Chapter 12. Practice Test 2

You create a one-way demand-dial interface between a branch office and corporate office. The connection is used by clients for Web access. You only want HTTP traffic to initiate the connection. How should you proceed?

• A. Create a RIP route filter for port 80 .

• B. Configure an IP demand-dial filter for port 80 .

• C. Create a RIP route filter for port 21 .

• D. Configure a connection filter for port 80 .

How can you prevent the reuse of previously generated session keys?

• A. Unassign and assign the IP Security Policy.

• B. From the rules Properties window, select the Do Not Use Previous Keys option.

• C. From the rules Properties window, select the Master Key Perfect Forward Secrecy option.

• D. Restart the IPSec-enabled client workstation.

Your network consists of three subnets: Subnet A, Subnet B, and Subnet C. There is an RRAS server on Subnet C configured with a range of IP addresses to assign to remote access clients. There are two DNS servers on the network: DNS01 and DNS02 . You would like remote access clients to use DNS02 . What should you do?

• A. Configure the RRAS server to use DHCP. Install a DHCP server on Subnet C. Configure a scope on the DHCP server for the remote access clients. Configure the DHCP relay agent on the DNS server.

• B. Install a DHCP server on the network and configure the RRAS server to use DHCP for IP address assignment. Configure a scope on the DHCP server for the remote access clients.

• C. Install a DHCP server on the network. Configure a scope on the DHCP server for remote access clients. Configure RRAS to use DHCP. Configure the relay agent on the DHCP server.

• D. Install a DHCP server on the network. Configure a scope on the DHCP server for remote access clients. Configure RRAS to use DHCP. Configure the relay agent on the RRAS server.

Several DHCP servers are being deployed in different domains throughout the forest. Of which group must you be a member to authorize the DHCP servers?

• A. DNSUpdateProxy

• B. Enterprise Admins

• C. Domain Admins

• D. Administrators

For security purposes, your senior administrator does not want users to be able to encrypt any of their files. He asks you to remove this capability for all users within the domain. How should you proceed?

• A. Edit the domain group policy. Delete the Encrypted Data Recovery Agents container. Initialize the empty policy.

• B. Disable the Encrypted Data Recovery Agents container within Active Directory Users and Computers.

• C. Delete the Encrypted Data Recovery Agents container within the Certificate Authority snap-in.

• D. Delete the Encrypted Data Recovery Agents container within the Certificates snap-in.

A routed IP network has a mixture of WINS and non-WINS clients. Three of the seven subnets contain WINS servers. Several users report that they are unable to browse hosts on other subnets. Upon investigating the reports , you discover that the problem is affecting only non-WINS clients. How can the B-node broadcasts be resolved across the network?

• A. Configure static mappings for the non-WINS clients.

• B. Install a WINS proxy on each subnet that does not have a local WINS server.

• C. Configure replication between the three WINS servers.

• D. Configure a DHCP relay agent on each subnet.

Seaside is planning its DNS implementation. The network currently consists of 250 workstations running Windows 2000 Professional and five Windows 2000 servers. Three of the servers are domain controllers and the remaining two are member servers. The workstations and servers are spread out between two office locations. The following requirements must be met:

• Fault tolerance must be provided for the zone.

• Hostnames should be cached on the DNS servers.

• Users should be able to resolve hostnames locally.

• Dynamic updates should only be performed by specific users.

You propose the following:

• Install DNS on the two member servers.

• Configure one as the primary server and the other as the secondary server.

• Place a DNS server in each of the offices.

• Enable dynamic updates for the zone.

Which of the following are met by your proposal? [Choose all that apply.]

• A. Fault tolerance is provided for the zone.

• B. Hostnames are cached on the DNS server.

• C. Users can resolve hostnames locally.

• D. Dynamic updates can be performed only by specific users and groups.

You have recently added two new Windows 2000 Professional workstations to the network. Existing computers access the Internet through a NAT server. How can you configure the new computers to use the NAT server?

