Issuu on Google+

Exam 70-293 study material Made available by Examsexpert.com

Free 70-293 Exam Preparation Questions Exam 70-293: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


Question: 1 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. A Windows Server 2003 computer named PS-DC01 is configured as a DNS server and hosts the root zone of the freetech limited network. To enable users to connect to the Internet, freetech limited obtains a T1 line. The company also obtains a new domain named new.freetech limited. You create a new Active Directory-integrated DNS zone named new.freetech limited on PSDC01. You receive instruction to ensure that all nodes on the network use the new.freetech limited domain name. You also want your DNS infrastructure to be able to forward queries to Internet DNS zones. What should you do?

A. Delete the root zone. B. Ensure that recursion is disabled C. Configure the new zone to be a standard primary DNS zone, and not an Active Directoryintegrated zone. D. Ensure that your user account is a member of the Domain Admins group. Answer: A Question: 2 You are the designer of the new network for a large company that wants no connections to the Internet whatsoever. You have created an extensive DNS namespace for the company, with multiple DNS servers at different locations. Now that the network is up and running, users are experiencing name resolution failures when they try to resolve names of computers in other offices. Which of the following options would be likely to solve the problem? (Choose all that apply.) A. Create an internal root. For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


B. Create a secondary copy of each zone in the namespace on every DNS server. C. Use conditional forwarding to send the queries for each domain in the namespace to the DNS server hosting that domain. D. Enable secure dynamic updates to prevent DNS resource records from being corrupted. Answer: A, B, C Question: 3 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. freetech limited contains a member server named PS-SR24. One morning a freetech limited user named Dean Austin complains that PS-SR24 responds poorly at certain occasions. You suspect that the poor performance is caused by broadcast traffic on the freetech limited network. You want to monitor PS-SR24 and you want to be alerted when broadcast traffic is high. However, you do not want to be alerted when non-broadcast network traffic is high. What should you do? A. In the Performance Logs and Alerts snap-in, configure an alert trigger when the Datagrams/sec counter in the UDPv4 object is high. B. Monitor the Segments/sec counter of the TCPv4 object in System Monitor. C. Monitor the Datagrams/sec counter of the UDPv4 object in System Monitor. D. In the Performance Logs and Alerts snap-in, configure an alert trigger when the Datagrams/sec counter in the TCPv4 object is high. Answer: A Question: 4 You work as a Microsoft engineer at PS Ltd. The basic conditions of the company's network are as following: 1.The company has a main office in New York and two branch offices, one in Washington and one in Houston and the offices are connected to one another by dedicated T1 lines; 2.The company network consists of a single Active Directory domain; 3.All servers run Windows Server 2003. All client computers run Windows XP Professional; 4.All servers support firmware-based console redirection by means of the serial port; 5.The server hardware does not support any other method of console redirection and cannot be upgraded to do so; 6.Each office has its own local IT department and administrative staff. Recently, the company is re-built: 1.The IT departments from each branch office are being relocated to a new central data center in the New York office; 2.A few servers from each branch office are also being relocated to the New York data center; 3.Each branch office will retain 10 servers. And the company sets up a new written security policy includes the following requirements: (1).Each server must be administered from the Los Angeles office. (2).Each server must be remotely administered for all administrative tasks. (3).Each server administration connections must be authenticated and encrypted. For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


The new written security policy for day-to-day server administration tasks performed on the servers has been applied to the company's network. Now you are required to plan a configuration for out-of-band management tasks for all offices to meet the new security requirements. Then which three of the following actions should you perform? (Each correct answer means part of the solution.) A. You have to connect each server's serial port to a terminal concentrator and connect the terminal concentrator to the network. B. Qualify the Telnet service with a startup parameter of Automatic on each server and configure Telnet on each server to use only NTLM authentication, then apply the Server (Request Security) IPSec policy to all servers. C. In each branch office, you have to enable Routing and Remote Access on a server, and configure it as an L2TP/IPSec VPN server. Configure a remote access policy to allow only authorized administrative staff to make a VPN connection. D. You have to enable Emergency Management Services console redirection and the Emergency Management Services Special Administration Console (SAC) on each server. Answer: A, C, D Question: 5 Your team is responsible for designing a Network Load Balancing cluster solution for your company's Intenet Web servers. The cluster will consist of six servers, one of which also functions as the network backup server. Because of the need to perform daily backups, the cluster servers must be capable of exchanging data with each other. You have also determined that the routers on your network do not support the use of multicast MAC addresses. Your team has come up with three plans for consideration by the department manager: Plan A calls for replacing the network??srouters with models that support multicast MAC addresses and configuring all the cluster servers to use multicast mode. Plan B calls for configuring all the cluster servers to use unicast mode and installing a second network interface adapter on each computer for cluster related traffic. Plan C calls for configuring the cluster server that also functions as a backup server to use multicast mode, and all the other servers to use unicast mode. Which of these plans is capable of achieving the stated goals for the project? (Choose all that apply.) A. Plan A achieves the stated goals. B. Plan B achieves the stated goals. C. Plan C achieves the stated goals. D. None of the three plans achieves the stated goals. Answer: A, B Question: 6 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited and three physical networks named Network1, Network2 and Network3. Hardware-based routers are used to connect the three physical networks. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. A minimum of one domain controller and one DNS server is located in each physical network. A Microsoft Internet Security and Acceleration (ISA) Server array providing Internet access and certificates for the entire network is located in Network1. freetech limited's new written security policy requires that all data on the network is encrypted, that all computers transmitting data are authenticated, and that the authentication keys are stored encrypted. You implement the new security policy by configuring IPSec on all network computers and applying the Secure Server (Require Security) IPSec policy through the Default Domain Policy Group Policy object (GPO). Immediately after implanting IPSec, freetech limited users complain that they can only access resources in their local networks. You For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


