Microsoft 70-296 Real Exam Questions

Planning, Implementing, and Maintaining a Windows Server 2003 Environment for an MCSE Certified on Windows 2000

1: You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 application servers that run Windows Server 2003. The application servers are accessed from the company network and from the Internet. The network design requires that the application servers must have specifically configured security settings, including the password policy, audit policies, and security options settings. You create a security template named App.inf that contains the security settings required by the network design. You are concerned that an unauthorized user will modify the configuration and gain access to the application servers. You want to capture any changes made to the security settings of the application servers. You need to generate a report that compares the current settings of each application server with the required settings every 24 hours. What should you do?
A.Use a Group Policy startup script to run the secedit command in analysis mode with the App.inf template, and set the Group Policy refresh interval for computers to 24 hours.
B.Import the App.inf template into Group Policy, and set the Group Policy refresh interval for computers to 24 hours.
C.Use Task Scheduler to run the gpresult command in verbose mode every 24 hours.
D.Use a custom script in Task Scheduler to run the secedit command in analysis mode with the App.inf template every 24 hours.
Correct Answers: D

2: You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group. A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers. You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented. What should you do?
A.Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.
B.Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
C.Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object (GPO).
D.Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.
Correct Answers: D

3: You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet. You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in the perimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements. What should you do?
A.Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).
B.Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.
C.Create a task on each application server that runs the secedit command with Baseline1.inf every day.
D.Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.
Correct Answers: C

4: You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. You support 100 mobile users who have portable computers that run Windows NT Workstation 4.0, Windows 98, Windows 2000 Professional, Windows XP Professional, or Windows ME. Your company’s written security policy requires that any remote access solution must provide both data integrity and data origin authentication. You need to implement a VPN-based remote access solution. Which three actions should you take? (Each correct answer presents part of the solution. Choose three.)
A.Install certificates on all VPN client computers.
B.Install a certificate on the VPN server computer.
C.Implement L2TP-based connections on the Windows 2000 Professional computers and the Windows XP Professional computers. Implement PPTP-based connections on all other portable computers.
D.Install the L2TP/IPSec VPN client on the portable computers that run Windows NT Workstation 4.0 or earlier. Implement L2TP-based connections on all portable computers.
E.Install the L2TP/IPSec VPN client on the portable computers that run Windows NT Workstation 4.0 or earlier. Implement PPTP-based connections on all portable computers.
Correct Answers: A B D

5: You are a network administrator for your company. You install Windows Server 2003 on a server named Server1. You install a production application on Server1. You create a shared folder named ProdData on Server1 to support the needs of the production application. All critical data files for the application are stored in the ProdData shared folder on Server1. You install Windows Server 2003 on another server named Server2. You create a shared folder on Server2 named ProdDataBackUp. The production application keeps many data files open. All the files in the ProdData folder must be backed up during each shift change. You are not allowed to stop and restart the production application without special approval. You need to provide a backup solution for the critical files in the ProdData folder on Server1. Your solution must not affect the production application. What should you do?
A.On Server1, use the Backup or Restore Wizard to select the ProdData folder. Type \\Server2\ProdDataBackUp for the backup destination, and use the advanced backup options to select the Disable volume shadow copy check box.
B.On Server2, use the Backup or Restore Wizard to select the ProdData folder. Type \\Server1\ProdData for the backup destination, and use the advanced backup options to select the Disable volume shadow copy check box.
C.On Server1, use the Backup or Restore Wizard to select the ProdData folder. Type \\Server2\ProdDataBackUp for the backup destination.
D.On Server2, use the Backup or Restore Wizard to select the ProdData folder. Type \\Server1\ProdData for the backup destination.
Correct Answers: C

