Preguntas ASO1

True/False
Indicate whether the sentence or statement is true or false.

____ 1. Before you create a domain controller, a DNS server must be available on the network.

____ 2. On a domain controller, members of the Power Users group can create user and group accounts and modify the users and groups they have created.

Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.

____ 3. How many processors does the 64-bit version of Windows Server 2003 Datacenter Edition support?
a. 4
b. 8
c. 32
d. 64


____ 4. Which of the following is not an edition of Windows Server 2003?
a. Enterprise
b. Datacenter
c. Standard
d. Web
e. Corporate


____ 5. What is the maximum amount of RAM supported by the 32-bit version of Windows Server 2003 Datacenter Edition?
a. 32 GB
b. 64 GB
c. 128 GB
d. 512 GB


____ 6. Which of the following is not an organizational element of Active Directory?
a. Tree
b. Organizational unit
c. Domain
d. Branch


____ 7. Why is it common practice to implement more than one domain controller per domain?
a. So the Active Directory database can be divided among multiple systems
b. To provide fault tolerance
c. So administration of the directory can be distributed among multiple administrators
d. So each domain controller holds records for fewer objects


____ 8. You are installing an application that requires the Active Directory schema to be extended. The application itself does not extend the schema, but the documentation included with the application specifies that each user account must have a property for the personal employer ID code. What steps would you take to achieve this?
a. Using the Schema Extender, add an object called Employer ID Code.
b. Using the Schema Manager, add an attribute to the user account object for Employer ID Code.
c. Using the Active Directory Schema snap-in, add an attribute to the user account property for Employer ID Code.
d. Using the Active Directory Schema snap-in, add an object called Employer ID Code.


____ 9. You are setting up a new server to provide file and print services for the corporate accounting department of your company. The accounting department has 78 users and four printers. The server assigned to the accounting department is an eight-processor system with 2 GB of RAM. The server used to be a corporate database server, but a recent upgrade has made the system available. What edition of Windows Server 2003 are you most likely to install on the server?
a. Web
b. Datacenter
c. Standard
d. Enterprise


____ 10. Which of the following is a disadvantage of using answer files to automate the installation of Windows Server 2003 on multiple systems?
a. Certain parameters in the file must be changed for each installation.
b. Only one copy of the file can be used at a time.
c. Answer files can be used only for Web Edition and Standard Edition systems.
d. Use of an answer file requires that RIS be installed and available on the network.


____ 11. Which of the following statements about Windows Server 2003 Web Edition is true?
a. A computer running the Web Edition can be a member of an Active Directory domain and function as a domain controller.
b. The standard Client Access License (CAL) model does not apply to computers running the Web Edition.
c. The Internet Connection Firewall (ICF) and Internet Connection Sharing (ICS) features allow the Web Edition to be used as an Internet gateway.
d. A computer running the Web Edition can function as a Dynamic Host Configuration Protocol (DHCP) server.


____ 12. You have assigned a junior member of your team the task of producing a specification for upgrading a mission-critical server from Windows 2000 to Windows Server 2003. No additional budget is available for server hardware, so one major consideration is that you cannot upgrade hardware. The existing server is a four-processor system with 64 GB of RAM and fault-tolerant storage and network subsystems. The junior team member has reviewed the technical specs and requirements and has suggested that the most appropriate choice for the server is Windows Server 2003 Datacenter Edition. What issues, if any, can you see with this proposal?
a. None. The recommendation is appropriate.
b. The Datacenter Edition is available only preinstalled on OEM equipment. It cannot be purchased separately.
c. The Datacenter Edition supports only 32 GB of RAM.
d. The Datacenter Edition supports only two-processor systems.


