Test 70-240
Q1
Making schema extensions is a very serious
undertaking and always should be properly documented.
Which of the following statements about extending the
schema is true? Choose all that apply.
A. Schema extensions should always be done through
the Active Directory Schema snap-in and should never
be scripted.
B. To extend the schema, you must be booted into
Directory Services Restore Mode.
C. You can only extend the schema from the computer
designated as the Schema Master.
D. You can specify certain times of the day when
schema extensions are not allowed.
E. By default, you must be a member of the Schema
Admins group to extend the schema.
Answer: C & E
Modifying and extending the schema through scripting
is often the recommended approach for many reasons.
Only one domain controller can write to the schema
at any given time. This machine is designated with
the Operations Master role of Schema Master.
The schema object is protected within the Windows
2000 security environment. By default schema changes
are only allowed by members of the Schema Admins
group but it is possible to grant explicit permissions
to people who are not members of the Schema Admins
group to allow them to modify the schema.
Q2
You have a computer running Windows 2000 Advanced
Server. This computer has two hard disks installed
that have both been converted to dynamic disks. You
are considering the options you have for creating
volumes on this system. Which of the following could
you create? Choose all that apply.
A. Mirror set
B. Mirrored volume
C. RAID-5 volume
D. Simple volume
E. Spanned volume
F. Stripe set
G. Stripe set with partiy
H. Striped volume
Answer: B, D, E & H
You can always create a simple volume on a Windows
2000 dynamic disk. With two dynamic disks you can
also create mirrored volumes, spanned volumes and
striped volumes. It is important to note that
neither the boot partition nor the system partition
may reside on a spanned volume or a striped volume.
Mirror sets, stripe sets and stripe sets with parity
are all terms that refer to basic disks. Basic
disks can be converted to dynamic disks through the
Disk Manager utility.
Q3
You would like to partition a disk on your Windows
2000 Server and format the partitions so they support
Windows 2000. Which file systems can you use for disk
partitions on a system running Windows 2000 Server?
Choose all that apply.
A. FAT
B. FAT32
C. HPFS
D. NFS
E. NTFS
F. VFAT
G. VSAM
Answer: A, B & E
You can choose between three file systems for disk
partitions on a computer running Windows 2000 Server:
NTFS, FAT, and FAT32. NTFS is the recommended
system.
NFS stands for Network File System, an open operating
system designed by Sun Microsystems.
VFAT stands for Virtual File Allocation Table, a
virtual installable files system driver used in Windows
for Workgroups and Windows 95.
VSAM stands for Virtual Storage Access Method, a file
management system used on IBM mainframes.
Q4
Transitioning from mixed mode to native mode is a
very important step. Before converting a domain, it
is important to understand the benefits that native
mode provides. Which of the following represent
characteristics of a native mode domain that are not
present in a mixed mode domain? Choose all that
apply.
A. The ability to add (or "nest") global groups
from one domain into global groups in other trusted
native mode domains.
B. The ability to add (or "nest") domain local
groups from one domain into other domain local groups
from the same domain.
C. The ability to change passwords on any domain
controller in the domain.
D. The ability to implement the DNS dynamic update
protocol.
E. The ability to implement Group Policies to
Windows 2000 Professional clients.
F. The ability to use universal security groups.
Answer: B, C & F
The following changes take place in native mode:
- The domain uses only Active Directory multimaster
replication between domain controllers, so support
for Netlogon replication ceases.
- Because Netlogon replication is now switched off,
you can no longer add new Windows NT BDCs to the
domain.
- Because multimaster replication is enabled, the
former PDC is no longer the master of the domain, and
all domain controllers can now perform directory
updates.
- Windows 2000 group types such as universal and
domain local groups, and group nesting, are enabled.
Q5
You have begun the process to restore a recently
deleted organizational unit. The organizational
unit is named Tutors and is located in the
mcsetutor.com domain.
After entering Directory Services Restore mode, you
perform a restore of the System State Data from last
night's backup tape. After finishing the restore,
you run the ntdsutil utility and type "authoritative
restore". Which of the following commands should you
type next to properly restore the organizational
unit?
A. Authoritative restore OU=Tutors,DC=mcsetutor.com
B. Restore subtree OU=Tutors,DC=mcsetutor.com
C. Restore subtree OU=Tutors,DC=mcsetutor,DC=com
D. Restore OU=Tutors,DC=mcsetutor,DC=com
E. Restore OU OU=Tutors,DC=mcsetutor.com
F. Restore OU OU=Tutors,DC=mcsetutor,DC=com
Answer: C
The proper syntax to restore an organizational unit
is "restore subtree ". In the
above example, the proper syntax would be
"Restore subtree OU=Tutors,DC=mcsetutor,DC=com".
Q6
You would like to deploy a customized accounting
application to several different computers on your
network. You would like this application to be
available to all users of the computers regardless
of who they are. The computers are located in an
organizational unit (OU) named Accounting. There
are other computers in the OU that you do not wish
to have the application installed to.
What steps would you take to have the application
automatically installed on the specific computers in
the Accounting OU which it is required on? Choose
all that apply.
A. Using a tool like WinInstall, create an .msc
package for the application.
B. Using a tool like WinInstall, create an .msi
package for the application.
C. Using a tool like WinInstall, create an .mst
package for the application.
D. Assign the package under the User Configuration >
Software Settings > Software Installation node
E. Publish the package under the User Configuration
> Software Settings > Software Installation node
F. Assign the package under the Computer
Configuration > Software Settings > Software
Installation node
G. Publish the package under the Computer
Configuration > Software Settings > Software
Installation node
H. Link the GPO to the Accounting OU.
I. Filter the DACL of the GPO so that the policy
applies only to the appropriate computers.
Answer: B, F, H & I
The Windows Installer technology consists of the
Windows Installer service for the Windows operating
systems and the package (.msi) file format used to
hold information regarding the application setup and
installations. .msi packages can be created with an
application like WinInstall.
When you assign an application to a computer, the
application is advertised and the installation is
performed when it is safe to do so. Typically this
happens when the computer starts up, so that there
are no competing processes on the computer. The
application is available to all users of the system
regardless of what the location is of their
respective user objects.
When you assign an application to a user, the
application is advertised to the user the next time
that user logs onto a workstation. The application
advertisement follows the user regardless of which
physical computer he or she actually uses.
When you publish the application to users, the
application does not appear installed on the users'
computers. No shortcuts are visible on the desktop or
Start menu, and no changes are made to the local
registry on the users' computers. As with assigning
an application, an application that has been
published under User Configuration will only be
available to users located in that OU.
You cannot publish applications to computers.
If you want an application to be installed on a
subset of objects within an OU you can modify the
DACL for the GPO. By default Authenticated Users
have the Apply Group Policy permission to all GPOs
and therefore any GPO that is linked to a container
will be applied to all objects within that container.
To change this default behavior, remove the
permissions for the Authenticated Users group, add
the computer accounts to the DACL and assign the
Apply Group Policy permission.
Q7
Upon arriving at work one morning, you find that some
of your users are complaining about connectivity
problems. It turns out that they can communicate
fine with some of the other machines on their network
segment, but are having trouble communicating with
other machines. Furthermore, they are unable to
access any network resources on other segments. What
is most likely the issue here and how would you best
resolve it?
A. Make sure that a WINS Server is available for all
of the clients on the segment. Windows 2000 clients
rely heavily on NetBIOS resolution and the lack of an
available WINS Server could cause connectivity
problems.
B. The machines are likely configured with static IP
addresses. Change the machines over to DHCP clients
to fix the problem.
C. There is no default gateway available. Use the
Ping and Tracert utilities to test connectivity.
Make sure that the router for the segment is
functioning properly.
D. Some machines may have received Automatic Private
IP Addresses. Use the Ipconfig utility to determine
what IP addresses they have been assigned and check
to see if a functioning DHCP server is available for
their segment.
Answer: D
Automatic Private IP Addressing can assign a TCP/IP
address to DHCP clients automatically. However,
Automatic Private IP Addressing doesn't generate all
the information that typically is provided by DHCP,
such as the address of a default gateway.
Consequently, computers enabled with Automatic
Private IP Addressing can communicate only with
computers on the same subnet that also have
addresses of the form 169.254.x.y (addresses that
have also been assigned through Automatic Private IP
Addressing).
Q8
Replication between domain controllers operates much
differently in Windows 2000 than it did in Windows NT
4.0. Which of the following statements about
replication between Windows 2000 domain controllers
are correct? Choose all that apply.
A. Replication between domain controllers in Windows
2000 allows for loose convergency.
B. Replication of the Active Directory domain
partition between Windows 2000 domain controllers
always uses the RPC protocol.
C. Replication of the Active Directory domain
partition between Windows 2000 domain controllers is
multi-master.
D. Replication of the Active Directory domain
partition between Windows 2000 domain controllers is
single-master.
E. The replication period is always the same for
all Windows 2000 domain controllers.
F. The replication schedule is always the same for
all Windows 2000 domain controllers.
Answer: A, B & C
Perhaps the biggest change in replication between
Windows 2000 and Windows NT 4.0 is that Windows 2000
operates using multi-master replication. This means
that there is no longer a single machine that is
responsible for all of the updates to the directory
database. Rather, all domain controllers are
capable of making changes to the directory database.
This model has many advantages such as increased
fault tolerance and load balancing. However it does
allow for loose convergency, a term used to describe
a condition in which the information contained on one
domain controller is different from the information
contained on other domain controllers.
Although replication of the schema and configuration
partitions between sites (intrasite replication) can
use the SMTP protocol. Replication of the domain
partition must always use the RPC protocol.
In addition, the replication period and replication
schedule can be configured for Windows 2000 domain
controllers based on the site that they are a member
of. Domain controllers that are located in separate
sites will typically replicate less frequently than
domain controllers located in the same site.
Q9
Distributed File System (DFS) is a feature of Windows
2000 that gives administrators to ability to present
a logical view of folders and files on the network
without regard to their physical location. The first
step in creating a DFS tree is to create the DFS
root. After creating the DFS root, you then create
nodes, known as "DFS links". Which of the following
statements regarding the creation of the DFS root and
the DFS links are correct. Choose all that apply.
A. A domain-based DFS root can only be created on
computers running Windows 2000.
B. A DFS root must be created on an NTFS partition.
C. A DFS root must be created on a dynamic disk.
D. DFS links can only be created on computers
running Windows 2000.
E. DFS links must be created on NTFS partitions.
F. DFS links must be created on dynamic disk.
Answer: A
Because a domain-based DFS root stores its topology
in Active Directory, it can only be creating on a
machine running one of the Windows 2000 Server
operating systems. Machines running Windows NT 4.0
that have been upgraded to Service Pack 3 or later
do have the ability to host a stand-alone DFS root
but not a domain-based DFS root.
Although NTFS is not required for DFS links, it is
recommended. One of the reasons why it is
advantageous to host a DFS link on an NTFS volume
is the additional security provided by the NTFS
file system. Another is that automatic replication
through File Replication Service (FRS) can only
take place on NTFS volumes. If the volume is FAT,
manual replication must occur.
Q10
There are three operations masters that are domain-
wide (meaning that there are one of each for a given
domain). These operations masters are the
infrastructure master, PDC emulator and RID master.
Certain problems will result if one or more of these
operations masters are not available. Which of the
following problems can result if the RID master is
not available? Choose all that apply.
A. Domains cannot be added to the forest
B. Domains cannot be removed from the forest
C. Error when attempting to edit a Group Policy
Object
D. Failure to move security principals between
domains
E. Inability to create security object
F. Increase in incidents of logon failure
Answer: D & E
If the RID Master is unavailable, you will face two
primary problems:
1. Inability to Create Security Object
The primary issue that you will face in this
situation is the inability to add any new security
objects, such as users, groups and computers to the
domain, resulting in the error message:
Windows cannot create the object because: The
directory service has exhausted the pool of relative
identifiers.
2. Failure to Move Security Principles Between
Domains
You will not be able to move security principals to a
new domain if the RID master in the target domain is
not operational. Unlike the above issue, all cross-
domain moves would fail immediately, due to the
unavailability of the RID master.
Answers A & B respresent problems that would most
likely result if the Domain Naming Master were not
available. Answers C & F represent problems that
would most likely result if the PDC Emulator were
not available.
Q11
An administrator for your company has acidentally
deleted an organizational unit (OU). You would like
to restore this OU through the use of a procedure
known as an authoritative restore. As part of the
procedure you must boot into Directory Services
Restore mode. After performing a normal restore of
the System State Data, you run the ntdsutil utility.
What commands must you run in order to restore just
this organizational unit? Choose two.
A. authoritative restore
B. restore
C. restore active directory
D. restore container
E. restore database
F. restore organizational unit
G. restore subtree
Answer: A & G
After restoring the System State Data in Directory
Services Restore Mode, here are the steps to
authoritatively restore Active Directory objects:
1. From the Start menu, point to Programs, point to
Accessories, and click Command Prompt.
2. At the command prompt, type ntdsutil.
3. At the NTDSUTIL prompt, type authoritative
restore.
4. At the authoritative restore prompt, type restore
subtree .
5. You should see the message "Authoritative Restore
completed successfully."
6. To exit the authoritative restore prompt, type
quit. To exit the Ntdsutil prompt, type quit. To
exit the command prompt, type exit.
Q12
Marc is currently the network administrator for a
large financial institution. Recently there have
been cases of inconsistent network behavior which
Marc believes could be due to a malfunctioning
router. Which Windows 2000 utility would be best
for Marc to use to determine the amount of packet loss
at a given router or link?
A. Call
B. Ipconfig
C. Irftp
D. Net config
E. Net statistics
F. Pathping
G. Route
Answer: F
The pathping command is a route tracing tool that
combines features of the ping and tracert commands
with additional information that neither of those
tools provides. The pathping command sends packets to
each router on the way to a final destination over a
period of time, and then computes results based on
the packets returned from each hop. Since the command
shows the degree of packet loss at any given router or
link, it is easy to determine which routers or links
might be causing network problems.
Explanations of the purpose of the utilities listed as
the other answer choices can be found at:
Q13
You would like to apply encryption settings to the
dial-in connections of your users. You would like
to configure this through the Encryption tab of the
Dial-in Profile. You notice four check boxes there
to choose from: No Encryption, Basic, Strong and
Strongest. Which of the following correctly
describes the types of encryption that can be used
with the Basic, Strong and Strongest levels of
encryption?
A. Basic encyrption only allows for MPPE 40-bit
encryption. Strong encryptions only allows for
IPSec 56-bit DES encryption. Strongest encryption
allows for IPSec Triple DES (3DES) or MPPE 128-bit
encryption.
B. Basic encyrption allows for IPSec 40-bit DES or
MPPE 40-bit encryption. Strong encryptions allows for
IPSec 56-bit DES or MPPE 56-bit encryption. Strongest
encryption allows for IPSec Triple DES (3DES) or MPPE
128-bit encryption.
C. Basic encyrption allows for IPSec 56-bit DES or
MPPE 40-bit encryption. Strong encryptions allows for
IPSec 56-bit DES or MPPE 56-bit encryption. Strongest
encryption allows for IPSec Triple DES (3DES) or MPPE
128-bit encryption.
D. Basic encyrption allows for IPSec 56-bit DES or
MPPE 56-bit encryption. Strong encryptions allows for
IPSec 128-bit DES or MPPE 128-bit encryption. Strongest
encryption only allows for IPSec Triple DES (3DES)
encryption.
Answer: C
There are four levels of encyrption that you can
process as part of a Remote Access Profile:
No Encryption
When selected, this option allows a non-encrypted
connection. To require encryption, clear the No
Encryption option.
Basic
For dial-up and PPTP-based VPN connections, Microsoft
Point-to-Point Encryption (MPPE) with a 40-bit key is
used. For L2TP over IPSec-based VPN connections,
56-bit DES encryption is used.
Strong
For dial-up and PPTP-based VPN connections, MPPE with
a 56-bit key is used. For L2TP over IPSec-based VPN
connections, 56-bit DES encryption is used.
Strongest
For dial-up and PPTP-based VPN connections, MPPE with
a 128-bit key is used. For L2TP over IPSec-based VPN
connections, triple DES (3DES) encryption is used.
This option is only available on North American
versions of Windows 2000.
Q14
You wish to set up L2TP packet filters on a Windows
2000 VPN server's Internet interface. Your Windows
2000 server's Internet Ethernet card has a static IP
address of 128.250.213.227. You perform the
following steps:
1. Run Routing and Remote Access.
2. Select my VPN Server.
3. Select IP Routing.
4. Click General.
5. In the details pane, right-click on the interface
connected to the Internet, and select Properties.
6. On the General tab, select Input Filters.
7. In the Input Filters dialog box, click Add.
8. Select the Destination network check box. In IP
address, type 128.250.213.227, and in Subnet mask,
type 255.255.255.255. In Protocol, click UDP. In
Source port, I type "VALUE X". In Destination port,
type "VALUE X", and then click OK.
9. Click Add again in the In the Input Filters dialog
box.
10. Select the Destination network check box. In IP
address, enter 128.250.213.227, and in Subnet mask,
type 255.255.255.255. In Protocol, click UDP. In
Source port, enter "VALUE Y". In Destination port,
type "VALUE Y". Close the box.
11. Select Drop all packets except those that meet the
criteria below, and then click OK.
12. Now select Output Filters.
13. In the Output Filters dialog box, click Add.
14. In the Add IP Filter dialog box, select the Source
network check box. In IP address, input
128.250.213.227, and in Subnet mask, type
255.255.255.255. In Protocol, click UDP. In Source
port, enter "VALUE X". In Destination port, input
"VALUE X", and then click OK to close.
15. Repeat step 13.
16. Select the Source network check box. In IP
address, 128.250.213.227, and in Subnet mask, type
255.255.255.255. In Protocol, click UDP. In Source
port, enter "VALUE Y". In Destination port, enter
"VALUE Y", and then click OK.
17. In the Output Filters dialog box, click Drop all
packets except those that meet the criteria below.
18. Click OK to close.
What should the values of X and Y be in this scenario
given that we wish to restrict our traffic to L2TP?
Choose all that apply.
A. UDP Value X = 1701. UDP Value Y = 502.
B. UDP Value X = 500. UDP Value Y = 1701.
C. UDP Value X = 1701. UDP Value Y = 500.
D. UDP Value X = 502. UDP Value Y = 1701.
Answer: B & C
The order you add the filters does not matter as long
as UDP port 500 and UDP Port 1701 are allowed to pass
traffic through the Internet interface for both input
and output hence allowing L2TP (and only L2TP) traffic
to move via that interface.
