1.  You are the network administrator for Alecnet network. The network consists of several domains in a single Active Directory forest Contoso.com. The functional level for all child domains is Windows 2000 mixed. A server named ContosoA.litwareinc.com runs Windows Server 2003. You share a folder named SalesDocs on this server. In the properties for SalesDocs, you assign the Allow - Full Control permissions to a universal group named U_Sales in Contoso.com. Effective permissions for U_Sales are shown in the U_Sales exhibit. In each domain in the forest, you create a global group named G_Sales, whose membership consists of users in that domain’s department. You add every G_Sales group to the U_Sales group. Ben Smith is a member of G_Sales in child1.Contoso.com. He reports that he cannot access SalesDocs. On ContosoA, you verify the effective permissions for Ben Smith, as shown in the Ben Smith exhibit. You need to ensure that Ben Smith can access SalesDocs. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. (Choose two) A. Add Ben Smith’s user account to U_Sales in litwareinc.com B. Change the group scope of U_Sales to domain local. C. Change the group type of U_Sales to distribution. D. Assign the Allow - Full Control permissions to G_Sales in child1.litwareinc.com. E. Instruct Ben Smith to log on by using his user principal name. Answer: B, D

2.  You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain Alecnet.com. The functional level of the domain is Windows 2000 native. Some network servers run Windows 2000 Server, and others run Windows Server 20003. All users in your accounting department are members of an existing global distribution group named Global-1. You create a new network share for the accounting users. You need to enable the members of Global-1 to access the file share. What should you do? A. Raise the functional level of the domain to Windows Server 2003. B. Change the group type of Global-1 to security. C. Change the group scope of Global-1 to universal. D. Raise the functional level of the forest to Windows Server 2003. Answer:  B

3. You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named Alecnet.com. All servers run Windows Server 2003. Files and folders for the network users are stored on a member server named Alecnet8. Folders are shared on the network by assigning the Allow - Full Control permission to the Authenticated Users group. A folder named Budget contains financial information. Permissions for Budget are shown in the exhibit. A new employee named Tess King is hired to manage Alecnet’s financial information. You create a user account for her. However, Tess reports that she cannot create new files in Budget. You need to ensure that Tess can perform these actions. To which group should you add her user account? A. Group1 B. Group2 C. Group3 D. Administrators E. Users Answer: B

4. You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named Alecnet.com. All servers run Windows Server 2003. An administrator named Tess King attempts to perform troubleshooting tasks on a file server. However, =when she attempts to open the security event log, she receives the error message shown in the exhibit. You need to ensure that Tess can complete her troubleshooting tasks. What should you do? A. Add Tess’s user account to the Server Operators domain group. B. Add Tess’s user account to the local Administrators group on the file server. C. Configure Tess’s client computer to enable the IPSec Server (Request Security) policy. D. Assign Tess’s user account the Allow logon through Terminal Services user right for the file server. Answer: B

5. You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named Alecnet.com. All network servers run Windows Server 2003. You create an organizational unit (OU) named Engineering, which will hold all objects associated with the users and computers in the engineering department. You also create a global group named Engineering Admins, whose members will administer these objects. Now you need to assign the appropriate permissions to the Engineering Admins group so its members can administer the objects in the Engineering OU. First, you use Active Directory Users and Computers to view the properties of the Engineering OU. However, the Security tab is not available. What should you do next? A. Convert the system partition to NTFS. B. Enable the Advanced Features option in the View menu of Active Directory Users and Computers. C. Enable the Users, Groups, and Computers as Containers option in the View menu of Active Directory Users and Computers. D. Log on by using a user account that has Administrator permissions for the Engineering OU. Answer:  B

