Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

1. You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003. The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings. The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings. You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements. What should you do?
A. Apply the Setup security.inf template first, the Hisecws.inf template next, and then the Application.inf template.
B. Apply the Application.inf template and then the Hisecws.inf template.
C. Apply the Application.inf template first, the Setup security.inf template next, and then the Hisecws.inf template.
D. Apply the Setup security.inf template and then the Application.inf template.
Answer: A 

2. You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The Active Directory domain contains three organizational units (Ous): Payroll Users, Payroll Servers, and Finance Servers. The Windows XP Professional computers used by the users in the payroll department are in the Payroll Users OU. The Windows Server 2003 computers used by the payroll department are in the Payroll Servers OU. The Windows Server 2003 computers used by the finance department are in the Finance Servers OU. You are planning the baseline security configuration for the payroll department. The company's written security policy requires that all network communications with servers in the Payroll Servers OU must be secured by using Ipsec. The written security policy states that IPSec must not be used on any other servers in the company. You need to ensure that the baseline security configuration for the payroll department complies with the written security policy. You also need to ensure that members of the Payroll Users OU can access resources in the Payroll Servers OU and in the Finance Servers OU.  What should you do?
A. Create a Group Policy object (GPO) and assign the Secure Server (Require Security) IPSec policy setting. Link the GPO to only the Payroll Servers OU. Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the Payroll Users OU.
B. Create a Group Policy object (GPO) and assign the Secure Server (Require Security) IPSec policy setting. Link the GPO to the Payroll Servers OU and to the Finance Servers OU. Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the Payroll Users OU.
C. Create a Group Policy object (GPO) and assign the Server (Request Security) IPSec policy setting. Link the GPO to only the Payroll Servers OU. Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the Payroll Users OU.
D. Create a Group Policy object (GPO) and assign the Server (Request Security) IPSec policy setting. Link the GPO to the Payroll Servers OU and to the Finance Servers OU. Create a second GPO and assign the Client (Respond Only) IPSec policy setting. Link the second GPO to the Payroll Users OU.
Answer: A

3. You are a network administrator for your company. The network consists of a single Active Directory domain. The network contains 80 Web servers that run Windows 2000 Server. The IIS Lockdown Wizard is run on all Web servers as they are deployed. Your company is planning to upgrade its Web servers to Windows Server 2003. You move all Web servers into an organizational unit (OU) named Web Servers. You are planning a baseline security configuration for the Web servers. The company's written security policy states that all unnecessary services must be disabled on servers. Testing shows that the server upgrade process leaves the following unnecessary service enabled: .SMTP .Telnet Your plan for the baseline security configuration for Web servers must comply with the written security policy. You need to ensure that unnecessary services are always disabled on the Web servers. What should you do?
A. Create a Group Policy object (GPO) to apply a logon script that disables the unnecessary services. Link the GPO to the Web Servers OU.
B. Create a Group Policy object (GPO) and import the Hisecws.inf security template. Link the GPO to the Web Servers OU.
C. Create a Group Policy object (GPO) to set the startup type of the unnecessary services to Disabled. Link the GPO to the Web Servers OU.
D. Create a Group Policy object (GPO) to apply a startup script to stop the unnecessary services. Link the GPO to the Web Servers OU.
Answer: C 

4. You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains an organizational unit (OU) named Servers that contains all of the company's Windows Server 2003 resource servers. The domain also contains an OU named Workstations that contains all of the company's Windows XP Professional client computers. You configure a baseline security template for resource servers named Server.inf and a baseline security template for client computers named Workstation.inf. The Server.inf template contains hundreds of settings, including file and registry permission settings that have inheritance propagation enabled. The Workstation.inf template contains 20 security settings, none of which contain file or registry permissions settings. The resource servers operate at near capacity during business hours. You need to apply the baseline security templates so that the settings will be periodically enforced. You need to accomplish this task by using the minimum amount of administrative effort and while minimizing the performance impact on the resource servers. What should you do?
A. Create a Group Policy object (GPO) and link it to the domain. Import both the Server.inf and the Workstation.inf templates into the GPO.
B. Import both the Server.inf and the Workstation.inf templates into the Default Domain Policy Group Policy object (GPO).
C. On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Create a Group Policy object (GPO) and link it to the Workstations OU. Import the Workstation.inf template into the GPO.
D. On each resource server, create a weekly scheduled task to apply the Server.inf settings during off-peak hours by using the secedit command. Import the Workstation.inf template into the Default Domain Policy Group Policy object (GPO).
Answer: C 

