Exam Prep Questions

Question 1

John is designing a group policy strategy. One of the GPOs that will be created and linked to the Employees OU will be used to distribute a company application. Members of the In-Training group should not receive the application until they have completed the company training program. How can this be achieved?

  • A. Configure another OU within the Employees OU for the In-Training group

  • B. Deny the In-Training group permission to the GPO

  • C. Enable the Block Inheritance option for the GPO at the Employees OU

  • D. Enable the No Override option for the GPO

A1:

Answer B is correct. By filtering using security groups and denying the In-Training group permission to the GPO, you can control which groups are affected by the policy settings. Answer A is incorrect because the policy settings would be inherited from parent container to child. Answer C is incorrect because enabling this option means that the settings configured within the OU cannot be overwritten by policies applied to parent containers. Answer D is incorrect because the No Override option ensures that the security settings configured within a GPO are not overwritten by a policy applied at a lower level in the Active Directory hierarchy.

Question 2

Group policies can be applied to different levels of the Active Directory hierarchy. Place the following in the correct order in which group policies are applied:

Domain

Organizational Unit

Site

Local

Forest

A2:

The correct answer is

Local

Site

Domain

Organization Unit

Group policies cannot be applied at the forest level.

Question 3

FKP Consulting consists of a forest root domain (fkp.com) and three child domains. Executives from each domain require access to financial data throughout the forest. How should access be granted? (Select two answers.)

  • A. Assign permissions to the appropriate resources throughout the forest to each executive account.

  • B. Create a global group called Executives within each domain and add the appropriate user accounts. Create a universal group and add the Executives global groups to this universal group.

  • C. Create the necessary domain local groups and add the universal group.

  • D. Create a single global group. Add the executive user accounts from each domain to the global group.

A3:

Answers B and C are correct. By creating a single universal group, permissions to resources has to be granted only once. This makes it easier to assign users from different domains access to network resources. Answer A is incorrect because this approach would drastically increase the administrative overhead. Answer D is incorrect because a global group can contain user accounts only from the domain in which it was created.

Question 4

John is designing an Active Directory infrastructure for FKP Consulting. The company needs to have two separate password policies: a more stringent policy for the Financial department and another policy for all other users. How can this be accomplished?

  • A. Create a separate domain for the Financial department

  • B. Create two separate password policies at the domain level

  • C. Configure an OU for the Financial department, and apply the password policy at the OU level

  • D. Configure a password policy at the domain level, and deny users in the Financial department permission to the GPO.

A4:

Answer A is correct. Only one password policy can exist for an entire domain, so another domain must be configured for the Financial department. Answer B is incorrect because only one password policy can exist per domain. Answer C is incorrect because password policies are configured at the domain level. Answer D is incorrect because users in the Financial department would be exempt from the domainwide password policy.

Question 5

Mike has finished planning the OU hierarchy. There is a top-level OU and three child OUs for three different departments. Group policies will be used for software distribution. However, the OU hierarchy is not granular enough to control which users have which applications. What feature can he use to solve this problem?

  • A. Inheritance blocking

  • B. No Override

  • C. Delegation

  • D. Filtering

A5:

Answer D is correct. Filtering with security groups enables you to control which groups of users are affected by a group policy object. Answers A and B are incorrect because these features are used to change the default behavior of group policy inheritance between parent and child containers. Answer C is incorrect because delegation is used to assign a user or group administrative rights over a container.

Question 6

Don is planning the replication topology for FKP Consulting. Two sites are connected to the corporate headquarters using 56kbps links that are already heavily saturated. Which of the following is the best way to manage replication?

  • A. Create site links using RPC over IP, and allow replication to occur any time

  • B. Create site links using SMTP, and configure the replication schedule so that replication can occur only during off-hours

  • C. Create a site link using RPC over IP, and configure the replication schedule so that replication can occur only during off-hours

  • D. Create site links using SMTP

A6:

Answer D is correct. Because RPC replication is unreliable over 56kbps links, SMTP should be used. SMTP ignores replication schedules; therefore, answers A, B, and C are incorrect.

Question 7

Which of the following groups can cross domain boundaries? (Select two answers.)

  • A. Local groups

  • B. Domain local groups

  • C. Global groups

  • D. Universal groups

A7:

Answers C and D are correct. Global groups and universal groups can cross domain boundaries. Answer A is incorrect because local groups are used only to assign rights and permissions on a local computer. Answer B is incorrect because domain local groups can be used to assign permissions only to resources in the domain which the group was created.

Question 8

Which of the following operating systems can be upgraded to Windows Server 2003 Standard Edition? (Choose all correct answers.)

  • A. Windows 2000 Professional

  • B. Windows NT Server 4.0

  • C. Windows 2000 Server

  • D. Windows 2000 Advanced Server

A8:

Answers B and C are correct. Windows NT Server 4.0 and Windows 2000 Server can be upgraded to Windows Server 2003 Standard Edition; therefore, answers A and D are incorrect. Windows 2000 Professional and Windows 2000 Advanced Server cannot be upgraded to Windows Server 2003 Standard Edition.

Question 9

Dan is planning for delegation of authority. A help desk employee will be given the right to change passwords for user accounts. There are two top-level OUs, Employees and Managers; and two child OUs created under Employees, Sales and Manufacturing. The help desk employee is granted the right to change passwords in the Employees OU. By default, in which OUs can he change passwords?

  • A. Employees

  • B. Employees and Managers

  • C. Employees, Sales, and Manufacturing

  • D. Employees, Managers, Sales, and Manufacturing

  • E. Managers

A9:

Answer C is correct. Rights and permissions are inherited from parent container to child container. Permissions and rights assigned to the Employees OU are also applicable to the child OUs, which in this case are Sales and Manufacturing. Therefore, answers A, B, D, and E are incorrect.

Question 10

Dan is planning the migration strategy for his company. One of the backup domain controllers is running Windows NT Server 3.51. How should this domain controller be upgraded?

  • A. Upgrade to Windows NT Server 4.0 first, install the latest Service Pack, and then upgrade to Windows Server 2003

  • B. Install the latest Service Pack and upgrade to Windows Server 2003

  • C. Upgrade directly to Windows Server 2003

  • D. Format the hard drive and perform a clean installation of Windows Server 2003

A10:

Answer A is correct. Because there is no direct upgrade path from Windows NT Server 3.51 to Windows Server 2003, you must first upgrade the operating system to one that supports an upgrade path. After you've upgraded to Windows NT Server 4.0, Service Pack 5 or later is required to continue the upgrade to Windows Server 2003. Therefore, answers B, C, and D are incorrect.




MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2
MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2 (Exam Cram 70-297)
ISBN: 0789730154
EAN: 2147483647
Year: 2003
Pages: 152

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net