Chapter 11. Answer Key for Practice Test 1

1. C

16. C

31. A, B

46. C

2. C

17. C

32. A, C

47. B

3. A, D

18. A

33. C

48. C

4. C

19. C

34. D

49. A

5. A, C

20. B, C

35. D

50. D

6. D

21. B

36. B

51. C

7. A, C, D, F

22. A

37. C

52. C, D

8. A, C, D

23. C

38. E

53. D

9. B

24. A, B, C

39. B

54. C

10. B

25. B

40. C

55. B

11. A

26. A

41. C

56. A

12. D

27. A

42. D

57. C

13. B

28. D

43. B

58. A

14. A

29. C

44. A

59. C

15. A, B

30. D

45. B

60. B

Question 1

Answer C is correct. When clients are configured to use H-node, they contact a NetBIOS name server first. If the server does not respond, a local broadcast will be used to resolve the name . Answer A is incorrect because clients using P-node use only a NetBIOS name server to resolve names . Answer B is incorrect because clients using B-node perform broadcasts. Answer D is incorrect because clients using M-node perform a broadcast, and then use a NetBIOS name server.

Question 2

Answer C is correct. To use the callback feature, you must select Link Control Protocol (LCP) Extensions from the RRAS server's properties window. Therefore, answers A, B, and D are incorrect.

Question 3

Answers A and D are correct. Both Windows 2000 and BIND 8.1.3 DNS servers support dynamic updates. Therefore, answers B and C are incorrect.

Question 4

Answer C is correct. For a two-way demand-dial connection to work, the user account names used for authentication must be identical to the name assigned to the demand-dial interface name on the calling routers. Therefore, answers A, B, and D are incorrect.

Question 5

Answers A and C are correct. Windows 2000 supports the detection of rogue DHCP servers. For a DHCP server to assign IP addresses to clients, they must first be authorized in Active Directory and DHCP must be installed on a member server or domain controller. Answer B is incorrect because the DHCP server service cannot be installed on a Windows 2000 Professional workstation. Answer D is incorrect because the server must be a member of the domain to be authorized in Active Directory.

Question 6

Answer D is correct. Because the certificate infrastructure should be implemented outside the domain, a standalone CA should be configured. The CA should be configured as a subordinate to a commercial CA so Internet clients are assured of your Web server's identity. Therefore, answers A, B, and C are incorrect.

Question 7

Answers A, C, D, and F are correct. Windows 2000 provides NAT editors for the following protocols: FTP, PPTP, ICMP, and NetBIOS over TCP/IP. Therefore, answers B, E, and G are incorrect.

Question 8

Answers A, C, and D are correct. When configuring TCP/IP filtering, IP traffic can be filtered based on the IP protocol, a UDP port, or a TCP port. Traffic cannot be filtered based on IP addresses; therefore, answer B is incorrect.

Question 9

Answer B is correct. Because Routing and Remote Access is installed by default, the first thing you need to do is enable it within the Routing and Remote Access snap-in; therefore, answer A is incorrect. A remote access policy and profile settings cannot be configured until the service is enabled; therefore, answers C and D are incorrect.

Question 10

Answer B is correct. The first thing that should be verified is that the a shorter lease duration has not been configured. Once that has been verified , you can begin using the other tools to troubleshoot the problem if it continues. Therefore, answers A, C, and D are incorrect.

Question 11

Answer A is correct. Using the #Pre option within the LMHOSTS file specifies that a specific record be preloaded into the local cache. Answer B is incorrect because there is no such option. Answer C is incorrect because the #MH option indicates a multihomed computer. Answer D is incorrect because the #Include option indicates a LMHOSTS file other than the default should be used.

Question 12

Answer D is correct. By configuring caching-only servers within each location, you can decrease the name resolution response time for users. Because the caching-only servers do not maintain any zone information, no traffic is generated from zone transfers. Therefore, answers A, B, and C are incorrect.

Question 13

Answer B is correct. The IP address of 131.107.2.10 is a class B address. Answer A is incorrect because class A addresses are in the range of 1 “126. Answer C is incorrect because class C addresses are in the range of 192 “223. Answer D is incorrect because class D addresses are in the range of 224 “247.

Question 14

Answer A is correct. Because the CA must integrate within Active Directory, an enterprise CA must be configured. An enterprise root CA must be installed because no other CA exists on the network. Answer B is incorrect because a parent CA is required to install an enterprise subordinate CA. Answers C and D are incorrect because standalone CAs do not use Active Directory.

