70-294 Sample Exam Questions, Microsoft Practice Exam Demos Free Download

3COM

Adobe

Apple

Avaya

BEA Systems

Business Objects

Check Point

Cisco

Citrix

CIW

CompTIA

CWNP

EC-Council

EMC

Exam Express

Exin

Foundry Networks

HDI

Hitachi

IBM

ISC

ISEB

Juniper Networks

Lotus

LPI

Microsoft

Mile2

Network Appliance

Nortel

Novell

Oracle

PMI

RedHat

RSA Security

SAIR

SAS Institute

SNIA

Sun

Sybase

Symantec

Teradata

Tibco

Veritas

VMware

Microsoft 70-294 Exam - Passitexam.com

Free 70-294 Sample Questions:

1. You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains three Active Directory sites named Site1, Site2, and Site3. The sites are connected by site links as shown in the work area.
SiteLink1 and SiteLink2 include redundant, highspeed WAN connections.
Each site has one subnet associated with it. The number of computers in each site and the operating system that the computers are running are indicated in the following table.

Site1 contains a Windows Server 2003 domain controller named Server1 that is the relative ID (RID) master for the domain. Site2 contains two Windows Server 2003 domain controllers named Server2 and Server3. Server2 is the infrastructure master for the domain. Site3 contains a Windows Server 2003 domain controller named Server4.
You need to decide where to place the PDC emulator role holder. You want to optimize the overall response time for users in all sites.
Where should you place the PDC emulator role?
To answer, select the appropriate domain controller or domain controllers in the work area.

2. You are the network administrator for Blue Yonder Airlines. The company has offices in Toronto, New York, and Chicago. The network connections are shown in the exhibit. (Click the Exhibit button.)
The network consists of two Active Directory domains. User objects for users in the Toronto office and the New York office are stored in the blueyonderairlines.com domain. User objects for users in the Chicago office are stored in the production.blueyonderairlines.com domain. Active Directory is configured as shown in the following table.

Users in the New York office frequently report that they cannot log on to the network, or that logging on takes a very long time. You notice increased global catalog queries to servers in the Toronto office during peak logon times.
You need to improve logon performance for users in the New York office without increasing WAN traffic that is due to replication.
What should you do?

A. Configure the domain controller in the New York office as a global catalog server.
B. Configure Active Directory to cache universal group memberships for the Toronto office.
C. Install an additional domain controller in the New York office.
D. Configure Active Directory to cache universal group memberships for the New York office.
Answer: D

3. You are the network administrator for Northwind Traders. The network consists of a single Active Directory forest. The functional level of the forest is Windows Server 2003. The forest consists of a forest root domain named northwindtraders.com and a child domain named child1.northwindtraders.com. The child1.northwindtraders.com domain contains all of the user accounts for the network. Your company acquires a company named Contoso, Ltd. The Contoso, Ltd., network consists of a single Active Directory forest that contains a forest root domain named contoso.com and a child domain named child1.contoso.com. All domain controllers run Windows 2000 Server. Both domains contain user accounts and resource servers. The domains and existing trust relationships are shown in the exhibit. (Click the Exhibit button.) You need to create the minimum number of trust relationships required for the users in the child1.northwindtraders.com domain to access resources in both domains in the contoso.com
forest. What should you do?

A. Create a oneway trust relationship in which the northwindtraders.com domain trusts the contoso.com domain.
B. Create a oneway trust relationship in which the contoso.com domain trusts the northwindtraders.com domain.
C. Create a oneway trust relationship in which the child1.northwindtraders.com domain trusts the contoso.com domain. Create a oneway trust relationship in which the child1.northwindtraders.com domain trusts the child1.contoso.com domain.
D. Create a oneway trust relationship in which the contoso.com domain trusts the child1.northwindtraders.com domain. Create a oneway trust relationship in which the child1.contoso.com domain trusts the child1.northwindtraders.com domain.
Answer: D

