Free MCSE Braindumps, the best braindumps site for certification exams like 070-290, 070-270 and more!

The company's departments are divided into two main divisions named Operations and Support. The
local IT staff at each location are responsible for user support at their location, regardless of the user's
division. The research and development (R&D) department has its own IT support staff. The R&D
department maintains its own IT support staff regardless of location.
You need to plan a top-level organizational unit (OU) structure that facilitates delegation of
administrative control.
Which top-level OU or OUs should you create?
To answer, drag the appropriate top-level OU or OUs to the correct location or locations in the work
area.

You are a network administrator for Alecnet .com. The network consists of a single Active Directory
domain named Alecnet .com. All servers run Windows Server 2003. The functional level of the domain
is Windows Server 2003. The organizational unit (OU) structure is shown in the exhibit.
Alecnet uses an X.500 directory service enabled product to support a sales and marketing
application. The application is used only by users in the sales department and the marketing
department. The application uses InetOrgPerson objects as user accounts. InetOrgPerson objects have
been created in Active Directory for all Sales and Marketing users. These users are instructed to log on
by using their InetOrgPerson object as their user account.
Microsoft Identity Integration Server is configured to copy changes to InetOrgPerson objects from
Active Directory to the X.500 directory service enabled product. All InetOrgPerson objects for
marketing employees are located in the Marketing OU. All InetOrgPerson objects for sales employees
are located in the Sales OU.
Bill is another administrator in Alecnet . Bill is responsible for managing the objects for users
who require access to the X.500 directory service enabled product.
You need to configure Active Directory to allow Bill to perform his responsibilities.
Which action or actions should you take? (Choose all that apply)

A. On the domain, grant Bill the permission to manage user objects.
B. On the domain, grant Bill the permission to manage InetorgPerson objects.
C. On the Sales OU, block the inheritance of permissions.
D. On the Marketing OU, block the inheritance of permissions.
E. On the Dev OU, block the inheritance of permissions.
Answer: B, E

You are the network administrator for Alecnet .com. Your network consists of a single Active
Directory domain named Alecnet .com. You work in the corporate IT department.
Alecnet consists of 12 business divisions. Each business division has its own top-level organizational unit
(OU) in the domain. Each business division is responsible for managing its own OU structure. The OU of
each division includes an administrative group for that division.
Members of each administrative group have the Allow -Read permission for their division's OU object
and the Allow -Full Control permission for all child objects of the OU structure of only their own
division. The administrators of each division must be approved by the members of the Domain Admins
group.
You need to prevent administrators of individual divisions from adding additional administrators in
their administrative group. You need to ensure that members of the Domain Admins group are able to
manage those groups.
What should you do?

A. Create a new OU under the OU of each division.
Move the appropriate administrative groups into the new OUs.
Block the inheritance of permissions.
When prompted, remove permissions applied from the parent.
B. Assign the Domain Admins group the Allow -Full Control permission for the administrative groups in the
OU of each division.
C. Create a new OU at the same level in the OU structure as the OUs of the individual divisions.
Move all the administrative groups of the divisions into the new OU.
D. Create a Restricted Groups Group Policy object (GPO) and link the GPO to the OU of each division.
Answer: C

You are a network administrator for Alecnet .com. The network consists of a single Active Directory
forest that contains two domains named Alecnet .com and dev. Alecnet .com. All domain controllers
run Windows Server 2003. The functional level of the forest is Windows Server 2003. Alecnet acquires a
company named Graphic Design Institute.
The Graphic Design Institute network consist of a single Active Directory forest that contains a single
domain named graphicdesigninstitute.com. All domain controllers run Windows Server 2003. The
functional level of the forest is Windows Server 2003.
Users in the Alecnet .com domain require access to file and print resources stored on a computer
named server1.graphicdesigninstitute.com. Users in the graphicdesigninstitute.com domain require access
to all computers in the Alecnet .com forest.
You must provide administrators with the ability to grant users access to the required resources.
What should you do?

A. Create a two-way forest trust relationship between the Alecnet .com domain and
the graphicdesigninstitute.com domain.
In the Alecnet .com domain, enable forest-wide authentication for the graphicdesigninstitute.com
domain. In the graphicdesigninstitute.com domain, enable selective authentication for the Alecnet .com
domain.
B. Create a two-way external trust relationship between the Alecnet .com domain and
the graphicdesigninstitute.com domain.
C. Create a one-way forest trust relationship in which the graphicdesigninstitute.com domain trusts the
Alecnet .com domain.
In the Alecnet .com domain, enable forest-wide authentication for the graphicdesigninstitute.com
domain. D. Create a one-way external trust relationship in which the Alecnet .com domain trusts the
graphicdesigninstitute.com domain.
Create a second incoming external trust relationship on the graphicdesigninstitute.com domain.
Specify that the trust relationship in between the dev. Alecnet .com domain and the
graphicdesigninstitute.com
domain.
Answer: A

Network Diagram

You notice that after the forest trust relationship is deleted, the membership lists for some of the domain
local groups are no longer accurate. When you view a membership list, it contains entries without
user-friendly names. A sample is shown in the Membership List exhibit.
**MISSING**
You need to delete all the unknown groups from the membership list for the domain local groups. You
want to achieve this goal by using the minimum amount of administrative effort, and without modifying
the access to resources for users in the Alecnet .com forest.
What should you do?