• A. Install the NAT client on both workstations.

• B. Configure Internet Explorer to use a proxy server.

• C. Configure the gateway on each client to point to the internal IP address of the NAT server.

• D. Configure the clients to use DHCP.

You have a Windows NT 4.0 member server configured as a RAS server and a Windows 2000 RRAS server running on your Windows 2000 domain. The domain is running in native mode. Remote access users can successfully authenticate with the Windows 2000 server but not with the Windows NT 4.0 server. What requirement must be met for users to authenticate with the Windows NT RAS server?

• A. Permissions must be compatible with pre-Windows 2000 servers.

• B. The domain must be running in mixed mode.

• C. All user accounts must be re-created on the Windows NT system.

• D. The Windows NT system must be upgraded to a BDC.

During certain times of the day, your WINS server is overburdened with name registration requests. How can you increase the number of name registration requests that a WINS server can handle so clients do not receive negative responses?

• A. Use persistent connections.

• B. Use burst handling.

• C. Add another WINS server.

• D. Configure the refresh interval.

You notice that the CRL is published only on a weekly basis. You need to change the interval to once a day. How should you proceed?

• A. Edit the Registry on the CA.

• B. Open the Certificates snap-in. Edit the Properties of the Issued Certificates container.

• C. Open the Certificates Authority snap-in. Edit the Properties of the Revoked Certificates container.

• D. Open the Certificates snap-in. Edit the Properties of the Revoked Certificates container.

• E. Open the Certificates Authority snap-in. Edit the Properties of the Issued Certificates container.

You configured a demand-dial interface. You have been asked to reduce the cost associated with using the link. Upon examining the settings of the interface, you notice that it is a persistent connection. You change it to a demand-dial. You want the connection terminated after five minutes of inactivity. How should you proceed?

• A. Configure the dial-out hours for the connection.

• B. Configure the redial attempts to five minutes.

• C. Configure the idle time before disconnect to five minutes.

• D. Configure the maximum session time to five minutes.

Your network consists of two subnets: subnet A and subnet B. Subnet A has a WINS server that is used by all clients on the network to resolve NetBIOS names to IP addresses. A Windows 2000 DHCP server assigns IP addresses to clients. The DHCP option 044 WINS/NBNS Servers option is configured at the scope level to assign clients the IP address of WINSRVA . You move the WINS server from subnet A to subnet B and configure the 044 WINS/NBNS option at the server level to assign clients the new IP address of the WINS server. You discover that clients are still being assigned the old IP address. What is causing the problem?

• A. Clients must use the ipconfig /renew command to obtain the new WINS IP address.

• B. The IP address of the WINS server must be statically configured on client workstations.

• C. You must configure the 046 WINS/NBT node type.

• D. The new 044 WINS/NBNS option has to be configured at the scope level.

You have been asked to ensure that the IP Security policy put into place secures all communications while still allowing non-IPSec aware clients to authenticate. Which of the following policies should you use?

• A. Client (respond only)

• B. Server (request security)

• C. Secure server (require security)

• D. Secure client (respond only)

You want to clear the contents of the cache on your DNS server. How can you most easily accomplish this?

• A. Uninstall the DNS Server Service.

• B. Delete the cache.dns file.

• C. Use the Clear Cache option from the DNS server's property window.

• D. Use the Clear Cache option from the Action menu.

Which of the following statements are true of Network Address Translation? [Choose all that apply.]

• A. NAT only uses a fixed range of IP addresses to assign to clients.

• B. NAT supports multiple public IP addresses.

• C. NAT supports a configurable range of IP addresses for internal clients.

• D. Internal services cannot be made available to Internet users with NAT.

Your network consists of three UNIX servers that provide name resolution services. The servers are all configured with static IP addresses. How can you ensure that the DHCP server does not assign these three IP addresses to any DHCP clients on the network?

• A. Configure client reservations for the three UNIX servers.