Q15
You installed Active Directory on a machine running
Windows 2000 Server several months ago. When you did
this you put the SYSVOL and the Active Directory log
files on a separate hard disk (Disk1) from the one
that you installed the operating system files and the
Active Directory database to (Disk0). Now you would
like to remove Disk1 from the Server and use it in a
different machine. You would like to move the Active
Directory log files and SYSVOL to Disk0. Can this be
accomplished and if so how can you do it?
A. No, this cannot be accomplished. You must remove
and reinstall Active Directory if you wish to change
the location of SYSVOL.
B. Yes, this can be accomplished. You must enter
Directory Services Restore Mode and use the ntdsutil
utility to move the Active Directory log files and
SYSVOL.
C. Yes, this can be accomplished. You must boot
into Safe Mode and use the ntdsutil utility to move
the Active Directory log files and SYSVOL.
D. Yes, this can be accomplished. Both SYSVOL and
the Active Directory log files can be moved using
Windows Explorer.
Answer: A
Both the Active Directory database and the Active
Directory log files can be moved by booting into
Directory Services Restore Mode and using the
ntdsutil utility. However, SYSVOL cannot be moved
in that fashion. You must uninstall and reintall
Active Directory if you wish to change the location
of SYSVOL.
Q16
One of the security measures that your company
mandates is that the name of the Administrator
account must be changed. This is to prevent people
from trying to log in to the account illegally. To
do this on a network consisting of both Windows NT
4.0 machines and Windows 2000 machines, which of the
following actions do you need to perform?
A. Rename the Administrator account manually on all
machines.
B. Rename the Administrator account manually on all
Windows NT 4.0 machines and rename the Administrator
account on any domain controllers holder the PDC
Emulator Operations Master role.
C. Rename the Administrator account manually on all
Windows NT 4.0 machines and rename the Administrator
account on all Windows 2000 machines using a Group
Policy Object (GPO).
D. Rename the Administrator account on all machines
using a Group Policy Object (GPO).
Answer: C
In Windows 2000, the administrator account can be
renamed through the use of Group Policies. However
since Group Policies only apply to Windows 2000
systems this will not work for the Windows NT 4.0
systems in the company. The Administrator accounts
on these systems will have to be renamed manually.
Q17
You are currently implementing Group Policies in your
organization. You company currently has a single
domain (ad.marketingint.com). The OU structure is as
follows:
Top Level OUs = Sales, Finance, Marketing
Second Level OUs = US (sub OU of Sales), Int (sub OU
of Sales), Interns (sub OU of Marketing)
You are testing Group Policies and you set up the
following policies:
GPO linked to the ad.marketingint.com domain
Disable Task Manager, Remove Run from the Start Menu
GPO linked to the Sales OU
Enable Task Manager, Do Not Remove Run from the Start
Menu
GPO linked to the Int OU (sub OU of Sales)
Disable Task Manager, Do Not Remove Run from the
Start Menu
In addition, you set all three of the GPOs to No
Override. Assuming that no other GPOs have settings
that conflict with these, what will be the effective
settings for a user in the Int OU when he or she logs
into the domain?
A. Task Manager will be disabled. Run will be
removed from the Start Menu.
B. Task Manager will be disabled. Run will not be
removed from the Start Menu.
C. Task Manager will not be disabled. Run will be
removed from the Start Menu.
D. Task Manager will not be disabled. Run will be
removed from the Start Menu.
Answer: A
If multiple GPOs have the No Override option enabled
the GPO highest up in the hierarchy will be the one
that will apply. In the above example the settings
from the domain GPO would be highest in the hierarchy
and therefore Task Manager would be disabled and the
Run command would be removed from the Start Menu.
Q18
There are two Windows 2000 Servers in the Accounting
Department of the company that you work for. You
need to make sure communicate securely with one
another. You perform the following actions on each:
1. Run MMC
2. On the Console menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click
Add.
4. In the Add Standalone Snap-in dialog box,
click Computer Management, and then click Add.
5. Verify that Local Computer is selected, and
click Finish.
6. In the Add Standalone Snap-in dialog box,
click Group Policy, and then click Add.
7. Verify that Local Computer is selected in
the Group Policy Object dialog box, and click Finish.
8. In the Add Standalone Snap-in dialog box,
click Certificates, and then click Add.
9. Select Computer Account, and click Next.
10. Verify that Local Computer is selected, and
click Finish.
11. Close the Add Standalone Snap-in dialog box.
12. Close the Add/Remove Snap-in dialog box.
Repeat steps 1-12 on the second machine.
13. In the MMC console, I select IP Security
Policies on Local Machine from the left pane.
14. Right-click Secure Server, and then choose
Assign.
15. Repeat step 13 on second server. Right-click
Client, and then choose Assign.
From the second server, you run a command prompt and
ping the IP address of the first server. You receive
the following response:
Pinging 192.168.0.25 with 32 bytes of data:
Negotiating IP Security
Negotiating IP Security
Negotiating IP Security
Negotiating IP Security
Ping statistics for 192.168.0.25:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
What do you need to do to get a normal ping response
and reduce the packet loss to an acceptable level?
A. Ping the first server again. The two servers will
have now established IPSec security association and the
ping will work fine.
B. Because ping uses ICMP, an insecure protocol
sometimes used to attack networks, you will always get
the Negotiating IP Security response when you attempt
to do a ping between two secured servers. You need to
use the command secping, included in the Windows 2000
Server Resource Kit, to verify connectivity between the
two hosts.
C. Change step 15 so that instead of right clicking
on "client", you select "secure server" instead.
D. Change step 14 so that instead of right clicking
on "secure server", you select "client".
Answer: A
The client initially sends unprotected ICMP packets to
the server but the server requires some sort of
security from the client. This will be automatically
negotiated so that the next time a ping is attempt
it should be successful. If the second computer is
switched to "secure server" as answer choice C states
it would not send any traffic until it had negotiated
IPSec protection. If the first computer is set to
"client" as answer choice D states, no data is
protected as neither side will request security and
therefore the objective will not be achieved.
Finally, there is no "secping" utility included in the
Win2K Server Resource Kit.
Q19
You are the administrator for a manufacturing company.
You want to institute smart card security on your
network so that certain people can only log onto their
machines if they have swiped their card through a
reader and entered their PIN. Which of the following
protocols is required on the Routing and Remote Access
Server if you wish to require this for remote users as
well?
A. CHAPv2
B. CHAPv3
C. EAP
D. MS-CHAP
E. SCAP
Answer: C
EAP stands for Extensible Authentication Protocol.
There is an extension to PPP called EAP/TLS. When
EAP/TLS is enabled, a remote access user is prompted to
insert the smart card and enter the PIN during network
logon authentication.
Q20
You are preparing a report for your supervisor about
Windows 2000 Professional. You are currently
running Windows 95 on all of the desktops in your
company and your supervisor wants to know what
benefits the company will receive by migrating the
desktops to Windows 2000 Professional. Which of the
following would be benefits of running Windows 2000
Professional over Windows 95? Choose all that
apply.
A. Unlike Windows 95, Windows 2000 Professional does
not require an additional Terminal Services Client
Access License.
B. Unlike Windows 95, Windows 2000 Professional is
a Plug-and-Play operating system.
C. Unlike Windows 95, Windows 2000 Professional
supports disk quotas without the use of third-party
software.
D. Unlike Windows 95, Windows 2000 Professional
supports file encryption without the use of third-
party software.
E. Unlike Windows 95, Windows 2000 Professional
supports both the FAT32 and NTFS file systems.
Answer: A, C, D & E
Windows 2000 Professional does not require a
Terminal Services Client Access License. It also
supports disk quotas, file encryption and both the
FAT32 and NTFS file systems. Windows 95 does not
support any of these features with the exception of
the FAT32 file system which is supported in Windows
95 OSR2. Although it is a Plug-and-Play operating
system, Windows 95 also offers Plug-and-Play
functionality.
Q21
You would like to track performance on several
machines running Windows 2000 Professional. You
recall that in Windows NT 4.0, all disk counters for
Performance Monitor were turned off by default and
you were required to run a command to enable tracking
of disk performance. However, you seem to recall
that there might have been in a change in this in
Windows 2000? Did you hear correctly and if so, how
has this changed in Windows 2000?
A. This has changed in Windows 2000. In Windows
2000 all disk counters are turned on by default.
B. This has changed in Windows 2000. In Windows
2000 the Logial Disk object is turned on by default
and the Physical Disk object is turned off by
default.
C. This has changed in Windows 2000. In Windows
2000 the Physical Disk object is turned on by
default and the Logial Disk object is turned off by
default.
D. This has not changed in Windows 2000. All disk
counters must still be turned on using the diskperf
command.
Answer: C
In Windows NT 4.0 all disk counters for Performance
Monitor were turned off by default. In Windows 2000
the Physical Disk object is turned on by default and
the Logial Disk object is turned off by default.
To obtain performance counter data for logical drives
or storage volumes, you must type diskperf -yv at the
command prompt, and then press ENTER.
Q22
You would like to install an internal IrDA device on
your computer running Windows 2000 Professional.
However, the device is not detected by the operating
system. Which of the following utilities can be used
to install the device manually? Choose all that
apply.
A. Add/Remove Hardware in Control Panel
B. Device Manager in Computer Management
C. Infrared and Wireless Link in Control Panel
D. Ports in Control Panel
Answer: A
According to Microsoft, here is the proedure for
adding a new infrared device:
1. In Control Panel, open Add/Remove Hardware.
2. On the Welcome to the Add/Remove Hardware wizard
page, click Next.
3. On the Choose a Hardware Task page, click Add/
Troubleshoot a device, and then click Next. You may
have to wait briefly while the wizard searches for
Plug and Play hardware.
4. In Devices, click Add a new device, and then
click Next.
5. On the Find New Hardware page, click No, I want
to select the hardware from a list, and then click
Next.
6. In Hardware types, click Infrared devices, and
then click Next.
7. In Manufacturers, click the manufacturer, and in
Infrared Device, click the infrared device.
8. If you have an installation disk for the infrared
device, click Have Disk.
9. Click Next, and then follow any additional
instructions to install the device.
Device Manager will not be useful if Windows 2000 is
unable to detect the device.
Q23
You would like to install an internal IrDA device on
your computer running Windows 2000 Professional.
However, the device is not detected by the operating
system. Which of the following utilities can be used
to install the device manually? Choose all that
apply.
A. Add/Remove Hardware in Control Panel
B. Device Manager in Computer Management
C. Infrared and Wireless Link in Control Panel
D. Ports in Control Panel
Answer: A
According to Microsoft, here is the proedure for
adding a new infrared device:
1. In Control Panel, open Add/Remove Hardware.
2. On the Welcome to the Add/Remove Hardware wizard
page, click Next.
3. On the Choose a Hardware Task page, click Add/
Troubleshoot a device, and then click Next. You may
have to wait briefly while the wizard searches for
Plug and Play hardware.
4. In Devices, click Add a new device, and then
click Next.
5. On the Find New Hardware page, click No, I want
to select the hardware from a list, and then click
Next.
6. In Hardware types, click Infrared devices, and
then click Next.
7. In Manufacturers, click the manufacturer, and in
Infrared Device, click the infrared device.
8. If you have an installation disk for the infrared
device, click Have Disk.
9. Click Next, and then follow any additional
instructions to install the device.
Device Manager will not be useful if Windows 2000 is
unable to detect the device.
Q24
You wish to install a VPN server on one of the
Windows 2000 servers that exist within your
organization. The server has an Ethernet card that
is connected to a cable modem which in turn is
connected via an ISP to the Internet. The server
also has another Ethernet card that is connected to
the local intranet. You wish to secure the VPN server
from sending or receiving any traffic on its Internet
interface, except for PPTP or L2TP over IPSec traffic
from branch office routers or remote access clients.
Which of the following should you do?
A. Configure a remote access policy that only
authenticates the traffic from the Internet that
conforms to specific IP ranges.
B. Configure a remote access policy that only
authenticates members of a specific group called "VPN
Users" to use the internet interface.
C. Configure PPTP and L2TP over IPSec input and output
filters on the Internet interface.
D. Configure PPTP and L2TP over IPSec input and output
filters on the intranet interface.
Answer: C
PPTP and L2TP over IPSec input and output filters need
to be configured on the Internet interface.
Configuring them on the intranet interface will not
secure the Internet interface from receiving and
sending traffic other than that specified. You would
not use a remote access policy to do this sort of
protocol filtering.
Q25
Melissa is monitoring the behavior of one of the
servers on her company's network. She notices that
disk space on the D: drive is getting low. In order
to remedy this, she decides to extend the volume to
add additional free space. However when she attempts
to perform this action she is unsuccessful. The
computer has the following configuration:
-Windows 2000 Server (upgraded from NT 4.0 Server)
-Two simple volumes (C: and D:) both formatted with
the NTFS file system (converted from the FAT file
system after the volumes were created)
-One Dynamic disk (converted from a basic disk after
the volumes were created)
-C: drive is the active partition and the boot
partition
-4 GB of unpartitioned free space on the disk
What is the most likely reason why Melissa is unable
to extend the D: drive?
A. The volume that Melissa is attempting to extend
was initially formatted with FAT file system. In
order to extend a simple volume it must have been
initially formatted with the NTFS file system.
B. The volume that Melissa is attempting to extend
was created on a basic disk. In order to extend a
simple volume it must have been initially created on
a dynamic disk.
C. The volume that Melissa is attempting to extend
contains the operating system files. You cannot
extend a simple volume that contains the operating
system files.
D. The volume that Melissa is attempting to extend
has already been extended before. You may extend a
volume only one time.
Answer: B
Extending a volume can only be done on a volume that
was originally created on a dynamic disk. If the
volume was created first on a basic disk and then
the disk was converted to a dynamic disk it cannot be
extended.
The D: drive does not contain the operating system
files as the question states that the C: drive is the
boot partition. The boot partition is the partition
that contains the operating system files.
The volume has not been extended before. If it has
been it would be referred to as a spanned volume
rather than a simple volume as the question states.
Q26
Your Windows 2000 server is configured with four 30
GB hard drives (Disk 0, Disk 1, Disk 2 and Disk 3).
All of the disks are dynamic disks. You have the
operating system installed to a 5 GB partition on
Disk 0. You currently do not have any other data
stored on the disks.
You would like to provide fault tolerance for the
operating system files in the event that the disk that
the operating system is installed to fails. In
addition, you will be storing data on the remainder of
the disk subsystem. You would like to maximize
performance but are not concerned about fault
tolerance for this data. Which of the following would
provide the best solution?
A. Back up the boot and system partitions. Configure
all four of the disks to be a RAID-5 volume. Restore
the boot and system partitions to the RAID-5 volume.
B. Mirror the boot and system partitions to Disk 1.
Configure a RAID-5 volume using the remaining 25 GB on
Disk 0 and Disk 1 and 25 GB from Disk 2 and Disk 3.
C. Mirror the boot and system partitions to Disk 1.
Configure a striped volume using the remaining 25 GB on
Disk 0 and Disk 1 and 25 GB from Disk 2 and Disk 3.
D. Back up the boot and system partitions. Configure
all four of the disks to be a striped volume. Restore
the boot and system partitions to the striped volume.
Answer: C
We'll explain this one through process of elimination.
First, a RAID-5 volume would not be the best type of
volume to use in this scenario. A RAID-5 volume
cannot contain the system or boot partition. Also,
because the question specifies that fault tolerance
for the data is not necessary and that performance is
important, a RAID-5 volume is not the best choice.
A better choice for the data would be a striped
volume. Data in a striped volume is allocated
alternately and evenly (in stripes) to the disks of the
striped volume and substantially improve the speed of
access to your hard disk. However striped volumes do
not provide any fault tolerance and cannot contain the
boot or system partitions. Therefore you should
mirror the system and boot partitions to one of the
other disks in your system.
Q27
You have a machine with Windows 2000 Advanced Server
installed on it. The machine currently has the
following configuration.
Disk 0 - Simple volume, Contains Windows 2000
system partition
Disk 1 - Simple volume, Contains Windows 2000 boot
partition
Disk 2 - Part of Striped Volume
Disk 3 - Part of Striped Volume
Disk 4 - Part of Striped Volume
All 5 disks are dynamic disks. You have 3 GB of free
space available on Disk 0, 6 GB of free space
available on Disk 1 and a total of 20 GB available on
the striped volume.
You would like to optimize paging file performance.
Currently your paging file is located on Disk 0. If
want the best possible performance for your paging
file what would likely be the best configuration
option?
A. Move the paging file to Disk 1.
B. Move the paging file to Disk 2.
C. Move the paging file to Disk 3.
D. Move the paging file to Disk 4.
E. Spread the paging file across all of the disks.
F. Spread the paging file across Disks 1-4.
G. Spread the paging file across Disks 2-4.
H. Spread the paging file across Disks 3-4.
Answer: G
Windows 2000, by default, will place the paging file
on the boot partition where the operating system is
installed. However, placing the paging file on the
boot partition does not optimize performance because
Windows NT and Windows 2000 have to perform disk I/O
on both the system directory and the paging file.
Therefore the following steps can be taken to
optimize paging file performance.
Place the paging file on a different partition than
the operating system files.
Place the paging file on a different physical hard
disk than the operating system files.
Spread the paging file across multiple hard disks.
Q28
All of the users in your company have their home
directories stored on a server named FS7. Recently
users have complained that it is taking a long time
to access the files in their home directories. The
home directories are currently stored on the D: drive
which is 6 GB in size and has been formatted with the
NTFS file system. Which of the following actions
could you perform on FS7 to improve access speed to
these files? Choose all that apply.
A. Run the "diskperf -yv" command on the server.
B. Convert the drive to the FAT file system by
running the command "convert d: /fs:fat" from the
command prompt.
C. Use disk compression on the home directories to
reduce the size of the files that are contained
within.
D. Defragment the D: drive using the Disk
Defragmenter Utility that is located in Disk Manager.
E. Backup the data stored on FS7. Upgrade the disk
subsystem. Restore the data to the upgraded disk
subsystem.
Answer: D & E
Both defragmenting the drive and upgrading the disk
subsystem can lead to an increase in disk access time.
The diskperf command will allow to obtain performance
counter data for logical drives or storage volumes.
Because disk counters can cause a modest increase in
disk access time, Windows 2000 does not automatically
activate the Logial Disk object on system startup.
Although disk compression can reduce the amount of
space that files consume, it can have a negative
effect on performance as it will increase CPU
utilization. Although disk performance might increase
on smaller volume with data that is highly
compressible, in the above example it would likely
decrease performance.
