Microsoft Exam For 70-291 Implementing, Managing, and Maintaining a Microsoft Windows Server 2003

8/8/2019 Microsoft Exam For 70-291 Implementing, Managing, and Maintaining a Microsoft Windows Server 2003

http://slidepdf.com/reader/full/microsoft-exam-for-70-291-implementing-managing-and-maintaining-a-microsoft 1/30

Exam Sheets is well-established name relating IT certifications resources and test materials

to ensure your success in CCNA, CCIE, MCSE 2003, A+, 10g DBA and more

certifications by Cisco, IBM, Microsoft, HP, Oracle, CompTIA, etc.

Global Leader in IT Certification Resources

Exam Code

70-291

Exam Namemplementing, Managing, and Maintaining a Microsoft Windows Server 2

Network Infrastructure

Visit http://www.examsheets.net/microsoft-70-291.htmto buy complete product.

Sample Questions and Answers

http://www.examsheets.net/ccna-certification-training.htm

http://www.examsheets.net/ccie-certification-training.htm

http://www.examsheets.net/mcse-2003-certification-training.htm

http://www.examsheets.net/a-plus-certification-training.htm

http://www.examsheets.net/10g-dba-certification-training.htm

http://www.examsheets.net/cisco-certification-training.htm

http://www.examsheets.net/ibm-certification-training.htm

http://www.examsheets.net/microsoft-certification-training.htm

http://www.examsheets.net/hp-certification-training.htm

http://www.examsheets.net/oracle-certification-training.htm

http://www.examsheets.net/comptia-certification-training.htm

http://www.examsheets.net/


http://www.examsheets.net/microsoft-70-291.htm





http://www.examsheets.net/comptia-certification-training.htm

http://www.examsheets.net/oracle-certification-training.htm

http://www.examsheets.net/hp-certification-training.htm

http://www.examsheets.net/microsoft-certification-training.htm

http://www.examsheets.net/ibm-certification-training.htm

http://www.examsheets.net/cisco-certification-training.htm

http://www.examsheets.net/10g-dba-certification-training.htm

http://www.examsheets.net/a-plus-certification-training.htm

http://www.examsheets.net/mcse-2003-certification-training.htm

http://www.examsheets.net/ccie-certification-training.htm

http://www.examsheets.net/ccna-certification-training.htm











Exam Name: MCDBA Implementing, Managing, and Maintaining a Microsoft Windows Server2003 Network Infrastructure

Exam Type: Microsoft

Exam Code: 70-291 Total Questions: 445

Page 1 of 296

Question: 1]You receive a report that Computerl is responding slowly to user requests. You 12-19 want aquick way to see which network traffic the server use Network Monitor. You want to see whetherany general broadcast traffic is being sent to Computerl. Which counter should you enable?

A. Nonunicasts/IntervalB. Unicasts/IntervalC. Bytes Sent/IntervalD. Bytes Received/Interval

Answer: A

Question: 2You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to monitor the successful incremental zone transfers fromsouth.Microsoft.com to Microsoft.com. Which one of the following should be added to the "AddCounters" form?

A. AXFR Success ReceivedB. IXFR Success ReceivedC. Dynamic UpdateD. Secure UpdateE. WINS Reverse Lookup

Answer: B

Question: 3In the 10.9.9.0/24 network, a server named Serverl frequently needs to resolve names in theMicrosoft.com namespace and on the Internet. You need to configure the TCP/IP properties ofServerl to use the most efficient server as its preferred DNS server. The number of hops requiredto resolve any name must be kept to a minimum. You also need to minimize the amount ofnetwork traffic that is caused by name resolution. On Serverl, which DNS server should youconfigure as the preferred DNS server?






Page 2 of 296

You work as a security administrator for Microsoft.The basc network and some configures are asthe following:

A. Configure the DNS1 ServerB. Configure the DNS2 ServerC. Configure the DNS3 Server

D. Configure the server which IP is 131.107.5.1

Answer: C

Question: 4You work as a security administrator for Microsoft. The basic network and some configurationsare as the following:Currently, you need to ensure that Serverl8 can resolve FQDNs for all clientcomputers on the network. Which option should you modify on Serverl?