• B. Exclude the three IP addresses from the scope.

• C. Place the UNIX servers on a separate subnet.

• D. Create a superscope for the three IP addresses.

You want to give a specific user on the network the capability to view the WINS database. However, you are concerned about the user making configuration changes. How can you limit the user's permissions so they can only view the database contents?

• A. Add the user account to the Administrators group.

• B. Add the user account to the Domain Admins groups.

• C. Add the user account to WINS Administrators.

• D. Add the user account to WINS Users.

RRAS is installed on Server1 . All remote access clients are running Windows 2000 Professional. You want to configure the most secure authentication protocol. Which of the following should you enable?

• A. PAP

• B. CHAP

• C. MS-CHAP version1

• D. MS-CHAP version2

You have recently moved your small home office to a new location. The network now consists of five computers with no plans for expansion. You perform all network administrative tasks , although your experience and knowledge is very limited. There is currently one Internet connection. Which of the following would be the best solution for Internet connectivity without incurring additional costs?

• A. Dedicated Internet connections

• B. ICS

• C. RIP

• D. NAT

Which of the following options ensures that routes learned from a network are not announced on that network?

• A. Triggered updates

• B. Split horizon

• C. Periodic announcement interval

• D. Clean-up updates

A group of servers has been placed in an OU. An IPSec policy is created and configured. What is your next step in applying the policy to the OU?

• A. Use the secedit /refreshpolicy machine_policy command.

• B. Restart the servers.

• C. Enable the IP security policy.

• D. Assign the IP security policy.

You have finished upgrading the workstations on your network to Windows 2000 Professional. The primary and secondary DNS servers are running on Windows NT 4.0 domain controllers. There is also a Windows 2000 DHCP server. Upon examining the zone database, you notice that the records are not being dynamically updated. What must you do?

• A. Upgrade the Windows NT 4.0 DNS servers to Windows 2000 DNS.

• B. Install service pack 4 or higher on the Windows NT 4.0 DNS servers.

• C. Configure the clients to perform dynamic updates through the properties of TCP/IP.

• D. Configure the DHCP server to perform the updates on behalf of clients.

You have recently configured an Enterprise CA on your company's network. You want to see the certificates that have currently been issued. Where can you go to view such information?

• A. Under Issued Certificates within the Certificates console.

• B. Under Issued Certificates within Active Directory Users and Computers.

• C. Under Issued Certificates within Computer Management.

• D. Under Issued Certificates within the Certificate Authority snap-in.

You have a Windows 2000 DNS server and a Windows 2000 DHCP server on the network. Both are configured as member servers in the domain. The DHCP server is configured to update all records with the DNS server because clients are running Windows NT 4.0. After the workstations are upgraded to Windows 2000 Professional, the DHCP server is configured to no longer update the DNS server. However, some of the Windows 200 clients are unable to update their records. What has caused this to occur?

• A. The DHCP server was not a member of the DNSUpdateProxy group.

• B. The workstations have not been configured to perform dynamic updates.

• C. The DNS server is no longer configured to accept dynamic updates.

• D. The clients are not configured with the IP address of the DNS server.

The WINS server on the local subnet is configured as a replication partner with other WINS servers on the network and you are now concerned about the integrity of the WINS database. How can you verify the entries within the local WINS servers database?

• A. Back up and restore the WINS database.

• B. Use the Verify Database Consistency option.

• C. Use the Verify WINS Entries options.

• D. Force replication between the WINS servers.

Which of the following DNS servers support SRV records? [Choose all that apply.]

• A. Windows 2000

• B. BIND 4.9.6

• C. BIND 8.1.3

• D. Windows NT 4.0

Which of the following protocols can be used to establish a VPN tunnel with a Windows 2000 VPN server? [Choose all that apply.]

• A. PPP

• B. PPTP

• C. SLIP

• D. L2TP

You are configuring a user account on the answering router that will be used to authenticate the calling router. Which of the following tasks should be done when configuring the password options? [Choose all that apply.]