Question 15

Answers A and B are correct. For nonpersistent demand-dial connections, either RIPv1 or RIPv2 can be used. Answer C is incorrect because OSPF is not supported for non-persistent connections. Answer D is incorrect because ICMP is not a routing protocol.

Question 16

Answer C is correct. ICS can be enabled using the Sharing tab within the Properties window for the Internet connection. You can access the properties window through the network and Dial-up Connections applet. Answer A is incorrect because the Networking tab is used to install and configure network services and protocols. Answers B and D are incorrect because ICS is not enabled using the Routing and Remote Access snap-in.

Question 17

Answer C is correct. The WINS database can be backed up automatically by specifying the backup path on the General tab within the WINS server's properties window. Once the backup path is specified, the database is backed up every three hours. Therefore, answers A, B, and D are incorrect.

Question 18

Answer A is correct. If the hostname cannot be resolved using the nslookup command, adding a host record to the zone file will allow you to resolve the name to an IP address. Answer B is incorrect because Wrk02 is not the hostname being resolved. Answers C and D are incorrect because PTR records are used to map IP addresses to their associated hostnames.

Question 19

Answer C is correct. If clients have not been configured with the IP address of the default gateway, they cannot access resources outside of their local subnet. Answer A is incorrect because the clients are already successfully leasing IP addresses from the server. Answer B would solve the problem but it would not be the easiest solution; therefore, it is also incorrect. Answer D is incorrect because configuring the DNS server option allows clients to resolve hostnames but does not give them access outside of the local subnet.

Question 20

Answers B and C are correct. Certificate Services can be installed using the Add/Remove Programs applet or during the installation of Windows 2000. Therefore, answers A and D are incorrect.

Question 21

Answer B is correct. ISAKMP/OAKLEY is responsible for negotiating security associations before any IP data is transferred. This includes authentication, hashing, and encryption methods . Answer A is incorrect because this is a management tool used for creating and managing IP Security policies. Answer C is incorrect because the IPSec driver is responsible for securing the data before it is transferred. Answer D is incorrect because the IPSec policy agent is responsible for retrieving policy information.

Question 22

Answer A is correct. When using the Routing and Remote Access Server setup wizard to configure NAT, you select the option to configure an Internet connection server. Therefore, answers B and C are incorrect. Answer D is incorrect because there is no such option.

Question 23

Answer C is correct. The Bandwidth Allocation Protocol (BAP) is used to enhance the functionality of multilink and allow lines to be dynamically added and dropped. Answer A is incorrect because LCP is used by the callback feature. Answer B is incorrect because PPP is used to establish dial-up connections. Answer D is incorrect because EAP is an authentication protocol.

Question 24

Answers A, B, and C are correct. Implementing RIPv2 means the routing tables do not need to be manually updated and changes to the routing table will occur dynamically. RIPv2 also supports security features such as password authentication and RIP route filters. Answer D is incorrect because RIPv2 broadcasts updates to all routers; routers cannot be logically grouped into areas.

Question 25

Answer B is correct. The DHCP service should be installed on a Windows 2000 member server. Because more than one DHCP server will be performing updates, the DHCP servers must be placed in the DNSUpdateProxy group. Because domain controllers running DHCP should not be placed in this group , the DHCP server service should be installed on a Windows 2000 member server. Therefore, answers A, C, and D are incorrect.

Question 26

Answer A is correct. To view the statistics for your WINS server, right-click the WINS server within the management console and select Display Server Statistics. Answer B is incorrect because enabling event logging logs errors and warnings to the System log. Answer C is incorrect because there is no such option on the Advanced tab. Answer D is incorrect because configuring the update interval only specifies how often server statistics should be updated.

Question 27

Answer A is correct. Active Directory integrated zones can only be configured on Windows 2000 domain controllers with the DNS server service installed. Therefore, answers B, C, and D are incorrect.

Question 28

Answer D is correct. The Internet layer is responsible for addressing and routing IP packets. Answer A is incorrect because the Application layer is used by applications to access the network. Answer B is incorrect because the Transport layer is responsible for session establishment. Answer C is incorrect because the Network layer is responsible for sending and receiving frames over the physical medium.

Question 29

Answer C is correct. To support browsers other than Internet Explorer, the authentication method for the CertSrv virtual directory must be set to Basic. Answer A is incorrect because clients may not support Internet Explorer. Answer B is incorrect because Web-based enrollment can be used with browsers other than Internet Explorer. Answer D is incorrect because there is no client software that needs to be installed.

