Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 AD Infrastructure

1. You are the network administrator for Blue Yonder Airlines. The company has offices in Toronto, New York, and Chicago. The network connections are shown in the exhibit. (Click the Exhibit button.)

The network consists of two Active Directory domains. User objects for users in the Toronto office and the New York office are stored in the blueyonderairlines.com domain. User objects for users in the Chicago office are stored in the
production.blueyonderairlines.com domain. Active Directory is configured as shown in the following table.
 
Location
Number of users
Number of domain controllers
Number of global catalog servers
Toronto
650
4
2
NewYork
15
1
0
Chicago
500
3
2
Users in the New York office frequently report that they cannot log on to the network, or that logging on takes a very long time. You notice increased global catalog queries to servers in the Toronto office during peak logon times. 
You need to improve logon performance for users in the New York office without increasing WAN traffic that is due to replication. What should you do?
A. Configure the domain controller in the New York office as a global catalog server.
B. Configure Active Directory to cache universal group memberships for the Toronto office.
C. Install an additional domain controller in the New York office.
D. Configure Active Directory to cache universal group memberships for the New York office.
Answer: D
 
2. You are a network administrator for your company. The relevant portion of your network configuration is shown in the work area. Your company has offices in Toronto and New York. The Toronto office has 500 employees, and the New York office has 150 employees. Employees in both offices use an application that frequently reads configuration data in the global catalog. You install Windows Server 2003 on all domain controllers. You create a single Windows Server 2003 Active Directory domain. The functional level of the forest is Windows Server 2003. You configure servers as shown in the following table.
Server name
Configuration
Server1
Domain controller, domain naming master, schema master
Server2
Domain controller, PDC emulator master, relative ID (RID) master, infrastructure master
Server3
Member server, file and print server
Server4
Member server, Web server
Server5
Domain controller
Server6
Member server, file and print server
You need to plan the placement of global catalog servers for your company. You need to ensure that the application performs well during times of peak activity. You need to ensure that the application continues to function in the event of multiple global catalog server failures.
Where should you place the global catalog server or servers?
To answer, select the appropriate computer or computers in the work area.

Answer:

3. You are a network administrator for a company that has a main office and five branch offices. The network consists of six Active Directory domains. All servers run Windows Server 2003. Each office is configured as a single domain. Each office is also configured as an Active Directory site. Your company uses an application server that queries user information from the global catalog. You install application servers in the main office and in three branch offices. The network is configured as shown in the exhibit. (Click the Exhibit button.)

You monitor the WAN connections between the main office and each branch office and discover that the utilization increased from 70 percent to 90 percent. Users report slow response times when accessing information on the application server.
You need to place global catalog servers in offices where they will improve the response times for the application servers. You need to achieve this goal with a minimum amount of increase in WAN traffic. In which office or offices should you place a new global catalog server or servers? (Choose all that apply.)
A. Bonn
B. Rome
C. New York
D. San Francisco
E. Chicago
Answer: D AND C AND B

4. You are a network administrator for your company. The network consists of a single Active Directory forest that contains one root domain and multiple child domains. The functional level of all child domains is Windows Server 2003. The functional level of the root domain is Windows 2000 native.
You configure a Windows Server 2003 computer named Server1 to be a domain controller for an existing child domain. Server1 is located at a new branch office, and you connect Server1 to a central data center by a persistent VPN connection over a DSL line. Server1 has a single replication connection with a bridgehead domain controller in the central data center.
You configure DNS on Server1 and create secondary forward lookup zones for each domain in the forest. You need to minimize the amount of traffic over the VPN connection caused by logon activities. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Configure the DNS zones to be Active Directory-integrated zones.
B. Configure Server1 to be the PDC emulator for the domain.
C. Configure Server1 to be a global catalog server.
D. Configure universal group membership caching on Server1.
Answer: C AND D