Q29
You have created an Active Directory domain that you
will be using for testing purposes. You would like
to populate the domain with several thousand user
accounts. However, doing this through Active
Directory Users and Computers would be a very time-
consuming task. You have all of the information for
the user accounts stored in several different formats
(text file, Excel spreadsheet, etc.) and would like
to automatically generate the accounts based on that
information. What Windows 2000 tools would allow you
to do this? Choose all that apply.
A. ClonePrincipal
B. CSVDE
C. dsa.msc
D. LDIFDE
E. Movetree
F. Netdom
Answer: B & D
CSVDE is a tool that is used to export and import data
from files that are compatible with the comma-
separated variable (CSV) format used in applications
such as Microsoft Excel. LDIFDE is another tool that
can be used to export and import data in Active
Directory.
ClonePrincipal is a tool that allows you to migrate
users incrementally to a Windows 2000 environment
without impacting your existing Windows NT
production environment.
dsa.msc is the named of the Active Directory Users &
Computers snap-in.
Movetree is a tool that allows you to move Active
Directory objects between domains.
Netdom is a tool that allows you to manage Windows 2000
domains and trust relationships from the command line.
Q30
You are the administrator for a company running a
single mixed-mode domain with the name of acme.com.
Recently you hired several dozen employees who will
be working from home and accessing the companies
network through dial-up connections. You are very
concerned about an intruder accessing your network
through one of these accounts. You would like to
give these users a separate Lockout Policy so that
if they attempt to logon incorrectly more than twice
they are immediately locked out and can only be
unlocked by an administrator. However, the current
Lockout Policy for the domain locks out users after
five bad logon attempts and automatically unlocks
the accounts after thirty minutes.
What is the best way to create a different Lockout
Policy for your remote users?
A. Create a new organizational unit (OU) called
RemoteUsers. Place all of the remote user accounts
in this OU and configure the Lockout Policy at the
OU level.
B. Create a new site called RemoteUsers. Create
subnets for the site based on the IP addresses that
the computers for the remote users will have.
Configure the Lockout Policy at the site level.
C. Create a new domain called remote.acme.com.
Place all of the remote user accounts in this
domain and configure the Lockout Policy at the
domain level.
D. Create a domain in a new forest and name it
remote.com. Place all of the remote user accounts
in this domain and configure the Lockout Policy at
the domain level. Create an external trust between
the acme.com domain and the remote.com domain.
Answer: C
All domain controllers for a domain enforce the
account policies that are defined in the Default
Domain Policy. Domain controllers ignore password,
lockout, or Kerberos policies defined at an OU or
local level. Hence, if you would like separate
password, lockout or Kerberos policies for users in
your organization you must create separate domains.
Although answer D would indeed allow you to create
separate lockout policies for the users it would not
typically be the best way to achieve your objective
as the administration of manually created trusts can
be quite cumbersome.
Q31
Your Windows 2000 Server computer has the following
configuration:
-One physical hard disk configured as a basic disk
-One partition (C:) formatted with the FAT file
system
You would like to support disk quotas and the
Encrypting File System (EFS) on your computer. What
must you do to allow this?
A. Convert the disk from a basic disk to a dynamic
disk.
B. Convert the C: drive to the FAT32 file system.
C. Convert the C: drive to the NTFS file system.
D. Format the C: drive with the FAT32 file system.
E. Format the C: drive with the NTFS file system.
Answer: C
Both disk quotas and the Encrypting File System (EFS)
require a volume formatted with the NTFS file system.
If you wish to preserve the data on an existing drive
(as well as current profile information such as
desktop settings) you must convert the drive rather
than format it. Formatting the drive will erase all
existing data on the drive.
A disk does not need to be converted to a dynamic
disk to support disk quotas and EFS.
Q32
Your Windows 2000 Professional desktop is
experiencing slow performance when you run several
resource-intensive applications. The desktop has the
following specifications:
-Pentium II 350 Mhz Processor
-128 MB of RAM
-EIDE Hard Drive
While viewing System Monitor, you notice average
values for the following statistics:
LogicalDisk - % Free Space: 7%
Memory - Pages/Sec: 2
Physical Disk - % Disk Time: 5%
Processor - % Processor Time: 4%
What would be the best step to take to improve
system performance?
A. Upgrade the hard drive to a SCSI hard drive
B. Run Disk Cleanup
C. Increase the amount of RAM in the system
D. Increase the CPU priority for all applications
E. Add a second CPU to the system
Answer: B
Running out of disk space on a Windows 2000 system
can cause performance problems. One way to monitor
the amount of free disk space on a system is to use
the LogicalDisk - % Free Space counter located in the
System Monitor utility. If this number is very low,
it is a good indication that disk space is limited
and that additional disk space should be made
available.
An easy way to make additional disk space available
is to run the Disk Cleanup utility. The Disk Cleanup
utility will perform the following tasks to clear
space on your hard drive:
- Remove temporary Internet files.
- Remove any downloaded program files (ActiveX
controls and Java applets downloaded from the
Internet).
- Empty the Recycle Bin.
- Remove Windows 2000 temporary files.
- Remove Windows 2000 components that you are not using.
- Remove installed programs that you no longer use.
Q33
Kelly would like to install Windows 2000 Professional
on her laptop at work. She lists the following
characteristics of her current machine:
-Pentium Pro 200 Mhz
-24 MB of RAM
-2.0 GB hard disk, 650 MB of free space
Kelly asks you if her system is sufficient to install
Windows 2000 to. What would you tell her?
A. Yes. According to Microsoft's documentation, her
system meets the minimum system requirements for
running Windows 2000 Professional.
B. No. According to Microsoft's documentation, her
system will need to have the processor upgraded before
installing Windows 2000 Professional.
C. No. According to Microsoft's documentation, her
system will need to have the memory upgraded before
installing Windows 2000 Professional.
D. No. According to Microsoft's documentation, her
system will need to have the hard disk upgraded before
installing Windows 2000 Professional.
Answer: C
Here are the minimum system requirements for running
Windows 2000 Professional.
-133 MHz or higher Pentium-compatible CPU.
-64 megabytes (MB) of RAM recommended minimum; more
memory generally improves responsiveness.
-2GB hard disk with a minimum of 650MB of free space.
Q34
Your server is configured with the following disks:
Disk 0 contains two partitions (C: and D:). The C:
partition contains the operating system files and is
also the active partition. It is a 6 GB partition
of which 4 GB is currently in use. The D: partition
is a 2 GB partition with 1 GB currently in use.
There is 12 GB of unpartitioned free space available
on Disk 0.
Disk 1 does not contain any partitions. The capacity
of the disk is 20 GB.
Disk 2 does not contain any partitions. The capacity
is 12 GB.
All of the disks are dynamic disks. You would like
to create a RAID-5 volume on the disks to achieve the
maximum amount of available disk space to store data
to. When you are finished how much usuable space will
you have on the RAID-5 volume?
A. 4 GB
B. 6 GB
C. 24 GB
D. 32 GB
E. 36 GB
F. 44 GB
Answer: C
RAID-5 provides data redundancy at a cost of only one
additional disk for the volume. Therefore the amount
of usable disk space can be calculated by the
following formula: [Y(X-1)]/X where X represents the
number of disks in the RAID-5 volume and Y represents
the total amount of space on all of the volumes (e.g.
the number of disks multiplied by the amount of space
used on each disk).
In the above example, the maximum amount of space
available on Disk 0 and Disk 2 is 12 GB and on Disk 1
is 20 GB. Because RAID-5 volumes write evenly across
all of the disks, an equal amount of space on each
drive will be used for the RAID-5 volume (12 GB on
each disk). This gives a total amount of 36 GB.
Plugging those numbers into the formula above
([36(3-1)]/3) yields a result of 24 GB of usable
space on the RAID-5 volume.
Q35
Several users have exceeded their quota warning limit
on one of the volumes on your server. These users
only have the ability to save a few more MB of data
to the drive. You would like these users to be able
to save new documents that they create to the volume.
What actions could be performed to give these users
the ability to save new documents to the volume?
Choose all that apply.
A. Instruct the users to compress the documents that
they currently have stored on the volume.
B. Instruct the users to encrypt the documents that
they currently have stored on the volume.
C. Instruct the users to delete documents that they
no longer need from the volume.
D. Configure quota entries for the users that are
greater than the default quota value assigned to the
volume.
E. Run the Disk Defragmenter utility on the volume.
Answer: C & D
Disk quotas are configured on a per-volume basis and
are based on the uncompressed size of the file.
Compressing or encrypting documents on a volume will
not allow have any effect on the amount of data a
user can save to the volume. The only way that a
user can give themself the ability to save additional
data to the volume is to delete documents on the
volume that they no longer need.
As an administrator you can also set an individual
quota entry for users that you would like to have
more (or less) space on the drive than what is
specified by the default quota value for the volume.
Q36
On one of the network servers in your company, there
are several confidential files that only the President
of the company, Mary Miller, has access to. The NTFS
permissions for these files are configured as follows:
mmiller Allow Full Control
The files are located in a folder called HighSec.
There are other files in the HighSec folder that are
configured with different NTFS permissions so that
other members of the Executives group (of which Mary
is also a member of) can gain access to them. The
HighSec folder is shared with the following
permissions:
mmiller Allow Full Control
Executives Allow Change
Domain Admins Allow Full Control
Mary has decided to leave the company to pursue
another opportunity. The decision has been made that
Mary's user account must no longer have access to any
of the files within the HighSec folder. In addition,
the files that were only accessible by Mary should be
immediately deleted. All other permissions should
remain intact so that the levels of access given to
the other members of the Executives group and Domain
Admins group are unchanged.
You perform the following actions:
1. You log on as a member of the Domain Admins group
and take ownership of all of the files for which only
Mary had access at the machine containing the HighSec
folder.
2. After taking ownership of those files, you change
the NTFS permissions to Allow Delete for the
Administrators group.
3. You delete the files in the HighSec folder for
which only Mary had access to.
4. You remove the shared folder permission of Allow
Full Control for the mmiller account.
Which of the following objectives have you
successfully completed? Choose all that apply.
A. Mary cannot access any files within the HighSec
folder.
B. The files within the HighSec folder that only
Mary could access have been deleted.
C. The level of access that the other members of the
Executives group have to files within the HighSec
folder has not been affected.
D. The level of access that the other members of the
Domain Admins group have to files within the HighSec
folder has not been affected.
Answer: B, C & D
Through your actions you have successfully completed
all of the objectives except A. Although Mary will no
longer be able to access the files that only she had
access to, she still may be able to gain access to
other files with the HighSec folder. In addition,
because Mary is a member of the Executives group, she
has the ability to access the shared folder over the
network as the Executives group have the Allow Change
shared folder permission to HighSec.
Q37
Sally is currently dual-booting Windows 2000
Server and Windows 98 on her laptop. She does
most of her work from Windows 98 but has Windows 2000
Server installed for learning purposes. The disk
contains a single partition which is currently
formatted with the FAT32 file system.
While booted into Windows 2000 Server, Sally attempts
to upgrade her basic disk to a dynamic disk using
the Disk Management utility. She is unable to do so.
What is the best explanation for Sally's inability to
convert the disk to a dynamic disk?
A. Windows 98 does not support dynamic disks. You
cannot convert a disk to dynamic if a non-Windows
2000 operating system is installed to it.
B. Windows 2000 does not support this upgrade on a
laptop computer because laptops typically cannot take
advantage of the options that dynamic disks provide.
C. The partition is formatted with the FAT32 file
system. All of the partitions on a disk must first
be converted to the NTFS file system before upgrading
a disk from a basic disk to a dynamic disk.
D. Sally attempted to convert the disk using the
Disk Management utility rather than the convert.exe
utility. Convert.exe is the correct utility to
upgrade a basic disk to a dynamic disk.
Answer: B
This issue occurs because the Windows 2000 Disk
Management console does not support this upgrade on a
laptop computer. Laptops usually only support a
single internal hard disk, so they cannot take
advantage of the advanced volume options that dynamic
disks provide. Dynamic disks have advantages over
basic disks only when there are two or more dynamic
disks in the system.
Answer A is partially correct in the sense that
Windows 98 does not support dynamic disks. However
there is no mechanism to prevent a disk on which a
non-Windows 2000 operating system is installed from
being upgraded to a dynamic disk. Of course, after
such an upgrade any non-Windows 2000 operating
systems would no longer be functional.
Q38
Your Windows 2000 server is configured with four 30
GB hard drives (Disk 0, Disk 1, Disk 2 and Disk 3).
All of the disks are dynamic disks. You have the
operating system installed to a 5 GB partition on
Disk 0. You currently do not have any other data
stored on the disks.
You would like to provide fault tolerance for the
operating system files in the event that the disk that
the operating system is installed to fails. In
addition, you will be storing data on the remainder of
the disk subsystem. You would like to maximize
performance but are not concerned about fault
tolerance for this data. Which of the following would
provide the best solution?
A. Back up the boot and system partitions. Configure
all four of the disks to be a RAID-5 volume. Restore
the boot and system partitions to the RAID-5 volume.
B. Mirror the boot and system partitions to Disk 1.
Configure a RAID-5 volume using the remaining 25 GB on
Disk 0 and Disk 1 and 25 GB from Disk 2 and Disk 3.
C. Mirror the boot and system partitions to Disk 1.
Configure a striped volume using the remaining 25 GB on
Disk 0 and Disk 1 and 25 GB from Disk 2 and Disk 3.
D. Back up the boot and system partitions. Configure
all four of the disks to be a striped volume. Restore
the boot and system partitions to the striped volume.
Answer: C
We'll explain this one through process of elimination.
First, a RAID-5 volume would not be the best type of
volume to use in this scenario. A RAID-5 volume
cannot contain the system or boot partition. Also,
because the question specifies that fault tolerance
for the data is not necessary and that performance is
important, a RAID-5 volume is not the best choice.
A better choice for the data would be a striped
volume. Data in a striped volume is allocated
alternately and evenly (in stripes) to the disks of the
striped volume and substantially improve the speed of
access to your hard disk. However striped volumes do
not provide any fault tolerance and cannot contain the
boot or system partitions. Therefore you should
mirror the system and boot partitions to one of the
other disks in your system.
Q39
You have recently installed a new device driver on
your Windows 2000 Server. When you restart your
system you receive a Blue Screen of Death error.
What would be the easiest way to attempt to restore
your system to a bootable state?
A. Start the machine and when the list of available
operating systems appears, press F8 to get to the
Windows 2000 Advanced Options Menu. Choose
"Directory Service Restore Mode". Remove the device
driver and reboot your system.
B. Start the machine and when the list of available
operating systems appears, press F8 to get to the
Windows 2000 Advanced Options Menu. Choose
"Last Known Good Configuration".
C. Boot from the Emergency Repair Disk. Choose the
Fast Repair (press F) Option.
D. Open System in Control Panel, Click the Hardware
tab, and then click Driver Signing. Under file
signature verification choose "Block".
Answer: B
Choosing Last Known Good Configuration provides a way
to recover from problems such as a newly added driver
that may be incorrect for your hardware. It does not
solve problems caused by corrupted or missing drivers
or files.
To start Windows 2000 using the last known good
configuration
1. Click Start, and then click Shut Down.
2. Click Restart, and then click OK.
3. When you see the message Please select the
operating system to start, press F8.
4. Use the arrow keys to highlight Last Known Good
Configuration, and then press ENTER.
5. Use the arrow keys to highlight an operating system,
and then press ENTER.
Q40
Ted has a laptop that he uses in a docking station
when he is at the office. The docking station allows
him to access the network through a network interface
card (NIC). When Ted is at home, he connects to the
network by dialing up to the office using a modem.
He wants to disable certain devices such as the NIC
and the CD-ROM drive when he is at home and away from
his docking station. What kind of profile should Ted
create for his computer to prevent Windows 2000 from
attempting to start his network adapter and CD-ROM
drive when he is at home?
A. Local profile
B. Personal roaming profile
C. Mandatory roaming profile
D. Hardware profile
E. Low profile
Answer: D
Hardware profiles tell Windows 2000 which devices to
start when a system boots and/or which settings to
use for each device. There is a default hardware
profile that is automatically created when Windows
2000 is installed on a system. By default, this
hardware profile enables every device that is
installed on the computer.
One of the main uses for hardware profiles is the
situation above where a user has a different
configuration depending on whether he or she is on
the network or away from the network. Hardware
profiles let you change the devices that your
computer uses when you move from location to
location. One hardward profile may have certain
components such as a NIC and CD-ROM drive installed
based on the specification of your hardware
configuration when you are using the docking
station. Another profile might have those devices
disabled so that you don't receive errors when
starting the system away from the docking station
due to the absence of those devices.
Q41
You currently have two Terminal Servers in your
company named TServer1 and TServer2. Both of the
servers are running Terminal Services in application
server mode. You would like to configure the
Terminal Servers so that all Authenticated Users have
access to TServer1 but only members of the Finance
group have access to TServer2. What could you do to
allow only members of the Finance group to access
TServer2 while still allowing other users to access
TServer1?
A. From the Terminal Service Configuration utility,
choose the connection for TServer2 and configure the
permissions so that only the Finance group has the
ability to access the server.
B. In the Terminal Services Profile tab in a user's
properties, disable the option for "Allow logon to
Terminal Services" for all users that are not members
of the Finance group.
C. Enable Terminal Services in remote administration
mode on TServer2.
D. Change the configuration for TServer2 so that all
users other than members of the Finance group have
only guest access.
Answer: A
To meet the requirements of the above scenario, you
must configure the permissions on the connection for
the Terminal Server. To add or remove users and
groups from the permissions list, perform the
following steps:
1. Open Terminal Services Configuration
2. In the console tree, click Connections.
3. In the details pane, right-click the connection
for which you want to configure permissions, and then
click Properties.
4. On the Permissions tab, click Add or Remove and
select the appropriate user or group which you wish
to add or remove.
Answer B would prevent users that weren't in the
Finance group from accessing all Terminal Servers.
Answer C would only allow Administrators to access
TServer2.
Answer D would still allow non-Finance members to
access TServer2.
Q42
You have a Windows 2000 Server that has two hard
disks installed. You convert both of the disks to
dynamic disks and configure a mirrored volume to
give the system and boot partitions (both on C:)
fault tolerance. However you are concerned that if
the original disk fails you will not be able to
boot the system from the mirrored disk. What
precautionary measure can you take to ensure that
you can boot from the mirrored disk in the event that
the original disk fails?
A. Modify the ARC path in the boot.ini file on the
C: drive to display the ARC path for the mirrored
volume.
B. Copy the boot.ini file from the C: drive on the
original disk to the C: drive on the mirrored disk.