4. You are a network administrator for your company. The network consists of a single Active Directory forest that contains one root domain and multiple child domains. The functional level of all child domains is Windows Server 2003. The functional level of the root domain is Windows 2000 native.You configure a Windows Server 2003 computer named Server1 to be a domain controller for an existing child domain. Server1 is located at a new branch office, and you connect Server1 to a central data center by a persistent VPN connection over a DSL line. Server1 has a single replication connection with a bridgehead domain controller in the central data center.You configure DNS on Server1 and create secondary forward lookup zones for each domain in the forest.You need to minimize the amount of traffic over the VPN connection caused by logon activities.What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Configure the DNS zones to be Active Directoryintegrated zones.
B. Configure Server1 to be the PDC emulator for the domain.
C. Configure Server1 to be a global catalog server.
D. Configure universal group membership caching on Server1.
Answer: C, D

5. You are the network administrator for Blue Yonder Airlines. You plan to create an Active Directory domain named blueyonderairlines.com that will have a functional level of Windows Server 2003. Your company has one main office and four branch offices, which are all located in one country. A central security department in the main office is responsible for creating and administering all user accounts in all offices. Each office has a local help desk department that is responsible for resetting passwords within the individual department's office only. All user accounts are located in the default Users container. You need to create an organizational unit (OU) structure to support the delegation of authority requirements. You want to minimize the amount of administrative effort required to maintain the environment. What should you do?
A. Create a toplevel OU named BlueYonderAirlines_Users under the blueyonderairlines.com domain. Create a separate child OU for each office under BlueYonderAirlines_Users. Move the user accounts of all employees in each office to the child OU for that office.
B. Create a toplevel OU named Main_Office under the blueyonderairlines.com domain. Move the user accounts of all users in the main office to the Main_Office OU. Create a separate child OU for each branch office under the Main_Office OU. Move the user accounts of all users in each branch office to the child OU for that office.
C. Create a toplevel OU named BlueYonderAirlines_Users under the blueyonderairlines.com domain. Create a child OU named Central_Security under BlueYonderAirlines_Users. Move the user accounts of the central security department users to the Central_Security OU. Create a child OU named Help_Desk under BlueYonderAirlines_Users. Move the user accounts of the help desk users to the Help_Desk OU.
D. Create a toplevel OU named BlueYonderAirlines_Users under the blueyonderairlines.com domain. Create a child OU named Central_Security under BlueYonderAirlines_Users. Move the user accounts of the central security department users to the Central_Security OU. Create a separate child OU under BlueYonderAirlines_Users for each office. Move the user accounts of the help desk users in each office to the child OU for that office.
Answer: A

6. You are the network administrator for your company. The network consists of a single Active Directory domain with five sites. You configure the five Active Directory sites in accordance with the requirements of the company's site configuration design. The network and site configuration is shown in the exhibit. (Click the Exhibit button.) The site configuration design also requires you to configure site link bridges. The design requires the site links connecting Site1, Site2, and Site3 to be transitive and all other site links to be nontransitive. You need to configure site link bridges to comply with the site configuration design. Which action or actions should you take? (Choose all that apply.)

A. Disable automatic site link bridging in the IP object properties.
B. Create new site links between each of the Active Directory sites. C. Remove each of the sites from the default site link.
D. Create a new site link bridge. Add the site links connecting Site1, Site2, and Site3 to the site link bridge.
E. Create a new site link bridge. Add the site links connecting Site3, Site4, and Site5 to the site link bridge.
Answer: A, C, D

7. You are the network administrator for your company. The network consists of a single Active Directory domain. The relevant portion of the organizational unit (OU) structure is shown in the exhibit. (Click the Exhibit button.) The company's sales division consists of an inside sales department, a mobile sales department, and a telemarketing department. User objects for users in these departments are stored in the Inside, Mobile, and Telemarket OUs respectively. User objects for all junior managers and senior managers are stored in the Managers OU. The company decides to train junior managers to perform basic administrative tasks. Junior managers are responsible for enabling and disabling accounts for all sales users except junior managers and senior managers. You need to enable junior managers to perform the assigned administrative tasks. You must not affect any existing permissions. What should you do?