5. You are the network administrator for your company. The network consists of a single Active Directory forest that contains multiple domains. The functional level of the forest is Windows Server 2003.
The forest includes two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers that are global catalog servers named Server1 and Server2. Site2 contains two domain controllers that are not global catalog servers named Server3 and Server4. The two sites are connected by a WAN connection. Users in Site2
report that logon times are unacceptably long.
You need to improve logon times for the users in Site2 while minimizing replication traffic on the WAN connection. How should you configure the network?
To answer, drag the appropriate configuration option or options to the correct location or locations in the work area.
Drag configuration hereConfiguration Options Global catalog server Universal group membership caching

Answer:

6. You are the network administrator for Adventure Works. The network consists of a single Active Directory forest that contains a forest root domain named adventure-works.com and a child domain named child1.adventure-works.com. The functional level of the forest is Windows Server 2003.
The company uses universal groups to prevent temporary employees from accessing confidential information on computers in the forest. The child1.adventure-works.com domain contains a Windows 2000 Server computer named Server1. Server1 runs an application that makes frequent LDAP queries to the global catalog. Server1 is located on a subnet associated with an Active Directory site named Site2 that has no global catalog servers. Site2 is connected to another site by a WAN connection. You need to enable the application on Server1 to run at high performance levels and to continue operating if a WAN connection fails. You also need to minimize traffic over the WAN connection. What should you do?
A. Enable universal group membership caching in Site2.
B. Configure at least one global catalog server in Site2.
C. Add the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCFailures key to the registry on all domain controllers in Site2.
D. Remove Server1 from the child1.adventure-works.com domain and add it to a workgroup.
Answer: B

7. You are the network administrator for Alpine Ski House. The network consists of a single Active Directory forest that contains five domains. The functional level of the forest is Windows 2000. You have not configured any universal groups in the forest. One domain is a child domain named child1.alpineskihouse.com that contains two domain controllers and 50 client computers. The functional level of the domain is Windows Server 2003. The network includes an Active Directory site named Site1 that contains two domain controllers. Site1 represents a remote clinic, and the location changes every few months. All of the computers in child1.alpineskihouse.com are located in the remote clinic. The single WAN connection that connects the remote clinic to the main network is often saturated or unavailable. Site1 does not include any global catalog servers. You create several new user accounts on the domain controllers located in Site1. You need to ensure that users in the remote clinic can always quickly and successfully log on to the domain. What should you do?
A. Enable universal group membership caching in Site1.
B. Add the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCFailures key to the registry on both domain controllers in Site1.
C. Add the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCFailures key to the registry on all global catalog servers in the forest.
D. Raise the functional level of the forest to Windows Server 2003.
Answer: B

8. You are the network administrator for Contoso Pharmaceuticals. Your network consists of a single Active Directory forest that contains three domains. The forest root domain is named contoso.com. The domain contains two child domains named usa.contoso.com and europe.contoso.com. The functional level of the forest is Windows Server 2003. Each domain contains two Windows Server 2003 domain controllers named DC1 and DC2. DC1 in the contoso.com domain performs the following two operations master roles: schema master and domain naming master. DC1 in each child domain performs the following three operations master roles: PDC emulator master, relative ID (RID) master, and infrastructure master. DC1 in each domain is also a global catalog server. The user account for Nancy Buchanan in the europe.contoso.com domain is a member of the Medicine Students security group. Because of a name change, the domain administrator of europe.contoso.com changes the Last name field of Nancy's user account from Buchanan to Anderson. The domain administrator of usa.contoso.com discovers that the user account for Nancy is still listed as Nancy Buchanan.  You need to ensure that the user account for Nancy Anderson is correctly listed in the Medicine Students group. What should you do?
A. Transfer the PDC emulator master role from DC1 to DC2 in each domain.
B. Transfer the infrastructure master role from DC1 to DC2 in each domain.
C. Transfer the RID master role from DC1 to DC2 in each domain.
D. Transfer the schema master role from DC1 to DC2 in the contoso.com domain.
Answer: B