discover that Active Directory replication between domain controllers in different physical networks are not functioning and that the routers are dropping all packets. You need to ensure that users can access resources in remote networks. What should you do? A. The routers must be configured to use IPsec and Kerberos for authentication and the Default Domain Policy GPO must be reconfigured to require a preshared key for IPSec authentication. B. The routers must be configured to use IPSec and preshared key for authentication and the Default Domain Policy GPO must be reconfigured to require a preshared key for IPSec authentication. C. The routers must be configured to use IPSec and a certificate for authentication and the Default Domain Policy GPO must be reconfigured to require a certificate for IPSec authentication. D. The routers must be configured to use IPsec and Kerberos for authentication and the Default Domain Policy GPO must be reconfigured to require a certificate for IPSec authentication. Answer: C Question: 7 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. Wireless networking is not used in freetech limited. The freetech limited network contains Windows Server 2003 computers and Windows XP Professional computers. The exhibit shows the relevant portion of the freetech limited network. freetech limited enters into a business partnership with a company named Software Solutions, with the result that employees of Software Solutions will visit freetech limited on a regular basis. The freetech limited network administrators meet with the Software Solutions administrators. The important information obtained in this meeting on the requirements of Software Solutions employees is listed here: 1 The Software Solutions employees have portable computers that run Windows XP Professional. 2 The Software Solutions employees use a wireless network in their home office. 3 The Software Solutions employees will not require access to the freetech limited's internal network. 4 The Software Solutions employees will require access to the Internet to retrieve e-mail messages. 5 The wireless network client computers of Software Solutions employees must be protected from Internet-based attacks. You receive a pre-configured wireless access point from Software Solutions, which its employees will use to access the Internet through the freetech limited network. You are not allowed to modify the configuration of the wireless access point. You must implement a solution that will meet the requirements of Software Solutions employees. Your solution must comply with the freetech limited's security policy. You also want to minimize administrative effort to do this. What should you do next?

For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


A. Deploy Software Solutions wireless access point on a separate subnet on the freetech limited network. Configure a router to allow only SMTP, HTTP, IMAP4 traffic from the wireless network. B. Deploy Software Solutions wireless access point on a separate subnet in the freetech limited network. Configure a VPN from the wireless network to the Software Solutions company network. C. Deploy Software Solutions wireless access point on the freetech limited perimeter network. Configure Firewall1 to allow wireless network traffic from/to the Internet. Configure Firewall2 to not allow wireless traffic into freetech limited's internal network. D. Deploy Software Solutions wireless access point outside Firewall1 at freetech limited. Obtain IP addresses from an ISP to support the wireless users. Answer: C Question: 8 As the network administrator of your company's new branch ofice, you are in the process of installing three new Web servers running Windows Server 2003 on your network. The branch office network, which is part of a single corporate domain, already has two servers functioning as domain controllers and three file and print servers. Corporate headquarters has given you a list of security configuration settings that must be used on all the company's web servers. To deploy these configuration settings, you must use the Active Directory Users And Computers console. Which of the following procedures should you use to configure the settings on the new Web servers only? A. Access the Group Policy Object (GPO) called Default Domain Policy and then configure the settings there. B. Create a new GPO containing the Web server settings and then apply it to the Computers container. C. Create a new organizational unit called WebSvrs and then link a new GPO containing the Web server settings to it. D. Create a new GPO containing the Web server settings and then apply it to the site object representing the branch office. Answer: C Question: 9 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. The freetech limited domain contains a server named PS-SR03 that stores confidential data. PS-SR03 is contained in an organizational unit (OU) For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