5. You are the network administrator for your company. The network consists of a single Active Directory domain.The company's written security policy requires that computers in a file server role must have a minimum file size for event log settings. In the past, logged events were lost because the size of the event log files was too small. You want to ensure that the event log files are large enough to hold history. You also want the security event log to be cleared manually to ensure that no security information is lost. The application log must clear events as needed. You create a security template named Fileserver.inf to meet the requirements. You need to test each file server and take the appropriate corrective action if needed. You audit a file server by using Fileserver.inf and receive the results shown in the exhibit. (Click the Exhibit button.) You want to make only the changes that are required to meet the requirements. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A. Correct the Maximum application log size setting on the file server.
B. Correct the Maximum security log size setting on the file server.
C. Correct the Maximum system log size setting on the file server.
D. Correct the Retention method for application log setting on the file server.
E. Correct the Retention method for security log setting on the file server. F. Correct the Retention method for system log setting for the file server.
Answer: B AND E 

6. You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional. The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to query Active Directory for employee information. The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and lockout settings. You want to minimize interference with the proper functioning of thelegacy applications. You decide to use the predefined security templates. You need to choose the appropriate predefined security template to apply to the domain controllers. What should you do?
A. Apply the Setup security.inf template to the domain controllers.
B. Apply the DC security.inf template to the domain controllers.
C. Apply the Securedc.inf template to the domain controllers.
D. Apply the Rootsec.inf template to the domain controllers.
Answer: C 

7. You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains two Windows Server 2003 domain controllers, two Windows 2000 Server domain controllers, and two Windows NT Server 4.0 domain controllers. All file servers for the finance department are located in an organizational unit (OU) named Finance Servers. All fileservers for the payroll department are located in an OU named Payroll Servers.The Payroll Servers OU is a child OU of the Finance Servers OU. The company's written security policy for the finance department states that departmental servers must have security settings that are enhanced from the default settings. The written security policy for the payroll department states that departmental servers must have enhanced security settings from the default settings, and auditing must be enabled for file or folder deletion. You need to plan the security policy settings for the finance and payroll departments. What should you do?
A. Create a Group Policy object (GPO) to apply the Compatws.inf security template to computer objects, and link it to the Finance Servers OU. Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll Servers OU.
B. Create a Group Policy object (GPO) to apply the Securews.inf security template to computer objects, and link it to the Finance Servers OU. Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll Servers OU.
C. Create a Group Policy object (GPO) to apply the Compatws.inf security template to computer objects, and link it to the Finance Servers OU. Create a second GPO to apply the Hisecws.inf security template to computer objects, and link it to the Payroll Servers OU.
D. Create a Group Policy object (GPO) to apply the Securews.inf security template to computer objects, and link it to the Finance Servers and to the Payroll Servers Ous. Create a second GPO to enable the Audit object access audit policy on computer objects, and link it to the Payroll Servers OU.
Answer: B 

8. You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003. The application servers are configured with custom security settings that are specific to their roles as application servers. Application servers are required to audit account logon events, object access events, and system events. Application servers are required to have passwords that meet complexity requirements, to enforce password history, and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks during authentication. You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify the custom security settings during audits. What should you do?
A. Create a custom security template and apply it by using Group Policy.
B. Create a custom IPSec policy and assign it by using Group Policy.
C. Create and apply a custom Administrative Template.
D. Create a custom application server image and deploy it by using RIS.
Answer: A 