C. Create a boot disk that contains the correct
ARC path for the mirrored volume.
D. Remove the mirrored volume. Configure fault
tolerance for the C: drive using a RAID-5 volume.
Answer: C
Should your system or boot partition fail, the system
will not start. If you want to start the system from
the mirror of a failed system or boot volume you need
to have an ARC path that is modified to correctly
display the ARC path for the mirrored volume. More
information on ARC paths can be found in the Windows
2000 Server Resource Kit.
A good practice is to create the fault-tolerant boot
disks when you configure the mirrored volume. Test
these book disks in advance to verify that you will be
able to start your computer from the mirrored volume
if the primary disk is lost. To check your boot disks
you should test the boot disk after powering the
primary disk off.
Q43
You are the administrator who is responsible for all
of the desktops and servers in the Detroit office.
There are currently seven domain controllers in your
office. You have collected the following information
about these domain controllers:
- Four of them are for the sales.abccorp.com and are
named SalesD1, SalesD2, SalesD3 and SalesD4
- Two of the domain controllers are for the
marketing.abccorp.com domain and are named
MarketingD1 and MarketingD2
- One of the domain controllers is for the
it.abccorp.com domain and is named ITD1
Using Replication Monitor you notice that MarketingD1
and SalesD2 are direct replication partners. Which
partitions are replicated between MarketingD1 and
SalesD2? Choose all that apply.
A. Configuration partition
B. Domain partition
C. Infrastructure partition
D. Schema partition
E. Sysvol partition
Answer: A & D
Each domain controller contains at least three full,
writable directory partition replicas. They are as
follows:
1. Schema partition - Contains all class and
attribute definitions for the forest.
2. Configuration partition - Contains replication
configuration information (and other information) for
the forest.
3. Domain partition - Contains all objects that are
stored by one domain.
There is one schema partition and one configuration
partition per forest. There is one domain directory
partition for each domain in the forest. A full
replica of a domain's partition is stored on all
domain controllers of that domain while a full
replica of a forest's configuration and schema
partitions is stored on all domain controllers of
that forest. Therefore, domain controllers that are
replication partners but not members of the same
domain will only replicate their schema and
configuration partitions.
Q44
Although Active Directory in Windows 2000 primarily
operates using multiple-master replication, there are
certain roles which lend themselves better to single-
master replication. Active Directory in Windows 2000
has five of those roles. The machines holding these
roles are termed operations masters.
One of the operation masters is responsible for
updating the group-to-user references whenever the
members of groups are renamed or changed. What is the
name that Microsoft gives to this operations master?
A. Domain Naming Master
B. Infrastructure Master
C. PDC Emulator
D. RID Master
E. Schema Master
Answer: B
The infrastructure master is the machine responsible
for updating group-to-user references whenever the
members of groups are renamed or changed. This will
happen when you rename or move a member of a group
and that member resides in a different domain from
the group. In this case, the group temporarily
appears not to contain that member. It is the
responsibility of the machine holding the
infrastructure master role to update the group so it
knows the new name or location of the member.
There is only one infrastructure master per domain
and it is important that the infrastructure master
role must not be given to a machine that is serving
as a global catalog server.
Q45
Using Remote Installation Services, you can set up new
client computers remotely without the need to
physically visit each client machine. Specifically,
you can install operating systems on remote
boot-enabled client computers by connecting the
computer to the network, starting the client computer,
and logging on with a valid user account.
Which of the following are requirements for a Remote
Installation Services server? Choose all that apply.
A. At least 128 MB of RAM
B. Pentium 166 or faster processor
C. An NTFS-formatted volume
D. Distributed File System
E. PXE DHCP-based boot ROM version .99c or greater
Answer: A, B & C
Server hardware requirements
Personal computer with Pentium or Pentium II 200 MHz
or faster processor (Pentium 166 minimum).
256 megabytes (MB) of RAM recommended minimum (128 MB
minimum supported; 4 gigabytes (GB) maximum).
2-gigabyte (GB) disk drive for Remote Installation
Services servers folder tree.
10 or 100 MB/sec network adapter (100 MB/sec
recommended).
* CD-ROM drive.
The volume you choose to install Remote Installation
Services onto must be formatted with the NTFS file
system.
Remote Installation Services does not support the
Encrypting File System (EFS) or the distributed file
system (Dfs).
Although the client must support the PXE DHCP-based boot
ROM version .99c or greater, this is not a requirement
of the RIS server.
Q46
Which of the following are NOT supported by Windows
2000 Professional? Choose all that apply.
A. 2 processors
B. 8 GB of RAM
C. Dynamic disks
D. Disk quotas
E. Clustering
Answer: B & E
Windows 2000 Professional supports up to two symmetric
multiprocessors. It also supports both dynamic disks
and disk quotas. However, it only supports up to 4
gigabytes (GB) of RAM and you cannot set up clustering
on Windows 2000 Professional.
Q47
Recently someone in your company deleted several
confidential files. You've been tasked with tracking
system activity and identifying the person who
performs such an action should this ever happen
again. You have several Windows 2000 Professional
machines on which members of the Executives group
store their confidential data. You want to track both
successful and unsuccessful attempts by anybody to
read, delete and write to certain files and folders.
However, you do not want to do any additional auditing
that might slow system performance.
You perform the following actions on the Windows 2000
Professional machines:
-In the local group policy object, you enable
auditing of object access when successful and
unsuccessful.
-In the local group policy object, you enable
auditing of process tracking when unsuccessful.
-In Windows Explorer, you select to track successful
and unsuccessful reads and writes by members of the
Everyone group for the confidential files.
-In Windows Explorer, you select to track successful
and unsuccessful deletes by members of the Executives
group for the confidential files.
Which of the following objectives have you achieved?
Choose all that apply.
A. All successful and unsuccessful attempts to read
the confidential files will be tracked.
B. All successful and unsuccessful attempts to write
to the confidential files will be tracked.
C. All successful and unsuccessful attempts to
delete the confidential files will be tracked.
D. Auditing has been kept to a minimum to improve
system performance.
Answer: A & B
To set up auditing of files and folders, perform the
following steps:
1. Click Start, click Run, type mmc, and then click
OK.
2. On the Console menu, click Add/Remove Snap-in,
and then click Add.
3. Under Snap-in, click Group Policy, and then click
Add.
4. In Select Group Policy Object, click Local
Computer, click Finish, click Close, and then click
OK.
5. In Local Computer Policy, click Audit Policy.
6. In the details pane, right-click Audit Object
Access, and then click Security.
7. In Local Security Policy Setting, click the
options you want, and then click OK.
To specify files and folders to audit, perform the
following actions:
1. In Windows Explorer, right-click the file or
folder you want to audit, and then click Properties.
2. On the Security tab, click Advanced.
3. On the Auditing tab, click Add.
4. In the Select User, Computer, or Group dialog box,
click the name of the user or group whose actions you
want to audit, and then click OK.
5. In the Auditing Entry dialog box, in Access, click
Successful, Failed, or both for the actions you want to
be audited, and then click OK.
In the above question, attempts to delete the files by
anyone other than a member of the Executives group
would not be tracked so Answer C is incorrect. Also,
process tracking is very resource-intensive and should
only be used for troubleshooting purposes. As it will
likely slow system performance, Answer D is also
incorrect.
Q48
An employee in your company has a disability that
makes it difficult for him to use a keyboard. You
would like to be able to give him the ability to
type by displaying a virtual keyboard and allowing
him to use a mouse or joystick to type data. Which
accessibilty option in Windows 2000 will allow you
to enable this?
A. MouseKeys
B. FilterKeys
C. Virtual Keyboard
D. On-Screen Keyboard
E. Keyboard Synthesizer
Answer: D
On-Screen Keyboard is a utility that displays a virtual
keyboard on your screen and allows users with mobility
impairments to type data using a pointing device or
oystick. On-Screen Keyboard is intended to provide a
minimum level of functionality for users with mobility
impairments.
MouseKeys enables you to use the numeric keypad to move
the mouse pointer and to click, double-click, and drag.
FilterKeys instructs your keyboard to ignore brief or
repeated keystrokes. You can also adjust the keyboard
repeat rate, which is the rate at which a key repeats
when you hold it down.
There are no accessibility options labeled "Virtual
Keyboard" or "Keyboard Synthesizer" in Windows 2000.
Q49
On your network you need to adjust the appearance and
behavior of Windows 2000 to enhance accessibility for
some vision-impaired, hearing-impaired, and mobility-
impaired users. You wish to do so without requiring
the use of additional hardware or software. To do
so, you configure some settings under Accessibility
Options in Control Panel.
After testing these settings you realize that you
would like to have sounds emitted when a user presses
certain locking keys on their keyboard. Which of the
options would you use to enable this?
A. SerialKeys
B. ShowSounds
C. ToggleKeys
D. SoundSentry
E. StickyKeys
Answer: C
ToggleKeys causes tones to sound when you press CAPS
LOCK, NUM LOCK, and SCROLL LOCK. To turn on
ToggleKeys:
1. Open Accessibility Options in Control Panel.
2. On the Keyboard tab, under ToggleKeys, select the
Use ToggleKeys check box.
SerialKeys provides alternative access to keyboard and
mouse features.
ShowSounds instructs programs to provide visual cues,
such as informative icons or text, for events that are
normally only indicated by a sound.
SoundSentry displays a visual warning, such as a
blinking program window, when your computer's built-in
speaker makes a sound.
StickyKeys, located in Accessibility Options in Control
Panel, provides access to the SHIFT, CTRL, ALT, or
the Windows keys by pressing one key at a time.
Q50
When you install software on a computer, system files
can be overwritten by unsigned or incompatible
versions which can cause system instability. One
feature of Windows 2000 Professional which can help to
prevent this is File System Verification. If you wish
to set file signature verification options so that all
users of a computer are prevented from installing
unsigned drivers in the future, which of the following
tasks should you perform? Choose all that apply.
A. In System Properties in Control Panel, click
Hardware, click Driver Signing and choose Warn.
B. In System Properties in Control Panel, click
Hardware, click Driver Signing and choose Ignore.
C. In System Properties in Control Panel, click
Hardware, click Driver Signing and choose Block.
D. While logged on as a member of the
Administrators group, run the following sfc.exe utility
with the /scanonce switch.
E. While logged on as a member of the Administrators
group, access Driver Signing and click "Apply setting
as system default".
Answer: C & E
To prevent the future installation of unsigned drivers
do the following:
1. Open System in Control Panel.
2. Click the Hardware tab, and then click Driver
Signing.
3. Under File signature verification, click one of
the following:
-Click Block to prevent an installation program from
installing device drivers without a digital signature.
If you are a logged on as an administrator or as a
member of the Administrators group, click Apply setting
as system default to apply the selected setting as the
default for all users who log on to this computer.
System File Checker (sfc.exe) is a command line utility
that scans and verifies the versions of all protected
system files after you restart your computer.
Q51
Performance on your Windows 2000 system has been
rather sluggish lately. As part of the
troubleshooting process you want to use System
Monitor to view the performance of some counters that
track resource usage and system activity. When you
go to collect logical-disk data for your system, you
are unable to do so. What is the most likely reason
for not being able to collect and view logical-disk
data on a Windows 2000 Professional computer?
A. You cannot view logical-disk data on a Windows
2000 Professional computer. Viewing of logical-disk
data is limited to Windows 2000 Servers only.
B. The default local policy for a Windows 2000
Professional machine prevents the viewing of logical-
disk data for security purposes. You must enable the
logical-disk counter through the local policy editor.
C. Logical-disk counter data cannot be collected by
the operating system. However, physical-disk data
may be collected and should be used to determine disk
activity instead.
D. Logical-disk counter data is not collected by the
operating system by default. To enable logical-disk
counter data to be collected, you must run a command
on your system.
Answer: D
Unlike physical-disk counter data, logical-disk counter
data is not collected by the operating system by
default. To obtain performance counter data for
logical drives or storage volumes, you must type
diskperf -yv at the command prompt. This causes the
disk performance statistics driver used for collecting
disk performance data to report data for logical drives
or storage volumes. By default, the operating system
uses the diskperf -yd command to obtain physical drive
data.
Q52
Which of the following operating systems can be
upgraded directly to the final release of Windows
2000 Professional? Choose all that apply.
A. Windows 3.1
B. Windows 95
C. Windows 98
D. Windows NT Workstation 3.51
E. Windows NT Workstation 4.0
F. Windows 2000 Professional Beta 3
G. Windows 2000 Professional Release Candidate 2
(RC2)
H. Red Hat Linux 6.2
I. Mac OS 9
Answer: B, C, D, E & G
Windows 95, Windows 98, Windows NT Workstation 3.51,
Windows NT Workstation 4.0, and Windows 2000
Professional Release Candidates 1 through 3 all
provide support for a one-step upgrade to the final
release of Windows 2000 Professional. Windows 3.1,
Windows 2000 Professional Beta 3 and non-Windows
operating systems do not provide support for a one-
step upgrade.
Q53
Ronald would like to configure his Windows 2000
Professional computer to support multiple monitors
to make it easier for him to view a large spreadsheet
that he is working on. To enable multiple monitors,
he performs the following steps:
1. Turns off his computer.
2. Inserts an Industry Standard Architecture (ISA)
video adapter into an available slot.
3. Plugs the additional monitor into the card.
4. Turns on his computer.
When he goes to configure the properties for multiple
monitors, he is unable to extend his desktop onto
both monitors. What is the reason for this?
A. Windows 2000 Professional does not support
multiple monitor capabilities. Only the Windows 2000
Server family supports multiple monitors.
B. To use the multiple monitor support feature, you
need a PCI or AGP video adapter for each monitor.
Windows 2000 does not provide multiple monitor
support for ISA video adapters.
C. Ronald designated the wrong monitor as the
primary monitor. It is necessary to always configure
the first monitor installed on a computer to be the
primary monitor.
D. The primary monitor was not set to SVGA. If you
have an onboard video adapter that you want to use as
art of a multiple-monitor configuration, it must be
set as SVGA.
Answer: B
To install additional monitors:
1. Turn off your computer.
2. Insert your additional Peripheral Component
Interconnect (PCI) or Accelerated Graphics Port (AGP)
video adapter into an available slot.
3. Plug your additional monitor into the card.
4. Turn on your computer. Windows 2000 will detect the
new video adapter and install the appropriate drivers.
5. Open Display in Control Panel.
6. On the Settings tab, click the monitor icon that
represents the monitor you want to use in addition to
your primary monitor.
7. Select the Extend my Windows desktop onto this
monitor check box, and then click Apply or OK.
To use the multiple monitor support feature, you need a
PCI or AGP video adapter for each monitor.
Q54
You want to install Windows 2000 Professional and
Windows 98 on the same machine. You want the
operating systems to reside on different partitions.
You want to be able to configure individual file
security on the partition containing the Windows 2000
Professional system files. You also want to have a
separate partition to store your data files on. You
want this partition to be accessible from both
operating systems. You currently have a blank,
unformatted 20 GB hard drive. Which of the following
would be a correct way to partition and format the
drive while preparing to do the install?
A. Create one large partition (C:). Format it as
FAT32. Install both operating systems to this
partition.
B. Create 2 6-GB partitions (C: and D:) and 1 8-GB
partition (E:). Install Windows 98 to C: and install
Windows 2000 Professional to D:. Format C: as FAT32
and D: as NTFS. Format E: as FAT 32.
C. Create 2 6-GB partitions (C: and D:) and 1 8-GB
partition (E:). Install Windows 98 to C: and install
Windows 2000 Professional to D:. Format C: as FAT32
and D: as NTFS. Format E: as NTFS.
D. Create one large partition (C:). Format it as
NTFS. Install both operating systems to this
partition.
Answer: B
Windows 2000 supports the NTFS, FAT and FAT 32 file
systems. Use NTFS when you require a partition to
have file- and folder-level security, disk
compression, disk quotas, or encryption. Only
Windows 2000 and Windows NT can access data on a
local hard disk that is formatted as NTFS. If you
plan to promote a server to a domain controller,
format the installation partition with NTFS.
FAT and FAT32 allow access by, and compatability
with, other operating systems. To dual boot Windows
2000 and another operating system, format the
system partition with either FAT or FAT32. FAT and
FAT32 don't offer many of the features that NTFS
supports, for example, file-level security.
Therefore, in most situations, you should format the
hard disk with NTFS. The only reason to use FAT or
FAT32 is for dual booting.
Q55
You have installed Windows 2000 Professional on a
system with a single 2 GB hard drive. Prior to
installing Windows 2000 you used the FDISK utility to
create one 2 GB partition and format the partition
with the FAT file system.
Later you try to convert the disk from a basic disk
to a dynamic disk from Disk Manager but are unable to.
What is the most likely reason for this?
A. You did not partition the disk with the Windows
2000 Setup utility. If you would like to convert a
disk to a dynamic disk, it must have been initially
partitioned using the Setup utility.
B. The convert utility is not available from Disk
Manager. You need to convert the drive from the
command prompt.
C. You do not have 1 MB of unpartitioned free
space available on your disk. You must have this
in order to convert a disk from basic to dynamic.
D. The disk is formatted with the FAT file system.
A disk must first be converted to NTFS before you
can convert the disk to a dynamic disk.
E. You are not logged on as a member of the
Enterprise Administrators group. Only members of
the Enterprise Administrators group have the ability
to convert a disk from basic to dynamic.
Answer: C
A dynamic disk is a physical disk that contains dynamic
volumes created using Disk Management. One advantage
of dynamic disks is that they can contain an unlimited
number of volumes, you are restricted to four volumes
per disk like with basic disks.
For the upgrade to succeed, any disks to be upgraded
must contain at least 1 MB of unallocated space. Disk
Management automatically reserves this space when
creating partitions or volumes on a disk, but disks
with partitions or volumes created by other operating
systems may not have this space available. (This space
may exist even if it is not visible in Disk Management.)
Q56
Roger is a new user in your company who you have just
created an account for. Rogers logs on to his
computer for the first time and is annoyed by the
background that has been configured for his account.
He attempts to change the background and is
successful. After working for a couple of hours he
logs off his computer and heads to lunch.
When he returns from lunch, he logs on to his
computer and notices that he now has the original
background again. You receive a call from Roger who
would like to know why this happened. What is the
most likely explanation?
A. Roger does not have the appropriate permission to
the bitmap file for the background he wishes to use.
You must have at least Read permission to the file
containing the background you wish to use.
B. Roger is not a member of the Power Users group.
In order to make permanent changes to user settings,
you must be a member of this group.