9. You are the network administrator for your company. The network consists of a single Active Directory forest that contains one domain. The functional level of the forest is Windows 2000, and the functional level of the domain is Windows 2000 mixed. The domain contains four domain controllers named DC1, DC2, DC3, and DC4. There are two sites in the forest. DC1 and DC2 are in one site. DC3 and DC4 are in the other site. DC1 fails. You need to wait until the following week to restore DC1.
While connected to DC3, you perform a bulk import of user accounts and receive an error message stating that a number of the user accounts could not be created. You need to ensure that the user accounts can be created. What should you do?
A. Seize the PDC emulator role to DC3.
B. Seize the relative ID (RID) master role to DC3.
C. Create a replication object to connect DC3 to DC2.
D. Raise the functional level of the domain and the functional level of the forest to Windows Server 2003.
Answer: B

10. You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains three Active Directory sites named Site1, Site2, and Site3. The sites are connected by site links as shown in the work area.
SiteLink1 and SiteLink2 include redundant, high-speed WAN connections.
Each site has one subnet associated with it. The number of computers in each site and the operating system that the computers are running are indicated in the following table.
Operating system
Site1
Site2
Site3
Windows 98
50
30
550
Windows NT Workstation 4.0
50
20
550
Windows 2000 Professional
0
500
500
Windows XP Professional
100
0
0
Windows Server 2003
10
20
15
Site1 contains a Windows Server 2003 domain controller named Server1 that is the relative ID (RID) master for the domain. Site2 contains two Windows Server 2003 domain controllers named Server2 and Server3. Server2 is the infrastructure master for the domain. Site3 contains a Windows Server 2003 domain controller named Server4.
You need to decide where to place the PDC emulator role holder. You want to optimize the overall response time for users in all sites.
Where should you place the PDC emulator role?
To answer, select the appropriate domain controller or domain controllers in the work area.

Answer: 

11. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory forest, as shown in the exhibit. (Click the Exhibit button.)
A domain controller named dc1.corp.contoso.com runs Windows 2000 Server. All other domain controllers run Windows Server 2003. Contoso, Ltd., is engaged in a joint venture with Litware, Inc. The network at Litware, Inc., consists of a single Active Directory forest named litwareinc.com that contains one domain. The functional level of the litwareinc.com forest is Windows Server 2003.
You need to ensure that the users at Contoso, Ltd., can log on to the litwareinc.com forest. You upgrade dc1.corp.contoso.com to Windows Server 2003.
Which two additional courses of action should you take? (Each correct answer presents part of the solution. Choose two.)
A. Raise the functional level of the corp.contoso.com domain and the east.corp.contoso.com domain to Windows 2000 native. Raise the functional level of the contoso.com forest to Windows Server 2003.
B. Raise the functional level of the corp.contoso.com domain to Windows 2000 native. Raise the functional level of the east.corp.contoso.com domain to Windows Server 2003. Raise the functional level of the west.contoso.com domain to Windows Server 2003.
C. Create a one-way forest trust relationship in which the contoso.com forest trusts the litwareinc.com forest.
D. Create a one-way forest trust relationship in which the litwareinc.com forest trusts the contoso.com forest.
Answer: D AND A
 