Page 3 of 296

A. On Serverl, configure the interfaces properties to listen on the IP of 192.168.2.10 only.B. Determine the appropriate trust type for an operating system.C. Describe the overall process you would use to troubleshoot IPSec problems.D. Modify the Dynamically update DNS A and PTR records for DHCP clients that do not request

dynamic updates (for example, clients running Windows NT 4.0) check box

Answer: D

Question: 5You are a network administrator for Company co., Ltd. The network consists of three ActiveDirectory domains named Company.com, asin.Company.com.An active Directory applicationpartition named specific.Company.com has replicas on all domain controllers in the

asin.Company.com and specific.Company.com domains. Another Active Directory applicationpartition named specific.Company.com has been created on one of the DNS servers in theasin.Company.com domain.All the DNS servers run Windows Server 2003 and are configured asdomain controllers. The DNS zones named points.com, specific.Company.com,asin.Company.com, and specific.Company.com are active Directory-integrated zones. CompanyDNS management standards specify that all DNS zones must be replicated by using ActiveDirectory.The intranet administrator of the Asia-Pacific regional division of the company wants aseparate NDS zone to be created. This zone will be used to register host names for a regionalintranet implementation. This zone must be replicated to all domain controllers in only theasin.Company.com and specific.Company.com domains. The new zone will be namedspecific.Company.com.You must create the specific.Company.com zone. You need to choose theappropriate configuration settings to meet the requirements. How should you configure thespecific.Company.com?

A. To all DNS Servers in the Active Directory forest Company.comB. To all domain controllers specified in the scope of the following application directory pattern.C. To create the specific.Company.com zone.D. To Backup and restore important data.

Answer: B

Question: 6






Page 4 of 296

Which resource record is used to resolve domain names specified in e-mail addresses to the IPaddress of the mail server associated with the domain?

A. PTRB. MXC. AD. CNAME

Answer: B

Question: 7You work as a security administrator for Microsoft. The basic network and some configurationsare as the following:Currently, you want the dial-up users to have successful connections, andyou want to avoid disrupting the LAN. How can you do that?

A. Using the Server Message Block (SMB) protocol to 192.168.1.107.B. Configure the IPSec policy to use Authentication Header (AH) in transport mode with Kerberos

authentication to 192.168.1.108.C. You could configure an IPSec policy to require Encapsulating Security Payload (ESP) betweenthe payroll client computers and 192.168.1.103.

D. On Server2, configure a static address pool for the dial-up client computers.

Answer: D

Question: 8On a new DNS server, you create a zone "" and then create subdomains from that root domain.Which function will the new server be able or unable to perform?






Page 5 of 296

A. The server will be unable to cache names.B. The server will be able to function only as a forwarding server.C. The server will be unable to resolve Internet names.D. The server will be unable to connect to the Internet.

Answer: C

Question: 9You work as a security administrator for Microsoft. The basic network and some policies are asthe following: Which of the following would be the IP address and Proffered DNS server?

A. 192.168.0.100, 192.168.0.2B. 192.168.0.110, 192.168.10.2C. 192.168.0.2, 192.168.5.100D. 192.168.0.1,255.255.255.0

Answer:






Page 6 of 296

Question: 10You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to ensure that when the DHCP server in one office fails, theclient computers will receive a correct IP address configuration from the DHCP server in the otheroffice. Which of the following would be true? Choose two that will apply.

A. Ensure that an attacker does not place a rogue DHCP server on your network.B. Limit the risk of a user unintentionally starting a Windows-based DHCP server on your

network.C. Between the offices to forward BOOTP broadcasts configure the router.D. In each office install and configure a DHCP relay agent.