Question 30

Answer D is correct. Elements of a remote access policy are evaluated in the following order: conditions, permissions, and then profile settings. Therefore, answers A, B, and C are incorrect.

Question 31

Answers A and B are correct. RIPv1 uses broadcasts to dynamically update changes as they occur. Answer C is incorrect because RIPv1 does not support password authentication. Answer D is incorrect because RIPv1 does not support the logical grouping of routers into areas.

Question 32

Answers A and C are correct. By creating a client reservation for each of the print servers, you ensure that they will always lease the same IP address. The IP addresses must also be excluded from the scope to avoid any IP address conflicts. Therefore, answers B and D are incorrect.

Question 33

Answer C is correct. To enable a computer as a WINS proxy, change the EnableProxy value to 1 within the local Registry. Answers A and B are incorrect because you do not have to install additional software to enable a WINS proxy. Answer D is incorrect because there is no option called WINSProxy within the Registry.

Question 34

Answer D is correct. To use secure updates, the zones must be changed to Active Directory integrated. Secure updates can be enabled using the General tab from the zone's properties window and selecting Only secure updates. Therefore, answers A, B, and C are incorrect.

Question 35

Answer D is correct. Before an enterprise CA can be installed, a DNS server must be available. Answer A is incorrect because enterprise CAs require Active Directory. Answer B is incorrect because WINS is not required. Answer C is incorrect because enterprise CAs are installed to issue certificates to domain users.

Question 36

Answer B is correct. To permit HTTP and FTP traffic, you would have to permit traffic to TCP ports 80 and 21 . Therefore, answers A, C, and D are incorrect.

Question 37

Answer C is correct. For DNS name resolution to occur, the internal interface of the NAT server must be configured with the IP address of the ISP's DNS server. Therefore, answers A, B, and D are incorrect.

Question 38

Answer E is correct. Because OSPF cannot be used with nonpersistent demand-dial connections, none of the requirements would be met by the proposed solution. Therefore, answers A, B, C, and D are incorrect.

Question 39

Answer B is correct. The first elements in a remote access policy to be evaluated are the conditions. The first policy to match the conditions of the connection attempt is evaluated for permissions. If the permissions of that policy deny the user access, the connection attempt is denied . Therefore, answers A, C, and D are incorrect.

Question 40

Answer C is correct. The refresh interval determines how often the secondary servers poll the primary server for updates to the zone database file. Answer A is incorrect because the retry interval determines how often a secondary server will continue to contact the primary server if it does not respond. Answer B is incorrect because there is no such configurable setting as the polling interval. Answer D is incorrect because TTL specifies how long records from that zone should remain in the cache.

Question 41

Answer C is correct. If demand dialing has been enabled, clients will only be able to access the Internet when the ICS server has an Internet connection established. Once disconnected, the server will not auto-dial the connection for internal clients. Answer A is incorrect because if ICS was disabled, clients would never be able to access the Internet. Answer B is incorrect because the IP address range assigned out with ICS is not configurable. Answer D is incorrect because name resolution with ICS is in the form of the DNS proxy, which cannot be disabled.

Question 42

Answer D is correct. To have optional parameters assigned to remote access clients, the DHCP relay agent must be configured on the RAS server. Answer A is incorrect because the relay agent needs to be configured to pass the messages between the remote client and the DHCP server. Answer B is incorrect because the WINS proxy agent is used to forward name resolution requests and updates to the WINS database between subnets connected by routers. The IP settings can be manually configured but it's simpler from an administrative perspective to use the relay agent.

Question 43

Answer B is correct. If a static mapping has been configured for a DHCP client, a client reservation must be configured on the DHCP server so the client always leases the same IP address. Answer A is incorrect because static mappings cannot be enabled for dynamic updates. Answer C is incorrect because client reservations are not configured on the WINS server. Answer D is incorrect because, although the record could be deleted and re-created, it would have to be done each time the client leased a new IP address.

Question 44

Answer A is correct. For the Web server to be accessible to Internet users, a special port must be created that maps port 80 and the public IP address of the NAT server to port 80 and the private IP address of the internal Web server. Therefore, answers B, C, and D are incorrect.

Question 45

Answer B is correct. To ensure the IP address of the network interface printers did not change when the DHCP server was placed on the network, client reservation should have been defined. Therefore, answers A and C are incorrect. Answer D is incorrect because there is no such option in DHCP called a client exclusion.