A. Create new domain local groups.
Add the required global groups from the Alecnet .com forest to the domain local
groups. Grant appropriate permissions to the domain local groups.
Delete the original domain local groups.
B. Re-create the trust relationship between Alecnet .com forest and the fabrikam.com
forest. Delete all fabrikam.com global accounts from the domain local group membership
lists. Delete the trust relationship between the two forests.
C. Verify all remaining trust relationships.
Then delete the unknown accounts from the domain local groups.
D. Delete all the affected domain local groups.
Re-create the groups.
Add the appropriate global groups from the Alecnet .com forest to the
groups. Grant appropriate permissions to the domain local groups.
Answer: C

You work as a network administrator at Alecnet . You administer the Windows 2003 domain
Alecnet .com and a child domain named child1. Alecnet .com. The child1. Alecnet .com
domain contains all of the user accounts for the network.
Your company acquires a company named Contoso, Ltd. The Contoso, Ltd., network consists of a single
Active Directory forest that contains a forest root domain named contoso.com and a child domain named
child1.contoso.com. All domain controllers run Windows 2000 Server. Both domains contain user
accounts and resource servers.
The domains and existing trust relationships are shown in the exhibit.
You need to create the minimum number of trust relationships required for the users in the
child1. Alecnet .com domain to access resources in both domains in the contoso.com
forest. What should you do?

A. Create a one-way trust relationship in which the Alecnet .com domain trusts the contoso.com
domain. B. Create a one-way trust relationship in which the contoso.com domain trusts the Alecnet
.com domain. C. Create a one-way trust relationship in which the child1. Alecnet .com domain trusts
the contoso.com domain. Create a one-way relationship in which the child1. Alecnet .com domain
trusts the child1.contoso.com
domain.
D. Create a one-way trust relationship in which the contoso.com domain trusts the child1. Alecnet
.com domain. Create a one-way trust relationship in which the child1.contoso.com domain trusts the
child1. Alecnet .com domain.
Answer: D

You are the network administrator for Alecnet . Your user account is a member of the Schema
Admins group. The network consists of a single Active Directory forest that contains three domains. The
functional level of the forest is Windows Server 2003. A Windows Server 2003 domain controller named
Alecnet A holds the schema master role.
An application named Application1 creates additional schema classes. You notice that this application
created some classes that have incorrect class names.
You need to correct the class names as quickly as possible.
What should you do?

A. Deactivate the Application1 classes that have the incorrect class names.
Set the default security permission for the Everyone group for those schema classes to Deny.
B. Deactivate the Application1 classes that have the incorrect class names.
Create the Application1 classes with the correct class names.
C. Rename the description of the Application1 classes to the correct class name.
Instruct the developers of Application1 to change the code of the application so that the renamed schema
classes can be used.
D. Instruct the developers of Application1 to change the code of the application so that the application creates
the new schema classes with the correct class names.
Reinstall Application1 and select Reload the schema in the Active Directory Schema console.
Answer: B

You are the network administrator for Alecnet .com. The network consists of a single Active
Directory domain named Alecnet .com. The functional level of the domain is Windows Server 2003.
The domain contains a secure site and a main office site, as shown in the exhibit.

All domain controllers are configured as shown in the following table.

Drive Contents

C Boot partition, system
partition, Active
Directory database log
files
D Active Directory
database
E Files and folders

The motherboard on Alecnet 2 fails and Alecnet 2 is taken offline. One week later,
an administrator connects to Alecnet 3 and seizes the schema master role.
You need to access files on drive E on Alecnet 2. You replace the motherboard on Alecnet 2
and bring Alecnet 2 online on an isolated subnet.
You need to be able to bring Alecnet 2 back into the secure site as quickly as possible in order
to access the files.
What should you do?

A. Perform a full format of drive D on Alecnet 2.
Transfer the schema master role to a domain controller in the MainOffice site.
Remove references to Alecnet 2 from Active Directory by using the Ntdsutil utility and the ADSIEdit
utility on Alecnet 1.
B. Perform a full format of drive C on Alecnet
2. Reinstall the operating system on Alecnet 2.
Remove references to Alecnet 2 from Active Directory by using the Ntdsutil utility and the ADSIEdit
utility on Alecnet 1.
C. Perform a full format of drive E on Alecnet
2. Run the dcpromo command on Alecnet 2.
Transfer the schema master role to a domain controller in the MainOffice site.
Join Alecnet 2 to the domain.
D. Perform a full format of drive C on Alecnet 2.
Transfer the schema master role to a domain controller in the MainOffice site.
Remove references to Alecnet 2 from Active Directory by using the Ntdsutil utility and the
ADSIEdut utility on Alecnet 1.
Answer: B