12. You are the network administrator for Fabrikam, Inc. Your network consists of a single Active Directory forest that contains one domain named fabrikam.com. The functional level of the forest is Windows Server 2003. Fabrikam, Inc., acquires a company named Contoso, Ltd. The Contoso, Ltd., network consists of a single Active Directory forest that contains a root domain named contoso.com and a child domain named usa.contoso.com. The functional level of the forest is Windows 2000. The functional level of the usa.contoso.com domain is Windows 2000 native. A business decision by the company requires the usa.contoso.com domain to be removed. You need to move all user accounts from the usa.contoso.com domain to the fabrikam.com domain by using the Active Directory Migration Tool. You need to accomplish this task without changing the logon rights and permissions for all other users. You need to ensure that users in usa.contoso.com can log on to fabrikam.com by using their current user names and passwords. What should you do?
A. Create a two-way Windows Server 2003 external trust relationship between the fabrikam.com domain and the contoso.com domain.
B. Create a one-way Windows Server 2003 external trust relationship in which the fabrikam.com domain trusts the contoso.com domain.
C. Create a temporary two-way external trust relationship between the fabrikam.com domain and the usa.contoso.com domain.
D. Create a temporary one-way external trust relationship in which the usa.contoso.com domain trusts the fabrikam.com domain.
Answer: C

13. You are the network administrator for your company. The network consists of a single Active Directory domain. The functional level of the domain is Windows Server 2003.
You configure two Active Directory sites named Site1 and Site2. Site1 contains all of the operations masters and two global catalog servers. Site2 contains a domain controller named Server1. You create a site link named SiteLink1 that includes Site1 and Site2.
You need to provide global catalog services locally in Site2.
Which Active Directory component should you configure?
To answer, select the appropriate component in the work area.

Answer: 

14. You are a network administrator for your company. The network consists of a single Active Directory forest that contains one domain. The company has its main office and one branch office in San Francisco.
The company has additional branch offices in Chicago, New York, and Toronto.
Administrators at the main office are responsible for managing all objects in the domain. Administrators at each branch office are responsible for managing user and computer objects for employees who work in the same branch office as the administrator. Administrators for the San Francisco branch office are also responsible for managing
user and computer objects for employees who work in the main office. These users are managed as a single unit.
You want administrators to be authorized to make changes only to the objects for which they are responsible.
You need to plan an organizational unit (OU) structure that allows the delegation of required permissions. You want to achieve this goal by using the minimum amount of administrative effort.
Which OU structure should you use?
A.

B.

C.

D.

Answer: A

15. You are the network administrator for your company. The network consists of a single Active Directory domain. The relevant portion of the organizational unit (OU) structure is shown in the exhibit. (Click the Exhibit button.)
The company's sales division consists of an inside sales department, a mobile sales department, and a telemarketing department. User objects for users in these departments are stored in the Inside, Mobile, and Telemarket Ous respectively. User objects for all junior managers and senior managers are stored in the Managers OU. The company decides to train junior managers to perform basic administrative tasks. Junior managers are responsible for enabling and disabling accounts for all sales users except junior managers and senior managers. You need to enable junior managers to perform the assigned administrative tasks. You must not affect any existing permissions. What should you do?
A. On the Managers OU, block the inheritance of permissions. Copy all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
B. On the Inside, Mobile, and Telemarket Ous, block the inheritance of permissions. Copy all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
C. On the Managers OU, block the inheritance of permissions. Remove all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
D. On the Sales OU, block the inheritance of permissions. Copy all existing permissions. On the Sales OU, grant junior managers the permission to enable and disable accounts.
Answer: A

16. You are the network administrator for a company that has six offices. The network consists of a single Active Directory domain. Each office has users who work in the sales, marketing, and production departments. All Active Directory administration is performed by the IT group. The IT group provides a help desk, a level-two support group, and an MIS group. Each office has one employee who works for the help desk group. Administrative responsibilities are listed in the following table.
Group
Role
Help desk
User account maintenance for all employees who are not management
Level-two support
User account maintenance for all employees, the help desk users, and all management users
MIS group
Service account maintenance, maintenance of domain administrator accounts, and built-in accounts in Active Directory
You need to plan an organizational unit (OU) structure that allows delegation of administration. Your plan must ensure that permissions can be maintained by using the minimum amount of administrative effort. Which OU structure should you use?
A.