A. On the Managers OU, block the inheritance of permissions. Copy all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
B. On the Inside, Mobile, and Telemarket OUs, block the inheritance of permissions. Copy all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
C. On the Managers OU, block the inheritance of permissions. Remove all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
D. On the Sales OU, block the inheritance of permissions. Copy all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
Answer: A

8. You are the network administrator for your company. Your company consists of two subsidiaries named Contoso, Ltd., and Fabrikam, Inc. The network consists of two Active Directory domains in a single forest with four sites. The network configuration is shown in the exhibit. (Click the Exhibit button.) All client computers run Windows XP Professional. Users who have accounts in the fabrikam.com domain frequently travel to Site3. When these users log on to the network in Site3, the logon process can take up to 10 minutes. You discover that when these users log on to the network in Site3, they are authenticated by DC5.Fabrikam.com in Site1. You need to ensure that the Fabrikam, Inc., users can log on more quickly from Site3. What should you do?

A. Increase the site link cost for SiteLink13 to 500.
B. Configure a site link bridge that will bridge SiteLink34 and SiteLink24.
C. Modify the subnet object linked to Site3 so that it is linked to Site1.
D. Move the DC5.Fabrikam.com domain controller object from Site1 to Site3.
Answer: B

9. You are the network administrator for Proseware, Inc. The network consists of a single Active Directory forest that contains one forest root domain named proseware.com and two child domains named europe.proseware.com and usa.proseware.com. The functional level of the forest is Windows 2000 native. The proseware.com domain contains a Windows 2000 Server domain controller named Server3 that is running Service Pack 4 or later. You take Server3 offline. You also remove all references to Server3 from the Configuration container in Active Directory. Five days later, you upgrade all remaining domain controllers to Windows Server 2003. You then raise the functional level of the forest to Windows Server 2003. You need to integrate Server3 into the new Active Directory infrastructure. You want Server3 to be an additional domain controller of the europe.proseware.com domain. What should you do?
A. Upgrade Server3 to Windows Server 2003. Add the computer account for Server3 into the Computers container of the europe.proseware.com domain.
B. Demote Server3 to a Windows 2000 member server by running the dcpromo /forceremoval command. Upgrade Server3 to a Windows Server 2003 member server. Run the dcpromo command to promote Server3 to be an additional domain controller of the europe.proseware.com domain.
C. Demote Server3 to a Windows 2000 member server by running the dcpromo /forceremoval command. Add the computer account for Server3 into the Domain Controllers organizational unit (OU) of the europe.proseware.com domain.
D. Upgrade Server3 to Windows Server 2003. Add the computer account for Server3 into the Domain Controllers organizational unit (OU) of the europe.proseware.com domain.
Answer: B

10. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 2,250 user accounts. Each user account has the appropriate permissions for resource access. All user accounts are in the Users container. The company has five departments. To support the company's structure, you must place the existing user accounts in organizational units (OUs) arranged by department. You create five OUs in the domain, with one OU for each department. The human resources manager sends you a file in the commaseparated value (CSV) file format. The CSV file lists each user's full name, account logon name, and department. You expect to receive CSV files containing new and updated information every two weeks. You need to place the user accounts in the correct OUs. You must not make changes that require the permissions on resources to be changed. You must deploy the changes in the minimum amount of time and by using the minimum amount of administrative effort. What should you do?
A. Create a script that reads the CSV file and uses ADSI to move user accounts to the correct OUs.
B. Create a script that reads the CSV file and updates the Department attribute of each user account to the name of the correct OU.
C. Create a security group for each department. Move the security group objects to the correct OUs. Make each user account a member of the security group for the user's department.
D. In Active Directory Users and Computers, create a new user account for each user in the correct OU, then delete the corresponding user object in the Users container.
E. In Active Directory Users and Computers, select all of the user accounts from one department and move them to the correct OU. Repeat this process for each of the other departments.
Answer: A

11. You are the network administrator for your company. The network structure is shown in the exhibit. (Click the Exhibit button.) The functional level of both forests is Windows Server 2003. All three domains are Active Directory domains. Domain3 contains a computer named Server1. A shared folder on Server1
is named Share1. Users in an organizational unit (OU) named Accounts in Domain2 need access to Share1. However, whenever the users in the Accounts OU attempt to connect to Share1, they receive an error message stating that access was denied. You need to ensure that users in the Accounts OU can connect to Share1. What should you do?