C. Roger's accounts has been configured with a
mandatory profile. In this case, the user can still
modify the desktop, but the changes are not saved when
the user logs off.
D. Roger's account is a member of the Guest Users
group. Members of the Guest Users group automatically
have their changes discarded upon logoff.
Answer: C
A mandatory user profile is a preconfigured user
profile. The user can still modify the desktop, but
the changes are not saved when the user logs off.
The next time the user logs on, the mandatory user
profile is downloaded again. User profiles become
mandatory when you rename the NTuser.dat file on the
server to NTuser.man. This extension makes the user
profile read-only.
Q57
On your network you need to adjust the appearance and
behavior of Windows 2000 to enhance accessibility for
some vision-impaired, hearing-impaired, and mobility-
impaired users. You wish to do so without requiring
the use of additional hardware or software. To do
so, you configure some settings under Accessibility
Options in Control Panel.
After testing these settings you realize that you
would like to provide visual cues, such as informative
icons or text, for events that are normally only
indicated by a sound and also to display visual
warnings when the computer's built-in speaker makes a
sound. Which of the options would you use to enable
this? Choose all that apply.
A. High Contrast
B. Magnifier
C. Narrator
D. ShowSounds
E. SoundSentry
Answer: D & E
SoundSentry provides visual warnings for system sounds.
To turn on ShowSounds
1. Open Accessibility Options in Control Panel.
2. On the Sound tab, under ShowSounds, select the Use
ShowSounds check box.
ShowSounds instructs programs to display captions for
program speech and sounds.
To turn on ShowSounds
1. Open Accessibility Options in Control Panel.
2. On the Sound tab, under ShowSounds, select the Use
ShowSounds check box.
High Contrast improves screen contrast with
alternative colors and font sizes.
Magnifier enlarges a portion of the screen for easier
viewing.
Narrator uses text-to-speech technology to read the
contents of the screen aloud. This is useful for
people who are blind or who have low vision.
Q58
Joel has configured a test machine on his network to
dual-boot between Windows 95 OSR 2 and Windows 2000
Professional. He has one physical hard drive and the
current partition scheme is as follows:
C: - FAT, contains Windows 95 system files
D: - FAT, contains Windows 2000 system files
E: - FAT, contains data that must be accessed from
both operating systems
In order to increase the performance and security of
his system, he performs the following actions:
1. Converts the C: drive to FAT32.
2. Converts the D: drive to NTFS.
3. Converts the E: drive to FAT32
After making all of these changes which of the
following will he be able to do? Choose all that
apply.
A. Configure folder and file-level security on the
D: drive.
B. Configure folder and file-level security on the
E: drive.
C. Use Windows 2000 Professional to access data on
the E: drive.
D. Use Windows 95 to access data on the D: drive.
E. Use Windows 95 to access data on the E: drive.
F. Configure disk quotas for the E: drive.
Answer: A, C & E
You use NTFS permissions to specify which users and
groups can gain access to files and folders and what
they can do with the contents of the file or folder.
NTFS permissions are available only on NTFS volumes.
NTFS permissions are not available on volumes that
are formatted with FAT or FAT32 file systems.
Windows 2000 supports three files systems: Windows
2000 file system (NTFS), file allocation table (FAT),
and FAT32.
Windows 95 OSR 2 supports both the FAT file system
and the FAT32 file system. It does not support the
NTFS file system.
Disk quotas can be applied only to Windows 2000 NTFS
volumes.
Q59
Anna has configured a test machine on her network to
dual-boot between Windows 98 and Windows 2000
Professional. She has one physical hard drive and
the current partition scheme is as follows:
C: - FAT, contains Windows 98 system files
D: - FAT, contains Windows 2000 system files
E: - FAT, contains data that must be accessed from
both operating systems
In order to increase the performance and security of
her systems, she does the following things:
1. Converts the E: drive to FAT 32.
2. Converts the D: drive to NTFS.
3. Converts the disk to a dynamic disk
After making all of these changes which of the
following will she be able to do? Choose all that
apply.
A. Configure folder and file-level security on the
D: drive.
B. Use Windows 2000 Professional to access data on
the E: drive.
C. Use Windows 98 to access data on the E: drive.
D. Configure disk quotas for the E: drive.
Answer: A & B
You use NTFS permissions to specify which users and
groups can gain access to files and folders and what
they can do with the contents of the file or folder.
NTFS permissions are available only on NTFS volumes.
NTFS permissions are not available on volumes that
are formatted with FAT or FAT32 file systems.
Windows 2000 supports three files systems: Windows
2000 file system (NTFS), file allocation table (FAT),
and FAT 32.
If you dual booting with another operating system
such as Windows 95 or Windows 98 and you convert your
drive to a dynamic disk, these operating systems will
no longer run. Only Windows 2000 can access a
dynamic disk.
Disk quotas can be applied only to Windows 2000 NTFS
volumes.
Q60
You have set up Accessibility Options for several of
the users in your company who are running Windows
2000 Professional on their desktops. Several weeks
later you receive a complaint from one of the users
that the Accessibility Options only work sporadically
on her machine. She says that they work properly
when she first logs on in the morning but often stop
working later in the day. What would be the first
thing to check while troubleshooting this problem?
A. Verify that there are not Day and Time
Restrictions placed upon the Accessibility Options.
B. Verify that the user having problems does not
have restrictions in the "Logon Hours" button on the
Account tab in the User Properties dialog box.
C. Verify that the "Turn off accessibility features
after idle for:" box is not checked.
D. Verify that the user does not have the Highly
Secure (hisec*.inf) security template applied to her
workstation.
E. Verify that the user is a member of the Power
Users security group.
Answer: C
Accessibility options can be automatically turned off
when a computer has been idle for a given amount of
time. To turn off accessibility features after a
specified time:
1. Open Accessibility Options in Control Panel.
2. On the General tab, under Automatic reset, select
the Turn off accessibility features after idle for
check box.
3. To adjust the number of minutes the computer can
be idle before accessibility features are turned off,
in the minutes box, click the arrow, and then click a
number.
Q61
Your Windows 2000 Professional computer has a single
2.0 GB partition and 128 MB of RAM. You occasionally
run a memory-intensive application and would like to
optimize performance on your system. You realize that
one of the ways to do this is to maximize the
performance of your pagefile. Which of the following
would represent the best way to configure your
pagefile?
A. Set the Initial size (MB) to 64 and the
Maximum size (MB) to 192.
B. Set the Initial size (MB) to 128 and the
Maximum size (MB) to 128.
C. Set the Initial size (MB) to 192 and the
Maximum size (MB) to 128.
D. Set the Initial size (MB) to 256 and the
Maximum size (MB) to 128.
E. Set the Initial size (MB) to 256 and the
Maximum size (MB) to 256.
F. Set the Initial size (MB) to 2048 and the
Maximum size (MB) to 2048.
Answer: E
According to Microsoft's recommendations, if you want
to achieve best performance you should set the initial
size of the pagefile to not less than the recommended
size under "Total paging file size for all drives".
The recommended size is equivalent to 1.5 times the
amount of RAM on your system. However if you will be
running memory-intensive applications you will likely
want to increase the pagefile size to a number that is
greater than the recommended size. In addition,
setting the initial pagefile size equal to the
maximum pagefile size can reduce fragmentation of the
pagefile and improve performance.
Note that you cannot set the initial size to a number
that is greater than the maximum size.
Q62
You have installed Windows 95, Windows NT 4.0
Workstation (with Service Pack 4) and Windows 2000
Professional on the same computer for testing
purposes. You have created the following
partition for the various operating systems:
C: Windows 95
D: Windows NT 4.0 Workstation (SP 4)
E: Windows 2000 Professional
You also have created an F: drive which you would
like to store data that can be accessible from all
three operating systems. You would like to have
individual file security for data located on the D:
drive and be able to enforce disk quotas for data
on the E: drive. Which of the following would
represent the best file systems to use for each of
the partitions?
A. C: = FAT32, D: = NTFS, E: = FAT, F: = FAT32
B. C: = NTFS, D: = FAT32, E: = FAT, F: = NTFS
C. C: = FAT, D: = FAT32, E: = NTFS, F: = FAT
D. C: = FAT, D: = NTFS, E: = NTFS, F: = FAT
E. C: = NTFS, D: = NTFS, E: = NTFS, F: = FAT
F. C: = FAT32, D: = NTFS, E: = FAT32, F: = NTFS
Answer: D
These operating systems support the following file
systems:
Windows 95 - FAT (OSR2 and later provide support for
FAT32)
Windows NT 4.0 Workstation - FAT, NTFS
Windows 2000 Professional - FAT, FAT32, NTFS
To successfully boot multiple operating systems you
must have a common partition that is accessible from
all of the operating systems. In most cases, this
would be the C: partition.
In addition, in order to provide support for file
and folder security in NT 4.0 Workstation or Windows
2000 Professional, a drive must be formatted with
NTFS. Also, to provide support for disk quotas in
Windows 2000 Professional, the drive must be NTFS as
well.
Q63
You wish to configure portable computers on your
network with a shorter lease length than desktop
computers. However both the portables and the
desktops receives their IP addresses from the same
scopes. To enable different lease lengths you
decide to use user option classes through DHCP.
After performing the correct configuration, what
additional step must you perform on the client
machines to specify which user class you want each one
to belong to?
A. From the command prompt, run the ipconfig
command with the /registerdns switch.
B. From the command prompt, run the ipconfig
command with the /setclassid switch.
C. From the command prompt, run the ipconfig
command with the /updateclass switch.
D. From the DHCP tab of the TCP/IP properties dialog
box for the appropriate network connection, specify
the IP address of the DHCP server that you have
configured the user classes on.
E. From the DHCP tab of the TCP/IP properties dialog
box for the appropriate network connection, enter the
user class you would like to assign to the computer.
Answer: B
Option classes are a nice feature of Windows 2000
that allow you to define different options for clients
that receive their IP address and associated
information from the same DHCP server. There are two
type of option classes: user-defined classes and
vendor-defined classes. To set user-defined DHCP
class ID information at a client computer:
1. At a DHCP-enabled client computer running Windows
2000, open a command prompt
2. Use the Ipconfig command-line utility to set the
DHCP class ID the client uses when obtaining its lease
from the DHCP server.
You can type the ipconfig /setclassid command as
demonstrated in the following example command, which
sets an ASCII string ("MyNewClassId") as the DHCP
class ID string for the local area network connection
in use at the client computer:
C:\>ipconfig /setclassid "Local Area
Connection" MyNewClassId
Windows 2000 IP Configuration
DHCP ClassId successfully modified for
adapter"Local Area Connection"
Because it is tedious to manually assign class IDs to a
large number of computers, there are a couple of
alternatives.
1. If doing an unattended installation you can use the
following value to set the ClassID in the [MS_TCPIP
parameters] section of the Unattend.txt file.
DHCPClassId
Value: string
Optional
Specifies the DHCP class ID. For example:
DHCPClassId = name
2. If you have already completed the install you could
do the following:
- Create the following batch file “classid.bat”:
if %classid%==hug goto end
set classid=hug
ipconfig /setclassid "Local Area Connection" [value]
:end
Replace the value variable with the class ID you wish
to set.
- Create or modify an existing Group Policy to include
the CLASSID.BAT as a startup script for the computers
that will receive the classid.
- Save the CLASSID.BAT to the specific GPO script
folder inside the SYSVOL on a DC (will be replicated to
the other DCs automatically).
Q64
Ann is concerned that someone is accessing
confidential data files on a Windows 2000
Professional computer that is primarily used by the
President of the company that she works for. She
would like to configure the system so that all
attempts to access those files, whether successful
or failed, are tracked. Which steps should she take
to set this up? Choose all that apply.
A. In the Local Computer Policy, choose Audit Policy
and select the checkboxes for "Success" and "Failure"
under "Audit object access".
B. In the Local Computer Policy, choose Audit Policy
and select the checkboxes for "Success" and "Failure"
under "Audit privilege use".
C. Right-click on the files to be audited and check
the "Track access to these files" box in the file
properties dialog box.
D. Right-click on the files to be audited. From the
Security tab, click Advanced. From the Auditing tab
click Add and select the user or group whose actions
you want to audit.
E. In the following key in the registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
set the value of CrashOnAuditFail to 1.
Answer: A & D
To set up auditing of files and folders
1. Click Start, click Run, type mmc /a, and then click
OK.
2. On the Console menu, click Add/Remove Snap-in, and
then click Add.
3. Under Snap-in, click Group Policy, and then click
Add.
4. In Select Group Policy Object, click Local
Computer, click Finish, click Close, and then click OK.
5. In Local Computer Policy, click Audit Policy.
6. In the details pane, right-click Audit Object Access,
and then click Security.
7.In Local Security Policy Setting, click the options
you want, and then click OK.
To specify files and folders to audit
1.In Windows Explorer, right-click the file or folder
you want to audit, and then click Properties.
2.On the Security tab, click Advanced.
3.On the Auditing tab, click Add.
4.In the Select User, Computer, or Group dialog box,
click the name of the user or group whose actions you
want to audit, and then click OK.
5.In the Auditing Entry dialog box, in Access, click
Successful, Failed, or both for the actions you want to
be audited, and then click OK.
Setting the value of CrashOnAuditFail of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
to 1 will cause the computer to halt when the security
log is full.
Q65
Your company is planning to install Active Directory
on the corporate network. You current are running
BIND version 8.2.2. You aren't sure whether you
will be able to continue to use your BIND server or
whether you will have to switch to Windows 2000 DNS.
Which of the following statements is true?
A. Since BIND 8.2.2 does not support dynamic updates
you must switch to Windows 2000 DNS.
B. Since BIND 8.2.2 does not support IXFR you must
switch to Windows 2000 DNS.
C. Since BIND 8.2.2 does not support SRV records
you must switch to Windows 2000 DNS.
D. You may use your BIND server but will need to
update the zone files manually as BIND 8.2.2 does
not support dynamic updates.
E. BIND 8.2.2 is fully compatible with Active
Directory and supports both SRV records and dynamic
updates. You do not need to switch to Windows 2000
DNS.
Answer: E
BIND 8.2.2 supports dynamic updates and SRV records
and therefore is fully compatible with Active
Directory. For more information about the
Active Directory compatibility of various versions of
BIND, consult the reference below.
Q66
You are about to upgrade your machine that is
currently running Windows 98 to Windows 2000
Professional. You wish to perform a check on your
system to verify that all of the hardware in your
system is compatible with the Windows 2000 platform.
Which of the following commands could you use to
accomplish this? Choose all that apply.
A. chkupgrd.exe
B. dcpromo.exe
C. riprep.exe
D. risetup.exe
E. winnt32 /checkupgradeonly
F. winnt32 /hardwarecheck
Answer: A & E
winnt32 /checkupgradeonly checks your computer for
upgrade compatibility with Windows 2000. For Windows
95 or Windows 98 upgrades, Setup creates a report
named Upgrade.txt in the Windows installation folder.
For Windows NT 3.51 or 4.0 upgrades, it saves the
report to the Winnt32.log in the installation folder.
The Windows 2000 Readiness Analyzer tool analyzes
your system and reports potentially incompatible
hardware devices and software applications. The
tool compares the devices and applications on your
system against a list of known issues. Although
this check also occurs during Windows 2000 Setup,
you can download and run the tool before
installing Windows 2000 to help ensure your
installation will succeed. The utility used to run
the Windows 2000 Readiness Analyzer is called
Chkupgrd.exe.
Q67
James would like to install Windows 2000 Professional
on his desktop at work. He lists the following
characteristics of his current machine:
-Pentium II 350 Mhz
-64 MB of RAM
-1.2 GB hard disk, 450 MB of free space
James asks you if his system is sufficient to install
Windows 2000 to. What would you tell him?
A. No. According to Microsoft's documentation, his
system will need to have the hard disk upgraded
before installing Windows 2000 Professional.
B. No. According to Microsoft's documentation, his
system will need to have the memory upgraded before
installing Windows 2000 Professional.
C. No. According to Microsoft's documentation, his
system will need to have the processor upgraded
before installing Windows 2000 Professional.
D. Yes. According to Microsoft's documentation, his
system meets the minimum system requirements for
running Windows 2000 Professional.
Answer: A
Here are the minimum system requirements for running
Windows 2000 Professional.
-133 MHz or higher Pentium-compatible CPU.
-64 megabytes (MB) of RAM recommended minimum; more
memory generally improves responsiveness.
-2GB hard disk with a minimum of 650MB of free space.
Q68
Walter would like to make boot disks to use to
install Windows 2000 as he has several machines on
his network that do not support booting from the
CD-Rom drive. To create the boot disks, Walter uses
the "winnt32" command with the /OX switch. Rather
than launching the utility to create the boot disks,
he is prompted with the Windows 2000 Help screen.
What is the best explanation for this?
A. Walter is not a member of the Enterprise
Administrators group. Only members of the
Enterprise Administrators have the ability to
create boot disks on a Windows 2000 system.
B. Walter was using an improper command. The
"winnt" (rather than "winnt32") command should be
used to create boot disks on a Windows 2000
system.
C. Walter was using an improper command. The
"winnt32 /ox" no longer is used to make boot disks
in Windows 2000. Walter instead should run the
"makeboot.exe" utility.
D. Walter was using an improper command. The
"winnt32 /ox" no longer is used to make boot disks
in Windows 2000. Walter instead should run the
"rbfg.exe" utility.
Answer: C
The "winnt /OX" and "winnt32 /OX" commands that are
used to create Setup boot disks with Microsoft
Windows NT 4.0 and earlier do not work with Windows
2000.
In Windows 2000, the "winnt32 /OX" command starts
Help, giving you more information about Winnt32.exe.
To create a set of Setup boot disks, run Makeboot.exe
from the Bootdisk folder on the Windows 2000 CD-ROM.
Q69
You are responsible for adminstering a small network
for your company. There are 150 desktops in the
company that have Windows 2000 Professional
installed. You would like users of those machines
to maintain the same settings and have the same
logon script run regardless of which machine they log
into. Which would be the best way of accomplishing
this?
A. Configure the machines in a domain. Set up
each user account and configure the desktop settings
for that user. Configure the profile information to
be copied to all of the domain controllers in the
domain using FRS.
B. Configure the machines in a domain. Set up each
user account with a roaming profile and configure a
domain policy for logon scripts.
C. Configure the machines in a workgroup. Set up
individual profiles and logon scripts for each user
account on their individual machine. Configure File
Replication Service (FRS) in Windows 2000 to
replicate the profiles and logon scripts to all other
machines in the workgroup.
D. Configure the machines in a workgroup. Set up
local profiles and a local policy for logon scripts
on each individual machine. Configure the policy to
run the logon script from a centralized network
location.