Answer: C, D

Question: 11What is a good reason for assigning a policy by means of Netsh when Group Policy can be usedto simply assign an IPSec policy across multiple computers?

A. Using Netsh is the only way to apply a policy that can be used to permit a user's computer tobe used for a telnet session with another computer while blocking all other telnetcommunications.

B. Using Netsh is more easily implemented when multiple machines need to be configured.C. You can apply Netsh even if the computers are not joined in a domain, and Group Policy can

work only in a domain.D. You can use Netsh to create a persistent policy that will be used if Group Policy cannot be

used.

Answer: D

Question: 12






Page 7 of 296

Serverl4 is capable of supporting t to create a persistent policy that will be wo processors.Ninehundred users from a branch office relocate to the main office in Chicago. The help desk reportsthat client computer IP addresses take a usually long time to renew. You confirm that networkutilization is within acceptable limits. You notice that in the DHCP Server performance object. Themilliseconds per packet (Avg.) counter are 40 percent higher than the baseline.You run SystemMonitor to baseline Server 14 during normal business hours. You observer the performanceresults shown in the following table.Currently, you want to improve the performance of Serverl4.What should you do on Serverl4?


A. Have a wireless access point available.B. Use the Security Configuration and Analysis tool.C. Create, assign, and renew SSL Web server certificates.D. Move the database path to drive E.

Answer: A

Question: 13You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to configure Clientl so that it can address all the hosts on thenetwork by their names. How should you configure the DHCP service for the 192.168.0.0 scope

on Server2?






Page 8 of 296

A. Set the IP address of the DNS server to 192.168.0.100.B. Using IPSec to allow remote users to connect to an organization's private network across the

Internet.C. Encapsulating Security Payload with certificate-based authentication in tunnel mode would beavailable.

D. Establishing an IPSec connection to the IPSec gateway that provides access to the internalnetwork.

Answer: A

Question: 14






Page 9 of 296

You administer a network that consists of a single domain. On this network, you have configureda new DNS server named DNS1 to answer queries for Internet names from the local domain.However, although DNS1 is connected to the Internet, it continues to fail its recursive test on theMonitoring tab of the server properties dialog box. Which of the following could be the potentialcause for the failure?

A. You have configured DN51 in front of a firewall,B. DNS1 hosts a zone named VC. Your root hints have not been modified from the defaults.D. You have not configured DNS1 to forward any queries to upstream servers.

Answer: B

Question: 15You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to change the IP addressing scheme to accommodate allrequired servers in subnet A and subnet B. You are authorized to make any necessary changes.The diagram in the work area shows the network configuration and the planned number of

servers for each subnet. Which IP address should be assigned to each subnet?

A. Subnet A: 131.107.10.0/23 Subnet B: 131.107.10.0/24B. Subnet A: 131.107.11.0/23 Subnet B: 131.107.10.0/24C. Subnet A: 131.107.10.0/23 Subnet B: 131.107.11.0/24D. Subnet A: 131.107.11.0/23 Subnet B: 131.107.10.0/24

Answer: A






Page 10 of 296

Question: 16You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to ensure that users on all three segments of the network canaccess resources on Serverl. What should you do?






Page 11 of 296

A. Enable Fail on load if bad zone data setting in the advanced properties of Serverl.B. Enable the Secure cache against pollution setting in the advanced properties of Serverl.C. Enable the Enable automatic scavenging of stale resource records setting in the advanced

properties of Serverl and set it to 7 days.D. Modify the route to the 192.168.10.0 network in the routing table on Router2.

Answer: D

Question: 17Which of the following events could serve as a legitimate reason to modify (but not delete) thedefault root hints on the Root Hints tab of a DNS server properties dialog box? (Choose all thatapply.)

A. The Internet root servers have changed.B. The server will not be used as a root server.C. You have disabled recursion on the server.D. Your server is not used to resolve Internet names.

Answer: A, B

Question: 18Currently, you need to remove the update from all client computers until you can test the update.What should you do?