A. Create a universal distribution group in Domain2 that includes all users in the Accounts OU. Create a domain local security group in Domain3. Grant access to \\Server1\Share1 to the domain local security group. Make the universal distribution group a member of the domain local security group.
B. Create global security group in Domain2 that includes all users in the Accounts OU. Create a domain local security group in Domain3. Grant access to \\Server1\Share1 to the domain local security group. Make the global security group a member of the domain local security group.
C. Create a shared folder in the Accounts OU for \\Server1\Share1.
D. Create a oneway external trust relationship in which Domain2 trusts Domain3.
Answer: B

12. You are the network administrator for your company. The network consists of a single Active Directory domain. The following table shows the types and quantities of Windows Server 2003 Web and database servers in the domain. Server type Quantity Nonproduction test Web server 2 Nonproduction test database server 2 Production Web server 10 Production database server 10 The computer accounts for the Web and database servers are located in the default Computers container. The domain also includes many organizational units (OU) that contain other computer accounts. Your company plans to use Group Policy objects (GPOs) to centrally apply security settings to the Web and database server computers. The settings need to be applied as follows: Some security settings need to apply to all Web and database servers. Some security settings need to apply to the nonproduction servers only. Some security settings need to apply to the production servers only and must not be overridden. Other security settings need to apply to specific server types only. You need to create an organizational unit (OU) structure to support the GPO requirements. You want to create as few GPOs and links as possible while using only the default security permissions for GPO links. You also want to limit the number of GPO links to one link per GPO. What should you do?
A. Create two toplevel OUs named Web and Database under the domain. Create two child OUs named Nonproduction and Production under both the Web OU and the Database OU.
B. Create two toplevel OUs named Nonproduction and Production under the domain. Create two child OUs named Web and Database under both the Nonproduction OU and the Production OU.
C. Create a toplevel OU named Servers under the domain. Create two child OUs named Web and Database under the Servers OU. Create two child OUs named Nonproduction and Production under both the Web OU and the Database OU.
D. Create a toplevel OU named Servers under the domain. Create two child OUs named Nonproduction and Production under the Servers OU. Create two child OUs named Web and Database under both the Nonproduction OU and the Production OU.
Answer: D

13. You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows 2000 native. All servers run Windows Server 2003. The company is adding 15 new servers to run a new application. The company is also adding an organizational unit (OU) named Application to hold the servers and other resources for the application. The server access team needs to be able to grant various types of access to the servers. The server access team does not need to be able to perform any other tasks on the servers. You need to allow the server access team to grant permissions for application servers without granting the team unnecessary permissions. What should you do?
A. Create a Restricted Groups Group Policy object (GPO) to make the server access team a member of the Power Users group on each application server. Link the GPO to the Application OU.
B. Grant the server access team permission to modify computer objects in the Application OU.
C. Make the server access team a member of the Server Operators group.
D. Create Domain Local security groups that grant the appropriate access to the servers. Grant the server access team permission to modify the membership of the Domain Local security groups.
Answer: D

14. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain includes an organizational unit (OU) named TerminalServers and a global group named Accounting. The TerminalServers OU contains all of the Windows Server 2003 computer accounts running Terminal Services. Members of the Accounting group connect to terminal servers to access their software applications. You create a Group Policy object (GPO) and link it to the TerminalServers OU. You configure the GPO to publish a software installation package that installs the most recent tax application. Users in the Accounting group report that the new tax application is not installed on any of the terminal servers. You log on to one of the servers running Terminal Services and attempt to use Add or Remove Programs in Control Panel. When you select Add New Programs, you receive the following error message: "Applications are not available to install from the network in this mode." You need to ensure that the new
tax application is installed on the computers running Terminal Services. What should you do?
A. Modify the GPO and configure the software installation package to be assigned under the Computer Configuration section of the GPO under Software Settings.
B. Modify the GPO and configure the software installation package to be assigned under the User Configuration section of the GPO under Software Settings.
C. Modify the discretionary access control list (DACL) settings of the GPO to assign the Authenticated Users group the Deny Read and the Allow Apply Group Policy permissions.
D. Modify the discretionary access control list (DACL) settings of the GPO to assign the computer accounts in the TerminalServers OU the Allow Read and the Allow Apply Group Policy permissions.
Answer: A

15. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. You use a Group Policy object (GPO) to distribute an application to users. The application is contained in an .msi file that is stored in a shared folder. Users report that they do not have the application installed. You verify that the GPO successfully installed the application on your computer. On the client computers, you see the error message shown in the exhibit. (Click the Exhibit button.) You need to ensure that users can install the application. What should you do?