Answer: B
There are two major types of profiles in Windows 2000.
The first is a local profile. A local profile is
created the first time you log on to a computer and is
stored on a computer's local hard disk. Any changes
made to your local user profile will be specific to
the computer in which you made the changes.
The second is a roaming profile. A roaming profile is
created by your system administrator and is stored on
a server. This profile is available every time you
log on to any computer on the network. Any changes
made to your roaming user profile will be updated on
the server.
Although logon scripts can be assigned directly to a
user account in Windows 2000, the recommended method
of assigning logon scripts is through policies.
Q70
The Encrypting File System (EFS) provides the core
file encryption technology used to store encrypted
files on NTFS file system volumes. Which of the
following statements are true about EFS in Windows
2000? Choose all that apply.
A. An encrypted file can be read by multiple users
as long as those users have the NTFS Read permission
to the file.
B. Anyone with delete permission has the ability to
delete an encrypted file even if the person
attempting to perform the deletion was not the
person who originally encrypted the file.
C. Only the user who encrypts a file can modify it
unless it is decrypted by an authorized data recovery
agent.
D. System files can be encrypted.
Answer: B & C
Here's some things to keep in mind when you work with
EFS in Windows 2000:
- Only the user who encrypted the file can open it.
- You cannot share encrypted files. EFS is not for
distributing private data.
- System files cannot be encrypted.
- Encrypting a folder or file does not protect against
deletion. Anyone with delete permission can delete
encrypted folders or files.
Q71
Your Windows 2000 Professional desktop is
experiencing slow performance when you run several
resource-intensive applications. The desktop has the
following specifications:
-Pentium II 350 Mhz Processor
-128 MB of RAM
-EIDE Hard Drive
While viewing System Monitor, you notice average
values for the following statistics:
Memory - Pages/Sec: 5
Physical Disk - % Disk Time: 20%
Processor - % Processor Time: 90%
What would be the best step to take to improve
system performance?
A. Increase the amount of RAM in the system
B. Increase the CPU priority for all applications
C. Upgrade the hard drive to a SCSI hard drive
D. Upgrade the system's CPU
Answer: D
In general, deciding whether or not performance is
acceptable is a subjective judgment that varies
significantly with variations in user environments.
The values you establish as the baselines for your
organization are the best basis for comparison.
Acceptable values for counters
Object - Counter: Memory - Pages/Sec
Suggested Threshold: 20
Object - Counter: Physical Disk - % Disk Time
Suggested Threshold: 90%
Object - Counter: Processor - % Processor Time
Suggested Threshold: 90%
Tips for solving processor performance problems:
1. Add a processor (especially for multithreaded
programs), or upgrade to a faster processor.
2. On multiprocessor computers, manage the processor
affinity with respect to process threads and interrupts.
Q72
Ross is looking to enhance system performance on his
Windows 2000 Professional machine. He often runs
several memory-intensive applications. He is looking
for a way to optimize the paging process on his
system and thereby increase application
responsiveness. Which of the following are ways that
Ross can optimize page file performance? Choose all
that apply.
A. Always make sure that the maximum page file size
is less than or equal to the Maximum Registry Size as
configured in the Virtual Memory dialog box.
B. Configure the initial page file size to be the
same as the maximum page file size to reduce
fragmentation of the page file.
C. Increase the page file size or configure multiple
page files on separate hard disks.
D. Make sure to keep the page file on the same
physical hard drive as the operating system files.
Answer: B & C
You can enhance your system's performance in serveral
ways. First, if your computer has multiple hard
disks, you can create a paging file for each disk.
Distributing information across multiple paging files
improves performance because the hard disk controller
can read from and write to multiple hard disks
simultaneously. When attempting to write to the
paging file, VMM tries to write the page data to the
paging file on the disk that is the least busy.
Second, you can enhance your system's performance by
moving the paging file off the drive that contains
the Windows 2000 systemroot folder (by default, the
Winnt folder). Moving the paging file off the drive
containing the boot partition avoids competition
between the various reading and writing requests.
If you place a paging file on the Windows 2000 system
partition to facilitate recovery, you can still
increase performance by creating multiple paging
files. Because the VMM alternates write operations
between paging files, the paging file on the boot
partition is accessed less frequently.
Third, you can enhance your system's performance by
setting the initial size of the paging file to the
value displayed in the Virtual Memory dialog box's
Maximum Size box. This eliminates the time required
to enlarge the file from the initial size to the
maximum size.
Q73
The President of XYZ Corporation has just made the
decision to fire Bob. It is expected that within a
week or two a replacement will be found for Bob who
requires exactly the same permissions and rights as
Bob was assigned. You had previously assigned Bob's
account many individual rights and permissions and
are looking for the easiest way to accomplish this.
Which of the following would work the best?
A. Create a new account for Bob's replacement using
User Manager for Domains. Copy over Bob's profile
informations by selecting the appropriate folder from
C:\Documents and Settings and copying it to the
folder of Bob's replacement in the same directory.
B. Make sure to delete Bob's old account. Create a
new account for Bob's replacement. Give the new
account the same rights and permissions as Bob's old
account had.
C. Rename Bob's account to the name of the newly
hired replacement. Reset the password on the account
assigning a random initial password and check the box
for "User Must Change Password at Next Logon".
D. Simply copy Bob's account and configure the new
account with the name of Bob's replacement.
Answer: C
Because it retains its security identifier (SID), a
renamed user account retains all its other properties,
such as its description, password, group memberships,
user environment profile, account information, and any
assigned permissions and rights.
Always require new users to change their passwords the
first time they log on. This will force them to use
passwords that only they know. For added security on
networks, create random initial passwords for all new
user accounts by using a combination of letters and
numbers. Creating a random initial password will help
keep the user account secure.
Q74
You have a system configured to dual-boot between
Windows 98 and Windows 2000 Professional. You are
currently booted into Windows 2000 Professional and
wish to convert one of your partitions (your E:
drive) from the FAT16 file system to the FAT32 file
system. To do so you enter the following command
from the command prompt:
convert e: /fs:fat32
After restarting the computer, the conversion
process appears to begin but then you receive the
message "FAT32 is not supported" and the conversion
attempt fails. Why did the conversion attempt
fail?
A. The disk on which the partition resides was not
a dynamic disk. In order to convert a partition to
FAT32 on a Windows 2000 computer, the disk must
first be converted from a basic disk to a dynamic
disk.
B. The FAT32 file system is not supported by
Windows 2000. Windows 2000 only supports the FAT16
and NTFS file systems.
C. You cannot convert a partition from FAT16 to
FAT32 in Windows 2000. Windows 2000 only allows
conversion of FAT16 to the NTFS file system.
D. You cannot convert partitions in Windows 2000
Professional. In order to support the conversion
of partitions to the FAT32 file system you must be
running Windows 2000 Server, Windows 2000 Advanced
Server or Windows 2000 Datacenter Server.
Answer: C
This behavior occurs because Windows 2000 does not
have a process for converting a partition from FAT16
to FAT32. The only conversion process Windows 2000
supports is converting from FAT16 or FAT32 to the
Windows NT file system (NTFS).
If you type convert /? at a command prompt, there is
not an option to convert to the FAT32 file system.
If you dual boot, you can use the Windows 95/98 drive
converter tool in System Tools, or the following
command-line tool:
cvt drive: /cvt32
Q75
On your Windows 2000 Professional computer you are
encountering errors. Although you do not have the
Windows 2000 Recovery Console installed on your
system you would like to boot into the Recovery
Console and replace some of the system files. What
are the two methods of running the Recovery Console
in Windows 2000?
A. From Control Panel, choose Add/Remove Programs,
select Add/Remove Windows Components and check the
box for Recovery Console. Restart the computer and
choose the Recovery Console option from the boot
selection menu.
B. From the command prompt, run the reccom.exe
utility.
C. Install the Recovery Console by running winnt32
/cmdcons on the computer. Restart the computer and
choose the Recovery Console option from the boot
selection menu.
D. Restart your computer. When you see the message
"Please select the operating system to start", press
F8. Select Windows 2000 Recovery Console from the
menu.
E. Run the Recovery Console from your Windows 2000
Setup disks or from the Windows 2000 Professional CD
by choosing the Repair option.
Answer: C & E
The Windows 2000 Recovery Console is a command-line
console that you can start from the Windows 2000
Setup program. Using the Recovery Console, you can
start and stop services, format drives, read and
write data on a local drive (including drives
formatted to use NTFS), and perform many other
administrative tasks. You may find the Recovery
Console useful if you need to repair your system by
copying a file from a floppy disk or CD-ROM to your
hard drive, or if you need to reconfigure a service
that is preventing your computer from starting
properly. You must be an administrator to use the
Recovery Console.
There are two ways to start the Recovery Console:
1. If you are unable to start your computer, you can
run the Recovery Console from your Windows 2000 Setup
disks or from the Windows 2000 Professional CD (if you
can start your computer from your CD-ROM drive).
2. You can install the Recovery Console on your
computer to make it available in case you are unable
to restart Windows 2000. You can then select the
Recovery Console option from the list of available
operating systems.
Q76
DNS is a critical component of Windows 2000. Which of
the following specifications must be supported by any
DNS server implementation that will used in
conjunction with Active Directory? Choose all that
apply.
A. Incremental Zone Transfer (IXFR)
B. Dynamic Updates
C. Service Location (SRV) Resource Records
D. Caching-Only Servers
E. BIND 4.9.4
Answer: C
Using the Windows 2000 DNS service to support Active
Directory is highly recommended as it will support
dynamic updates, SRV records and incremental zone
transfers. However, you can use other DNS server
implementations for this purpose as long as they
support the following standard specifications:
-The service location (SRV) resource record, as
described in the Internet draft, "A DNS RR for
specifying the location of services (DNS SRV)."
-Dynamic updates in DNS, as described in RFC 2136.
Support for dynamic updates is recommended but not
essential. Support for the SRV resource record is
mandatory because it is required to provide basic DNS
support to Active Directory. For example, a DNS server
that does not support dynamic updates, like that
provided with Windows NT Server 4.0 (updated to
Service Pack 4 or later) supports the DNS requirements
of Active Directory because SRV resource record
support was added with Service Pack 4.
Q77
You are the administrator for a medium-sized
advertising agency. There are a group of files
that are located on a file server on your network
named FS19. The files are located in the Projects
directory at the root of the D: drive. The NTFS
permissions on all of the files are currently as
follows:
Managers - Allow Full Control
SteveD - Allow Full Control
TeamBlue - Allow Full Control
TeamRed - Allow Read
Interns - Deny Full Control
You copy the files to a folder on the same
partition named Docs. The Docs folder has the
following NTFS permissions.
Managers - Allow Full Control
TeamYellow - Allow Read
TeamBlue - Allow Read
TeamRed - Deny Full Control
Both the Projects folder and the Docs folder
are currently shared out with the default shared
folder permission of Full Control allowed for the
Everyone group. Nobody is a member of more than
group and SteveD is not a member of any of the
groups listed above.
Who will have at least Read permission to the files
that you have copied into the Docs folder?
Choose all that apply.
A. Members of the Interns group
B. Members of the Managers group
C. Members of the TeamBlue group
D. Members of the TeamRed group
E. Members of the TeamYellow group
F. SteveD
Answer: B, C & E
When you copy a file between NTFS volumes Windows
2000 treats it as a new file. Therefore, the file
will inherit the permissions of the parent folder.
In the above example, the files will inherit the
following permissions:
Managers - Allow Full Control
TeamYellow - Allow Read
TeamBlue - Allow Read
TeamRed - Deny Full Control
Q78
Event Viewer is a tool that can be used to diagnose
and troubleshoot many problems. In Windows 2000,
Event Viewer has been expanded to display additional
information that was not present in the version of
Event Viewer included with Windows NT 4.0. Event
Viewer in Windows 2000 consists of a greater number
of logs depending on what roles a computer is
serving on the network. Which of these logs did not
exist in the Windows NT 4.0 Event Viewer? Choose all
that apply.
A. Application Log
B. Directory Service Log
C. DNS Server Log
D. File Replication Service Log
E. Security Log
F. System Log
Answer: B, C & D
All six of the logs listed above may be present on a
machine running Windows 2000. In NT 4.0, only the
Application Log, Security Log and System Log were
present.
Q79
You are the senior administrator for a medium-sized
software company. Your company has instituted a
Public Key Infrastructure (PKI) to secure many
corporate resources. You have installed Certificate
Services on a computer running Windows 2000 Advanced
Server. The computer, named ServerA-1, has been
designated as your enterprise root Certificate
Authority (CA) and hosts the Web Enrollment Support
pages.
A client in your company named WKSE-10 needs a
certificate to access a secure resource that is
located on a server named SRVW-13. You would like to
request this certificate via a web browser. What URL
should you type into the browser on WKSE-10 to
request the certificate?
A. http://ServerA-1/certsrv
B. http://ServerA-1/wwwcert
C. http://SRVW-13/certsrv
D. http://SRVW-13/wwwcert
E. http://WKSE-10/certsrv
F. http://WKSE-10/wwwcert
G. http://www.cert.org/ServerA-1/certsrv
Answer: A
In this case you must request the certificate from
the certification authority, ServerA-1. A Windows
2000 certification authority has it webpages its
Web pages located at http://servername/certsrv
where servername is the name of the Windows 2000
server hosting the certification authority.
Q80
You are trying to explain to someone the difference
between a local group and a domain local group. One
of the things that the person would like to know is
what different types of groups can be added to a
domain local group. Another thing that the person
wants to know is whether the answer to the previous
question changes depending on whether the domain is
operating in native mode or mixed mode. Which of
the following statements accurately answers these
two questions?
A. In mixed mode, only global groups from the same
domain can be added to a domain local group. In
native mode, global and universal groups from the
same domain and global and universal groups from
other trusted domains can be added to a domain local
group.
B. In mixed mode, global groups from the same
domain and other trusted domains can be added to a
domain local group. In native mode, global and
universal groups from the same domain and global and
universal groups from other trusted domains can be
added to a domain local group.
C. In mixed mode, global groups from the same
domain and other trusted domains can be added to a
domain local group. In native mode, global and
universal groups from the same domain and global and
universal groups from other trusted domains can be
added to a domain local group. In addition, domain
local groups from the same domain can be added to a
domain local group.
D. In mixed mode, global and universal groups from
the same domain and other trusted domains can be
added to a domain local group. In native mode,
global and universal groups from the same domain and
global and universal groups from other trusted
domains can be added to a domain local group. In
addition, domain local groups from the same domain
can be added to a domain local group.
E. In mixed mode, global and universal groups from
the same domain and other trusted domains can be
added to a domain local group. In native mode,
global and universal groups from the same domain and
global and universal groups from other trusted
domains can be added to a domain local group.
Answer: C
Using nesting, you can add a group as a member of
another group. You can nest groups to consolidate
group management by increasing the affected member
accounts and to reduce replication traffic caused by
replication of group membership changes.
Your nesting options depend on whether the domain is
in native mode or mixed-mode. Groups in native-mode
domains or distribution groups in mixed-mode domains
have their membership determined as follows:
Groups with universal scope can have as their
members: accounts, computer accounts, other groups
with universal scope, and groups with global scope
from any domain.
Groups with global scope can have as their members:
accounts from the same domain and other groups with
global scope from the same domain.
* Groups with domain local scope can have as their
members: accounts, groups with universal scope, and
groups with global scope, all from any domain. They
can also have as members other groups with domain
local scope from within the same domain.
In mixed mode, only global groups from the same
domain and from trusted domains may be added to a
domain local group.
Q81
You are using a Virtual Private Network (VPN) in your
company to allow remote users to access the corporate
network through their existing Internet connections.
Some of the users establish PPTP connections to the
network while others establish L2TP connections. To
support communication through your corporate
firewall, which ports must be left open? Choose two.
A. 417
B. 1024
C. 1701
D. 1723
E. 1919
F. 4443
Answer: C & D
L2TP uses UDP port 1701 while PPTP uses TCP port 1723.
More information on firewall configuration for
virtual private networking can be found at the
reference cited below.
Q82
Your company deployed Active Directory eight weeks
ago. However at that time you had no existing WINS
infrastructure and decided not to deploy WINS for the
time being. After doing some additional analysis you
realize that implementing WINS would indeed provide
several substantial benefits. You decide to install
a WINS server on your company's network. In
addition, you configure your DHCP server to hand out
the IP address of the WINS server to all of the DHCP
clients. Finally, you configure several of your
Windows 2000 Professional computers with static IP
addresses to use the WINS server. What NetBIOS node
type will the last group of clients use after these
actions are completed?
A. B-node
B. H-node
C. M-node
D. N-node
E. P-node
F. W-node
Answer: B
There are four node types that can be used with
Windows 2000:
B-node (broadcast) - Uses broadcast NetBIOS name
queries for name registration and resolution.
P-node (peer-to-peer) - Uses a NetBIOS name server
(NBNS) such as a WINS server to resolve NetBIOS
names.
M-node (mixed) - M-node functions first as a B-node.
If M-node is unable to resolves a name by broadcast,
it queries a NBNS using P-node.
H-node (hybrid) - H-node functions first as a P-node.
If H-node is unable to resolves a name through NBNS,
it uses a broadcast to resolve the name.
Computers running Windows 2000 are B-node by default
and become H-node when they are configured with a
WINS server.
Q83
You have configured your network to run Active
Directory-integrated DNS. You have a single mixed
mode domain consisting of four Windows 2000 domain
controllers and two Windows NT 4.0 domain
controllers. You have installed the DNS service on
all six domain controllers. For load-balancing and
fault-tolerance purposes, the Windows NT 4.0 domain
controllers have been configured with secondary
zones. One of your Windows 2000 domain controllers
which is located in the Chicago site is in the
process of doing a zone transfer to one of the
Windows NT 4.0 domain controllers which is in the
London site. Which of the following statements
accurately describe how this zone transfer will
occur? Choose all that apply.
A. The data that is being replicated in the zone
transfer will not be compressed.
B. Dynamic updates to the DNS database on the Windows
2000 domain controller will not be transferred to the
Windows NT 4.0 domain controller.
C. It will be an incremental zone transfer (IXFR).
D. Replication will take place using the SNMP
protocol.
Answer: A
If the above example were Active Directory
replication then the data would be compressed as
the two domain controllers are located in separate
sites. However, the replication is not Active
Directory replication and therefore the data will
not be compressed.
Although Windows NT 4.0 DNS servers do not support
dynamic updates themselves, there is not an issue
with replicating dynamic updates that have been made
elsewhere (i.e. on the Windows 2000 domain
controller) to the Windows NT 4.0 server.