Question 46

Answer C is correct. Revoked certificates do not appear on the CRL until the publishing interval has expired . This is not the next time that the CRL will be updated. Answers A and D are incorrect because the revoked certificates will automatically appear on the CRL. How long it takes for them to appear depends on the publishing interval. Although the CA can be manually published, it is not necessary. Answer B is incorrect because there is no such option.

Question 47

Answer B is correct. When configuring the binding order, the most frequently used protocols should be listed first to optimize network communication and traffic. Therefore, answers A, C, and D are incorrect.

Question 48

Answer C is correct. The correct syntax when adding a persistent route adding the route command is route “p add < network > mask < subnetmask > < gateway > metric . Therefore, answers A, B, and D are incorrect.

Question 49

Answer A is correct. You can increase fault tolerance by configuring the servers as secondary servers. The existing secondary servers can be configured as the master name servers so no extra traffic will be generated across the WAN link from zone transfers. Answers B and D are incorrect because caching-only servers would not provide fault tolerance for the existing zone. Answer C is incorrect because configuring the primary server as the master name server means the new secondary servers would get their zone information from this server, generating more traffic across the WAN links.

Question 50

Answer D is correct. When a client is configured for H-node, it resolves NetBIOS names using the following method: NetBIOS name cache, WINS, broadcast, LMHOSTS, HOSTS, DNS. Therefore, answers A, B, and C are incorrect.

Question 51

Answer C is correct. For applications to function through the ICS computer, you must configure the TCP and/or UDP port numbers used by the application on the ICS computer. Therefore, answers A, B, and D are incorrect.

Question 52

Answers C and D are correct. To install an enterprise CA, Active Directory and DNS must be present. Answer A is incorrect because WINS is not required. Answers B and E are incorrect because a root CA is not made a child CA. There can be only one root CA in a hierarchy and a root CA cannot be made subordinate to another CA.

Question 53

Answer D is correct. Before you can create the superscope , you must define a separate scope for each range of IP addresses. Answers A and B are incorrect because the scopes must be defined first. Answer C is incorrect because a single scope can include only IP addresses from a single network ID.

Question 54

Answer C is correct. If the connection attempt does not match the conditions of the first policy in the list, the conditions of the next policy are evaluated. The permissions and profile settings of a policy are not evaluated until the connection attempt meets the conditions of a policy. Therefore, answers A, B, and D are incorrect.

Question 55

Answer B is correct. RIPv2 supports using multicasting for routing table updates. Because RIPv1 supports only broadcasts, RIPv1 routers cannot communicate with any RIPv2 routers configured to use multicasting. Answer A is incorrect because RIPv1 routers only support broadcasts. Answer C is incorrect because RIPv1 routers cannot use multicasting for routing table updates. Answer D is incorrect because the RIPv2 routers must be configured to use broadcasts to communicate with the RIPv1 routers.

Question 56

Answer A is correct. If users are unable to access secure Web pages, verify that TCP traffic is permitted for port 443 . This is the port used by secure HTTP (HTTPS). Answers B and D are incorrect because HTTPS uses port 443 . Answer C is incorrect because HTTPS uses TCP, not UDP.

Question 57

Answer C is correct. By configuring the order of use (either manually or using DHCP options), you can specify which DNS server clients will contact first when resolving hostnames. To load balance requests, configure half the clients to use the primary server first and the other half to use the secondary server first. Answer A is incorrect because requests are not automatically load balanced between DNS servers. Answers B and D are incorrect because there is no Load Balance Requests option available from either property window.

Question 58

Answer A is correct. The default location for the WINS database is %systemroot%\System32\Wins . Therefore, answers B, C, and D are incorrect.

Question 59

Answer C is correct. If you do not want to use the DHCP Allocator included with NAT to assign IP addresses to internal clients, you must use the Address Assignment tab within the properties of Network Address Translator and deselect the option to automatically assign IP address by using DHCP. Answer A is incorrect because this is configured within Routing and Remote Access. Answer B is incorrect because selecting this option enables the DHCP Allocator. Answer D is incorrect because clients cannot be configured to use a particular DHCP server.

Question 60

Answer B is correct. For the subordinate CAs to publish certificates within the new domain, they must be added to the Cert publishers group within the new child domain. Therefore, answers A, C, and D are incorrect.



Windows 2000 Network Infrastructure Exam Cram 2 (Exam 70-216)
MCSE Windows 2000 Network Infrastructure Exam Cram 2 (Exam Cram 70-216)
ISBN: 078972863X
EAN: 2147483647
Year: 2005
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net