9. You are the network administrator for your company. All servers run Windows Server 2003. You configure a baseline security template named Baseline.inf. Several operations groups are responsible for creating templates containing settings that satisfy operational requirements. You receive the templates shown in the following table.
Operations group
Template name
Applies to
File and Print
File.inf
File servers
Database
Db.inf 
Database servers
Security
Sec.inf
All resource servers
The operations groups agree that in the case of conflicting settings, the priority order listed in the following table establishes the resultant setting.
Template
Priority
Sec.inf
1
Baseline.inf 2
2
Specific server role template
3
You need to create one or more Group Policy objects (GPOs) to implement the security settings. You want to minimize the amount of administrative effort required when changes are requested by the various operations groups. What should you do?
A. Create a GPO and import the following templates in the following order: Baseline.inf, Sec.inf. Create a GPO for each server role and import only the specific template for that role into each respective GPO.
B. Create a GPO and import the following templates in the following order: Sec.inf, Baseline.inf. Create a GPO for each server role and import only the specific template for that role into each respective GPO.
C. Create a GPO for each server role and import the following templates in the following order: Baseline.inf, specific server role template, Sec.inf.
D. Create a GPO and import the following templates in the following order: Sec.inf, Db.inf, File.inf, Baseline.inf.
Answer: A 

10. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group. A new requirement in the company's written security policy states that the Power Users group must be empty on all resource servers. You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented. What should you do?
A. Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.
B. Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
C. Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object (GPO).
D. Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.
Answer: D 

11. You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet. You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in the perimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design. You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements. What should you do?
A. Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).
B. Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.
C. Create a task on each application server that runs the secedit command with Baseline1.inf every day.
D. Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.
Answer: C 

12. You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers,and 150 Windows XP Professional computers. According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network. You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network. What should you do?
A. On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.
B. Replace all Windows 98 computers with new Windows XP Professional computers.
C. Install the Active Directory Client Extensions software on the Windows 98 computers.
D. Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
Answer: B 

13. You are a network administrator for your company. The network consists of an intranet and a perimeter network, as shown in the work area. The perimeter network contains:
.One Windows Server 2003, Web Edition computer named Server1.
.One Windows Server 2003, Standard Edition computer named Server2.
.One Windows Server 2003, Enterprise Edition computer named Server3.
One Web server farm that consists of two Windows Server 2003, Web Edition computers. All servers on the perimeter network are members of the same workgroup. The design team plans to create a new Active Directory domain that uses the existing servers on the perimeter network. The new domain will support Web applications on the perimeter network. The design team states that the perimeter network domain must be fault tolerant. You need to select which server or servers on the perimeter network need to be configured as domain controllers. Which server or servers should you promote? To answer, select the appropriate server or servers in the work area.
Answer:

14. You are a network administrator for your company. You need to test a new application. The application requires two processors and 2 GB of RAM. The application also requires shared folders on the application server and requires the installation of software on the client computers. You create the test plan. You assemble a server in the test lab. You install Windows Server2003, Web Edition on the server. You install the application on the server. You install the client software components for the application on 20 client computers in the test lab. You test the application. You discover that only some of the client computers can run the application. You turn off the client computers that ran the application successfully, and you test again. The client computers that failed in the first test now run the application successfully. You need to identify the cause of the failure and update your test plan. What should you do?
A. Increase the Maximum number of worker processes to 20 for the default application pool.
B. Use Add or Remove Programs to add the Application Server Windows component.
C. Change the Application pool identity to Local Service for the default application pool.
D. Change the test server operating system to Windows Server 2003, Standard Edition or Windows Server 2003,Enterprise Edition.
Answer: D 

15. You are the network administrator for your company. The company has an internal network and a perimeter network,as shown in the work area. The internal network consists of a single Active Directory domain. The internal network contains a Windows Server 2003 domain controller named DC1, which runs the DNS Server service. The internal network also contains a Windows Server 2003 file server named Server1, which runs the DHCP Server service. The network contains 500 Windows XP Professional computers. The perimeter network contains a public Web server named Web1. The internal network is connected to the perimeter network by a firewall. The perimeter network is connected to the Internet. You need to plan an IP address strategy. The IP address strategy must provide TCP/IP connectivity from the internal network to Web1. The company wants to reduce administrative overhead by automatically assigning IP addresses whenever possible. You need to choose the appropriate IP addressing distribution method for the computers on the networks. What should you do? To answer, drag the appropriate IP addressing distribution method or methods to the correct computer or computers in the work area.
Answer: 