B.
C
. 
D.
Answer: C

17. You are the network administrator for your company. The network consists of a single Active Directory domain.  The company has its main office in Chicago and branch offices in Toronto and New York. The main office contains a sales department and a marketing department. The company's MIS department is responsible for administration of the entire domain. Each office has an IT group that is responsible for the administration of user accounts. In addition, the main office MIS group has one administrator to manage the sales department and one administrator to manage the marketing department. You need to plan the organizational unit (OU) structure for your company. You want administrators to be delegated control to only objects for which they are responsible. Your plan must ensure that permissions can be maintained by using the minimum amount of administrative effort. Which OU structure should you use? To answer, select the appropriate plan in the work area.
Answer: Plan A

18. You are the network administrator for your company. The network consists of a single Active Directory domain. User and group objects for the sales department are located in an organizational unit (OU) named Sales.
Peter and Mary are administrators for your company. Peter is responsible for managing Sales user objects. Mary is responsible for managing Sales group objects.
You need to delegate Peter and Mary control over only the objects for which they are responsible. What should you do?
A. In the Sales OU, create two new Ous. Name one OU SalesUsers and place all user objects for the sales department in this OU. Name the other OU SalesGroups and place all group objects for the sales department in this OU. Grant Peter and Mary full control over the Sales OU.
B. On the Sales OU, grant Peter the right to manage user objects. On the Sales OU, grant Mary the right to manage group objects.
C. In the Sales OU, create a new OU. Name this OU SalesGroups. Place all Sales groups in the SalesGroups OU.
Grant Peter the right to manage all objects in the Sales OU. Grant Mary the right to manage all objects in the SalesGroups OU.
D. On the Sales OU, deny Peter the right to manage group objects. On the Sales OU, deny Mary the right to manage user objects.
Answer: B

19. You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The functional level of the domain is Windows Server 2003. The organizational unit (OU) structure is shown in the exhibit. (Click the Exhibit button.)

Your company uses an X.500 directory service enabled product to support a sales and marketing application. The application is used only by users in the sales department and the marketing department.
The application uses InetOrgPerson objects as user accounts. InetOrgPerson objects have been created in Active Directory for all Sales and Marketing users. These users are instructed to log on by using their InetOrgPerson object as their user account.
Microsoft Identity Integration Server is configured to copy changes to InetOrgPerson objects from Active Directory to the X.500 directory service enabled product. All InetOrgPerson objects for marketing employees are located in the Marketing OU. All InetOrgPerson objects for sales employees are located in the Sales OU.
Mikhail is another administrator in your company. Mikhail is responsible for managing the objects for users who require access to the X.500 directory service enabled product.
You need to configure Active Directory to allow Mikhail to perform his responsibilities.
Which action or actions should you take? (Choose all that apply.)
A. On the domain, grant Mikhail the permission to manage user objects.
B. On the domain, grant Mikhail the permission to manage InetOrgPerson objects.
C. On the Sales OU, block the inheritance of permissions.
D. On the Marketing OU, block the inheritance of permissions.
E. On the Dev OU, block the inheritance of permissions
Answer: E AND B

20. You are the network administrator for Blue Yonder Airlines. You plan to create an Active Directory domain named blueyonderairlines.com that will have a functional level of Windows Server 2003.
Your company has one main office and four branch offices, which are all located in one country. A central security department in the main office is responsible for creating and administering all user accounts in all offices. Each office has a local help desk department that is responsible for resetting passwords within the individual department's office only.
All user accounts are located in the default Users container.
You need to create an organizational unit (OU) structure to support the delegation of authority requirements. You want to minimize the amount of administrative effort required to maintain the environment. What should you do?
A. Create a top-level OU named BlueYonderAirlines_Users under the blueyonderairlines.com domain.
Create a separate child OU for each office under BlueYonderAirlines_Users. Move the user accounts of all employees in each office to the child OU for that office.
B. Create a top-level OU named Main_Office under the blueyonderairlines.com domain. Move the user accounts of all users in the main office to the Main_Office OU.
Create a separate child OU for each branch office under the Main_Office OU. Move the user accounts of all users in each branch office to the child OU for that office.
C. Create a top-level OU named BlueYonderAirlines_Users under the blueyonderairlines.com domain. Create a child OU named Central_Security under BlueYonderAirlines_Users. Move the user accounts of the central security department users to the Central_Security OU.
Create a child OU named Help_Desk under BlueYonderAirlines_Users. Move the user accounts of the help desk users to the Help_Desk OU.
D. Create a top-level OU named BlueYonderAirlines_Users under the blueyonderairlines.com domain.
Create a child OU named Central_Security under BlueYonderAirlines_Users. Move the user accounts of the central security department users to the Central_Security OU.
Create a separate child OU under BlueYonderAirlines_Users for each office. Move the user accounts of the help desk users in each office to the child OU for that office.
Answer: A