____ 13. You have been asked to recommend a server for a small programming team that develops enterprise-level data warehousing applications. The team sometimes uses testing processes that can diminish network performance, so it will be placed on a separate network from the rest of the organization.
To create an environment similar to the one in which the applications they develop will be used, you intend to purchase a four-processor Intel Itanium system with 32 GB of RAM for their exclusive use. Aside from the operating system, you want to avoid purchasing any additional software. They will need automatic IP address allocation, secure Internet access, and remote administration capabilities. Which of the following solutions would you recommend?
a. Buy a system with Windows Server 2003 Datacenter Edition and enable the Internet Connection Firewall (ICF), Internet Connection Sharing (ICS), Dynamic Host Configuration Protocol (DHCP), and Terminal Services.
b. Buy a system with Windows Server 2003 Enterprise Edition and enable ICF, ICS, DHCP, and Terminal Services.
c. Buy a system with Windows Server 2003 Standard Edition and enable ICS, DHCP, and Terminal Services.
d. Buy a system with Windows Server 2003 Web Edition and enable ICS, Domain Name System (DNS), and Terminal Services.


____ 14. You are the systems administrator for a college with more than 700 students on a single campus. You have two servers, one running Windows Server 2003 Enterprise Edition and the other running the Standard Edition. The college has two libraries, one for business students and another for arts students. Both libraries run a client management application from the Enterprise Edition server over Terminal Services. The library manager for the arts library calls to tell you that he is experiencing performance problems with the client management application. You call the manager of the business library, who tells you that she has been running a client inventory program for over an hour and has had no performance problems.
Upon investigation, you determine that when the business library manager is running the inventory program, the performance of the arts library application is affected. Which of the following tools would you use to manage this issue?
a. MMS
b. ICF
c. NLB
d. WSRM


____ 15. You are the network administrator for a customs brokerage in Columbus, Ohio. You have been asked to recommend a server operating system to support your company’s new intranet site. The server assigned for the purpose is a dual-processor system with 512 MB of RAM. In addition to providing support for the intranet site, the server will also act as a departmental server for the 17-person Web development team. Which of the following editions of Windows Server 2003 are you most likely to recommend?
a. Web Edition
b. Standard Edition
c. Corporate Edition
d. Enterprise Edition


____ 16. What TCP/IP port number is used by Terminal Services?
a. 110
b. 80
c. 3389
d. 1863


____ 17. By default, members of which groups are assigned remote access permission?
a. Administrators and Server Operators
b. Administrators
c. Administrators and RAS Admins
d. Server Operators


____ 18. Which of the following folders would you share out to make the Remote Desktop Connection client software available to users?
a. Systemroot\System\Clients\Tsclient\Win32
b. Systemroot\System32\Clients\Tsclient\Win32
c. Systemroot\System32\Clients\RDP\Win32
d. Systemroot\System32\Clients\Tsclient\Winx


____ 19. You are the network administrator for a large finance house. You have a user who wants to create an invitation for you to provide him with Remote Assistance. Which of the following is the best way for the user to supply you with the invitation and the password for the invitation?
a. E-mail the password and attach the invitation as a file to the same e-mail.
b. Create a text file with the password in it, and attach the text file and the invitation to an e-mail.
c. Transfer the invitation file to you via Windows Messenger, and then supply the password in an instant message.
d. E-mail the invitation to you as an attachment, and then call you with the password.


____ 20. You are the senior network administrator for an insurance company in Lincoln, NE. You want to create some customized MMC consoles for a junior administrator who has recently joined the company. You want to prevent him from opening new windows or accessing a portion of the console tree, and you want to allow him to view only one window in the console. Which of the following modes would you configure for the custom MMC console?
a. User Mode: Limited Access, Single Window
b. User Mode: Limited Access, Multiple Windows
c. User Mode: Limited Access, Single Window, No Open
d. User Mode: Full Access, Single Window


____ 21. Under what circumstances can you use Remote Assistance to connect to an unattended computer?
a. If you are logged in as an administrator.
b. If the password for the administrator account on the unattended computer is the same as the password for the administrator account on your system.
c. You cannot connect to an unattended computer using Remote Assistance.
d. If you have a valid invitation issued from that computer.