A. Log on to the computer until you contact one of Microsoft??s product activation centers.B. Install a service pack without saving uninstall files by using the ???ii?Cn switch when you

install the service pack.C. Configure Automatic Updates to download and install critical updates automatically.D. Clear the update for approval on the WSUS server. Run the spuninst command from the

Systemroot\$NtUninstallQ318138$\spuninst directory on each client computer.

Answer: D

Question: 19You work as a security administrator for Microsoft. The basic network and some policies are asthe following: Currently, you need to ensure that client computers can successfully connect to theW5US server. What should you do?






Page 12 of 296

A. Each client computer can resolve names on the network as quickly as possible by using a fullyqualified domain name (FQDN).

B. Prevent zone replication traffic from occurring on the slow network connections.C. Minimize hard disk utilization on the DNS servers in the Lagos and Nairobi branches as much

as possible.D. Ensure that DNS queries in Tangier and Cape Town are resolved locally.E. Specify the Server Name property to be the server's fully qualified domain name (FQDN), in

the WSUS GPO.

Answer: E

Question: 20You work as a security administrator for Microsoft. The basic network and some policiesare as the following:Currently, you need to ensure that all client computers in the domain canaccess the shared folders on Server6. You must ensure that all communications between client

computers and Server6 be encrypted. What should you do?






Page 13 of 296

A. Disable the default exemptions to IPSec filtering on all computers in the domain.B. Disable the default response rule in the Client (Respond Only) IPSec policy in the domain.C. Configure Serverl so that it uses the predefined IPSec policy named Server (Request

Security).D. Assign the Client (Respond Only) IPSec policy on all client computers.

Answer: D

Question: 21You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Now, you need to configure DNS_One and DNS_Two so that all computers on theinternal network can resolve the host names of other computers on the internal network, and thethree servers that are accessible from the Internet. Which of the following would be true? Choose2 that will apply.






Page 14 of 296

A. Create a primary DNS zone named adatum.com on DNS_Two.B. Create a secondary DNS zone named adatum.com on DNS_Two.C. Configure DNS forwarding from DNS_Two to DNS_One.D. Configure DNS forwarding from DNS_One to DNS_Two.E. Manually add a host record for each computer on the internal network to the adatum.com zone

on DNS_One.F. Manually add a host record for each Internet-accessible computer to the Microsoft.com zone

on DNS_Two.

Answer: A, F






Page 15 of 296

Question: 22You work as a security administrator for Microsoft. The basic network and some policies are asthe following: Currently, you need to view all of the IPSec settings that are applied to Server2 byGPOs. Which tool should you use?

A. you can run the repadmin /replicate command on each database server.B. you can run the gpupdate command on each database server.C. you can run the secedit /refreshpolicy command on each database server.D. you can open Local Computer Policy, select Security Settings, and then use the Reload

command on each database server.E. you can run the Resultant Set of Policy console.

Answer: E

Question: 23You discover that an administrator has adjusted the default TTL value for your company's primaryDNS zone to 5 minutes. Which of the following is the most likely effect of this change?

A. Resource records cached on the primary DNS server expire after 5 minutes.B. DNS clients have to query the server more frequently to resolve names for which the server is

authoritative.C. Secondary servers initiate a zone transfer every 5 minutes.D. DNS hosts reregister their records more frequently.

Answer: B

Question: 24

You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you confirm that all users can connect to the nonsecure sites hosted onthe Web server by using HTTP. You want to view the failed HTTPS requests. What should youdo?






Page 16 of 296

A. Monitor any changes to the files and directories that contain your application and content.B. Review Logs on Server.

C. Enable auditing for all users for any successful or failed attempts.D. Enable file access auditing for your Web site content.

Answer: B

Question: 25Currently, you need to update six high-visibility servers with critical updates by using WindowsServer Update Services (WSUS). You approve all of the updates. You need to ensure that theupdates are applied within one hour. What should you do?