21. You are the network administrator for Alpine Ski House. The network consists of a single Active Directory forest that contains three domains named alpineskihouse.com, child1.alpineskihouse.com, and child2.alpineskihouse.com. The functional level of the forest is Windows Server 2003. Each domain contains Windows Server 2003 file and print servers. All of the file and print server computer accounts are located in the default Computers container in each domain. There is a central operations department that is responsible for administering the file server computer accounts in all domains. There is a separate operations department for each domain that is responsible for administering the print server computer accounts in that domain. You need to delegate authority to create an environment to support your file and print server administration requirements. You need to create an organizational unit (OU) structure to support the delegation of authority requirements. What should you do?
A. Create a top-level OU for file server computer accounts under the alpineskihouse.com domain. Create a top-level OU for print server computer accounts under the alpineskihouse.com domain.
B. Create a top-level OU for file server computer accounts under the alpineskihouse.com domain. Create a top-level OU for print server computer accounts under each domain.
C. Create a top-level OU for file server computer accounts under each domain. Create a top-level OU for print server computer accounts under each domain.
D. Create a top-level OU for file server computer accounts under each domain.
Create a child OU for print server computer accounts under each file server OU.
Answer: C

22. You are the network administrator for the Baldwin Museum of Science. The network consists of a single Active Directory forest that contains one domain named baldwinmuseumofscience.com.
You need to deploy a new domain named NA.baldwinmuseumofscience.com as a child domain of baldwinmuseumofscience.com. 
You install a new stand-alone Windows Server 2003 computer named DC1. You plan to make DC1 the first domain controller in the NA.baldwinmuseumofscience.com domain. You configure DC1 with a static IP configuration. You run the Active Directory Installation Wizard on DC1. The wizard prompts you for the network credentials to use to join the NA.baldwinmuseumofscience.com domain to the forest. You enter the appropriate credentials for an account in the baldwinmuseumofscience.com domain. You receive an error message stating that a domain controller in the baldwinmuseumofscience.com domain cannot be located. You need to be able to promote DC1 to a domain controller as the first domain controller of the child domain in the existing forest. What should you do?
A. Configure the client WINS settings on DC1 to use a WINS server that contains entries for the baldwinmuseumofscience.com domain controllers.
B. Configure the client DNS settings on DC1 to use a DNS server that is authoritative for the baldwinmuseumofscience.com domain.
C. Configure the DNS Server service on DC1 to have a zone for NA.baldwinmuseumofscience.com.
D. Configure DC1 to be a member server in the baldwinmuseumofscience.com domain. Answer: B

23. You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory forest that contains a single domain named contoso.com. You have a user account named CONTOSO\admin that is a member of the Domain Admins global group. You need to create a new child domain named NA.contoso.com in the forest. You install a stand-alone Windows Server 2003 computer named DC3. You use the Active Directory Installation Wizard to promote DC3 to a domain controller in the new domain. You choose to create a domain controller for a new child domain in an existing domain tree. You enter the user name and password for CONTOSO\admin. You choose contoso.com as the parent domain, and you type NA as the name of the child domain. You receive the error message shown in the exhibit. (Click the Exhibit button.)