6. You are the network administrator for Alecnet.com. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest is Windows Server 2003. The domain names are Alecnet.com, europe.Alecnet.com, and asia.Alecnet.com. Each domain contains 500 user accounts. Alecnet.com is in the process of acquiring several other companies whose networks will be add to the Alecnet.com Windows Server 2003 domain. These acquisitions will entail the addition of several new offices, which will be connected to Alecnet’s network by means of dedicated 56-Kbps WAN connections. You create a new shared folder named NewProjects on a file server in Alecnet.com. Several users in each existing domain need access to the NewProjects folder. These users are not in the same group in any domain. All users who need access to the NewProjects folder must be able to add, delete, and modify files and folders in the NewProjects folder. Users in the acquired companies also will require access to this folder. You need to create the required Active Directory groups and configure the required permissions for the NewProjects folder. Your solution must minimize ongoing administrative effort as you add new companies to the network. You must also minimize unnecessary traffic across the WAN connections.What should you do? A. Create a single universal security group. Add all users that require access to the folder to the group. Create a domain local group in the Alecnet.com domain. Add the universal group to the domain local group. Assign permissions to the shared folder by using the domain local group. B. Create a global security group in each domain. Add all users that require access to the folder to the global group in their domain. Create a domain local group in Alecnet.com domain. Add the global groups to the domain local group. Assign permissions to the shared folder by using the domain local group. C. Create a universal security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the universal groups. D. Create a global security group in each domain. Add all users that require access to the folder to the group in their domain. Assign permissions to the shared folder by using the global groups. Answer: B

8.  You are the network administrator for Alecnet Oil. The network consists of three Active Directory domains in a single forest. All domain controllers run Windows Server 2003. Alecnet Oil enters into a business partnership with Oil Importers. The Oil Importers network consists, of four Active Directory domains in a single forest. To enable the two companies to share resources, a two-way forest trust relationship with selective authentication is created. Now you need to ensure that the research data of Alecnet Oil will remain inaccessible to all users in Oil Importers. First, you create a local group named No Oil. Then, you assign the Deny - Full Control permission to No Oil. What should you do next? A. Add the Domain Guests group from each of the four domains of Oil Importers to No Oil. B. Add the Other Organization group to No Oil. C. Add the Users group from each of the four domains of Oil Importers to No Oil. D. Add the Proxy group to No Oil. Answer: C

9.  You are the network administrator for Alecnet.com. The network consists of two Active Directory domains in a single forest. The functional level of each domain is Windows 2000 mixed. Your engineering department has 3,000 users. The engineering users are members of various global groups. Alecnet plans to open a new office where engineering users will test products. Engineering users will need to dial in to the company network when they work at the new office. You need to ensure that all new user accounts in the engineering department will have the appropriate group memberships. These accounts must be allowed to connect to the network by using remote access permissions. You must achieve your goal by using the minimum amount of administrative effort. First, you create a template account for engineering users. Which two additional actions should you perform? (Each correct answer presents part of the solution. (Choose two) A. Modify the schema for the office and street attributes by selecting the Index this attribute in the Active Directory check box. B. Modify the schema for the group attribute by selecting the Index this attribute in the Active Directory check box. C. Manually add the Allow Access remote access permission to each new user account that you create. D. Manually add the group membership information to each new user account that you create. E. Add the group membership information to the template account. F. Add the Allow Access remote access permission to the template account. Answer: C, E

10.  You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named Alecnet.com. All network servers run Windows Server 2003, and all client computers run Windows XP Professional. A new management directive states that users can log to the domain only during business hours. Users who remain logged on after business hours must be automatically disconnected from network resources. You need to enforce this directive by using the minimum amount of administrative effort. Which two actions should you perform? (Each correct answer presents part of the solution. (Choose two) A. Configure the Default Domain Policy Group Policy object (GPO) to increase scheduling priority for all users. B. Configure the Default Domain Policy Group Policy object (GPO) to force users to log off when their logon hours expire. C. Select all user accounts.Modify the account properties to restrict logon hours to business hours. D. Create a domain user account named Temp. Configure the account properties to restrict logon hours to business hours. E. Modify the DACL on the Default Domain Policy Group Policy object (GPO) to assign the Allow -Read permission to the Users group. Answer: B, C