A. Configure registry and file system permissions.B. Install the latest service pack on all Windows XP Professional client computers.C. Deploy security templates by using Active Directory-based Group Policy.D. Type the wuauclt /detectnow command at the command prompt on each of the six servers.

Answer: D

Question: 26Which of the following is not a benefit of storing DNS zones in the Active Directory database?

A. Less frequent transfers

B. Decreased need for administrationC. Less saturation of network bandwidthD. Secure dynamic updates

Answer: A

Question: 27






Page 17 of 296

Currently, you need to ensure that all client computers receive all Microsoft security patches,critical updates, and service packs. Which two actions should you perform? (Each correct answerpresents part of the solution. Choose two.)


A. Configure registry and file system permissions.

B. Install the latest service pack on all Windows XP Professional client computers.C. Deploy security templates by using Active Directory???ii?Cbased Group Policy.D. Install the Automatic Updates client on all client computers.E. Open the WSUS console. Create a target group and assign all client computers to the group.

Answer: D, E

Question: 28Currently, you need to install Windows Server Update Services (WSUS) on a computer namedServerl. Serverl has limited hard disk space. Serverl stores a minimal amount of informationlocally. Client computers must install Microsoft critical updates. You need to ensure that clientcomputers download updates directly from Microsoft Update. Only approved updates should bedownloaded. What should you do?


A. Make all users of Windows XP Professional client computers members of the Administratorslocal group.

B. On all Windows XP Professional client computers, install the latest service pack.C. On all Windows XP Professional client computers, use the gpupdate /force command.D. Open the WSUS console. Modify the synchronization option to not store updates locally.

Answer: D

Question: 29You are the network administrator for Lucerne Publishing. The Lucerne Publishing 5-52 networkconsists of a single domain, lucernepublishing.com, that is protected from the Internet by afirewall. The firewall runs on a computer named NS1 that is directly connected to the Internet.NS1 also runs the DNS Server service, and its firewall allows DNS traffic to pass between theInternet and the DNS Server service on NS1 but not between the Internet and the internalnetwork. The DNS Server service on NS1 is configured to use round robin. Behind the firewall,






Page 18 of 296

two computers are running Windows Server 2003-NS2 and NS3-which host a primary andsecondary DNS server, respectively, for the lucernepublishing.com zone.Users on the companynetwork report that, although they use host names to connect to computers on the local privatenetwork, they cannot use host names to connect to Internet destinations such aswww.microsoft.com.Which of the following actions requires the least amount of administrativeeffort to enable network users to connect to Internet host names?

A. Disable recursion on NS2 and NS3.B. Enable netmask ordering on NS1.C. Configure NS2 and NS3 to use NS1 as a forwarder.D. Disable round robin on NS1.

Answer: C

Question: 30You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to provide this security assessment of every computer andverify that the requirements of the written security policy are met. How could you do that?

A. Scan all the subnets in our data center instead of scanning just the IPs listed in our databaseof servers.

B. Denotes a scan that was completed successfully with no missing updates found. Scan reportsare stored on the computer from which you ran MBSA in the %userprofile%\SecurityScansfolder.

C. Install and run mbsacli.exe with the appropriate configuration switches on a server.D. Schedule automatic scanning for unpatched computers.

Answer: C

Question: 31You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need verify that all users are using a secure protocol to connect toServerl from the Internet. What are two possible ways to achieve this goal? (Each correct answerpresents a complete solution. Choose two.)






Page 19 of 296

A. Check the application log on the Web server.B. Use Network Monitor to capture network traffic on the Web server.C. Review the log files created by IIS on the Web server.D. Using Network Monitor to monitor network traffic to Serverl.E. On Serverl, monitor the IIS logs.

Answer: D, E

Question: 32You work as the network administrator for the Paris branch office of Microsoft. The basic networkand some policies are as the following:Currently, you need to configure DNS on Server_One tomeet the requirements. What should you do?