16. You are the network administrator for Woodgrove Bank. The company has 20,000 users in 20 physical locations worldwide. The company is expecting to grow by 50 percent in the next five years. The company recently became a subsidiary of Humongous Insurance. Humongous Insurance has five other subsidiaries.Humongous Insurance has 100,000 users in 100 physical locations worldwide. Humongous Insurance uses the 10.0.0.0/8 network and requires that all subsidiaries integrate into this network. The network design team at Woodgrove Bank provides you with a network design for integrating into the Humongous Insurance network. The design specifies that Woodgrove Bank will use a single block of IP network numbers to assign IP addresses to its network. You need to plan the IP address space to meet the design specification. You need to request a block of IP addresses from Humongous Insurance that will accommodate all Woodgrove Bank users. To reduce the difficulty of obtaining the addresses and to conserve the Humongous Insurance address space, you want to request the smallest block of IP addresses that meets the design specification. What should you do?
A. Request a 10.0.0.0 block of IP addresses with an 8-bit subnet mask from Humongous Insurance.
B. Request a 10.0.0.0 block of IP addresses with a 16-bit subnet mask from Humongous Insurance.
C. Request a 10.0.0.0 block of IP addresses with a 24-bit subnet mask from Humongous Insurance.
D. Request a 10.0.0.0 block of IP addresses with a 32-bit subnet mask from Humongous Insurance.
Answer: B 

17. You are the network administrator for Tailspin Toys. The company has a main office and two branch offices. The network in the main office contains 10 servers and 100 client computers. Each branch office contains 5 servers and 50 client computers. Each branch office is connected to the main office by a direct T1 line. The network design requires that company IP addresses must be assigned from a single classful private IP address range. The network is assigned a class C private IP address range to allocate IP addresses for servers and client computers. Tailspin Toys acquires a company named Wingtip Toys. The acquisition will increase the number of servers to 20 and the number of client computers to 200 in the main office. The acquisition is expected to increase the number of servers to 20 and the number of client computers to 200 in the branch offices. The acquisition will also add 10 more branch offices. After the acquisition, all branch offices will be the same size. Each branch office will be connected to the main office by a direct T1 line. The new company will follow the Tailspin Toys network design requirements. You need to plan the IP addressing for the new company. You need to comply with the network design requirement. What should you do?
A. Assign the main office and each branch office a new class A private IP address range. B. Assign the main office and each branch office a new class B private IP address range. C. Assign the main office and each branch office a subnet from a new class B private IP address range.
D. Assign the main office and each branch office a subnet from the current class C private IP address range.
Answer: C 

18. You are a network administrator for a consulting company. You need to create a wireless network that will be used by consultants from your company at a customer location. The wireless network will consist of nine portable computers, three servers, and four wireless digital cameras. All computers and cameras can use either static or dynamic IP addressing. The cameras do not support data encryption. Both the portable computers and the servers must be able to initiate communication over the Internet to VPN servers in your company's main data center. Only the wireless access point is connected to the customer's corporate network. You need to plan the wireless IP network so that it minimizes the risk of unauthorized use of the wireless network and prevents unsolicited communication from the Internet to the hosts on the network. What should you do? To answer, drag the appropriate configuration settings to the Wireless Network Configuration. Answer: 