named Server OU. All network connections with PS-SR03 must be encrypted using IPSec. You enable the default Client (Respond Only) IPSec policy in the Default Domain Policy Group Policy object (GPO). You create a new GPO to enable a custom IPSec policy. You link the GPO to the Server OU. While monitoring network connections to PS-SR03, you find that network communications with the server are not being encrypted. You decide to examine all IPSec policies that are being applied to PSSR03. How will you go about doing this? A. Use Local Security Policy to examine the IP Security Policies on Local Computer on PS-SR03. B. Use Local Security Policy to examine the Security Options on PS-SR03. C. Use Resultant Set of Policy (RSoP) to execute an RSoP logging mode query to examine the IP Security Policies on Local Computer on PS-SR03. D. Use Resultant Set of Policy (RSoP) to execute an RSoP planning mode query to examine the Security Options on PS-SR03. E. Use IP Security Monitor to examine the Active Policy on PS-SR03. F. Use IP Security Monitor to examine the IKE Policies on PS-SR03. Answer: C Question: 10 You are the network administrator responsible for equipping ten new employees of the Sales department for all their computing needs. After installing their workstations, you use the Active Directory Users And Computers console to create user accounts for the new employees in the Active Directory database. You also create computer objects for their workstations in the Sales organizational unit, which contains all the Sales department's computer objects. All ten users mut also be members of a group called Salespeople, which gives them access to the server resources they need. Rather than manually add each new user object to the Salespeople group, you decide to automate the process by opening the default Group Policy Object for the Sales organizational unit and adding Salespeople to the Restricted Groups folder. Then you specify the ten new user objects as members of the Salespeople group. Sometime later, the network help desk gets calls from dozens of other users in the Sales department, complaining that they cannot access their applications. Which of the following procedures must you perform to remedy the problem? (Choose all that apply.) A. Add the new users to the Salespeople group using the Active Directory Users And Computers console. B. Add the old users to the Salespeople group using the Active Directory Users And Computers console. C. Use the Group Policy Object Editor console to remove the Salespeople group from the Restricted Groups folder. D. Use the Group Policy Object Editor console to remove the new users from the Salespeople group in the Restricted Groups folder. Answer: A, B, C Question: 11 You work as a network administrator at freetech limited. The following exhibit shows the configuration of the network. Configuration:(1).The company applies Windows Server 2003 to take on all the servers;(2).All subnets of the network consists of 100 Windows XP Professional computers;(3).All subnets also consists of a DHCP server, which provides TCP/IP configuration information to all computers on its local subnet. Now you setup and configure Subnet3 for a new department for the company, however they encountered following troubles: For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


1.Users of Subnet3 report that they are not able to connect to resources located on servers in Subnet1 and Subnet2, they receive the error message as "Server not found." when they attempt to connect to these resources, while the users can successfully connect to resources located on servers in Subnet3; 2.Users of Subnet1 and Subnet2 report that they cannot connect to resources located on servers in Subnet 3.They receive the error message as "Server did not respond in a timely manner" when they attempt to connect to these resources, while the users can successfully connect to resources in both Subnet1 and Subnet2. Then the company requires you to guarantee that all client computers must be connected to server-based resources on all subnets.How can you meet the requirement?

A. You have to configure the DHCP server in Subnet3 to provide a subnet mask of 255.255.255.0. B. You have to create Router2 Interface E1 to use a subnet mask of 255.255.0.0. C. You have to set up the IP address of the Router2 Interface E1 as the default gateway for Subnet2. D. You have to create the IP address of the Router2 Interface E0 as the default gateway for Subnet3. Answer: A Question: 12 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. The freetech limited domain contains three servers running Windows Server 2003, namedPS-SR01, PS-SR02, and PS-SR03. You need to plan a public key infrastructure (PKI) for freetech limited and decide to configure the following roles for PSSR01, PS-SR02, and PS-SR03: 1 Configure PS-SR01 as the root CA: You are going to take PS-SR01 offline once the CA hierarchy has been created. 2 Configure PS-SR02 as a subordinate CA: You want to use PS-SR02 to only issue enrolment agent certificates. 3 Configure PS-SR03 as a subordinate CA: You want to use PS-SR03 to issue all other certificate types in the freetech limited domain. You must minimize the risk of unauthorized certificates being issued, and also want to be able to revoke certificates that are issued by either of the subordinates CA should a specific serverhappen to be compromised. You want to do this without affecting the certificates which the other subordinate CA issued. What should you do to achieve your goal in these circumstances? Answer by dragging the appropriate CAs to the correct positions in the accompanying work area. For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


Answer:

Question: 13 You are reviewing the network help desk calls that your company has received during the past week, and you notice that for several isolated periods of time, multiple users were reporting an inability to access Internet Web sites. In each case, support personnel determined that the problem was caused by Domain Name System (DNS) name resolution failures, but they could find nothing wrong with the company's Windows Server 2003 DNS server. You suspect that the DNS server is experiencing intermittent denial-of-service attacks from the Internet. Which of the following procedures can you use to find out when such an attack occurs again? A. Create a trace log in the Performance Logs And Alerts snap-in on the DNS server, using the DNS Trace provider. B. Create a System Monitor graph on the DNS server using the Total Query Received counter in the DNS performance object. For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


C. Use Network Monitor to capture all the DNS server's trafic, then create a display filter to isolate the Transmission Control Protocol (TCP) traffic. D. Create an alert with the Performance Logs And Alerts snap-in on the DNS server using the Datagrams Received/Sec counter in the UDPv4 performance object. Answer: B, D Question: 14 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. All computers on the freetech limited network are members of freetech limited. You are in the process of planning a security update infrastructure and need to pinpoint all computers that are exposed to known vulnerabilities. You want to use an automatic process to collect information on existing vulnerabilities for each computer, every night of the week. How will you accomplish the task? A. Schedule the secedit command to run each night of the week. B. Schedule the mbsacli.exe command to run each night of the week. C. Install Microsoft Baseline Security Analyzer (MBSA) on a server on the network. Configure Automatic Updates on all other computers to use this specific server. D. Install Software Update Services (SUS) on a server on the network and configure the SUS server to update each night. Answer: B Question: 15 You are planning a WINS NetBIOS name resolution strategy for a company with headquarters in New York and ten branch offices located in different cities all over he world. Each office has its own WINS servers and, because the users of the company network frequently have to access computers in other branches, it is essential that all the servers have a complete database of all the network's NetBIOS names. The branch offices are all connected to the headquarters using T1 leased lines, but these lines are heavily trafficked, and you want to keep WINS traffic to a minimum. Which of the following replication strategies will provide satisfactory replication performance with a minimum of wide area network (WAN) traffic? A. Configure the WINS servers in the New York office to pull WINS data from the server in each of the ten branch offices. B. Configure one WINS server in each office as a push partner with the WINS server in its nearest neighboring office to the east and a pull partner with its nearest neighbor to the west. C. On each WINS server, create a separate push/pull partnership with each of the other WINS servers on the network. D. Configure the WINS clients in all branches with the IP addresses of all the WINS servers on the enterprise network. Answer: B Question: 16 A rapidly expanding company has recently extended its operations to three shifts, and as a result, the IT department must keep the company's intranet eb and Microsoft SQL Server database servers running 24 hours a day. The network administrators have decided to use Windows Server 2003 clustering to keep the servers available at all times, and have purchased two additional computers for this purpose, For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


bringing the total number of servers to four. Which of the following clustering deployments is best suited to this company's needs? A. A single 4-node server cluster running the Web and database applications on all four servers B. A single 4-node Network Load Balancing cluster running the Web and database applications on all four servers C. Two separate 2-node clusters: a server cluster to run the database application and a Network Load Balancing cluster to run the Web server application D. A single 4-node cluster, with the database application running on two of the nodes and the Web server application running on the other two Answer: C Question: 17 When troubleshooting an Internet connection problem on a client running the Windows operating system, which of the following actions should you try to determine if name resolution failures are the cause of the problem? A. Connect to an Internet server using its IP address. B. Ping the client's preferred DNS server address. C. Execute the IPCONFIG /registerdns command on the client. D. Trigger a manual zone transfer on the client's DNS. Answer: A Question: 18 You are a network administrator who has been given a security template.Your supervisor wants you to check that all the Windows Server 2003 domain controllers are using the account policies, audit policies, event log settings, and security options stored in the template. In the case of any domain controller that is not using the same settings, you are to apply only the missing elements from the template to that computer. Which of the following procedures would enable you to perform both these tasks most efficiently? A. Import the security template into the Security Configuration And Analysis snap-in on each domain controller, then use the snap-in to analyze the computer's currentconfiguration and apply the required settings to the domain controllers that need them. B. Use the Active Directory Users And Computers console to apply the template to the Group Policy Object for the Domain Controllers organizational unit. C. Import the security template into the Security Configuration And Analysis snap-in on each domain controller, and then use the snap-in to analyze the computer's current configuration. Then, you must manually configure the computer settings that need to be changed. D. Import the security template into the Security Configuration And Analysis snap-in on each domain controller, and then use the snap-in to analyze the computer's current configuration. Then, use the SECEDIT.EXE command-line utility to apply only the required settings to the domain controllers that need them. Answer: D Question: 19 A user calls the network help desk complaining that he can access some Internet Web sites but not others. Which of the following could conceivably be the cause of this problem? (Choose all that apply.) A. DNS cache pollution For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