• A. Enable User Must Change Password at Next Logon

• B. Disable Password Never Expires

• C. Enable Password Never Expires

• D. Disable User Must Change Password at Next Logon

You've just revoked a certificate for an employee who has been terminated from the organization. You'd like to publish the CRL immediately instead of waiting for the publishing interval to expire. How should you proceed?

• A. Right-click the revoked certificate and choose Publish Now.

• B. Right-click the Revoked Certificates container and choose Publish.

• C. Right-click the CRL container and choose Update.

• D. Right-click the CRL container and choose Publish.

Your network hosts a single NetWare server and multiple Windows 2000 servers. The NetWare server is running version 3.12. How should you configure the frame type?

• A. The frame type must be manually configured for 802.3 .

• B. The frame type must be manually configured for 802.2 .

• C. Leave the frame type to autodetect.

• D. Leave the frame type to autoselect.

Which of the following statements are true regarding Internet Connection Sharing?

• A. ICS can only be enabled on computers running Windows 2000 Server.

• B. ICS supports a fixed range of IP addresses with the DHCP Allocator.

• C. Additional software must be installed on client workstations to use ICS.

• D. ICS is enabled through Routing and Remote Access.

You have just finished installing DNS. You need to add a record into the zone file for the mail server on the domain. Which type of resource record should be created?

• A. A

• B. MX

• C. PTR

• D. CNAME

Users on the network require remote access. All users should have the same remote access security requirements except the Administrators group. How should you configure RRAS?

• A. Create two groups within RRAS, one for Users and one for Administrators. Create two remote access policies and use the Windows Groups condition to apply each policy to the appropriate set of users.

• B. Create two groups within Active Directory User and Computers, one for Users and one for Administrators. Create two remote access policies and use the Windows Groups condition to apply each policy to the appropriate set of users.

• C. Create two groups within RRAS. Configure different settings within a single policy for each group.

• D. Create two access policies. Using the Dial-in tab for each user account, specify which remote access policy should be applied.

Your internetwork consists of 10 subnets. All subnets are connected using Windows 2000 RRAS servers. Persistent demand-dial connections have been created between all routes. You do not want an increase in broadcast traffic from routing table updates. Changes should be propagated immediately. Which of the following should you implement?

• A. Static routes

• B. ICMP

• C. OSPF

• D. RIPv1

Which of the following URLs can be used to access the Web-based enrollment page?

• A. http://< servername >/CertEnroll/default.asp

• B. http://<servername>/CertSrv/default.asp

• C. http://<servername>/CertWeb/default.asp

• D. http://<servername>/CertIssue/default.asp

In which order are DHCP options applied?

• A. Scope, Class, Client, Server

• B. Client, Class, Scope, Server

• C. Server, Scope, Class, Client

• D. Class, Server, Scope, Client

Which of the following name-resolution methods is used by a client configured to use M-node?

• A. Broadcast and then NetBIOS name server

• B. Broadcast only

• C. NetBIOS name server only

• D. NetBIOS name server and then broadcast

Workstations on the internal network will access the Internet through a Windows 2000 Server configured for NAT. You have been assigned multiple public IP addresses. How should you configure the public interface of the NAT server?

• A. Configure multiple IP addresses through the properties of TCP/IP.

• B. Using the Address Assignment tab within the Network Address Translation properties window.

• C. Using the Address Pool tab within the Network Address Translation properties window.

• D. Using the Address Pool tab within the properties window of the public connection.

You have recently placed a Windows 2000 server that was running in a NetWare environment on your Windows 2000 network. TCP/IP needed to be installed and NWLink was removed. Which of the following commands can you use to verify that the new server can communicate with hosts on the network using TCP/IP?

• A. ipconfig

• B. ping

• C. arp

• D. icmp

Which of the following commands allows you to clear the cache on a Windows 2000 Professional workstation?