19. You are a network administrator for your company. The network consists of a Windows NT 4.0 domain. All servers run Windows NT Server 4.0 and all client computers run Windows NT Workstation 4.0. The company has two offices that are connected by a 56-Kbps WAN connection. All computers are configured to use WINS for name resolution and network browsing capability between the two offices. The company is planning to upgrade the domain controllers to Windows Server 2003 and to deploy Windows Server 2003 and Windows XP Professional computers. You need to maintain name resolution and network browsing support during and after the upgrade process. You need to allow users of Windows NT Workstation 4.0 and Windows XP Professional computers to browse and connect to both Windows NT Server 4.0 and Windows Server 2003 computers. You need to minimize name resolution traffic across the WAN connection. What should you do?
A. Install a Windows Server 2003 DNS server at each office. Configure all Windows NT Workstation 4.0 and Windows NT Server 4.0 computers to use both WINS and DNS for name resolution. Configure all Windows Server 2003 computers to use WINS.
B. Install a Windows Server 2003 DNS server at only one office. Configure all Windows NT Workstation 4.0 and Windows NT Server 4.0 computers to use both WINS and DNS for name resolution. Configure all Windows Server 2003 computers to use WINS.
C. Upgrade the WINS servers at each office to Windows Server 2003. Install a Windows Server 2003 DNS server at only one office and configure it to use WINS lookup. Configure all Windows Server 2003 computers to use WINS.
D. Upgrade the WINS servers at each office to Windows Server 2003. Install a Windows Server 2003 DNS server at each office. Configure each DNS server to use WINS lookup. Configure all Windows Server 2003 computers to use WINS.
Answer: D 

20. You are a network administrator for your company. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest and of all three domains is Window Server 2003. The company has a main office and 30 branch offices. Each branch office is connected to the main office by a 56-Kbps WAN connection. You configure the main office and each branch office as a separate Active Directory site. You deploy a Windows Server 2003 domain controller at the main office and at each branch office. Each domain controller is configured as a DNS server. You can log on to the network from client computers in the branch offices at any time. However, users in the branch offices report that they cannot log on to the network during peak hours. You need to allow users to log on to the network from branch office computers. You do not want to affect the performance of the branch office domain controllers. You need to minimize Active Directory replication traffic across the WAN connections. What should you do?
A. Use Active Directory Sites and Services to enable universal group membership caching for each branch office site.
B. Use the DNS console to configure the branch office DNS servers to forward requests to a DNS server in the main office.
C. Use Active Directory Sites and Services to configure each branch office domain controller as a global catalog server.
D. Use the DNS console to configure the branch office DNS servers to use an Active Directory-integrated zone.
Answer: A 

21. You are a network administrator for your company. The network consists of a single Active Directory domain. All domain controllers and member servers run Windows Server 2003, Enterprise Edition. All client computers run Windows XP Professional. The company has one main office and one branch office. The two offices are connected by a T1 WAN connection. There is a hardware router at each end of the connection. The main office contains 10,000 client computers, and the branch office contains 5,000 client computers. You need to use DHCP to provide IP addresses to the Windows XP Professional computers in both offices. You need to minimize network configuration traffic on the WAN connection. Your solution needs to prevent any component involved in the DHCP architecture from becoming a single point of failure. What should you do?
A. At the main office, configure two Windows Server 2003 computers as a DHCP server cluster. Configure the branch office router as a DHCP relay agent.
B. At the main office, configure two Windows Server 2003 computers as a DHCP server cluster. At the branch office, configure a Windows Server 2003 computer as a DHCP relay agent.
C. At the main office, configure two Windows Server 2003 computers as a DHCP server cluster. At the branch office,configure two Windows Server 2003 computers as a DHCP server cluster.
D. At the main office, configure two Windows Server 2003 computers as DHCP servers. Configure one DHCP server to handle 80 percent of the IP address scope and the other DHCP server to handle 20 percent. Configure the branch office router as a DHCP relay agent.
Answer: C 

22. You are a network administrator for your company. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network contains a single DHCP server that services two subnets named Subnet1 and Subnet2, as shown in the work area. All servers and the administrator client computer have manually assigned IP addresses. All other client computers are DHCP clients. The router on your network fails and is replaced by another router. After the router is replaced, client computers on Subnet2 cannot receive IP addressing from the DHCP server. You need to configure an appropriate host to be a DHCP relay agent. Which component should you use? To answer, select the appropriate component in the work area.
Answer: 