A. Configure the default package location in the GPO to be the network path to the application.
B. Configure the Windows Installer service on each client computer to start as a member of the Domain Admins group.
C. Create a GPO to enable the Always install with elevated privileges setting.
D. Assign the users the Allow Read permission for the .msi file.
Answer: D

16. You are the network administrator for your company. The network consists of a single Active Directory domain. All client computers run Windows XP Professional. All user accounts for the sales department users are located in an organizational unit (OU) named Sales. The client computers are located in the default Computers container. All users in the sales department require that a sales application be installed
on their client computers. You create a new Group Policy object (GPO). You create a software installation package and use the GPO to assign the package to computers. You link the GPO to the Sales OU. Users
in the sales department report that the application is not installed on any client computers. You need to install the application on all client computers in the sales department. You need to ensure that the application is installed only on the client computers used by users in the sales department. What should you do?
A. Modify the GPO to specify that Windows Installer packages will be installed by using elevated permissions.
B. Modify the GPO so that the application is assigned to user accounts.
C. Enable loopback processing for the GPO.
D. Link the GPO to the Computers container.
Answer: B

17. You are the network administrator for your company. Your network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All computer accounts for the client computers are located in an organizational unit (OU) named Computer Accounts. All user accounts are located in an OU named User Accounts. Software Update Services (SUS)
is installed on your network. The SUS infrastructure is shown in the exhibit. (Click the Exhibit button.)
Updates that are deployed must not cause any conflicts or errors on the client computers. You need to configure the client computers to download approved updates from the correct server. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

A. Create a Group Policy object (GPO) to set the default package location to be the internal interface of the firewall.
B. Create a Group Policy object (GPO) to set the default package location to be the child SUS server.
C. Create a Group Policy object (GPO) to set the update service location to be the child SUS server.
D. Create a Group Policy object (GPO) to set the update service location to be the Microsoft Windows Update server.
E. Link the Group Policy object (GPO) to the User Accounts OU.
F. Link the Group Policy object (GPO) to the Computer Accounts OU.
Answer: C, F

18. You are the network administrator for your company. The network consists of a single Active Directory domain that contains four domain controllers. All servers run Windows Server 2003. All user accounts are located in an organizational unit (OU) named CompanyUsers. A written company policy requires all users to use strong passwords. User passwords must contain a mixture of letters, numbers, or special characters. Passwords must be at least 10 characters long. Passwords must be changed at least every 60 days, and the new password cannot be the same as the old one. To enforce this requirement, you create a Group Policy object (GPO) named Password Policies and link the GPO to the CompanyUsers OU. The settings in the Password Policy section of the Password Policies GPO are shown in the exhibit. (Click the Exhibit button.) You discover that users are creating simple passwords that do not meet the complexity requirements. You need to ensure that the company password requirements are enforced. What should you do?

A. Link the Password Policies GPO to the Domain Controllers OU. Make it the first GPO in the list.
B. Configure the properties of the Password Policies GPO so that it cannot be overridden.
C. Delete the Password Policies GPO. Edit the Default Domain Policy GPO to include the settings from the Password Policy section of the Password Policies GPO.
D. Delete the Password Policies GPO. Edit the Default Domain Controllers Policy GPO to include the settings from the Password Policy section of the Password Policies GPO.
Answer: C

19. You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains an organizational unit (OU) named Research. All users who have user accounts in the Research OU use portable computers that run Windows XP Professional. You create a Group Policy object (GPO) named PowerManagement and link it to the Research OU. You configure the PowerManagement GPO to enable the Prompt for password on resume from hibernate/suspend policy. A user named Marie has a user account in the Research OU. Marie reports that she is not prompted for a password when her computer resumes from hibernation. You need to ensure that Marie immediately has password protection for her portable computer when resuming from hibernation mode. What should you do?
A. Instruct Marie to run the gpupdate command from her computer.
B. Instruct Marie to run the gpresult command from her computer.
C. Instruct Marie to send a Remote Assistance invitation to you. Take control of Marie's computer and run the secedit /analyze command.
D. Instruct Marie to send a Remote Assistance invitation to you. Take control of Marie's computer and run the gpresult command.
Answer: A