• A. ipconfig /clearcache

• B. ipconfig /all

• C. ipconfig /flushdns

• D. ipconfig /cleardns

You want to increase the amount of time that must lapse before a client is required to renew its NetBIOS name with the WINS server. Which of the following parameters should you configure?

• A. Update Interval

• B. Renew Interval

• C. Refresh Interval

• D. Registration Interval

You install the DHCP server service on a Windows 2000 member server. The server has been authorized and a scope has been configured. When you use the ipconfig command on the Windows 2000 Professional workstations, you find that they are all assigned an IP address in the range of 169.254.x.x . What is causing the problem?

• A. The clients are not DHCP-enabled.

• B. The DHCP scope has not been activated.

• C. The DHCP server has not been activated.

• D. The DHCP server service must be installed on a domain controller.

Your senior network administrator has informed you that an employee is leaving the company for unspecified reasons. You have been asked to revoke the user's certificate immediately. How should you proceed?

• A. Revoke the certificate through the properties of the user account.

• B. Revoke the certificate within the Certificate snap-in.

• C. Revoke the certificate within the Certificate Manager console.

• D. Revoke the certificate within the Certificate Authority snap-in.

You have 20 clients that will be accessing your VPN server. You need to increase the number of available PPTP ports. How can you accomplish this?

• A. Within the Routing and Remote Access console, open the Properties window for the server and select the Ports tab.

• B. Within the Routing and Remote Access console, open the Properties window for the remote access policy and select the Ports tab.

• C. Within the Routing and Remote Access console, open the Properties window for the Ports option.

• D. Within the Routing and Remote Access console, open the Properties window for the Ports option and select the PPTP tab.

A single Internet connection will be shared among 10 workstations. You want to be able to continue using the existing DHCP server and the existing IP address scheme while not incurring additional costs. Which of the following solutions should you choose?

• A. NAT

• B. RIP

• C. ICS

• D. CIS

You are implementing an IP security policy for your network. It's a low security environment, so secure communications are not required. The policy you enable should allow IPSec-aware clients to use secure communications when they request it. Which of the following policies should you use?

• A. Server (request security)

• B. Secure server (require security)

• C. Client (respond only)

• D. Secure client (request security)

Your internetwork consists of 10 subnets. All subnets are connected using Windows 2000 RRAS servers. Non-persistent demand-dial connections have been configured. You do not want to manually update routing tables. You want to configure password authentication between routers. Which of the following should you implement?

• A. Static routes

• B. ICMP

• C. OSPF

• D. RIPv2

Two DHCP servers are configured on a network with two subnets. How can you configure the scopes so the DHCP servers can provide fault tolerance for one another?

• A. Configure replication to occur between the two DHCP servers.

• B. Nothing needs to be done because DHCP servers on the same network share scope information to provide fault tolerance.

• C. Configure each server with a range of IP addresses for both subnets.

• D. Configure all clients with the IP address of both DHCP servers.

You are trying to configure secure updates on your DNS server. When you open the property window for the zone you do not see the Only Secure Updates option. What is causing this to occur?

• A. You are not logged on as the administrator.

• B. You do not have permission to dynamically update the zone database.

• C. The zone is configured as an Active Directory integrated zone.

• D. The zone is configured as a standard primary zone.

Which of the following statements is true in regards to two-way demand-dial connections?

• A. The user account name on the answering router must match the demand-dial interface name on the calling router.

• B. The demand-dial interface names must be identical.

• C. The user account names on both routers must be identical.

• D. The user account name on the answering router must be different than the interface name on the calling router.

You are installing a RAS server on the network to provide business managers with remote access. You need to meet the following requirements:

• Only business managers should be permitted access.

• Users in this group should have access any time of the day except weekends.

• Remote clients should be automatically assigned an IP address.

• Remote clients should be assigned optional parameters needed to communicate on the internal network.

You perform the following tasks:

• Enable routing and remote access.