B. An Internet routing problem C. A malfunctioning NAT router D. An incorrect DNS server address Answer: A, B Question: 20 You are designing a network running Windows Server 2003 for a new company called Fourth Coffee, which has two offices, one in New York and one in San Francisco. The company uses e-commerce Web servers to take orders from customers and has registered the fourthcoffee.com second-level domain for this purpose. Your customer does not want to register any additional domain names. At the moment, you are designing the DNS namespace for the company's inernal and external networks. Because each office is going to maintain its own DNS server, you want to create a separate subdomain for each site. In accordance with the domain naming practices recommended by Microsoft, you are going to create a subdomain for the internal network, and then another level of subdomains for the individual offices. Based on this information, which of the following domain names would you use for the internal network at the New York office? A. fourthcoffee.com B. fourthcoffee.ny.com C. int.fourthcoffee.com D. ny.int.fourthcoffee.com Answer: D Question: 21 Which of the following are valid reasons for using a link state routing protocol on a computer running Windows Server 2003 instead of a distance vector routing protocol? (Choose all that apply.) A. Link state routing protocols are easier to implement and configure than distance vector routing protocols. B. Link state routing protocols generate less network traffic than distance vector routing protocols. C. Link state routing protocols support multicast transmissions, while distance vector routing protocols do not. D. Link state protocols use metrics that account for conditions such as network speed and congestion, while distance vector routing protocols do not. Answer: B, D Question: 22 You are the sole network administrator for a small company with an internetwork consisting of five local area networks (LANs) connected by routers. You are currently using static routing, because the network configuration does not often change. You are in the process of adding a sixth LAN to the internetwork, and you must create new static routes to give all the computers on the network access to the new LAN. Which of the following programs can you use to create the new static routes? (Choose all that apply.) A. Network Monitor B. ROUTE.EXE C. PATHPING.EXE D. NETSH.EXE Answer: B, D For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


Question: 23 You are designing a 4-node Windows Server 2003 server cluster. Which of the following additional hardware components are required for the cluster to function? (Choose all that apply.) A. A SCSI host adapter for each server in the cluster B. A Fibre Channel host adapter for each server in the cluster C. A second network interface adapter for each server in the cluster D. A Fibre Channel switch Answer: B, D Question: 24 Which of the following backup types protects cluster disk signatures? A. Volume shadow copy B. ASR C. A full backup D. A differential or incremental backup, including the System State object Answer: A Question: 25 You are the backup administrator for a corporate network, and you are in the process of creating and scheduling your backup jobs. The company you work for has purchased a backup tape drive that uses very expensive media, and you have been ordered to keep the amount of tape used for backups to an absolute minimum. Which of the following strategies best achieves your goals? A. Perform a full backup every Friday night and a differential backup every Monday night through Thursday night. B. Perform a full backup every Friday night and an incremental backup every Monday night through Thursday night. C. Perform a full backup every Friday night and a volume shadow copy every Monday night through Thursday night. D. Perform a full backup every night. Answer: B Question: 26 You are creating a new IPSec policy to encrypt the e-mail traffic on your network. The network has a Post Office Protocol, version 3 (POP3) server from which clients retrieve incoming mail and a Simple Mail Transfer Protocol (SMTP) server to which they send their outgoing mail. Which of the following well-known port numbers should you specify in the policy's filter list? (Choose all that apply.) A. 80 B. 110 C. 25 D. 53 Answer: B, C Question: 27 Which of the following elements does not use code numbers assigned by the Internet Assigned Numbers Authority (IANA)? A. Protocol codes For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


B. Well-known port numbers C. Ephemeral port numbers D. Ethertypes Answer: C Question: 28 Which of the following operating systems is not capable of receiving remote assistance from an expert? (Choose all that apply.) A. Windows XP Home Edition B. Windows 2000 Server C. Windows XP Professional D. Windows 2000 Professional E. Windows Server 2003 Answer: B, D Question: 29 Which of the following Active Directory objects can you link to a Group Policy Object? (Choose all that apply.) A. Domain B. Group C. Organizational unit D. Site Answer: A, C, D Question: 30 Which of the following tasks can you perform using the Registry subheading in the Group Policy Object Editor console? A. Create new registry keys B. Specify values for existing registry keys C. Specify permissions for newly created registry keys D. Specify permissions for existing registry keys Answer: D Question: 31 Specify permissions for newly created registry keys D. will have six Web servers in a Network Load Balancing (NLB) cluster, two Active Directory domain controllers, and four file and print servers, plus approximately 150 workstations. You have decided to use Windows Server 2003 for all your servers. After checking prices with several vendors, you decide to use Windows Server 2003, Web Edition, for all your servers. Specify whether this selection is appropriate for each server role you will use on your network. A. Windows Server 2003, Web Edition, is suitable for the Web servers and the file and print servers, but not for the domain controllers. B. Windows Server 2003, Web Edition, is suitable for the Web servers, but not for the file and print servers or the domain controllers. C. Windows Server 2003, Web Edition, is suitable for the Web servers and the domain controllers, but not for the file and print servers. For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


