LitMurcitsi j Jjthoitfirf flti rs

Client computers are unable to connect to the Internet.

You run the ping command from a command prompt on Windows XP Professional computer on the local network, and you receive the following result.

Pinging 10.10.22.10 with 32 bytes of data:

Request timed out:

Request timed out:

Request timed out:

Request timed out:

Ping statistics for 10.10.22.10: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

You need to ensure that client computers are able to connect to the Internet. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Configure the DHCP server to assign a default gateway of 131.107.100.202 to client computers.

B. Configure the DHCP server to assign a default gateway of 131.107.100.201 to client computers.

C. Configure the NAT/Basic Firewall interface type for Ethernet1 to be a private interface.

D. Configure the NAT/Basic Firewall interface type for Ethernet2 to be a public interface.

E. Configure the outbound port filters on Ethernet1 to allow all network protocols.

F. Configure the outbound port filters on Ethernet2 to allow all network protocols.

Q7. You are the network administrator for Troy Technologies. The network consists of a single Active Directory domain named troytec.com. The domain contains Windows Server 2003 computers and Windows XP Professional computers.

All confidential company files are stored on a file server named Troytec1. The written company security states that all confidential data must be stored and transmitted in a secure manner. To comply with the security policy, you enable Encrypting File System (EFS) on the confidential files. You also add EFS certificates to the data decryption field (DDF) of the confidential files for the users who need to access them.

While performing network monitoring, you notice that the confidential files that are stored on Troytec1 are being transmitted over the network without encryption.

You must ensure that encryption is always used when the confidential files on Troytec1 are stored and transmitted over the network.

What are two possible ways to accomplish this goal? (Each correct answer presents a complete solution. Choose two.)

A. Enable offline files for the confidential files that are stored on Troytec1, and select the Encrypt offline files to secure data check box on the client computers of the users who need to access the files.

B. Use IPSec encryption between Troytec1 and the client computers of the users who need to access the confidential files.

C. Use Server Message Block (SMB) signing between Troytec1 and the client computers of the users who need to access the confidential files.

D. Disable all LM and NTLM authentication methods on Troytec1.

E. Use IIS to publish the confidential files. Enable SSL on the IIS server.

Open the files as a Web folder.

Q8. You are the network administrator for Troytec. The network consists of a single Active Directory domain named troytec.com. The network contains Windows Server 2003 member servers, Windows Server 2003 domain controllers, and Windows XP Professional computers. The relevant portion of the Active Directory structure is in the work area below.

The written company security policy allows users to use Encryption File System (EFS) on only portable computers. The network security administrator creates a separate domain account as the data recover agent (DRA). The Default Domain Policy contains the Internet Explorer security settings that are required on all computers in the domain.

Users are currently able to use EFS on any computer that will support EFS.

You need to configure Group Policy to ensure compliance with the company security policy. You want to link the minimum number of GPOs to accomplish this goal. All other domain GPOs must remain.

How should you configure Group Policy to ensure that users can use EFS on only portable computers?

To answer, drag the appropriate Group Policy setting or settings to the correct organizational unit (OU) or OUs.

Group Policy Settings Select from these

; Do not require a DRA

; Create a DBA

Add a DRA

; Do not all on users to use EFS \ Block policy i nta trite nee

Group Policy Settings Select from these

; Do not require a DRA

; Create a DBA

Add a DRA

; Do not all on users to use EFS \ Block policy i nta trite nee

Answer:

Q9. You are the network administrator for Troy Technologies. The network consists of a single Active Directory domain troytec.com. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP Professional computers; 2,200 Windows 2000 Professional computers.

The written company security policy states that all computers in the domain must be examined, with the following goals:

• To find out whether all available security updates are present.

• To find out whether shared folders are present.

• To record the file system type on each hard disk.

You need to provide this security assessment of every computer and verify that the requirements of the written security policy are met. What should you do?

A. Open the Default Domain Policy and enable the Configure Automatic Updates policy.

B. Open the Default Domain Policy and enable the Audit object access policy, the Audit account management policy, and the Audit system events policy.

C. On a server, install and run mbsacli.exe with the appropriate configuration switches.

D. On a server, install and run HFNetChk.exe with the appropriate configuration switches.

Answer: C

Q10. You are a network administrator for Troy Technologies. The network consists of a single Active Directory domain named troytec.com. The domain contains Windows Server 2003 domain controllers, Windows Server 2003 member servers, and Windows XP Professional computers.

All company network administrators need to have the remote administrative tools available on any computer that they log on to. All network administrators are members of the domain Administrators group. The network administrator accounts are located in multiple organizational units (OUs).

You need to ensure that the administrative tools are available to network administrators. You also need to ensure that the administrative tools are always installed on computers that have 100 MB or more free disks space.

Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A. Create a Group Policy object (GPO) that will apply adminpak.msi at the domain level.

B. Create a Group Policy object (GPO) that will link adminpak.msi to the Domain Controllers OU.

C. Ensure that only the domain Administrators group is assigned the Allow - Read permission and the Allow - Apply Group Policy permission for the new Group Policy object (GPO).

D. Assign the domain Users group the Deny - Read permission on the Deny - Apply Group Policy permission for the new Group Policy object (GPO).