• Configure the RAS server with a range of IP addresses.

• Configure the user account properties to control access through a remote access policy.

• Delete the default remote access policy and create a new one.

• Edit the conditions of the profile to only allow access to the remote users group and allow use from Monday through Friday with no restrictions on time.

• Set the permissions of the policy to allow access.

Which of the following requirements are met? [Choose all that apply.]

• A. Only business managers are permitted access.

• B. Users can dial in anytime between Monday and Friday.

• C. All remote users are assigned an IP address.

• D. All remote users are assigned any required optional parameters.

You would like to edit the ACL of existing templates to limit which types of certificates users are permitted to enroll for. How can you change the permissions assigned to certificate templates?

• A. Within Active Directory Users and Computers.

• B. Within the Certificate Authority snap-in.

• C. Within Active Directory Sites and Services.

• D. Within the Certificate snap-in.

Which of the following components does TCP/IP use to determine whether a destination host is local or remote?

• A. IP address

• B. Subnet mask

• C. Default gateway

• D. IP filter

You are in charge of implementing DHCP on the local subnet. The subnet consists of 150 Windows 2000 Professional workstations, 20 Windows 95 workstations, three Windows 2000 domain controllers, and two Windows 2000 DNS servers. The domain controllers are all configured with static IP addresses. With your implementation, the following requirements must be met:

• All hosts must be assigned a unique IP address.

• There should be no IP address conflicts on the network.

• Host and PTR records for all clients should be updated by the DHCP server.

• All clients should be configured with the IP address of the default gateway.

You perform the following tasks:

• Install DHCP on a member server.

• Authorize the server.

• Configure and activate a scope.

• Configure the 003 router option at the scope level.

• Configure the DHCP server to Always Update DNS and Enable updates for DNS clients that do not support dynamic updates.

Which of the following requirements are met by your implementation? [Choose all that apply.]

• A. All hosts are assigned an IP address.

• B. IP address conflicts are eliminated.

• C. All host and PTR records are updated by the DHCP server.

• D. Clients are configured with the IP address of the default gateway.

If a client is configured to use P-node for name resolution, which of the following methods are used to resolve NetBIOS names to IP addresses?

• A. NetBIOS name server

• B. Broadcast

• C. NetBIOS name server and then broadcast

• D. Broadcast and then NetBIOS name server

An IP address of 192.168.0.1 belongs to which of the following address classes?

• A. Class A

• B. Class B

• C. Class C

• D. Class D

Which of the following parameters can be used with the route command to ensure a static route is not deleted from the routing table upon restart?

• A. /f

• B. /s

• C. /r

• D. /p

You are installing a RAS server on the network to provide business managers with remote access. The following requirements must be met:

• Only business managers should be permitted access.

• Users in this group should have access any time of the day except weekends.

• Remote clients should be automatically assigned an IP address.

• Remote clients should be assigned optional parameters needed to communicate on the internal network.

You perform the following tasks:

• Enable Routing and Remote Access.

• Configure the RAS server to use DHCP and configure the relay agent component.

• Configure the user account properties to control access through a remote access policy.

• Delete the default remote access policy and create a new one.

• Create a new group called remoteusers within the Active Directory Users and Computers snap-in and add the business managers.

• Edit the conditions of the profile to allow access to only the remote users group and allow use from Monday through Friday with no restrictions on time.

• Set the permissions of the policy to allow access.

Which of the following requirements are met? [Choose all that apply.]

• A. Only business managers are permitted access.

• B. Users can dial in anytime between Monday and Friday.

• C. All remote users are assigned an IP address.

• D. All remote users are assigned any required optional parameters.

You are configuring a LMHOSTS file for use by clients to resolve NetBIOS names to IP addresses. To facilitate the logon process, you want to place entries in the file for domain controllers on the network. Which of the following directives should be included when creating the entries for the domain controllers?

• A. #pre

• B. #MH

• C. #Include

• D. #DOM:domain_name