D. Windows Server 2003, Web Edition, is suitable for the Web servers, the file and print servers, and for the domain controllers. Answer: A Question: 32 You are a network administrator installing new workstations, running Windows XP, on an existing network. The workstations must be able to access NetWare 3.11 servers for their file and print services, and they also use a NAT router to access the Internet. Which of the following protocols must you install on the workstations to accomplish these goals? (Choose all that apply.) A. NetBEUI B. NWLink C. IEEE 802.11b D. TCP/IP Answer: B, D Question: 33 Which of the following network media should you use to build a network in a factory containing equipment that generates enormous amounts of electromagnetic interference? A. Unshielded twisted pair (UTP) B. Fiber optic C. IEEE 802.11b, using an ad hoc topology D. IEEE 802.11b, using an infrastructure topology Answer: B Question: 34 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. freetech limited has its headquarters in Chicago and a branch office in Dallas. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. A new freetech limited written security policy requires that Routing and Remote Access (RRAS) servers be used at each office for connecting the main and branch office network using a VPN connection over the internet. The requirements below must be met: 1 All data must be encrypted with end to end encryption 2 VPN connection authentication must be at the computer level 3 Credential information must not be transmitted over the internet as part of the authentication process. What should you do to comply with the written security policy and configure VPN connections security between the main and branch office? A. A PPTP connection with EAP-TLS authentication must be used. B. A PPTP connection with MS-CHAP v2 authentication must be used. C. An L2TP connection with EAP-TLS authentication must be used. D. An L2TP connection with MS-CHAP v2 authentication must be used. Answer: C For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


Question: 35 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. The domain consists of two IP subnets named PSA and PSB. A server named PS-SR20 has Routing and Remote Access enabled and currently connects PSA and PSB. PSA contains: 1 2 3

A domain controller named PS-DC01. A DHCP server named PS-SR10. PS-SR10 provides TCP/IP configuration information to the client computers in PSA.

PSB contains: 1 A Domain controller named PS-DC02. 2 DHCP server named PS-SR11. 3 PS-SR11 provides TCP/IP configuration information to the client computers in PSB. The relevant portion of the network is shown in the exhibit. You receive instruction to provide Internet connectivity by means of implementing a Microsoft Internet Security and Acceleration (ISA) Server 2000 array on the network. The ISA Server array uses Network Load Balancing on the internal adapters. The array's Network Load Balancing cluster address is 172.30.32.1. You configure PSSR10 to provide the array's Network Load Balancing cluster address as the default gateway. You configure PS-SR11 to provide the IP address 172.30.64.1 as the default gateway for PSB. You receive a report from the PSB users complaining that they are unable to access Internet-based resources. They can successfully access PSA resources. The PSA users can successfully access Internet-based resources. You investigate the problem and find that the ISA Server array does not receive any Internet requests from the PSB client computers. You must ensure that the PSB users will be provided with Internet connectivity. What should you do?

For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


A. PS-SR11 must be configured to provide the address 172.30.32.1 as the default gateway. B. PS-SR11 must be configured to provide the address 172.30.32.2 as the default gateway. C. On PS-SR20, add a default route to 172.30.32.1. D. On PS-SR20, add a default route to 131.107.72.17. Answer: C Question: 36 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. The freetech limited network also contains a file server named PS-SR10. A freetech limited user named Rory Allen complains that connecting to PS-SR10 often takes quite some time to respond. Your investigations reveal that the network interface on PS-SR10 has a large load during times when the server is slow to respond. You suspect that one of the network computers is causing the problem. You want to identify the computer causing the problem. What should you do? A. Use System Monitor to monitor the performance monitor counters on PS-SR10. B. Use Network Monitor to monitor the network traffic on PS-SR10. C. Use Task Manager to monitor network statistics on PS-SR10. D. Use Network Diagnostics to monitor network diagnostics on PS-SR10. Answer: B Question: 37 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. All servers on the freetech limited network run Windows Server 2003 and all client computers run Windows XP Professional. The freetech limited network is divided into three subnets that are each configured as a separate site named Site1, Site2, and Site3. Each site contains a domain controller that runs the DNS Server service. Site2 contains a secure file server named PS-SR07 and Site3 contains a secure file server named PS-SR08. freetech limited's network configuration is shown in the following exhibit. You create an organizational unit (OU) named FileServers, and place PS-SR07 and PS SR08 in that OU. You have to configure PS-SR07 and PS-SR08 to require Server Message Block (SMB) server-side packet signing. You plan to configure PSSR07 and PS-SR08 with a custom security template. You want to be able to deploy and refresh the custom security settings on a routine basis and you want to be able to verify the custom security settings during audits. What should you do?