23. You are a network administrator for Alpine Ski House. The internal network has an Active Directory-integrated zone for the alpineskihouse.org domain. Computers on the internal network use the Active Directory-integrated DNS service for all host name resolution. The Alpine Ski House Web site and DNS server are hosted at a local ISP. The public Web site for Alpine Ski House is accessed at www.alpineskihouse.com. The DNS server at the ISP hosts the alpineskihouse.com domain. To improve support for the Web site, your company wants to move the Web site and DNS service from the ISP to the company's perimeter network. The DNS server on the perimeter network must contain only the host (A) resource records for computers on the perimeter network. You install a Windows Server 2003 computer on the perimeter network to host the DNS service for the alpineskihouse.com domain. You need to ensure that the computers on the internal network can properly resolve host names for all internal resources, all perimeter resources, and all Internet resources. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A. On the DNS server that is on the perimeter network, install a primary zone for alpineskihouse.com.
B. On the DNS server that is on the perimeter network, install a stub zone for alpineskihouse.com.
C. Configure the DNS server that is on the internal network to conditionally forward lookup requests to the DNS server that is on the perimeter network.
D. Configure the computers on the internal network to use one of the internal DNS servers as the preferred DNS server. Configure the the TCP/IP settings on the computers on the internal network to use the DNS server on the perimeter network as an alternate DNS server. E. On the DNS server that is on the perimeter network, configure a root zone. Answer: C AND A

24. You are the network administrator for your company. The network contains an application server running Windows Server 2003. Users report that the application server intermittently responds slowly. When the application server is responding slowly, requests that normally take 1 second to complete take more than 30 seconds to complete. You suspect that the slow server response is because of high broadcast traffic on the network. You need to plan how to monitor the application server and to have a message generated when broadcast traffic is high. You also want to minimize the creation of false alarms when nonbroadcast traffic is high. What should you do?
A. Use the Alerts option in the Performance Logs and Alerts snap-in to configure an alert to trigger when the Datagrams/sec counter in the UDPv4 object is high.
B. Use System Monitor and configure it to monitor the Segments/sec counter in the TCPv4 object.
C. Use System Monitor and configure it to monitor the Datagrams/sec counter in the UDPv4 object.
D. Use the Alerts option in the Performance Logs and Alerts snap-in to configure an alert to trigger when the Datagrams/sec counter in the TCPv4 object is high.
Answer: A 

25. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. When the network was designed, the design team set design specifications. After the network was implemented, the deployment team set baseline specifications. The specifications for broadcast traffic are:The design specification requires that broadcast traffic must be 5 percent or less of total network traffic. The baseline specification showed that the broadcast traffic is always 1 percent or less of total network traffic during normal operation. You need to monitor the network traffic and find out if the level of broadcast traffic is within design and baseline specifications. You decide to use Network Monitor. After monitoring for 1 hour, you observe the results shown in the exhibit. (Click the Exhibit button.) You need to report the results of your observations to management. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A. Report that broadcast traffic is outside of the baseline specification.
B. Report that broadcast traffic is outside of the design specification.
C. Report that broadcast traffic is within the design specification.
D. Report that broadcast traffic is within the baseline specification.
Answer: A AND B 

26. You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains an application server running Windows Server 2003. Users report intermittent slow performance when they access the application server throughout the day. You find out that the network interface on the application server is being heavily used during the periods of slow performance. You suspect that a single computer is causing the problem. You need to create a plan to identify the problem computer. What should you do?
A. Monitor the performance monitor counters on the application server by using System Monitor.
B. Monitor the network traffic on the application server by using Network Monitor.
C. Monitor network statistics on the application server by using Task Manager.
D. Run network diagnostics on the application server by using Network Diagnostics.
Answer: B 