You need to be able to create the new child domain. What should you do?
A. Enter the network credentials for a member of the local Administrators group.
B. Add DC3 to the contoso.com domain and then run the Active Directory Installation Wizard.
C. Enter the network credentials for a member of the Enterprise Admins group for the contoso.com forest.
D. Enter the network credentials for a member of the Schema Admins group for the contoso.com forest.
Answer: C
 
24. You are the network administrator for your company. The company consists of two subsidiaries named Contoso, Ltd., and Fabrikam, Inc. The network consists of two Active Directory forests. The WAN connections that connect some domain controllers are unreliable. The domain and trust configuration is shown in the Network Diagram exhibit. (Click the Exhibit button.)

You create shared folders on Windows Server 2003 member servers in both forests. Some of the shared folders are accessible to users from both forests. For each of the shared folders, you create a domain local group. You add global groups from domains in either forest to the domain local group. The Fabrikam, Inc., division is sold to a different company. You delete the trust relationship between the two forests. You notice that after the trust relationship is deleted, the membership lists for some of the domain local groups are no longer accurate. When you view a membership list, it contains entries without user-friendly names. A sample is shown in the Membership List exhibit. (Click the Exhibit button.)

You need to delete all the unknown groups from the membership list for the domain local groups. You want to achieve this goal by using the minimum amount of administrative effort, and without modifying the access to resources for users in the contoso.com forest.
What should you do?
A. Create new domain local groups. Add the required global groups from the contoso.com forest to the domain local groups. Grant appropriate permissions to the domain local groups. Delete the original domain local groups.
B. Re-create the trust relationship between contoso.com forest and the fabrikam.com forest. Delete all the fabrikam.com global group accounts from the domain local group membership lists. Delete the trust relationship between the two forests.
C. Verify all remaining trust relationships. Then delete the unknown accounts from the domain local groups.
D. Delete all the affected domain local groups. Re-create the groups. Add the appropriate global groups from the contoso.com forest to the groups. Grant appropriate permissions to the domain local groups.
Answer: C

25. You are the network administrator for Litware, Inc., which is located in New York. Litware, Inc., owns a company named Lucerne Publishing, which is located in London. The Litware, Inc., network consists of a single Active Directory forest that contains two domains. Litware, Inc., opens a new office in Cairo. The structure of the Active Directory network after the addition of the Cairo office is shown in the exhibit. (Click the Exhibit button.)

Both site links are configured to be transitive. The site links are configured as shown in the following table.

NYLondon
LondonCairo
Cost
200
100
Interval
30 minutes
45 minutes
Schedule
11:00 P.M. - 1:00 A.M.  UTC
7:00 P.M. - 9:00 P.M. UTC
Users in all three sites report that response times are unacceptably slow when crossing WAN connections to access information in other offices. You discover that replication between servers in NYSite and CairoSite is happening throughout the day.
You need to ensure that users' access to remote offices is not slowed as a result of replication traffic. What should you do?
A. Replace the current site links with SMTP-based site links.
B. Create a site link bridge and include both site links.
C. Configure the cost on both site links to be 500.
D. Configure the schedule times to overlap.
Answer: D

26. You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an office in San Diego, which is configured as a single Active Directory site.
The company has 500 users. The company opens a new office in Los Angeles, which employs 50 users. A T1 line connects both offices. You configure the Los Angeles office as a single site. You create a subnet object for the Los Angeles office.
In the Los Angeles office, you install and configure a server named DC1 as a domain controller and global catalog server. You configure the Los Angeles site to use DC1 and the Los Angeles subnet object.
You configure a site link that connects the site in San Diego and the site in Los Angeles.
You need to ensure that client computers in Los Angeles connect to DC1 for authentication. You also need to ensure that changes to the domain are replicated as soon as possible. What should you do?
A. Configure the interval for the site link to its minimum value.
B. Remove the Los Angeles site and move DC1 and the Los Angeles subnet object to the San Diego site.
C. Create an RPC-based connection object at each of the two sites.
D. Create a site link bridge between the two sites.
Answer: A

27. You are the network administrator for a company that has three offices. The offices are in Boston, Chicago, and New York. All three offices are connected by leased lines as shown in the exhibit. (Click the Exhibit button.)