For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


A. Create a Group Policy object (GPO) and apply the custom security template to the GPO. Then link the GPO to the FileServers OU. B. Create a Group Policy object (GPO) and a custom IPSec policy. Assign the custom IPSec policy to the GPO and link the GPO to the FileServers OU. C. Create a custom Administrative Template and apply it to PS-SR07 and PS-SR08. D. Create a custom file server image and deploy it to PS-SR07 and PS-SR08 by using RIS. Answer: A Question: 38 You work as a network administrator for freetech limited. The freetech limited network contains Terminal servers that host legacy applications. Only freetech limited users that have Power Users group membership can run these legacy applications. A new freetech limited security policy states that the Power Users Group must be empty on all servers. You are therefore required to ensure that the legacy applications will be available to users on the servers when the new security requirement is enabled. What should you do? A. In the domain, the Domain Users Global group should be added to the Remote Desktop Users built-in group in the domain. B. On each terminal server, the Domain Users Global group should be added to the Remote Desktop Users local group. C. Allow the Local Users group to run the legacy applications my modifying the compatws.inf security template settings. Import the security settings into the default Domain Controllers Group Policy Object. D. Allow the Local Users group to run the legacy applications by modifying the compatws.inf security template settings. Apply the modified template to each terminal server. Answer: D Question: 39 You work as the network administrator at freetech limited. The freetech limited network consists of a single Active Directory domain named freetech limited. The freetech limited network consists of Windows 98, Windows NT Workstation 4.0 and Windows XP Professional client computers. All For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


computers have the latest available service packs installed. The freetech limited network contains a file server named PS-SR31. PS-SR31 runs Windows Server 2003. The updated freetech limited written security policy requires that whenever possible, data communications must be encrypted using IPSec. Currently, only the default Group Policy objects (GPOs) are applied to computers in the freetech limited domain. You must configure PS-SR31 to enforce the updated freetech limited written security policy while still allowing client computers to access dat a. You want to minimize session key negotiation times as well. What should you do next? Answer by configuring the appropriate option or options in the dialog box.

Answer:

For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


Question: 40 Which of the following functions is Microsoft Baseline Security Analyzer able to perform? A. Download security updates from the Internet B. Specify which security updates have not been installed on a computer C. Install security updates on computers that need them D. Identify users with non-expiring passwords Answer: B, D Question: 41 When a PKI uses a three-level rooted hierarchy with enterprise CAs, to what clients do intermediate CAs issue certificates? A. To the root CA B. To other intermediate CAs C. To issuing CAs D. To end users Answer: C Question: 42 Your team is responsible for designing a Network Load Balancing cluster solution for your company's Internet Web servers. The cluster will consist of six servers, one of which also functions as the network backup server. Because of the need to perform daily backups, the cluster servers must be capable of For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


exchanging data with each other. You have also determined that the routers on your network do not support the use of multicast MAC addresses. Your team has come up with three plans for consideration by the department manager: Plan A calls for replacing the network's routers with models that support multicast MAC addresses and configuring all the cluster servers to use multicast mode. Plan B calls for configuring all the cluster servers to use unicast mode and installing a second network interface adapter on each computer for cluster-related traffic. Plan C calls for configuring the cluster server that also functions as a backup server to use multicast mode, and all the other servers to use unicast mode. Which of these plans is capable of achieving the stated goals for the project? (Choose all that apply.) A. Plan A achieves the stated goals. B. Plan B achieves the stated goals. C. Plan C achieves the stated goals. D. None of the three plans achieves the stated goals. Answer: A, B Question: 43 Which of the following conditions must a user on a Windows Server 2003 network meet to obtain an IPSec certificate from an enterprise CA? (Choose all that apply.) A. The user must have an account in Active Directory. B. The user must have access to the Certification Authority console. C. The user must have the Enroll permission for the IPSec certificate template. D. An administrator must manually process the user??s certificate enrollment request. Answer: A, C Question: 44 You work as the network administrator at Cer-tech.com. The Cer-tech.com network consists of a single Active Directory single domain named Cer-tech.com. All servers on the Cer-tech.com network run Windows Server 2003 and all client computers run Windows XP Professional. The Cer-tech.com network consists of an internal network and a perimeter network. The internal network consists of four subnets, with all subnets other than Subnet A containing a DHCP server. Subnet A contains a DHCP Relay Agent. All client computers receive IP addresses from the DHCP servers on the network. A domain controller named DC01 is configured as a DNS server, and hosts an Active Directory-integrated zone. The perimeter network hosts the company's FTP and Web servers, and an external DNS server. To optimize performance on your network, you deploy another internal DNS server named Server01 in Subnet B. You configure all relevant existing network servers so that they incorporate Server01. You need to configure Server01 so that it can perform name resolutions services for Cer-tech.com resources. You want to ensure that only the external DNS server handles name resolution requests for Internet computers. What should you do? (Each correct answer presents part of the solution. Choose TWO.) A. On Server01, configure a forward lookup zone for the internal network. B. Configure the external DNS server to so that it is listed as the primary DNS server in the DHCP scope settings. C. On Server01, configure all unresolved host names to be forwarded to the external DNS server. D. Configure Server01 so that it is a conditional forwarder. Answer: A, C Question: 45 You are a user on a network running Windows Server 2003 Active Directory with an enterprise CA, and you need a certificate to encrypt your data files using Encrypting File System (EFS). Which of the following procedures can you use to obtain the certificate? For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