____ 22. On a computer running Windows Server 2003, which of the following procedures would you follow to issue an invitation for Remote Assistance?
a. Select Help And Support from the Start menu to open the Help And Support Center window, and then click the Remote Assistance hyperlink
b. Select Help And Support from the Start Menu to open the Help And Support Center window, click the Get Help hyperlink, and then select Remote Assistance.
c. Double-click the Help And Support applet in Control Panel to open the Help And Support Center window, and then click the Remote Assistance hyperlink
d. Double-click the Remote Assistance applet in Control Panel to open the Help And Support Center window, and then click the Remote Assistance hyperlink


____ 23. You are the network administrator for a property management firm with its head office in Boulder, CO. The company has 16 offices across the United States. Each site has a Windows Server 2003 system and 4 to 16 Windows XP Professional client computers. Each site is linked via an ISDN line, and even though this creates a private WAN, you are implementing firewalls at each location to provide security.
You are designing the specifications for the firewall, and you decide to provide Remote Assistance to users on the remote sites. You also decide to allow users to send invitations for Remote Assistance to the technical support department in Boulder over Windows Messenger. How would you configure the firewall to accommodate this configuration?
a. Open ports 2289 and 1863
b. Open ports 3389 and 1863
c. Open ports 2058 and 1863
d. Open ports 3389 and 2058


____ 24. In Active Directory Users And Computers, where do you configure logon time restrictions for a user?
a. The Logon Hours page of the user account properties
b. The General Page of the user account properties
c. The Sessions page of the user account properties
d. The Account page of the user account properties


____ 25. What term describes a type of user profile that the user can change but that does not save those changes when the user logs off?
a. Fixed
b. Roaming
c. Mandatory
d. Static


____ 26. Which of the following utilities can you use to modify an existing object in Active Directory?
a. Dsmod.exe
b. Csvde.exe
c. Dsadd.exe
d. Adobjedit.exe


____ 27. Which of the following properties cannot be configured for multiple users at a single time?
a. Terminal Services session settings
b. Address
c. Logon Hours
d. E-mail address


____ 28. A user calls to report that his account has been locked after he entered the incorrect password four times. Which tab of the user’s account properties do you go to unlock his account?
a. Account
b. General
c. Sessions
d. User


____ 29. Which of the following client operating systems requires additional client software to access the complete functionality of Active Directory?
a. Windows 98
b. Windows NT 4
c. Windows Me
d. All of the above


____ 30. Which of the following items is not included in a user profile?
a. Shortcuts and cookies for favorite locations on the Internet
b. Links to other computers on the network
c. Application data and user-defined configuration settings
d. Logon time restrictions


____ 31. If the Password Must Meet Complexity Requirements policy is enabled, which of the following passwords is not acceptable?
a. 111aaaBBB
b. !!@TRPP%%
c. aa2324!@
d. TTee@#P1


____ 32. When you configure the Password Policy, why would you enable the option to store passwords using reversible encryption?
a. So that if a user forgets her password it can be recovered
b. So that the user can find her password by providing a password clue if she forgets it
c. So the administrator can view the password to ensure that it meets complexity requirements
d. So that other applications can access the password information


____ 33. A user calls you because he cannot log on to the system. After verifying his identity, you determine that he recently returned from vacation and is unsure of his password. You decide to reset the password. How do you do accomplish this?
a. In the Active Directory Users And Computers MMC snap-in, select the user and then select Reset Password from the Action menu. Enter the existing password, and then enter a new password. Retype the new password in the Confirm Password box, and click OK.
b. In the Active Directory Users And Computers MMC snap-in, select the user and then select Reset Password from the Action menu. Enter the new password, retype the new password in the Confirm Password box, and click OK.
c. In the Active Directory Users And Computers MMC snap-in, select the user. On the Account properties page for the user, click Change Password and then enter a new password. Retype the password in the Confirm password box, and click OK.
d. On the General properties page for the user, click Change Password and then enter a new password for the user. Retype the password in the Confirm password box, and click OK.