6: You are a network administrator for your company. The company is developing a new Web application that connects to an SQL back-end environment. The design team decides that the new application must be fault tolerant. You interview the Web developers and the SQL administrators to establish the size of the environment. The Web developers state that they need at least three Web servers to share the load. Each Web server requires two processors and 1 GB of RAM. The Web developers state if one of the Web servers fails, the Web application can run for several hours in a degraded state. Responsiveness will be below specifications in a degraded state. The SQL administrators state that they need two Microsoft SQL Server computers to support the new application. They want the SQL server environment to be redundant. Each SQL Server computer requires four processors and 3 GB of RAM. The SQL administrators state that only one SQL Server computer is required to maintain the application. You need to ensure that two of the Web servers and one of the SQL Server computers are always available. You need to select the lowest edition of Windows Server 2003 that meets the requirements in order to minimize costs. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A.Install Windows Server 2003, Web Edition on all three Web servers. Connect all three servers by using Network Load Balancing.
B.Install Windows Server 2003, Standard Edition on all three Web servers. Connect all three servers by using Network Load Balancing.
C.Install Windows Server 2003, Enterprise Edition on all three Web servers. Install a shared fiber-attached disk array for the Web servers. Implement a three-node server cluster for the Web servers. Configure the cluster so that all three nodes are active.
D.Install Windows Server 2003, Standard Edition on both SQL Server computers. Connect the SQL Server computers by using Network Load Balancing.
E.Install Windows Server 2003, Enterprise Edition on both SQL Server computers. Connect the SQL Server computers by using Network Load Balancing.
F.Install Windows Server 2003, Enterprise Edition on both SQL Server computers. Install a shared fiber-attached disk array for the SQL Server computers. Implement a two-node server cluster for the SQL servers. Configure the cluster so that one node is active and the second node is a hot standby node.
Correct Answers: A F
7: You are a network administrator for an ISP. The network design team decides that the DNS Server service must always be available. The network design team requires that all computers on the network must always access the DNS Server service by using a single IP address. TCP/IP configurations for client computers and servers will contain a single DNS entry. The DNS Server service must be authoritative for all host (A) and service locator (SRV) resource records for the network. The DNS Server service must maintain all records in the event that there is a hardware failure of a DNS server. You need to deploy DNS on the network. You need to comply with the network design team’s requirements. What should you do?
A.Deploy DNS by using the Cluster service to configure a two-node server cluster in a failover configuration.
B.Deploy DNS by using the Cluster service to configure a two-node server cluster that hosts DNS on both nodes simultaneously.
C.Deploy DNS stub zones by using Network Load Balancing.
D.Deploy multiple DNS servers that host secondary zones that are load balanced by using Network Load Balancing.
Correct Answers: A

8: You are a network administrator for your company. The design team provides you with the following list of requirements for server disaster recovery: No more than two sets of tapes can be used to restore to the previous day. A full backup of each server must be stored off-site. A full backup of each server that is no more than one week old must be available on-site. Backups must never run during business hours. Tapes may be recalled from off-site storage only if the on-site tapes are corrupted or damaged.A full backup of all servers requires approximately 24 hours. Backing up all files that change during one week requires approximately 4 hours. Business hours for the company are Monday through Friday, from 6:00 A.M. to 10:00 P.M. You need to provide a backup rotation plan that meets the design team’s requirements. Which two actions should you include in your plan? (Each correct answer presents part of the solution. Choose two.)
A.Perform a full normal backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
B.Perform a full normal backup for on-site storage on Friday night after business hours. Perform another full normal backup for off-site storage on Saturday night after the Friday backup is complete.
C.Perform a full copy backup for on-site storage on Friday night after business hours. Perform a full copy backup for off-site storage on Saturday night after the Friday backup is complete.
D.Perform differential backups on Sunday, Monday, Tuesday, Wednesday, and Thursday nights after business hours.
E.Perform incremental backups on Sunday, Monday, Tuesday, Wednesday, and Thursday nights after business hours.
F.Perform incremental backups on Sunday, Tuesday, and Thursday nights after business hours. Perform differential backups on Monday and Wednesday nights after business hours.
Correct Answers: A D

9: You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.You are planning a public key infrastructure (PKI) for the company. You want to ensure that users who log on to the domain receive a certificate that can be used to authenticate to Web sites.You create a new certificate template named User Authentication. You configure a Group Policy object (GPO) that applies to all users. The GPO specifies that user certificates must be enrolled when the policy is applied. You install an enterprise certification authority (CA) on a computer that runs Windows Server 2003. Users report that when they log on, they do not have certificates to authenticate to Web sites that require certificate authentication.You want to ensure that users receive certificates that can be used to authenticate to Web sites.Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A.On the User Authentication certificate template, select the Reenroll All Certificate Holders command.
B.Assign the Domain Users group the Allow – Autoenroll permission for the User Authentication certificate template.
C.Configure the CA to enable the User Authentication certificate template.
D.Assign the Domain Users group the Allow – Issue and Manage Certificates permission for the CA.
Correct Answers: C D

10: You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional.You are planning a security update infrastructure. You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically.What should you do?
A.Schedule the secedit command to run every night.
B.Schedule the mbsacli.exe command to run every night.
C.Install Microsoft Baseline Security Analyzer (MBSA) on one of the servers. Configure Automatic Updates on all other computers to use that server.
D.Install Software Update Services (SUS) on one of the servers. Configure the SUS server to update every night.
Correct Answers: B

Download  |  Password: certificatexam.com