Self Test

1.  

Your forest is structured according to the illustration in Figure 4.15. You have a group of developers in the east.fixed-wing.airplanes.com domain who need to access files in the development.central.biplanes.airplanes.com domain on a regular basis. The users are complaining that accessing the files in the development domain is taking an unacceptably long time. What can you do to improve their response time?

Figure 4.15: Figure for Question 1

1. Create a domain local group in the development domain and add the developers user accounts to it.

2. Create a shortcut trust between the east.fixed-wing.airplanes.com domain and the development.central.biplanes.airplanes.com domain.

3. Place the resources in the development domain into an OU. Use the Delegation of Control Wizard to grant the users in the east.fixed-wing.airplanes.com domain the appropriate permissions.

4. Create an external trust between the fixed-wing.airplanes.com domain and the biplanes.airplanes.com domain.

2.  

You are the network administrator for a medical research facility running Windows Server 2003. Your firm is beginning a joint research operation with a major university, and many of your users will need to access files and folders on the university s network. The university that you are partnering with uses a UNIX Kerberos environment. Your company s resources should not be accessible by the university staff. How can you accomplish this using the least administrative effort?

1. Create a two-way realm trust between your network and the UNIX network.

2. Create a one-way: outgoing external trust between your network and the UNIX network.

3. Create a one-way: incoming realm trust between your network and the UNIX network.

4. Create a one-way: outgoing realm trust between your network and the UNIX network.

3.  

You have a critical software update that needs to be installed for the Payroll OU of your Windows Server 2003 domain. You create a new GPO and assign the MSI package to the Computer Configuration section and then link the new GPO to the Payroll OU with the appropriate security filtering permissions. You send an e-mail to the members of the payroll department instructing them to log off their workstations and log back in to prompt the software installation to begin. You run the MBSA utility to verify installation of the patch, but you discover that it has not been installed, even after you ask the payroll users to log off and onto their workstations several times. What is the most likely reason that the software update has not been installed?

1. The workstations in the payroll department need to be rebooted before the software update will be installed.

2. Software installation packages can only be assigned at the domain level.

3. The software can be installed using the Add New Programs section of the Add/Remove Programs Control Panel applet.

4. Logon scripts are running asynchronously; they must be reconfigured to run synchronously.

4.  

Hope Pharmaceuticals is a large organization that is headquartered in Chicago, Illinois. The company has six other locations in North America and Europe. In North America, the company has locations in Chicago, New York, and Arizona. In Europe, it has locations in Paris, London, and Rome. The Active Directory infrastructure consists of two forests: one for North America and one for Europe. Recently, the Chicago location and the Paris location have been working together closely on deals and possible mergers. Users have started to complain of slow response times in authenticating and accessing resources in either domain. What would be the best way to improve authentication performance between Chicago and Paris?

1. Create a shortcut trust between the Chicago office and the Paris office.

2. Create a realm trust between the Chicago and Paris offices.

3. There is nothing you can do to improve performance.

4. Move the Paris domain into the North America forest.

5.  

You are the IT manager for an organization with three locations in Fresno, San Francisco, and La Jolla, running Windows Server 2003 on the server side and Windows XP Professional on the client side. To cut down on Internet bandwidth usage from the Windows Update client, you have installed an SUS server in each of the three locations. The SUS server is configured as the master SUS server, and Fresno and La Jolla s servers are configured as child servers. Microsoft releases a critical security update, and a few hours later you learn that a hacker group from Eastern Europe has already released an Internet worm to take advantage of any unpatched machines. You quickly download the new patch to your SUS server in San Francisco and approve the patch for distribution. Your CEO asks if your network is protected from this new threat, and you assure him that your patch management solution is up to the task. Unfortunately, you receive several calls toward the end of the day from users in Fresno who report that their machines are rebooting without warning and that network response time is almost nonexistent. On further investigation, you discover that the machines in Fresno and La Jolla were not updated with the new Microsoft patch and became victims of this new Internet worm. Your workstations and servers in the San Francisco office have received the patch. Why did SUS fail to update the machines in your two remote locations?

1. You did not install the SUS client on your client workstations.

2. The Internet connection between the Fresno and La Jolla offices did not permit the SUS traffic to pass.

3. The SUS servers in Fresno and La Jolla had not received the new update yet.

4. The security update was incompatible with your client workstations.

6.  

Your network is experiencing massive Internet bandwidth consumption from external sources. On investigating, you discover that a new Internet worm has been created that exploits a newly discovered vulnerability in Microsoft s Internet Information Service. You have seven IIS servers in your organization that are colocated in various cities across the United States to provide load balancing for your Web applications. Within Active Directory, all your Web servers are contained within a single OU. What is the quickest way to efficiently patch all your company s IIS servers against this new vulnerability while minimizing downtime for your Web server applications?

1. Force the SUS server to immediately update all machines in the domain.

2. Manually install the patch on each Web server.

3. Create a GPO within the Computer Configuration Software Installation settings. Link it to the Web Server OU. Reboot each Web server in turn so that the update can be applied.

4. Create a GPO within the User Configuration Software Installation settings. Link it to the Web Server OU. Perform a logout/login on each Web server so that the update can be applied.

7.  

You have 12 servers at various locations that you want to manage remotely. You have read about Emergency Management Services and believe this is a good solution for your environment. You review the hardware for each of the servers in question and determine that the firmware on all of them supports console redirection. Your servers are already running Windows Server 2003 and are x86-based systems. What is your next step in implementing EMS for these servers?

1. Use the EMS Special Administration Console to install EMS for the remote computer. Configure console redirection via the server firmware after EMS is installed.

2. Reinstall Windows Server 2003 from the installation CD. EMS configures itself during a bootable CD installation if the computer supports firmware console redirection and the Serial Port Console Redirection (SPCR) table.

3. Reboot the computer into Safe mode. Install EMS from the Run line, and then reboot to enable EMS.

4. Use Bootcfg.exe to edit the Boot.ini file located on the system partition root to enable Windows loader console redirection and the SAC.

8.  

You are the network administrator for a large, multinational corporation. Your Active Directory tree is configured with one domain for North America, one for Europe, and one for Asia. Each office on each continent has been configured with its own OU, and an administrative assistant in each office has been delegated the authority to reset user passwords within each OU. You have a single global group in each domain that contains the user accounts for the central help desk for each domain. To assist the local administrators with troubleshooting issues, you have distributed instructions concerning the use of the Remote Assistance feature in Windows XP and Windows Server 2003. After a server outage in the Dresden office, you discover that a local administrator was having a network issue and sent a Remote Assistance request to a friend of hers, who uploaded a virus-infected executable to the Dresden network, thinking that it was a diagnostic utility. What is the most efficient way to prevent this situation from recurring on your network? (Choose all that apply.)

1. Use Group Policy to restrict to whom your users can send Remote Assistance requests .

2. Use PGP encryption to encrypt the Remote Assistance e-mail request.

3. Disable Remote Assistance on all client workstations. Manually re-enable it as needed.

4. Create a network security policy forbidding Remote Assistance requests to any users other than central IT staff.

1.  

B

2.  

C

3.  

A

4.  

A

5.  

C

6.  

D

7.  

D

8.  

A , D