Your company is deploying a Windows Server 2003 forest. You create a single Active Directory domain. You configure each office as a single site. You configure three domain controllers in NYSite. You create a domain controller in each of the other sites. You create site links based on the network topology. Each leased line is represented by a site link. Each site link connects only two sites. The cost and the schedule for all site links is the same. The sites and site links are named as shown in the following table.
Site link name
Linked site
Linked site
NYBoston
NYSite
BosSite
NYChi
NYSite
ChiSite
ChiBoston
ChiSite
BosSite
Users report that network requests between BosSite and ChiSite are taking much longer than they used to take.
You discover that replication traffic is using an unacceptably large percentage of the bandwidth between BosSite and ChiSite. You need to reduce replication traffic over the ChiBoston site link. What should you do?
A. Create an SMTP-based connection object from a domain controller in NYSite to a domain controller in BosSite. 
B. Increase the cost for the ChiBoston site link.
C. Create a site link bridge that includes the NYBoston and NYChi site links.
D. Increase the replication interval for the NYBoston site link.
Answer: B

28. You are the network administrator for your company. The network consists of a single Active Directory domain with four sites. The sites are connected by site links, as shown in the work area.
The available bandwidth on the WAN connections between sites is shown in the following table.
WAN connection
Type of connection
Available bandwidth
Site 1 - Site 2
56 Kbps
30 percent
Site 2 - Site 3
T3
70 percent
Site 3 - Site 4
T1
40 percent
Site 4 - Site 1
T3
70 percent
You need to ensure that the Knowledge Consistency Checker (KCC) uses the faster connection links when possible.  What should you do?
To answer, drag the appropriate site link cost or costs to the correct location or locations in the work area.

Answer:

29. You are a network administrator for your company. The network consists of a single Active Directory domain. The company has offices in 25 cities. Each office is configured as a single site. You are responsible for one site that is configured as shown in the exhibit. (Click the Exhibit button.)

An IP site link connects your site and the site at the company's main office. The company replaces your router with a firewall device. The firewall is configured to allow HTTP, SMTP, FTP, NNTP, global catalog queries, and VPN packets to pass. You discover that replication with other sites is not occurring.
You need to ensure that you can replicate with other sites. You need to achieve this goal without removing or reconfiguring the firewall.
What should you do?
A. Create a new SMTP site link between your site and each of the other sites.
B. Configure one domain controller in your site as a global catalog server.
C. Configure both domain controllers in your site to use a fixed port when replicating.
D. Create a VPN between your site and the site at the main office.
Answer: D

30. You are the network administrator for Northwind Traders. The network consists of a single Active Directory forest that contains one root domain and one child domain. The forest also contains three separate sites, as shown in the Network Diagram exhibit. (Click the Exhibit button.)
The network is not fully routed and there is no direct physical connection between Site1 and Site3. Site links are not bridged. You discover that the domain controllers for namerica.northwindtraders.com located in Site1 have additional accounts that are not on the domain controllers for namerica.northwindtraders.com located in Site3. You examine the directory service log in Event Viewer on a domain controller for namerica.northwindtraders.com. You discover the error message shown in the Error Message exhibit. (Click the Exhibit button.)

You need to resolve the condition that is causing this error. What should you do?
A. Add a domain controller for the namerica.northwindtraders.com domain to Site2.
B. Configure a site link bridge between the site links for Site1 and Site3.
C. Configure at least one domain controller in each site to be a global catalog server.
D. Create a site link between Site1 and Site3.
Answer: B