security for the DNS configuration. All the remaining choices reflect options from other levels of DNS security configurations.

Question 54

The correct answers are A and C. High-level security uses the same configuration as medium-level security, and includes the security features found in Active Directory “integrated zones, as all DNS servers will be installed as domain controllers. The DNS infrastructure will also be configured with no Internet communication with internal DNS servers. For these two reasons, answers A and C are correct.

Question 55

The correct answers are A, D, and F. You should use only the characters defined in RFC 1123 in your DNS names, so answer A is correct. You need to register your unique domain name for your DNS namespace that will be exposed to the Internet, as outlined in answer D. In addition, you need to conform to Internet naming standards for your DNS namespace that will be exposed to the Internet, as outlined in answer F. Answer B, which deals with BIND, is not a consideration for this scenario. Internally used DNS namespaces do not necessarily need to be registered when they are not exposed directly to the Internet, so answer C is not correct. Answer E, which deals with conforming to Internet naming standards for your internal DNS namespace, is also incorrect.

Question 56

The correct answers are A, B, and E. The three best tools for troubleshooting efforts centered on client IP address issues are the ones supplied in answers A, B, and E. PING can be used to test your TCP/IP connection by sending a message to the remote node or gateway from a local system. IPCONFIG is used to get the local system's basic IP configuration information from the command line, including the IP address, subnet mask, and default gateway. PATHPING also shows the route taken to reach a remote system and includes more detail and functionality than TRACERT does. NBTSTAT , ROUTE , and HOSTNAME are not the best choices for dealing with client IP address issues; therefore, answers C, D, and F are incorrect.

Question 57

The correct answer is A. PING can be used to test your TCP/IP connection by sending a message to the remote node or gateway from a local system and is by far the simplest tool for testing network connectivity. Although most of the other options allow you to test network connectivity with varying degrees of success, none is simpler than PING .

Question 58

The correct answer is E. Not enough troubleshooting has taken place to determine the most likely cause of this problem, so answer E is your best choice. Routing is not at issue because your counterpart can reach your side of the router, even though you cannot reach the far side of it from your location. This also shows that the default gateway is configured correctly. Name resolution is not an issue because you can PING by workstation name and receive a response. IP address assignment does not appear to be an issue, as clients do respond to PING requests, which denotes that they do have an IP address.

Question 59

The correct answer is C. Although you could log in to the DHCP server to end the client IP addresses for both clients, they would still have to renew their leases on their own. Your best course of action is to run Ipconfig /release and then Ipconfig /renew on each client to ensure that you have successfully released your current IP address and renewed an IP address on the client. Winipcfg is not a viable option because it is the Windows 95 and 98 IP configuration tool.

Question 60

The correct answer is D. APIPA is available for client system use on Windows 98, Windows 2000, Windows XP, and Windows Server 2003 as a self-populating IP addressing solution when no DHCP server is available. In effect, the default gateway assignment from DHCP has not been set correctly, but this is not the best answer. Also, the choice of Ipconfig /release and Ipconfig /renew was not successful, so it's not the best answer either. The other options, IP routing and WINS proxy not being enabled, are not primary factors in the scenario.




MCSE 70-293 Exam Cram. Planning and Maintaining a Windows Server 2003 Network Infrastructure
MCSE 70-293 Exam Cram: Planning and Maintaining a Windows Server 2003 Network Infrastructure (2nd Edition)
ISBN: 0789736195
EAN: 2147483647
Year: 2004
Pages: 123

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net