____ 34. You have set the Account Lockout Duration setting of the Account Lockout Policy to 0. What does this mean?
a. The account lockout threshold will become ineffective because accounts that are locked by exceeding the account lockout threshold will immediately unlock.
b. An account that has exceeded the account lockout threshold cannot be unlocked until the administrator resets the password for the user.
c. The Enforce Password History setting will automatically record all of the incorrect passwords that are being tried.
d. An account that has exceeded the account lockout threshold must be manually unlocked.


____ 35. You are attempting to use the Csvde.exe tool to import a new set of user accounts to the directory. You confirm that the import file is formatted correctly, and then you issue the command csvde -f newusers -k. When you check in Active Directory, none of the new user accounts appears. What is the most probable cause of the problem?
a. The -k switch tells Csvde.exe that it should create the users only at the next database synchronization.
b. The default mode for Csvde.exe is export; if you want to import objects, you must use the -i switch.
c. The Csvde.exe command can be used only to import group and computer accounts, not user accounts.
d. The correct switch for specifying the filename for a Csvde.exe command is -fn, not -f.


____ 36. What information is transferred from a user’s Account tab when you copy the user’s account?
a. Everything except the Logon Hours
b. Everything except the Group Memberships
c. Everything except the User Logon Name and User Logon Name (Pre–Windows 2000)
d. Everything except the Street Address


____ 37. You have configured Logon Hours restrictions for a specific user. The user is not a member of any group policy objects. If the user is already logged on when the allowed logon time ends, what happens?
a. The user is forcibly disconnected.
b. The user is granted a 15-minute grace period.
c. The user is given a 5-minute warning and then is forcibly disconnected.
d. The user can continue working.


____ 38. What does setting an account lockout threshold of 0 achieve?
a. Any account that was locked out by the account lockout threshold remains locked indefinitely.
b. Any account that was locked by the account lockout threshold is unlocked immediately.
c. Any account that has exceeded the account lockout threshold needs the administrator to manually unlock it.
d. Any account that has exceeded the account lockout threshold is not locked out.


____ 39. You are looking at ways to automate the creation of user accounts. You do not have a large turnover of staff in your organization, so you decide to use templates as a shortcut to user creation. Which of the following statements about the use of template user accounts is true?
a. All new users created with the template have the same initial password.
b. All new users created with the template have the same group memberships.
c. All new users created with the template have the same file permissions as the template user.
d. All new users created with the template have the same street address.


____ 40. After numerous support calls from a user who is creating problems by making changes to his Windows settings, you get management approval to configure the user with a profile that will not allow him to save any changes. How do you go about doing this?
a. Open the Advanced page from the System Properties dialog box on the system that holds the profile, select the relevant profile, and click Set As Mandatory.
b. Locate the profile folder for the user and rename the Ntuser.man file to Ntuser.dat.
c. Configure the permissions to the folder holding the profile to read-only.
d. Locate the profile folder for the user, and rename the Ntuser.dat file to Ntuser.man.


____ 41. You have recently been employed as the network administrator for a commercial real estate company. The company is relatively small and has a highly mobile workforce. The company has two Windows Server 2003 systems and one Windows 2000 system. Active Directory is configured at a Windows 2000 mixed domain functional level.
Many of the sales representatives spend a great deal of time on the road and use the dial-in features of Windows Server 2003. The others are based primarily in the office and rarely work remotely. Late one evening, a user who normally works from the office pages you to report that he can’t gain access to the system over his dial-up link. He is calling from a hotel, where he is staying while at a conference. He explains that he connected the previous night from home without any problems, but this is the first time he has tried to connect from anywhere other than his home. Since you started working with the company, you have not made any changes to the user’s account properties. Based on the information he has provided, which of the following could be the problem?
a. The user has Verify Caller ID enabled, and his home phone number is defined for that property.
b. The static routes for the user have been configured to only allow the user to connect from his home phone number.
c. The Always Callback To property on the user’s Dial-In page has been configured with the user’s home phone number.
d. The phone number that the user is calling from is not listed on the Telephones properties page.