Although Windows 2000 supports incremental zone
transfer (IXFR), Windows NT 4.0 does not.
Therefore, it will be a full zone transfer (AXFR)
between servers.
SNMP is not a supported protocol for replication.
Q84
A great way to save time when adminstering a Windows
2000 network is to type the names of the .msc file
for the administrative tools at the Run prompt rather
than using the mouse to navigate to the shortcut.
For instance, if you wanted to run Computer
Management you could simply go Start > Run >
"compmgmt.msc" If you were asked to list the name of
the .msc files for Active Directory Sites and
Services, Active Directory Users and Computers,
Performance and Services in that order, what would
the correct answer be?
A. aduc.msc, dssite.msc, sysmon.msc, services.msc
B. aduc.msc, sitserv.msc, sysmon.msc, serv.msc
C. dsa.msc, dssite.msc, perfmon.msc, services.msc
D. dsa.msc, dssites.msc, perfmon.msc, service.msc
E. dssite.msc, aduc.msc, perform.msc, service.msc
F. dssite.msc, dsa.msc, perfmon.msc, services.msc
G. dssite.msc, dsa.msc, perform.msc, service.msc
Answer: F
The names of the .msc files for the administrative
tools are as follows:
Active Directory Sites and Services - dssite.msc
Active Directory Users and Computers - dsa.msc
Performance - perfmon.msc
Services - services.msc
The easiest way to learn these is to do a search on
all .msc files (search on *.msc). Then just click
on the various files to launch the administrative
tools.
Q85
Microsoft defines an organizational unit (OU) as a
logical container into which you can place users,
groups, computers and other organizational units.
Planning your OU structure is a very important part
of deploying Active Directory. Which of the
following statements about OUs and the OU structure
are true? Choose all that apply.
A. An OU is a security principal.
B. Group Policy Objects (GPOs) can be linked
directly to OUs.
C. OUs can contain global security groups from other
domains if both domains are operating in mixed mode.
D. The OU structure should mirror the physical
topology of a company's network.
E. You can delegate authority over a particular OU
to a user or group of users.
Answer: B & E
OUs are used to organize objects in a domain and make
administration easier. They are commonly used to
deploy Group Policies. Group Policy Objects (GPOs)
can be linked directly to an OU. Also, delegation of
authority can be done at the OU level.
OUs are not security principals. They cannot contain
any types of groups from other domains regardless of
which mode the domains are operating in. Finally,
the OU structure should mirror the logical, rather
than physical, organization of a company.
Q86
The NTBackup utility has been enhanced for Windows
2000. One of the new features is the ability to
back up data to additional storage media types.
Which of the following represent storage media types
that are supported by Windows 2000 but were not
supported by Windows NT 4.0? Choose all that apply.
A. CD-R drives
B. CD-RW drives
C. DVD-R drives
D. Hard drives
E. Tape drives
F. ZIP drives
Answer: D & F
Ntbackup.exe does not support backing up to CD-R,
CD-RW, or DVD-R devices because Remote Storage
Management does not have the ability to recognize CD-R,
CD-RW, or DVD-R devices as backup pool media even
though you can add these media types in Remote Storage
Management.
Windows 2000 does have the ability to back up data to
tape drives but since Windows NT 4.0 had that ability
as well it is not a correct answer to the question.
Q87
One of the new administrators for your company has
just accidentally deleted an NTFS volume on one of
your file server's dynamic disks. You are extremely
upset with the administrator and began to chastize
him for doing this. However, he claims that it
still may be possible to recover this volume. He
says that you can recover FAT, FAT32 and NTFS
volumes on dynamic disks using the Dskprobe.exe
utility. Are the administrator's claims entirely
accurate?
A. Yes. It is possible to recover FAT, FAT32 and
NTFS volumes on dynamic disks using the Dskprobe.exe
utility.
B. No. Although it is possible to recover NTFS
volumes on dynamic disks using the Dskprobe.exe
utility it is not possible to recover FAT or FAT32
volumes.
C. No. Although it is possible to recover FAT32 and
NTFS volumes on dynamic disks using the Dskprobe.exe
utility it is not possible to recover FAT volumes.
D. No. It is not possible to recover FAT, FAT32 and
NTFS volumes if they have been deleted.
Answer: C
If a Windows 2000 NTFS or FAT32 dynamic volume is
accidentally deleted by using the Disk Management
snap-in, you may be able to recover the volume and
the data contained on it. You can do this only if a
new volume has not been created and formatted in its
place. Consult the reference for information on how
to perform this procedure.
Q88
You have implemented the Routing and Remote Access
Service on a machine running Windows 2000 Server in
your company. You will be configuring this machine
to host Remote Access sessions from dial-up users.
As part of the configuration you delete the default
Remote Access Policy. There are no policies listed.
Who will be able to successfully dial in after you
perform this action?
A. All users will be able to dial in.
B. Only users who have the dial-in permission
set to "Allow access" will be able to dial in.
C. Only users who have the dial-in permission
set to "Control access through Remote Access Policy"
will be able to dial in.
D. No users will be able to dial in.
Answer: D
The first step in determining whether a user has the
ability to dial in and authenticate to a server is to
evaluate the remote access policies that exist. If
no remote access policies exist then all connection
attempts are rejected. They will be rejected even if
a user's individual dial-in permission is set to
"Allow access".
Q89
Automatic Private IP Addressing (APIPA) and Internet
Connection Sharing (ICS) are two networking features
of Windows 2000 that can help to make Small Office/
Home Office networking much easier. Which of the
following statements about the IP address ranges
used by APIPA and ICS is correct?
A. APIPA and ICS both use IP addresses in the
169.254.x.y range.
B. APIPA uses IP addresses in the 169.254.x.y range.
ICS uses IP addresses in the 192.168.x.y range.
C. APIPA uses IP addresses in the 192.168.x.y range.
ICS uses IP addresses in the 169.254.x.y range.
D. APIPA and ICS both use IP addresses in the
192.168.x.y range.
Answer: B
When APIPA is used, Windows 2000 determines an
address in the Microsoft-reserved IP addressing range
from 169.254.0.1 through 169.254.255.254. When ICS
is used by default the IP addressing range will be
from 192.168.0.1 through 192.168.255.254.
Q90
Windows 2000 contains a feature that prevents
critical system files from being overwritten or
deleted. This typically leads to increased system
stability and reduced downtime. What is the name of
this feature?
A. Critical File Checker
B. Critical File Protection
C. System File Protector
D. Windows File Protection
Answer: D
Windows File Protection (WFP) prevents the deletion
of important system files located in the
%systemroot%\system32 directory. This feature is
often also referred to as System File Protection
(SFP) and System File Checker (SFC). Although
WFP is typically a helpful feature, there are
certain cases in which it is advantageous to
disable it. This can be done by modiyfing the
registry of the machine.
Q91
When configuring Windows 2000 Terminal Services you
are given the option disable certain mappings. It is
recommended that most of these settings be disabled
for security purposes when you are running Terminal
Services in Remote Administration Mode. However, the
option to disable is not available for all mappings
unless you are running Citrix ICA-based clients.
Which of the following options are not available
unless you have the Citrix ICA-based client
installed? Choose all that apply.
A. The option to disable Audio mapping
B. The option to disable Clipboard mapping
C. The option to disable COM port mapping
D. The option to disable Drive mapping
E. The option to disable LPT port mapping
F. The option to disable Windows printer mapping
Answer: A & D
You have the option to disable the following:
Drive mapping - By default, this option is enabled.
This option is supported only for Citrix ICA-based
clients.
Windows printer mapping - By default, this feature is
enabled. When enabled, clients are able to map
Windows printers and all client printer queues are
automatically reconnected at logon.
LPT port mapping - By default, this feature is
enabled. When enabled, client LPT ports are
automatically mapped for printing and are available in
the port list of the Add Printer wizard.
COM port mapping - By default, this feature is
disabled. When enabled, client COM ports are
automatically mapped for printing and are available in
the port list of the Add Printer wizard.
Clipboard mapping - By default, this feature is
enabled.
Audio mapping - By default, this feature is disabled.
This option is supported only for Citrix ICA-based
clients.
Q92
You are discussing Active Directory with one of your
colleagues. She claims that when you delete an
object using a utility like Active Directory Users
and Computers it is not immediately removed from the
Active Directory database. She claims that the
object is still in the database and can be recovered
if necessary. Which of the following statements
regarding her claims would be true?
A. Her claims are false. When an object is deleted
using a utility like Active Directory Users and
Computers it is permanently removed from the
database and cannot be recovered.
B. Her claims are partially false. Although the
object is not removed from the Active Directory
database it cannot be recovered under any
circumstance.
C. Her claims are true. When an object is deleted
using a utility like Active Directory Users and
Computers it goes into a tombstoned state. In this
state it is still visible but shows as greyed out.
If this object is not accessed within 90 days it is
permanently removed from the Active Directory
database.
D. Her claims are true. When an object is deleted
using a utility like Active Directory Users and
Computers it goes into a tombstoned state for a
certain period of time (default of 60 days). The
only way to recover the object is to perform an
authoritative restore. This must be done before the
end of the tombstone interval.
E. Her claims are true. When an object is deleted
using a utility like Active Directory Users and
Computers it goes into a tombstoned state for a
certain period of time (default of 60 days). The
only way to recover the object is to perform a non-
authoritative restore. This must be done before the
end of the tombstone interval.
Answer: D
When you delete an object from Active Directory
using a utility like Active Directory Users and
Computers it will be put in a tombstoned state. The
object will still be present in the Active Directory
database but will not be visible from any of the
administrative tools. The object will be in the
tombstoned state for a certain length of time (60
days by default) and then it will be permanently
removed from the Active Directory database. To
restore an object that is in a tombstoned state, you
must perform an authoritative restore.
Q93
You would like to use a Windows 2000 Server as a
router between two subnets on your corporate LAN.
You have installed two network cards in the server
and would like to configure static routing using
Routing and Remote Access. Must you install
additional protocols and if so, which additional
protocols are supported for static routing in
Windows 2000?
A. No, installing additional protocols is not
necessary.
B. Yes, installing additional protocols is
necessary. Windows 2000 supports RIPv1 and RIPv2.
C. Yes, installing additional protocols is
necessary. Windows 2000 supports RIPv1 and OSPF.
D. Yes, installing additional protocols is
necessary. Windows 2000 supports RIPv2 and OSPF.
E. Yes, installing additional protocols is
necessary. Windows 2000 supports OSPF and IGRP.
Answer: A
No additional protocols are needed for static
routing. Additional protocols are involved when
implementing dynamic routing. The protocols
supported for dynamic routing in Windows 2000
include RIPv1, RIPv2 and OSPF.
Q94
You have made several modifications to your the
registry on a computer running Windows 2000 Server
which has rendered the system unbootable. As part of
the troubleshooting process, you attempt to repair
the registry using an Emergency Repair Disk (ERD).
When you attempt to do this, your configuration is
reverted to the original settings when you installed
Windows 2000. What is the reason why the most recent
registry files were not used and where can you go to
locate the most recent version of your registry files?
Choose all that apply.
A. The ERD does not contain a copy of the registry
files.
B. The ERD that you created may have been created
while the disk on which the operating system was
installed was still a basic disk. If this disk has
been converted to a dynamic disk and the ERD has not
been updated it will not work properly.
C. You did not specify that you wanted the registry
backed up when you created the ERD. To back up the
registry files you must run the following command:
"rdisk /s"
D. The most recent version of the registry files
can be located in %SystemRoot%\Repair where
%SystemRoot% is the location to which you have
installed the Windows 2000 system files.
E. The most recent version of the registry files
can be located in %SystemRoot%\Repair\Regback where
%SystemRoot% is the location to which you have
installed the Windows 2000 system files.
Answer: A & E
The Windows 2000 ERD, unlike the ERD used with Windows
NT, does not contain a copy of the registry files.
The backup registry files are in the folder
%SystemRoot%\Repair. However, these files are from
the original installation of Windows 2000. In the
event of a problem, they can be used to return your
computer to a usable state.
When you back up system state data, a copy of your
registry files is placed in the folder
%SystemRoot%\Repair\Regback. If your registry files
become corrupted or are accidentally erased, use the
files in this folder to repair your registry without
performing a full restore of the system state data.
This method is recommended for advanced users only and
can also be accomplished by using the Recovery Console
commands.
Q95
You are concerned about users consuming too much
space on one of the servers at your company. To
prevent users from saving an excessive amount of data
to the server you configure a disk quota for the D:
drive of the server where the users store their
files. You set the quota limit to 100 MB and check
the box to "Deny disk space to users exceeding quota
limit". In addition, to give your users additional
space on the drive you create a 2 GB volume and mount
it into an empty folder named "Storage" on the D:
drive.
After a couple of weeks you start to receive
complaints from your users that they are unable to
save their documents anywhere on the D: drive. When
checking the Storage folder you notice that several
users have saved well in excess of 100 MB to the
folder. What is the reason why the quota limit was
not enforced for the Storage folder?
A. You failed to use the "Rescan Disks" command
after mounting the Storage folder to the D: drive.
Therefore quota limits were not enforced for the
Storage folder.
B. When you mount a drive to an empty folder on a
different it is not considered to be a part of the
drive that it was mounted to. Therefore, disk quota
restrictions that are enforced for the D: drive do
not have an effect on the Storage folder.
C. The Storage folder has not been formatted with
the NTFS file system. If you wish to deny disk space
usage through disk quotas you must format all volumes
with NTFS.
D. Quota restrictions are based the compressed size
of the files if the data is compressible. In the
above example it is likely that the amount of data
that the users have saved to the Storage folder
would be less than 100 MB if the data were
compressed.
Answer: B
Disk quotas in Windows 2000 are enforced on a
volume-by-volume basis. A volume that is mounted
into an empty folder on another drive is not
considered to be part of that volume and therefore
is not subject to any quota restrictions placed on
that volume. Similarly, a mounted volume may have
quota restrictions placed on it even if the drive
that it is mounted to does not.
Q96
One day you are examining Disk Manager on one of your
servers. You notice that the volumes on the disk are
displaying a status of Healthy (At Risk). The disk
itself, which you recently converted to a dynamic
disk, has a status of Online (Errors). What action
should you perform to attempt to correct this problem?
A. Convert the dynamic disk to a basic disk.
B. Convert the volumes to the NTFS file system using
the Convert.exe utility.
C. From Disk Manager, run the Reactivate Disk
command.
D. From Disk Manager, run the Repair Disk command.
E. From Disk Manager, run the Repair Volume command.
F. Run the Checkdisk.exe utility.
Answer: C
You will encounter this when the volume is currently
accessible, but I/O errors have been detected on the
underlying disk. If an I/O error is detected on any
part of a disk, all volumes on the disk display the
Healthy (At Risk) status. A warning icon appears on
the volume. Only dynamic volumes display the Healthy
(At Risk) status.
When the volume status is Healthy (At Risk), an
underlying disk's status is usually Online (Errors).
To return the underlying disk to the Online status,
reactivate the disk (using the Reactivate Disk
command). Once the disk is returned to Online
status, the volume should return to the Healthy
status.
Q97
On your computer running Windows 2000 Professional you
have a single disk that contains two simple volumes.
The first volume (C:) contains the operating system
files and the boot files. The second volume (D:)
contains most of your data. The D: volume is running
out of space and you would like to add some of the
additional unpartitioned free space to the volume.
However, when you attempt to do this you are unable
to. What are possible reasons why this operation
failed? Choose all that apply.
A. The disk is a dynamic disk. You may not extend
volumes on dynamic disks.
B. The disk was initially a basic disk and has been
converted to a dynamic disk. Only volumes originally
created on dynamic disks can be extended.
C. The D: volume is your system partition. The
system partition cannot be extended.
D. The D: volume is not formatted with NTFS. You
can extend a simple volume only if the file system is
NTFS.
Answer: B & D
You can only create simple volumes on dynamic disks.
If a volume existed before the disk was upgraded to
dynamic, it can never be extended. If you try to
extend it, you receive the following error message:
"The selected volume was originally created on a
basic disk and cannot be extended. Only volumes
originally created on dynamic disks can be extended."
In the above example, the D: volume is not the system
partition. The system parition is the partition that
contains the boot files. In the above example, the
C: drive is the system partition. It is true that
the system partition cannot be extended.
You can extend a simple volume only if the file
system is NTFS. A spanned volume, which is a simple
volume that exists on more than one disk, can
initially be created with the FAT or NTFS file
system. However, after a simple or spanned volume
has been created with the FAT file system, it cannot
be extended or spanned further. You can reformat the
volume using NTFS and regain the ability to extend or
span the volume.
Q98
The following files are associated with Active
Directory:
Ntds.dit - The Active Directory database
Edb*.log - Transaction log files
Edb.chk - A checkpoint file used by the database
engine to track the data not yet written to the
Active Directory database file
Res1.log and Res2.log - Reserved transaction log
files
You currently have a domain controller running
Windows 2000 with the boot files located on the C:
drive and the operating system files installed to the
D: drive. By default where would the files listed
above be located?
A. The %systemroot%\NTDS folder at the root of the
boot volume where %systemroot% is the location that
the operating system files were installed to.
B. The %systemroot%\NTDS folder at the root of the
system volume where %systemroot% is the location that
the operating system files were installed to.
C. The %systemroot%\Sysvol folder at the root of the
boot volume where %systemroot% is the location that
the operating system files were installed to.
D. The %systemroot%\Sysvol folder at the root of the
system volume where %systemroot% is the location that
the operating system files were installed to.
E. The NTDS folder at the root of the boot volume.
F. The NTDS folder at the root of the system
volume.
G. The Sysvol folder at the root of the boot volume.
H. The Sysvol folder at the root of the system
volume.
Answer: A
In theis scenario, the Active Directory files listed
above would be located in %systemroot%\NTDS where
%systemroot% is the folder where the the operating
system files are installed to. In the above example,
the operating system files are installed to the D:
drive making that drive the boot volume.
Q99
An operations master is a domain controller that has
been assigned one or more special roles in an Active
Directory domain. The domain controllers assigned
these roles perform operations that are single-master
(not permitted to occur at different places on the
network at the same time). Some of the operations
masters are domain wide and others are forest wide.
Which of the following statements regarding this is
correct?
A. The forest-wide operations masters are the PDC
emulator and the infrastructure master. The domain-
wide operations masters are the schema master, the
domain naming master and the RID master.
B. The forest-wide operations masters are the RID
master and the domain naming master. The domain-wide
operations masters are the PDC emulator, the
infrastrcture master and the schema master.