E. Create a WMI filter that queries the Win32_LogicalDisk object for more than 100 MB of free space.

F. Create a WMI filter that queries the Win32_LogicalDisk object for less than 100 MB of free space.

Q11. You are a network administrator for Megasoft Inc. A German company named Troytec GmBh., recently acquired Megasoft Inc., and another company named Insight, Inc. Your team is responsible for establishing connectivity between the companies.

Each of the three companies has its own Active Directory forest. The relevant portion of the network is shown in the exhibit.

Troytecl, Troytec3, and Troytec5 run Windows Server 2003. Each of these servers is the DNS server for its respective domain. All three servers can currently resolve Internet host names. Troytec3 is configured as a secondary zone server for megasoft.com and insight.com.

You need to configure Troytec5 to resolve host names for troytec.com and insight.com as quickly as possible, without adding new zones to Troytec5.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Forward requests for troytec.com to 131.107.1.2.

B. Forward requests for troytec.com to 131.107.3.2.

C. Forward requests for troytec.com to 131.107.10.2

D. Forward requests for insight.com to 131.107.1.2.

E. Forward requests for insight.com to 131.107.3.2.

F. Forward requests for insight.com to 131.107.10.2.

Q12. You are the network administrator for the Tokyo office of Troy Technologies. The company network consists of a single Active Directory domain troytec.com. The network in your office contains 20 Windows XP Professional computers.

The domain contains an organizational unit (OU) named TokyoOU, which contains all the computer objects for your office. You have been granted the right to create and link Group Policy objects (GPOs) on the TokyoOU.

You need to prevent the computers in your office from executing unauthorized scripts that are written in the Microsoft Visual Basic, Scripting Edition (VBScript) language. However, you want to be able to use VBScript files as startup scripts on all computers in your office. You need to implement a solution that will not affect any other applications.

You plan to implement software restriction policies, by using a GPO on TokyoOU. You will set the default security level to Unrestricted.

Which two actions should you perform to configure software restriction polices? (Each correct answer presents part of the solution. Choose two.)

A. Create a new certificate rule.

Set the security level on the rule to Unrestricted. Digitally sign all the .vbs files that you want to use.

B. Create a new certificate rule.

Set the security level on the rule to Restricted. Digitally sign all the .vbs files that you want to use.

C. Create a new path rule.

Set the security level on the rule to Unrestricted. Set the path to *.vbs.

D. Create a new path rule.

Set the security level on the rule to Restricted. Set the path to *.vbs.

E. Create a new Internet zone rule.

Set the security level on the rule to Unrestricted. Set the Internet zone to Local computer.

F. Create a new Internet zone rule.

Set the security level on the rule to Restricted. Set the Internet zone to Local computer.

Q13. You are the network administrator for Troy Technologies. Your network consists of two Active Directory domains. Each department has its own organizational unit (OU) for departmental user accounts. Each OU has a separate Group Policy object (GPO).

A single terminal server named TroytecTerml is reserved for remote users. In addition, several departments have their own terminal servers for departmental use.

Your help desk reports that user sessions on TroytecTerml remain connected even if the sessions are inactive for days. Users in the accounting department report slow response times on their terminal server.

You need to ensure that users of TroytecTerml are automatically logged off when their sessions are inactive for more than two hours. Your solution must not affect users of any other terminal servers. What should you do?

A. For all accounting users, change the session limit settings.

B. On TroytecTermI, use the Terminal Services configuration tool to change the session limit settings.

C. Modify the GPO linked to the Accounting OU by changing the session limit settings in user-level group polices.

D. Modify the GPO linked to the Accounting OU by changing the session limit settings in computer-level group polices.

Answer: B

Q14. You are the network administrator for Troy Technologies. Your network consists of a single Active Directory domain named troytec.com. All network servers run Windows Server 2003. Each domain controller contains one disk that is configured with both the system partition and the boot partition.

Every day, you use custom software to perform a fall backup of user profiles and user data. The custom backup software provides a bootable floppy disk that includes the drivers for the backup media.

Every Sunday, you run the Automated System Recovery (ASR) wizard on your domain controllers in conjunction with removable backup media. Data is backed up in a file named Backupl.bkf.

One Monday morning, you install a new application on a domain controller named TROYTECDC1. When you restart TROYTECDC1, you receive the following error: "NTLDR is missing. Pres any key to restart."

You need to bring TROYTECDC1 back online as quickly as possible. What should you do?

A. Restart TROYTECDC1 by using the installation CD-ROM.

Reinstall the operating system and restore the contents of the latest full backup by using the Restore wizard. Restart TROYTECDC1.

B. Restart TROYTECDC1 by using the installation CD-ROM. Restore the contents of Backupl.bkf by using the ASR disk. Restart TROYTECDC1.

C. Restart TROYTECDC1 by using the bootable floppy disk.

Copy the contents of Backupl.bkf from the backup media to C:\winnt. Restart TROYTECDC1.

D. Restart TROYTECDC1 by using the bootable floppy disk. Copy the contents of the ASR disk to C:\.

Restart TROYTECDC1.

Answer: B

Q15. You are the administrator of Troy Technologies's network. Your accounting department has a Windows Server 2003 computer named TroytecSrvA. This computer hosts a secured application that is shared among several users in the accounting department. All users of the application must log on locally to

TroytecSrvA.

You decide to create desktop shortcuts that point to the application. These shortcuts must be available only to new users of TroytecSrvA.

Which folder or folders should you modify on Server? (Choose all that apply.) To answer, select the appropriate folder or folders in the work area.

0 0

Post a comment