11.  You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named Alecnet.com. The functional level of the domain is Windows 2000. Your sales department employs 100 users. All users accounts for sales employees are located in an OU =named Sales. To reduce the size of the sales department, the company terminates 10 sales users. You need to disable these 10 user accounts by using the minimum amount of administrative effort. You use the Active Directory Users and Computers in an attempt to disable all 10 users accounts simultaneously. You see the dialog box in the exhibit. What should you do? A. Disable each of the 10 affected user accounts, one by one. B. Log on by using an account that has administrative access to the domain. Disable all user accounts in the Sales OU simultaneously. C. Select all user accounts in the Sales OU. Disable all user accounts simultaneously. D. Select only the 10 affected user accounts in the Sales OU. Disable all 10 user accounts simultaneously. Answer: D

12.  You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain Alecnet.com. All domain controllers run Windows Server 2003. Users who enter an invalid password more than twice in one day must be locked out. You need to configure domain account policy settings to enforce this rule. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two): A. Set the minimum password age to one day. B. Set the maximum password age to one day. C. Change the Enforce password history setting to three passwords remembered. D. Change the Account lockout duration setting to 1440 minutes. E. Change the Account lockout threshold setting to three invalid logon attempts. F. Change the Reset account lockout counter after setting to 1440 minutes. Answer: E, F

14.  You are the network administrator for Alecnet.com.com. All network servers run Windows server 20003, and all client computers run Windows XP Professional. A user named King manages an application server named Server25. One morning, King tries to log on to the network from Server 25. He receives the message shown in the Logon message exhibit. King notifies you of the problem. You open Active Directory Users and Computers and see the display shown in the Active Directory exhibit. You need to enable King to log on to Server 25. Your solution must require the minimum amount of administrative effort. What should you do? A. Enable the computer account for Server 25 B. Reset the computer account for Server 25. C. Remove Answer: A

15.  You are the network administrator for Alecnet.com.com. All network servers run Windows server 20003, and all client computers run Windows XP Professional. A user named King manages an application server named Server25. One morning, King tries to log on to the network from Server 25. He receives the message shown in the Logon message exhibit. King notifies you of the problem. You open Active Directory Users and Computers and see the display shown in the Active Directory exhibit. You need to enable King to log on to Server 25. Your solution must require the minimum amount of administrative effort. What should you do? A. Enable the computer account for Server 25 B. Reset the computer account for Server 25. C. Remove Server 25 from the domain, and then rejoin Server25 to the domain. D. Delete the computer account for Server25, and then create a new account with the same name. Answer: A

16. You are the network administrator for Alecnet.com. Your network consists of a single Active Directory domain Alecnet.com. All network servers run Windows Server 2003. Alecnet has offices in Chicago, New York and Los Angeles. Each office has one domain controller. Each office also has its own organization unit (OU), which contains all user accounts and computer accounts in that office. The Chicago OU is accidentally deleted from Active Directory. You perform an authoritative restoration of that OU. Some users in Chicago now report that they receive the following error message when they try to log on to the domain. “The session setup from the computer DOMAINMEMBER failed to authenticate. The name of the account referenced is the security database in DOMAINMEMBER$. The following error occurred: Access is denied”. How should you solve this problem? A. Reset the computer accounts of the computers that receive the error message. Instruct the affected users to restart their computers. B. Perform a nonauthoritative restoration of Active Directory. Force directory replication on all domain controllers. C. Restart the Kerberos Key Distribution Center service on each domain controller. D. Run Nltest.exe on the computers that receive the error message. Restart the Net Logon service on the domain controller on Chicago. Answer: A