20. You are the network administrator for Fourth Coffee. The network consists of a single Active Directory forest that contains an empty root domain named fourthcoffee.com and a child domain named research.fourthcoffee.com. You need to implement secure password protection for the accounts located in the research.fourthcoffee.com domain.What should you do?
A. Configure the Default Domain Policy Group Policy object (GPO) of the research.fourthcoffee.com domain to enable the Passwords must meet complexity requirements policy.
B. Configure the Default Domain Controllers Policy Group Policy object (GPO) of the research.fourthcoffee.com domain to enable the Passwords must meet complexity requirements policy.
C. Configure the Default Domain Policy Group Policy object (GPO) of the fourthcoffee.com domain to enable the Passwords must meet complexity requirements policy. Enable the No Override setting on the GPO.
D. Configure the Default Domain Controllers Policy Group Policy object (GPO) of the fourthcoffee.com domain to enable the Passwords must meet complexity requirements policy. Enable the No Override setting on the GPO.
Answer: A

21. You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers are Windows XP Professional computers that are members of the domain. The company wants to install a new application on only the computers where it is required. However, once installed on a particular computer, the application can be used by any user logged on to that computer. The application is installed by using a Windows Installer package. You copy the .msi file to a shared folder on a file server. The shared folder is configured so that members of the Domain Admins group have the Allow Full Control permission, and no other permissions are granted. The company wants to automate installation as much as possible. Users must not be able install unauthorized copies of the application. You need to ensure the application will be deployed in accordance with your company's requirements. You create a security group and assign this group the Allow Read permission for the shared folder that contains the .msi file. Which two additional courses of action should you take? (Each correct answer presents part of the solution. Choose two.)
A. Make all users of the application members of the security group.
B. Make all authorized computers members of the security group.
C. Create a Group Policy object (GPO) that assigns the application to users. Link the GPO to the domain. Set permissions on the GPO so that it applies only to the security group you created.
D. Create a Group Policy object (GPO) that publishes the application to users. Link the GPO to the domain. Set permissions on the GPO so that it applies only to the security group you created.
E. Create a Group Policy object (GPO) that assigns the application to computers. Link the GPO to the domain. Set permissions on the GPO so that it applies only to the security group you created.
Answer: A, C

22. You are the network administrator for your company. The network consists of a single Active Directory domain with two sites. The two sites are named Site1 and Site2. The company has two offices, and each office is configured as one of the sites. All servers run Windows Server 2003. The two offices are connected by a 256Kbps leased line. In addition, Site1 and Site2 are connected by a site link. Site1 has
1,000 users, and Site2 has 15 users. There are no domain controllers in Site2. You create a Group Policy object (GPO) to redirect the My Documents folder. You link the GPO to the domain. Users in Site1 have their folders redirected successfully, but users in Site2 do not. You need to ensure that users in Site2 have their folders redirected. What should you do?
A. Combine Site1 and Site2 into a single site.
B. Enable loopback processing in Merge mode in the GPO.
C. Remove the link for the GPO from the domain. Link the GPO to Site1 and to Site2.
D. Create a new GPO that disables Group Policy slow link detection. Link the new GPO to Site2.
Answer: D

23. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Each client computer runs either Windows 2000 Professional or Windows XP Professional. All desktop computers have computer accounts in an organizational unit (OU) named CompanyDesktops, and all portable computers have computer accounts in an OU named CompanyPortables. All employees have user accounts in an OU named CompanyUsers.
A written company policy requires that different Encrypting File System (EFS) policies be applied to portable computers and to desktop computers. In addition, policy settings in the Default Domain Policy Group Policy object (GPO) must apply to all computers. You create two new GPOs named DesktopEFSPolicy and PortableEFSPolicy to be applied to desktop computers and portable computers, respectively. You configure each GPO to contain the policy settings required by the written company policy. You need to ensure that the written company policy is enforced. Which two courses of action should you take? (Each correct answer presents part of the solution. Choose two.)
A. Link the DesktopEFSPolicy GPO to the CompanyDesktops OU. Link the PortableEFSPolicy GPO to the Company Portables OU.
B. In the Default Domain Policy GPO, assign the Domain Users security group the Deny Full Control permission. Assign the Domain Admins security group the Allow Full Control permission.
C. Link the DesktopEFSPolicy GPO and the PortableEFSPolicy to the domain. Configure the CompanyDesktops OU and the CompanyPortables OU to block Group Policy inheritance.
D. Enable the No Override setting for the Default Domain Policy GPO, the DesktopEFSPolicy GPO, and the PortableEFSPolicy GPO.
Answer: A, D

24. You are the network administrator for your company. The network consists of a single Active Directory domain with two sites. The two sites are named Site1 and Site2. All servers run Windows Server 2003. The company has two offices, and each office is configured as one of the sites. A 256Kbps leased line connects the two offices. In addition, a site link connects the two sites. The site link is configured to replicate during offpeak hours. There are domain controllers in both sites. Site1 contains all of the operations master role holders. You plan to create Group Policy objects (GPOs) for each site. Some GPOs will be used to resolve potential support issues for a specific site, and so you need to minimize any delay in the propagation of GPOs. You need to ensure that GPOs are applied to users in the appropriate site with minimal delay. What should you do?
A. Configure the Group Policy Object Editor and Active Directory Users and Computers snapins to connect to the infrastructure master.
B. Configure the Group Policy and Active Directory snapins to connect to a domain controller in the site where the GPO must be applied.
C. Create a remote procedure call (RPC) connection object between the two sites.
D. Create a GPO that disables Group Policy slow link detection. Link the GPO to both sites.
Answer: B

25. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. One of the domain controllers is configured as an enterprise root certification authority (CA). All client computers run Windows XP Professional. Your company uses IPSec to secure communications between computers in your company and computers at other companies. These IPSec connections require computer certificates. Your IPSec policies require every computer to be able to make an IPSec connection when connecting to other computers. You need to configure the network so that all computers can make IPSec connections. What should you do?
A. In the computer settings section of the Default Domain Policy Group Policy object (GPO), configure the domain members to always digitally encrypt or sign secure channel data.
B. Create a new automatic certificate request in the computer settings section of the Default Domain Policy Group Policy object (GPO).
C. Obtain a new computer certificate from a public CA. Import a copy of this certificate into the Trusted Root Certification Authorities section of the Default Domain Policy Group Policy object (GPO).
D. Issue a new computer certificate from your enterprise CA. Place a copy of this certificate on an intranet Web page. Instruct users to install this certificate in their trusted certificate store the first time they need to make an IPSec connection.
Answer: C

26. You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The company operates a call center in which 200 users use Windows XP Professional computers to access email, the company intranet, and a database application. All client computers are configured identically. The call center users do not use computers outside of the call center. A written company policy states that call center users are not allowed to install or run additional applications or to change the desktop settings on their computers. You need to prevent call center users from changing the configuration of the call center computers. Your solution must not restrict users in other parts of the company from making changes to computers outside the call center. What should you do?
A. Place all of the computer accounts for call center computers in an organizational unit (OU) named Call Center Computers. Create a Group Policy object (GPO) that includes the appropriate restrictions in the User Configuration section. Link the GPO to the Call Center Computers OU.
B. Place all of the user accounts for call center users in an organizational unit (OU) named Call Center Users. Create a Group Policy object (GPO) that includes the appropriate restrictions in the User Configuration section. Link the GPO to the Call Center Users OU.
C. Place all of the user accounts for call center users in a security group named Call Center Users. Change the default user rights assignment on the call center computers so that the Call Center Users group has only the Allow log on locally right.
D. Place all of the user accounts for call center users in a security group named Call Center Users. Configure these accounts so that all users use a common roaming profile stored on a file server. Assign the Call Center Users group the Allow Full Control permission for the roaming profile folder.
Answer: B

27. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The organizational unit (OU) structure is shown in the exhibit. (Click the Exhibit button.) The File Servers OU subtree contains 20 file and print servers. All of the company's user accounts are in the User Accounts OU subtree. The company uses Group Policy objects (GPOs) linked to OUs within the User Accounts OU subtree to configure the users' environment. These GPOs are configured to install desktop utilities for all user accounts. The desktop utilities are for use on only client computers. You are responsible for planning and implementing the Group Policy infrastructure for the company. The company wants to apply a new GPO named ServerSecurity to the 20 file and print servers. The ServerSecurity GPO includes computer configuration settings and user configuration settings. These settings will be used to secure the file and print servers. You plan to apply the ServerSecurity GPO to the File Servers OU. You need to ensure that the desktop utilities are not installed on the servers when users log on to the network. What should you do?

A. Grant the file and print servers permissions to link GPOs at the File Servers OU.
B. Configure the ServerSecurity GPO to enable the Loopback policy.
C. Configure a shutdown script that refreshes the computer configuration settings for the file and print servers.
D. Apply the ServerSecurity GPO at the site level rather than at the OU level.
Answer: B

28. You are the network administrator for Northwind Traders. The network consists of a single Active Directory forest that contains one root domain and one child domain. The forest also contains three separate sites, as shown in the Network Diagram exhibit. (Click the Exhibit button.) The network is not fully routed and there is no direct physical connection between Site1 and Site3. Site links are not bridged. You discover that the domain controllers for namerica.northwindtraders.com located in Site1 have additional accounts that are not on the domain controllers for namerica.northwindtraders.com located in Site3. You examine the directory service log in Event Viewer on a domain controller for namerica.northwindtraders.com. You discover the error message shown in the Error Message exhibit.
(Click the Exhibit button.) You need to resolve the condition that is causing this error. What should you do?

A. Add a domain controller for the namerica.northwindtraders.com domain to Site2.
B. Configure a site link bridge between the site links for Site1 and Site3.
C. Configure at least one domain controller in each site to be a global catalog server.
D. Create a site link between Site1 and Site3.
Answer: B

29. You are the network administrator for your company. The network consists of a single Active Directory domain with three sites named Site1, Site2, and Site3. The sites and site links are configured to use Site2 to connect Site1 and Site3. Each site contains three Windows Server 2003 domain controllers. A domain controller in each site is configured as a preferred bridgehead server. All user and group accounts are created in Site1. Several new users start work in Site2. When they attempt to log on to the network, the logon fails. You confirm that the user accounts are created and are visible in Site1 and Site2. You discover that the preferred IP bridgehead server in Site2 failed. You repair the server and confirm that replication is successful to Site2. You need to ensure that the failure of a single domain controller in any site will not interfere with Active Directory replication between sites. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Configure an IP site link between Site1 and Site3.
B. Configure two domain controllers in each site as preferred IP bridgehead servers.
C. Configure two domain controllers in each site as preferred SMTP bridgehead servers.
D. Configure each site to have no preferred bridgehead servers.
E. Configure an SMTP site link between each of the sites. Assign a cost of 200 to the SMTP site link.
Answer: B, D

30. You are the network administrator for Litware, Inc., which is located in New York. Litware, Inc., owns a company named Lucerne Publishing, which is located in London. The Litware, Inc., network consists of a single Active Directory forest that contains two domains.
Litware, Inc., opens a new office in Cairo. The structure of the Active Directory network after the addition of the Cairo office is shown in the exhibit. (Click the Exhibit button.)
Both site links are configured to be transitive. The site links are configured as shown in the following table.

Users in all three sites report that response times are unacceptably slow when crossing WAN connections to access information in other offices. You discover that replication between servers in NYSite and CairoSite is happening throughout the day.
You need to ensure that users' access to remote offices is not slowed as a result of replication traffic.
What should you do?

A. Replace the current site links with SMTPbased site links.
B. Create a site link bridge and include both site links.
C. Configure the cost on both site links to be 500.
D. Configure the schedule times to overlap.
Answer: D

Copyright (c) 2001-2010 PassITExam.com®
World Class IT Certification Dumps, Practice Exams - Pass at your first try! Testking Free Exam Questions