A. Identify common IPSec usage scenarios.B. Describe the IPSec negotiation process, including the differences between Main Mode and

Quick Mode communications.C. Determine which authentication method to use with each trust type.D. Set up conditional forwarding to Server_One for the engineering. Microsoft.com namespace.

Answer: D

Question: 33You are the administrator for a large network consisting of 10 domains. You have configured astandard primary zone for the mfg.lucernepublishing.com domain on a DNS server computernamed Serverl. You have also configured a UNIX server, named Server2, to host a secondaryzone for the same domain. The UNIX server is running BIND 8.2.1.You notice that zone transfers






Page 20 of 296

between the primary and secondary servers seem to generate more traffic than expected, puttinga strain on network resources.What can you do to decrease the network burden of zone transfersbetween the primary and secondary servers?

A. Clear the BIND Secondaries check box on Serverl.B. Configure a boot file on Serverl to initialize BIND-compatible settings.C. Select the BIND Secondaries check box on Serverl.D. Configure a boot file on Server2 to enable fast zone transfers.

Answer: Pending

Question: 34You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to configure Filesrvl to ensure that all computers connect to it byusing the IPSec policy. How can you do that?

A. Create a GPO with the IPSec policy Server (Request Security) and apply it to this OU.B. retain the Secure Server (Require Security) IPSec policy.C. Create an OU and place the computer accounts of all workstations running Windows XP

Professional.D. Assign the Secure Server (Require Security) IPSec policy.

Answer: D

Question: 35Currently, you need to ensure that Serverl can communicate with the Windows Update servers.How can you do that on Serverl?







Page 21 of 296

A. Schedule MBSA to scan your network for unpatched computers at night, so you can review thereports in the morning without waiting for the scan to occur.

B. Run Microsoft Baseline Security Analyzer (MBSA) on a client computer that has Internetaccess and targets all the domain controllers.

C. Use it to scan all computers on your network or domain for which you have administratoraccess.

D. Configure authentication to the proxy server in the WSUS options.

Answer: D

Question: 36You are designing the DNS namespace for a company named Proseware, which 5-62 has aregistered domain name of proseware.com. Proseware has a central office in Rochester and onebranch office each in Buffalo and Syracuse. Each office has a separate LAN and networkadministrator. You want to configure a single DNS server at each location, and you want thecentral office to host the proseware.com domain. In addition, you want the administrators inBuffalo and Syracuse to maintain responsibility for DNS names and name resolution within theirnetworks.Which of the following steps should you take?






Page 22 of 296

A. Configure a standard primary server in Rochester to host the proseware.com zone. Delegate asubdomain to each of the branch offices. Configure a secondary server in both Buffalo andSyracuse to host each of the delegated subdomains.

B. Configure a standard primary server in Rochester to host the proseware.com zone. Configurea secondary server in both Buffalo and Syracuse to improve performance and fault toleranceto the zone.

C. Configure the DNS server in Rochester to host a standard primary zone for the proseware.comdomain. Configure the DNS servers in both Buffalo and Syracuse to each host a standardprimary zone for a subdomain of proseware.com. Create a delegation from the DNS server inRochester to each of these subdomains.

D. Configure the DNS server in Rochester to host a standard primary zone for the proseware.comdomain. Configure the DNS servers in both Buffalo and Syracuse to host a standard primary

zone for a subdomain of proseware.com. Add secondary zones on each DNS server to pulltransfers from the primary zones hosted on the other two DNS servers.

Answer: C

Question: 37You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to ensure that Inventory.exe cannot be started by the worm,while still allowing the application to run as a service. What should you do?






Page 23 of 296

A. Choosing which methods to use for your environment.B. In the computer settings section of the Default Domain Policy GPO, modify the existing

software restriction policy hash rule for the Inventory.exe application so that the hash rule hasa security level of Disallowed.

C. Listed in the New Parameter column can be used with updates released.D. Invokes a dialog box that warns the user that a restart will occur in the specified number of

seconds.