27. You are the administrator of a new network at Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run either Windows XP Professional or Windows 98. All Windows 98 computers have the Active Directory Client Extensions software installed. The network consists of three physical subnets. Each subnet contains a domain controller and a server that runs DHCP. Each subnet also contains a server that runs both the DNS Server service and the WINS service. All client computers receive their TCP/IP configuration information from the DHCP server that is located on their local subnet. All servers except the domain controllers, the DHCP servers, and the DNS and WINS servers also receive their TCP/IP configuration information from the DHCP server that is located on their local subnet. All of the Windows 98 computers are located on a single subnet. The DHCP scope on this subnet is configured with the options shown in the exhibit. (Click the Exhibit button.) All DHCP servers are configured with similar options. Users of the Windows 98 computers report that they cannot connect to resources on the Windows Server 2003 computers located on any subnet. When they attempt to connect to a shared resource by using \\servername\sharename in the Run command, they receive the following error message: "Server not found." The users can successfully connect to Web-based resources located on the same servers. When you attempt to connect to the servers by using the ping command on an affected Windows 98 computer, you can connect successfully. The users of the Windows XP Professional computers do not report the same problems. You need to ensure that the users of the Windows 98 computers can connect to shared resources on the Windows Server 2003 computers. What should you do?
A. On the affected subnet's DHCP server, configure the scope options to use the Windows 98 vendor class.
B. On the affected subnet's DHCP server, remove the WINS/NBT Node Type from the scope options.
C. On each DHCP server, remove the Microsoft Disable NetBIOS Option from the scope options.
D. On each DHCP server, add the NetBIOS over TCP/IP NBDD DHCP scope option to the scope options.
Answer: C 

28. You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network consists of three physical subnets, which correspond to the three buildings on the company's campus, as shown in the Network Diagram exhibit. (Click the Exhibit button.) All servers have manually configured IP addresses. All client computers receive their TCP/IP configuration information from a DHCP server located on the Building1 subnet. The DHCP server has one scope configured for each subnet.  Users on the Building2 subnet and the Building3 subnet report that they periodically cannot connect to network resources located on any subnet. You discover that during times of high network usage, client computers in Building2 and Building3 are configured as shown in the Network Connection Details exhibit. (Click the Exhibit button.)
You need to ensure that all client computers receive valid IP addresses for their subnet even during times of high network usage. What should you do?
A. Install one DHCP server on the Building2 subnet and one on the Building3 subnet. On each DHCP server, configure identical scopes for each subnet.
B. Install one DHCP server on the Building2 subnet and one on the Building3 subnet. On each DHCP server, configure a single subnet-specific scope.
C. Configure one DHCP relay agent on the Building2 subnet and one on the Building3 subnet to forward DHCP requests to the Building1 subnet DHCP server.
D. Configure an administrative template in the Default Domain Policy Group Policy object (GPO) to disable Automatic Private IP Addressing (APIPA) on the client computers. Answer: B 

29. You are a network administrator for your company. The network consists of multiple physical segments. The network contains two Windows Server 2003 computers named Server1 and Server2, and several Windows 2000 Server computers. Server1 is configured with a single DHCP scope for the 10.250.100.0/24 network with an IP address range of 10.250.100.10 to 10.250.100.100. Several users on the network report that they cannot connect to file and print servers, but they can connect to each other's client computers. All other users on the network are able to connect to all network resources. You run the ipconfig.exe /all command on one of the affected client computers and observe the information in the following table.
IP Address
10.250.100.150
Subnet Mask
255.255.255.0
Default Gateway
(blank)
DHCP Server
Server2
DNS Servers
(blank)
Primary WINS Server
(blank)
You need to configure all affected client computers so that they can communicate with all other hosts on the network. Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)
A. Disable the DHCP service on Server2.
B. Increase the IP address range for the 10.250.100.0/24 scope on Server1.
C. Add global DHCP scope options to Server1 for default gateway, DNS servers, and WINS servers.
D. Delete all IP address reservations in the scope on Server1. E. Run the ipconfig.exe /renew command on all affected client computers. F. Run the ipconfig.exe /registerdns command on all affected client computers.
Answer: A AND E

30. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network also contains 10 network printers. All servers have manually configured IP addresses. The client computers and network printers receive their TCP/IP configuration information from a DHCP server. Company IP policy states that each of the network printers will always be configured with the same IP address. You configure a DHCP server and create a DHCP scope as shown in the exhibit. (Click the Exhibit button.) Users report that they cannot submit print jobs to any of the network printers. You investigate and discover that none of the network printers are receiving their IP addresses from the DHCP server. You need to ensure that the network printers receive their IP addresses from DHCP. What should you do?
A. Remove the IP address reservations for the network printers from the DHCP scope.
B. Delete the IP address exclusion range for the network printers from the DHCP scope.
C. Add the 009 LPR Servers option to the DHCP server options.
D. Enable address conflict detection on the DHCP server.
Answer: B