17. You are the network administrator for Alecnet.com. Your network consists of a single Active Directory domain named Alecnet.com. All network servers run Windows Server 2003, and all client computers run Windows XP Professional. You install a new file and print server named File1. You configure standard company policies and other local options. You use third-party software to create and save an image of the server. Then you join File1 to the domain. Six weeks later, you reapply the saved image to File1 and restart the server. You try to log on to the domain by using domain credentials. However, you are unsuccessful. You need to log on to File1 and re-establish its domain membership. Your solution must require the minimum amount of administrative effort. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two) A. Reset the computer account for File1 in Active Directory Users and Computers. B. Reset the password for Administrator account by logging on locally to File1 as a member of the local Power Users group. C. Reinstall and reconfigure File1. D. Join File1 to the domain. E. Remove File1 from the domain. Answer: A, D

18.  You are the network administrator for Alecnet.com. Your network consists of a single Active Directory domain named Alecnet.com. The Default Domain Group Policy object (GPO) uses all default settings. The network contains five servers running Windows Server 2003 and 800 client computers. Half of the client computers are portable computers. The other half are desktop computers. Users of portable computers often work offline, but users of desktop computers do not. You install Windows XP Professional on all client computers with default settings. Then you configure user profiles and store them on the network. Some users of portable computers now report that they cannot log on to their computers. Other users of  portable computers do not experience this problem. You need to ensure that all users of portable computers can log on successfully, whether they are working online or offline. What should you do? A. Configure all portable computers to cache user credentials locally. B. Ensure that all users of portable computers log on to the network at least once before working offline. C. In all portable computers, rename Ntuser.dat to Ntuser.man. D. For all portable computers, configure the Loopback policy setting. Answer:  B

19.  You are the administrator of an Active Directory domain named Alecnet.com. A user reports that he forgot his password and cannot log on to the domain. You discover that yesterday morning the user reset his password and successfully logged on to the domain. You need to enable the user to log on to the domain. What should you do? (Choose two) A. Use Active Directory Users and Computers to move the account to the default organizational unit (OU) named Users. Instruct the user to restart his computer. B. Use Active Directory Users and Computers to open the account properties for the user’s user account. Clear the Account is locked out check box, and select the User must change password at next logon check box. C. Use Active Directory Users and Computers to reset the user’s password. Give the user the new password. D. Use Computer Management to reset the password for the local Administrator account. Give the user the new password. Answer: B, C

20. You are the network administrator for Alecnet.com. Your network consists of a single Active Directory domain named Alecnet.com. All network servers run Windows Server 2003, and all client computers run Windows XP Professional. Robert’s user account is located in the standard Users folder of the domain. One day, Robert tries to log on to his computer. When he enters the password he receives an error message indicating that his account is locked out. Robert cannot remember the correct password. You examine the domain’s Account Lockout Policy, which is shown in the exhibit. You need to ensure that Robert can log on as soon as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two) A. Unlock Robert’s account. B. Increase the value for the Reset account lockout after option. C. Decrease the value for the Reset account lockout after option. D. Reset Robert’s password. E. Increase the value for the Account lockout threshold option. F. Decrease the value for the Account lockout threshold option. Answer: A, D

21.  You are the network administrator for Alecnet.com. Your network consists of a single Active Directory domain named Alecnet.com. All network servers run Windows Server 2003, and all client computers run Windows XP Professional. Alecnet has 16 different office locations. Each office is a separate Active Directory site. You work in the main office. A user named Anne works in a branch office. Every morning for one week, Anne reports that her user account is locked out. Each time, you are obliged to unlock her account. You suspect that Anne’s account is being misused or attacked outside of regular business hours. You need to investigate the cause of the account lockout. Where should you search for security events? A. Only in the event log of a domain controller in your site. B. Only in the event logs of the domain controllers in Anne’s site. C. In the event logs of all domain controllers in all sites. D. Only in the event log of Anne’s computer. Answer: C