C. The forest-wide operations masters are the schema
master and the domain naming master. The domain-wide
operations masters are the PDC emulator, the
infrastrcture master and the RID master.
D. The forest-wide operations masters are the schema
master and the infrastrcture master. The domain-wide
operations masters are the PDC emulator, the domain
naming master and the RID master.
E. The forest-wide operations masters are the schema
master and the PDC emulator. The domain-wide
operations masters are the domain naming master, the
infrastrcture master and the RID master.
Answer: C
Schema master
The schema master domain controller controls all
updates and modifications to the schema. To update
the schema of a forest, you must have access to the
schema master. At any time, there can be only one
schema master in the entire forest.
Domain naming master
The domain controller holding the domain naming master
role controls the addition or removal of domains in the
forest. There can be only one domain naming master in
the entire forest at any time.
Relative ID master (RID Master)
The relative ID master allocates sequences of relative
IDs to each of the various domain controllers in its
domain. At any time, there can be only one domain
controller acting as the relative ID master in each
domain in the forest.
PDC emulator
If the domain contains computers operating without
Windows 2000 client software or if it contains Windows
NT backup domain controllers (BDCs), the PDC emulator
acts as a Windows NT primary domain controller. It
processes password changes from clients and replicates
updates to the BDCs. At any time, there can be only
one domain controller acting as the PDC emulator in
each domain in the forest.
Infrastructure master
The infrastructure master is responsible for updating
the group-to-user references whenever the members of
groups are renamed or changed. At any time, there can
be only one domain controller acting as the
infrastructure master in each domain.
Q100
Your company is currently running Active Directory.
You have a single forest environment with seven
domains. You have migrated from an NT 4.0 multiple-
master domain model. In the previous model you had
two master domains and four resource domains. When
you migrated to Windows 2000 you created a new
forest root domain named acmecorp.com. You
installed two domain controllers into the
acmecorp.com domain. You upgrading the two NT 4.0
master domains to Windows 2000 and named them
us.acmecorp.com and ww.acmecorp.com.
One day when you come in to the office you discover
that there has been a fire. Both of the domain
controllers for the forest root domain have been lost
along with all tape backups for these computers. What is
the proper procedure to recover your forest root domain?
A. Change the name of either the us.acmecorp.com
domain or the ww.acmecorp.com domain to acmecorp.com.
B. Create a new domain controller for the
acmecorp.com domain using the dcpromo utility.
C. Promote either the us.acmecorp.com domain or the
ww.acmecorp.com domain to become the new forest root
domain using the dcpromo utility.
D. Seize the Operation Master roles from the non-
functioning domain controllers and distribute them
to other domain controllers.
E. There is not a procedure available to recover a
forest root domain if all of the domain controllers
are lost.
Answer: E
If all of the domain controllers for the forest root
domain are lost in a catastrophic event, and one or
more domain controllers cannot be restored from
backup, the enterprise administrators and schema
administrators groups will be permanently lost.
There is no way to reinstall the forest root domain
of a forest.
Therefore it is highly recommended to take the
following precautions to protect the forest root
domain:
Install at least two domain controllers in the
forest root domain regardless of the number of
accounts that exist in that domain.
Place some of the domain controllers for the
forest root domain in separate locations to
provide protection against geographically-centered
catastrophes.
Keep three copies of backup tapes for domain
controllers.
Keep at least one copy of the tapes offsite to
provide protection against geographically-centered
catastrophes.
Q101
You currently have an Active Directory infrastructure
in your company. It consists of three native mode
domains. The forest root domain is named xyzcorp.com
and there are two child domains named us.xyzcorp.com
and europe.xyzcorp.com. Recently your company has
partnered with a supplier and you would like to allow
the two parties to share certain resources. However,
the other company is currently running a signle
Windows NT 4.0 domain and does not have any plans to
do a migration to Windows 2000. If you would still
like to share resources between the other company's
domain and all of the domains in your company, what
option do you have?
A. You can add the NT 4.0 domain as a new tree
within your existing Active Directory forest.
B. You can convert the NT 4.0 domain to native mode.
C. You can manually create external trusts between
your domains and the NT 4.0 domain.
D. You can manually create a transitive trust
between your forest root domain and the NT 4.0 domain.
E. You can manually create a shortcut trust between
the child domains in your company and the NT 4.0
domain.
Answer: C
Explicit trusts are trust relationships that you
create yourself, as opposed to trusts created
automatically during installation of a domain
controller. There are two kinds of explicit trusts:
external trusts and shortcut trusts. External trusts
enable user authentication to a domain outside of a
forest. Shortcut trusts shorten the trust path in a
complex forest.
A Windows 2000 domain can establish a one-way
external trust with Windows NT 4.0 domains. This
can be accomplished throught the Active Directory
Domains and Trusts utility.
Q102
You wish to set up a certification authority (CA) on
a Windows 2000 Server on your company's network. You
decide to create an enterprise root CA for one of
your domains. When creating an enterprise root CA,
which of the following limitations apply? Choose
all that apply.
A. All users requesting certificates must have an
account in Active Directory.
B. BIND 8.1.2 must be installed.
C. The person installing the enterprise root CA must
have Enterprise Administrator priviledges.
D. Users outside the domain may not receive
certificates from the CA.
E. Windows 2000 Active Directory must be installed.
F. Windows 2000 DNS must be installed.
Answer: A, C, D, E & F
An Enterprise Root CA is the root of a Windows 2000-
based hierarchy. Therefore, all of the limitations
listed above apply except for answer choice B. BIND
is irrelevant to the creation an Enterprise Root CA.
Q103
There are certain uniqueness rules that apply to user
accounts that are created in Active Directory. For
example, let's say that you create a user account in
a network that has an Active Directory forest which
contains ten domains in two different domain trees.
Which of the following attributes of the user account
must be unique across the entire forest? Choose all
that apply.
A. Globally Unique Identifier (GUID)
B. LDAP Distinguished Name
C. Pre-Windows 2000 User Logon Name
D. User Principal Name (UPN)
Answer: A, B & D
The Globally Unique Identifier or GUID is a 16-byte
code that identifies an interface to an object across
all computers and networks. No two objects will have
the same GUID.
The LDAP Distinguished Name is a name that uniquely
identifies an object by using the relative
distinguished name for the object, plus the names of
container objects and domains that contain the object.
The User Principal Name or UPN consists of a user
ccount name (sometimes referred to as the user logon
name) and a suffix that may identify the domain where
the user account is located. It must be unique in the
forest.
The Pre-Windows 2000 User Logon Name is used for
backwards compatability with NT 4.0 Backup Domain
Controllers. It must be unique with the domain but
need not be unique within the forest.
Q104
Terminal Services can be run in one of two modes:
Application Server mode or Remote Administration
mode. Which of the following are differences between
the two modes? Choose all that apply.
A. A Terminal Services Client Access License (CAL)
is not required when running in Remote Administration
mode. In Application Server mode all clients
(including Windows 2000 Professional clients) must
have a Terminal Services CAL.
B. In Application Server mode, Terminal Services is
configured to gear memory and CPU utilization towards
interactive application. In Remote Administration
mode these settings are left unaffected.
C. When running in Remote Administration mode, a
maximum of three remote connections are allowed to
the Terminal Server. When running in Application
Server mode, the maximum number of remote connections
is limited only by available resources and number of
licenses.
D. When running in Remote Administration mode,
encryption is required. When running in Application
Server mode, encryption is not allowed.
Answer: A & B
Terminal Services may be enabled in one of two modes:
Application Server or Remote Administration.
Application server mode allows multiple remote
clients to simultaneously access Windows-based
applications that run on the server. This is the
traditional Terminal Server deployment.
Remote administration mode is a new feature in
Terminal Services for Windows 2000. It is designed to
provide operators and administrators with remote
access to typical BackOffice servers and domain
controllers.
A Terminal Services Client Access License (CAL)
is not required when running in Remote Administration
mode. In Application Server mode all clients
(including Windows 2000 Professional clients) must
have a Terminal Services CAL. However, Windows 2000
Professional clients already include a Terminal
Services CAL (but not a Windows 2000 Server CAL).
In Application Server mode, Terminal Services is
configured to gear memory and CPU utilization towards
interactive application. In Remote Administration
mode these settings are left unaffected.
When running in Remote Administration mode, a
maximum of two remote connections are allowed to
the Terminal Server. When running in Application
Server mode, the maximum number of remote connections
is limited only by available resources and number of
licenses.
Q105
You have just installed a new device driver on your
Windows 2000 Professional machine. After restarting
the system and logging on you receive an error
message. You decide to restart your system. Which
startup options might be helpful in diagnosing and
fixing this problem? Choose all that apply.
A. Directory Service Restore Mode
B. Last Known Good Configuration
C. Recovery Console
D. Safe Mode
E. Safe Mode with Command Prompt
Answer: C, D, & E
You have several recovery options in Windows 2000
that are designed to give you the ability to get your
computer running properly. Some of your recovery
options include:
Safe mode - Starts Windows 2000 using only basic
files and drivers.
Safe Mode with Command Prompt - Starts Windows 2000
using only basic files and drivers and displays the
command prompt after logon.
Last Known Good Configuration - Starts Windows 2000
using the registry information that Windows saved at
the last shutdown.
Recovery Console - Starts a command-line interface
that provides a limited set of administrative
commands.
Although Last Known Good Configuration can be a
helpful recovery option it would not be useful in
the above scenario as you have already logged in
successfully since making the configuration change.
Once you log in you create a new Last Known Good
Configuration.
Note that while Directory Service Restore Mode is a
safe mode startup option, it is not applicable for
Windows 2000 Professional.
Q106
Kelly would like to install Windows 2000 Professional
on her laptop at work. She lists the following
characteristics of her current machine:
-Pentium Pro 200 Mhz
-24 MB of RAM
-2.0 GB hard disk, 650 MB of free space
Kelly asks you if her system is sufficient to install
Windows 2000 to. What would you tell her?
A. Yes. According to Microsoft's documentation, her
system meets the minimum system requirements for
running Windows 2000 Professional.
B. No. According to Microsoft's documentation, her
system will need to have the processor upgraded before
installing Windows 2000 Professional.
C. No. According to Microsoft's documentation, her
system will need to have the memory upgraded before
installing Windows 2000 Professional.
D. No. According to Microsoft's documentation, her
system will need to have the hard disk upgraded before
installing Windows 2000 Professional.
Answer: C
Here are the minimum system requirements for running
Windows 2000 Professional.
-133 MHz or higher Pentium-compatible CPU.
-64 megabytes (MB) of RAM recommended minimum; more
memory generally improves responsiveness.
-2GB hard disk with a minimum of 650MB of free space.
Q107
Terminal Services can be run in one of two modes:
Application Server mode or Remote Administration
mode. Which of the following are differences between
the two modes? Choose all that apply.
A. A Terminal Services Client Access License (CAL)
is not required when running in Remote Administration
mode. In Application Server mode all clients
(including Windows 2000 Professional clients) must
have a Terminal Services CAL.
B. In Application Server mode, Terminal Services is
configured to gear memory and CPU utilization towards
interactive application. In Remote Administration
mode these settings are left unaffected.
C. When running in Remote Administration mode, a
maximum of three remote connections are allowed to
the Terminal Server. When running in Application
Server mode, the maximum number of remote connections
is limited only by available resources and number of
licenses.
D. When running in Remote Administration mode,
encryption is required. When running in Application
Server mode, encryption is not allowed.
Answer: A & B
Terminal Services may be enabled in one of two modes:
Application Server or Remote Administration.
Application server mode allows multiple remote
clients to simultaneously access Windows-based
applications that run on the server. This is the
traditional Terminal Server deployment.
Remote administration mode is a new feature in
Terminal Services for Windows 2000. It is designed to
provide operators and administrators with remote
access to typical BackOffice servers and domain
controllers.
A Terminal Services Client Access License (CAL)
is not required when running in Remote Administration
mode. In Application Server mode all clients
(including Windows 2000 Professional clients) must
have a Terminal Services CAL. However, Windows 2000
Professional clients already include a Terminal
Services CAL (but not a Windows 2000 Server CAL).
In Application Server mode, Terminal Services is
configured to gear memory and CPU utilization towards
interactive application. In Remote Administration
mode these settings are left unaffected.
When running in Remote Administration mode, a
maximum of two remote connections are allowed to
the Terminal Server. When running in Application
Server mode, the maximum number of remote connections
is limited only by available resources and number of
licenses.
Q108
There are two types of protocols that are involved in
Active Directory replication: RPC and SMTP. Both of
these protocols run over IP. Which of the following
statement regarding replication protocols is correct?
A. Either RPC or SMTP can be used for intrasite
replication while RPC is used for intersite
replication.
B. Either RPC or SMTP can be used for intrasite
replication while SMTP is used for intersite
replication.
C. RPC and SMTP can both be used for intrasite and
intersite replication.
D. RPC is used for intersite replication while SMTP
is used for intrasite replication.
E. RPC is used for intrasite replication while
either RPC or SMTP can be used for intersite
replication.
F. RPC is used for intrasite replication while SMTP
is used for intersite replication.
G. SMTP is used for intrasite replication while
either SMTP or RPC can be used for intersite
replication.
Answer: E
The following rules apply to the replication
transports:
- Replication within a site always uses RPC over IP.
- Replication between sites can use either RPC over
IP or SMTP over IP.
- Replication between sites over SMTP is supported
for only domain controllers of different domains.
Domain controllers of the same domain must replicate
by using the RPC over IP transport. Therefore,
replication between sites over SMTP is supported for
only schema, configuration, and Global Catalog
replication, which means that domains can span sites
only when point-to-point, synchronous RPC is available
between sites.
Q109
The System State data is a collection of system-
specific data that can be backed up and restored. It
is critical for all Windows 2000 administrators to
understand what the System State data is comprised of
and make sure that a proper strategy for backing up
the System State data is in place. On a Windows 2000
domain controller running Certificate Services, which
of the following will be included by default in the
System State data? Choose all that apply.
A. Active Directory directory service
B. Boot files, including the system files
C. Certificate Services database
D. COM+ Class Registration database
E. Registry
F. Paging file
G. SYSVOL directory
H. User home directories
Answer: A, B, C, D, E & G
For Windows 2000 Professional, the System State data
comprises only the registry, COM+ Class Registration
database, and boot files. For Windows 2000 Server
operating systems, the System State data comprises
the registry, COM+ Class Registration database, system
boot files, and the Certificate Services database (if
the server is a certificate server). If the server is
a domain controller, Active Directory and the SYSVOL
directory are also contained in the System State data.
Q110
Your company is currently running Windows 2000 on all
of its servers. One of the servers has the following
backup schedule:
Saturday - Full Backup @ 2 AM
Sunday - Incremental Backup @ 2 AM
Monday - Incremental Backup @ 2 AM
Tuesday - Incremental Backup @ 2 AM
Wednesday - Incremental Backup @ 2 AM
Thursday - Incremental Backup @ 2 AM
Friday - Incremental Backup @ 2 AM
On a Wednesday at 4 PM you experience a hard drive
failure and must restore the server from tape backup.
Which of the following represents the tapes you will
want to restore from to get the server fully
functional as quickly as possible?
A. Saturday, Sunday, Monday, Tuesday
B. Saturday, Sunday, Monday, Tuesday, Wednesday
C. Saturday, Tuesday
D. Saturday, Wednesday
E. Sunday, Monday, Tuesday, Wednesday
F. Sunday, Monday, Tuesday
Answer: B
You have five choices of backup types on a Windows
2000 system: Copy, Daily, Differential, Incremental
and Normal. An incremental backup backup backs up
only those files created or changed since the last
normal or incremental backup. It marks files as
having been backed up (in other words, the archive
attribute is cleared). A normal backup copies all
selected files and marks each file as having been
backed up (in other words, the archive attribute is
cleared).
If you are performing a combination of normal and
incremental backups, restoring files and folders
requires that you have the last normal as well as
all of the incremental backups since the last
normal backup.
Q111
In your company, you have a group of people who are
working on a special high-security project. Because
these user accounts have different requirements for
passwords and account lockout than the rest of the
organization, you create a new domain for them called
projecty.companyxyz.com.
You have created a GPO called Lockdown which enforces
strict restrictions on the desktop environment that a
user receives. You have linked this GPO to the
projecty.companyxyz.com domain. However, you are
concerned that this GPO will affect members of the
Domain Admins group for this domain. You do not want
these restrictions placed on the Domain Admins group.
What is the easiest way to ensure that the Domain
Admins does not receive setting from this GPO?
A. You do not need to perform any additional actions.
The Domain Admins group does not have the Apply Group
Policy permission to any GPOs and therefore will not
be affected.
B. Check the box to Deny the Apply Group Policy
permission for the Domain Admins group.
C. Create a new organizational unit (OU) called
Domain Admins. Move the Domain Admins security group
into this OU. Set the Block Inheritance option for
the Domain Admins OU.
D. Create a new organizational unit (OU) called
Users. Move the Authenticated Users security group
into this OU. Link the Lockdown GPO to the Users OU.
E. Remove the members of the Domain Admins security
group from the Authenticated Users security group.
Answer: B
By default, Domain Admins do not have the Apply Group
Policy permission. However, Domain Admins are also
Authenticated Users and by default Authenticated Users
have Read and Apply Group Policy permissions.
Therefore Domain Admins will have all GPOs applied to
them by default. There are two options to prevent
this default behavior:
1. Remove Authenticated Users from the list on the
security tab of the GPO, and add a new security group
with the Apply Group Policy and Read attributes set to
Allow. This new group should contain all the users
that this Group Policy is intended to affect.
2. Set the Apply Group Policy attribute to Deny for
the Domain Admins. This will prevent the GPO from
being applied to members of that groups. Remember that
an ACE set to Deny always takes precedence over Allow.
Therefore, if a given user is a member of another group
that is set to explicitly Allow the Apply Group Policy
attribute for this GPO, it will still be denied.
Q112
Several of the users in your company have recently
transferred from one of your United States locations
to one of your European locations. To reflect this
change, you would like to move the user accounts
from the us.acme.com domain to the europe.acme.com
domain. Both of these domains are located in the
same tree and in the same forest. In addition, both
of the domains are currently running in native mode.
Which of the following utilities can you use to move
the user accounts? Choose all that apply.
A. Active Directory Domains and Trusts
B. Active Directory Users and Computers
C. Ldifde
D. move.msc
E. Movetree.exe
F. Ntdsutil.exe
Answer: E
Movetree is used for moving users, groups, and
organizational units (OUs) between Windows 2000
domains in the same forest.