Answer:

Question: 38

You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you install WSUS on four servers on the network. Which of the followingshould be added to First option on Serverl3?






Page 24 of 296






Page 25 of 296

A. Synchronize directly from the Windows Update serversB. Synchronize from a local WSUS server

C. Maintain updates on a Windows Update serverD. Save the updates to a local folder

Answer: B

Question: 39You are the administrator for your company's network, which consists of a central office LAN andthree branch office LANs, all in different cities. You have decided to design a new DNSinfrastructure while deploying Active Directory on your network.Your goals for the network are






Page 26 of 296

first to implement a single Active Directory forest across all four locations and second to minimizeresponse times for users connecting to resources anywhere on the network. Assume that allbranch offices have domain controllers running DNS servers.Which of the following actions bestmeets these goals?

A. Configure a single Active Directory domain for all four locations and configure a single ActiveDirectory-integrated DNS zone that replicates through the entire domain.

B. Configure a single Active Directory domain for all four locations, and configure a standardprimary zone at the central office with zone transfers to secondary zones at each branchoffice.

C. Configure an Active Directory domain and a DNS domain for the central office, delegate aDNS subdomain to each branch office, and configure an Active Directory-integrated zone ineach location that replicates through the entire forest.

D. Configure an Active Directory domain and a DNS domain for the central office, delegate aDNS subdomain to each branch office, and configure an Active Directory-integrated zone ineach location that replicates through the entire domain.

Answer: A

Question: 40Currently, you want to produce a weekly report that will list all the zones that are hosted on eachDNS server. Which of the following would you use to configure the DNS server?


A. Netdiag.exeB. DNScmd.exeC. Nslookup.exeD. Adsiedit.exe

Answer: B

Question: 41You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to ensure that each DNS server on the WAN has a dynamicallyupdated list of NS records for fineartschool.net. You also need to minimize zone replication trafficacross the slow connections and minimize DNS lookups on Serverl. Which of the following wouldyou configure to the Lima Server?






Page 27 of 296

A. Standard secondary zone

B. Stub zoneC. Conditional forwarderD. None of them

Answer: A

Question: 42Which of the following is not a benefit of using a stub zone?

A. Improving name resolution performance






Page 28 of 296

B. Keeping foreign zone information currentC. Simplifying DNS administrationD. Increasing fault tolerance for DNS servers

Answer: D

Question: 43Netsh is used to create and assign an IPSec policy for a stand-alone server running WindowsServer 2003. One of the commands used is the following, executed from the Netsh IPSec Staticcontext:Add rule name="SMTPBIock" policy="smtp" filterlist="smtp computerlist"filteraction="negotiate smtp" description="this rule negotiates smtp"Why is the policy not working?

A. The policy is set with the wrong IP addresses.B. Each policy specifies a different encryption algorithm.C. No encryption is taking place. The evidence is revealed in the soft SAs.D. The policy is using Kerberos for authentication and the computer is not a member of a domain.

Answer: D

Question: 44Currently, you need to configure DNS02 to host the primary zone for the Microsoft.comnamespace. The records that are currently in the Microsoft.com zone must be retained. You wantto ensure that all host names can be resolved immediately after DNS02 becomes the newprimary name server for the zone. How could you do that? Choose some steps that may be used.







A. On DNS02, set up a secondary zone named Microsoft.com.B. Add a name server (NS) record for DNS02 to the Microsoft.com primary zone.

C. On DNS02, change the zone type of the Microsoft.com secondary zone to a primary zone.D. On DNS01, delete the Microsoft.com primary zone.E. On DNS01, set up a secondary zone named Microsoft.com.

Answer: A, B, C, D, E

Question: 45You work as a security administrator for Microsoft. The basic network and some policies are asthe following:Currently, you need to change the configuration of the start of authority (SOA)

Documents

Microsoft Exam For 70-291 Implementing, Managing, and Maintaining a Microsoft Windows Server 2003