22.  You are the administrator of a Windows 2003 domain Alecnet.com. The domain contains 20 Windows 2000 Professional computers and two Windows 2003 Server computers. For the domain, you want to set an account policy that locks any user’s account after three consecutive failed logon attempts. You also want to ensure that only administrators will be able to unlock the account. Which two actions should you take? (Each correct answer presents part of the solution. Choose two) A. Set the Account lockout duration value to 0. B. Set the Account lockout duration value to 3. C. Set the Account lockout threshold value to 0. D. Set the Account lockout threshold value to 3. E. Set the Reset account lockout counter after value to 0. F. Set the Reset account lockout counter after value to 3. Answer: A, D

23. You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named Alecnet.com. For security reasons, management decides that a particular user must not be able to log on to the domain after 5:00 P.M. If the user is logged on to the domain at 5:00 P.M., he must be logged off automatically. You configure the Logon Hours setting for the appropriate user account. That night, you verify that the user cannot log on to the domain after 5:00 P.M. The next day, you notice that the user is still accessing domain resources at 6:00 P.M. You verify that the time on the user’s computer and on the domain controller are correct. You need to ensure that the user is logged off automatically if he is still working on the domain after 5:00 P.M. What should you do? A. In Active Directory Users and Computers, on the Sessions tab, configure the End Session setting for the user account. Instruct the user to log off from the domain and log on again. B. Modify the Default Domain Policy GPO to enforce logoff when logon hours expire. Ensure that the user’s computer has the latest Group Policy settings applied. C. Remove the user’s domain account from the local Administrators group on the user’s client computer. Instruct the user to log off from the domain and log on again. D. Use Computer Management on the domain controller. Restart the Net Logon service. Answer: B

24.  You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named Alecnet.com. All seven servers are configured as domain controllers and run Windows Server 2003, and all client computers run Windows XP Professional. Alecnet.com frequently hires temporary employees. You specify account expiration dates when you configure user accounts for temporary employees. A former temporary employee named Tess king is hired full-time. When Tess tries to log on, she receives the logon message shown in the exhibit. You need to modify the properties of Tess’ user account to correct this problem. What action should you take? A. Select the Account is locked out option B. Select the Password never expires option. C. Set the Account expires option to never. D. Clear the Account is disabled option. Answer: C

25. You are the network administrator for Alecnet.com. The network consists of a single Active Directory domain named ad.Alecnet,com. Alecnet also uses a DNS namespace named Alecnet.com for its external Internet communications. Users in the sales department log on by using their e-mail addresses. A user named Ben Smith works for the sales department. He reports that when he attempts to log by using bsmith@Alecnet.com, he receives the error message shown in the Error Message exhibit. The details of Ben’s user account are shown in the User Account exhibit. You need to ensure that Ben can log on by using a user ID that matches his e-mail address. What should you do? A. Configure Ben’s user account to be trusted for delegation. B. Configure Ben’s user account to require a smart card for interactive logon. C. In User logon name options, change the user principal name (UPN) for Ben’s account. D. Change the Log On To options for Ben’s account. Answer: C

70-290 Managing and Maintaining a Microsoft Windows Server 2003 Environment

[Home] [Free MCSE dumps] [MCSE certification Deatils] [MCSE study guides] [MCSE Sample Tests] [Microsoft Books] [Certification News] [Submit Dumps] [Web Resources] [Links]

Comments: webmaster@freemcsebraindumps.com
Copyright 2000-2005, Free MCSE Brain dumps .com
The material on this web site is not sponsored by, endorsed by or affiliated with
Microsoft or the MCSE certification or with any vendor such as Cisco, Oracle, Sun etc.
They own trademarks to their certifications. We use them to display information as a fair use
of the names.

[All Braindumps] [Braindumsp-70-290-1] [Braindumps-70-290-3] [Master dumps 1] [Master dumps 2]

[All Braindumps] [Braindumsp-70-290-1] [Braindumps-70-290-3] [Master dumps 1] [Master dumps 2]

Go Back to the Braindumps Page

Go Back to the Braindumps Page