A. Open the Certificates snap-in in Microsoft Management Console and request a certificate from the CA. B. Display the Command Prompt window and use the Certutil.exe program to request a certificate from the CA. C. Open the Certificate Templates snap-in in Microsoft Management Console, select the Basic EFS template, and request a certificate. D. Open Microsoft Internet Explorer, connect to the Certificate Services Web Enrollment Support page on the CA, and generate a certificate request. Answer: A Question: 46 You are a network administrator for a company with an Active Directory network using servers running Windows Server 2003. The network's PKI consists of multiple enterprise CAs in various offices throughout the enterprise. After checking the security logs on the CAs at the branch offices, you discover that an unauthorized user gained access to the Administrator account and has compromised one of the CAs. As a result, you must make sure that no certificates issued by that CA are ever used again. Which of the following tools can you use to revoke the certificates issued by the CA? (Choose all that apply.) A. The Certificate Templates snap-in B. The Certificates snap-in C. Certutil.exe. D. The Certification Authority console Answer: C, D Question: 47 You are designing a PKI for a small network installation. You want users to be able to obtain certificates for EFS, IPSec, and smart card logons immediately, with no administrative intervention. You have decided to deploy only one CA on the network. Which of the following CA types should you use? A. Enterprise root B. Enterprise subordinate C. Stand-alone root D. Stand-alone subordinate Answer: A Question: 48 You have recently taken over as network administrator for a company whose previous administrator departed suddenly, leaving no documentation for the network running Windows Server 2003. When you examine the Active Directory installation, you see a complex hierarchy of organizational unit objects, five layers deep in some cases. As you examine the organizational units, you notice that most of them have Group Policy Objects applied to them, creating complicated security policy inheritance relationships for the objects at the various levels. Which of the following tools can you use to view the currently effective security policies for a particular computer? (Choose all that apply.) A. Security Configuration And Analysis snap-in B. Microsoft Baseline Security Analyzer C. Resultant Set of Policy snap-in D. Security Templates Answer: A, C For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


Question: 49 Which of the following types of information is not displayed by the IP Security Monitor snap-in? A. The computer's currently active IPSec policy B. The amount of IPSec tunnel mode traffic sent and received by the computer C. The number of IPSec transmission failures the computer has experienced D. The Group Policy Object from which the computer received the currently effective IPSec policy Answer: D Question: 50 You are a new network administrator for a financial firm running a large Windows Server 2003 network that is spread out among buildings all over the corporate campus. Your supervisor has assigned you the task of checking the auditing information gathered by all the domain controllers on the network on a daily basis, to make sure that their security has not been penetrated. There are 12 domain controllers on the network, located in eight different buildings. Which of the following procedures will enable you to accomplish your task? A. Travel to each domain controller every morning and examine the auditing keys in the Microsoft Windows registry. B. Access each domain controller from your own workstation every morning, using the C$ administrative share, and use Notepad to view the latest entries in the audit logs. C. Create an MMC console containing an instance of the Event Viewer snap-in for each domain controller and use it to examine the Security logs each morning. D. Open the Active Directory Users and Computers console on your workstation each morning and examine the auditing logs in each domain controller??s computer object. Answer: B

For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


For complete Exam 70-293 Training kits and Self-Paced Study Material Visit: http://www.Examsexpert.com/70-293.html

www.Examsexpert.com

For Latest 70-293 Exam Questions and study guides- visit- http://www.Examsexpert.com/70-293.html


Exam 70-293 Preparation Questions