____ 42. You are the system administrator for a company that manufactures electronics equipment for the aerospace industry. The company has more than 150 employees, but only the administrative staff of 24 people has PCs. The other employees are involved in production and manufacturing and do not require a PC to perform their job. The client workstations are a mix of Windows 95, Windows 98, and Windows 2000 Professional systems. You have a single Windows Server 2003 system that provides file and print services and runs DHCP, DNS, and WINS services. Each employee has a browser-based e-mail account that is accessed via the company’s intranet.
Your manager has asked you to configure a single user account that will be used to log on from three PCs in the company cafeteria so employees can access the company intranet and their e-mail. Which of the following approaches are you most likely to take?
a. In the Account page of the user’s properties, configure the Log On To restrictions for the user by entering the IP address of the systems the user is permitted to use. Assign the user a mandatory profile by renaming the user account’s Ntuser.dat file to Ntuser.man and placing it on a server in the network. Configure the user’s profile path so it points to the location of the profile.
b. In the Account page of the user’s properties, configure the Log On To restrictions for the user by entering the MAC address of the systems the user is permitted to use. Assign the user a mandatory profile by renaming the user account’s Ntuser.man file to Ntuser.dat and placing it on a server in the network. Configure the user’s profile path so it points to the location of the profile.
c. In the Account page of the user’s properties, configure the Log On To restrictions for the user by entering the NetBIOS machine name of the systems the user is permitted to use. Assign the user a mandatory profile by renaming the user account’s Ntuser.dat file to Ntuser.man and placing it on a server in the network. Configure the user’s profile path so it points to the location of the profile.
d. In the Account page of the user’s properties, configure the Log On To restrictions for the user by entering the NetBIOS machine name of the systems the user is permitted to use. Assign the user a mandatory profile by renaming the user account’s Ntuser.pfl file to Ntuser.man and placing it on a server in the network. Configure the user’s profile path so it points to the location of the profile.


____ 43. You are the network administrator for a media company with 27 employees. You have recently implemented a new Windows Server 2003 system. Your manager is concerned about the security of your network. She has asked you to configure an Account Lockout Policy to provide additional security. She wants you to make sure that if a user tries to log on with the wrong password more than four times, that user’s account is disabled. She also wants to make sure that the user must call you when the account is locked so you can determine what the problem is before the user can attempt to gain access to the system again. Which of the following statements describes the Account Lockout Policy settings you would choose?
a. Set the Account Lockout Duration policy to 4, the Account Lockout Threshold policy to 0, and the Reset Account Lockout Counter After policy to 60.
b. Set the Account Lockout Duration policy to 0, the Enforce Password History policy to 0, and the Reset Account Lockout Counter After policy to 60.
c. Set the Enforce Password History policy to 4, the Account Lockout Threshold policy to 0, and the Reset Account Lockout Counter After policy to 30.
d. Set the Account Lockout Duration policy to 0, the Account Lockout Threshold policy to 4, and the Reset Account Lockout Counter After policy to 30.


____ 44. You are the network administrator for a large computer manufacturer in Portland, Oregon. Another computer manufacturer has recently acquired the company, and you are in the process of transitioning your IT infrastructure, including Active Directory, to the naming standards and schemes used by the takeover company. Your Active Directory structure uses domains with names based on geographical locations, so no reconfiguration of domain names is necessary. However, the domain name used for e-mail and the corporate Web page has changed. You have been asked to reconfigure all of the user accounts with the new e-mail address and Web page information. In total, you have to reconfigure 325 users in three organizational units. Which of the following is the easiest way to do this?
a. Select multiple user objects at once, and then edit the user’s properties and enter the new e-mail and Web page information.
b. Use Csvde.exe, and specify new values for the Web Page and E-Mail Address fields.
c. Use the Dsmod.exe command, and specify new values for the Web Page and E-Mail Address fields.
d. Edit the Web Page and E-Mail Address values for the OU objects. Then select Allow Inheritance Of Values From This Object on the OU.


____ 45. You are the network administrator for a healthcare provider in Denver, Colorado. The network comprises three Windows Server 2003 systems. You have recently installed a new database application that requires a service account to be created. This service account needs to impersonate a client to access computer resources on behalf of other user accounts. Which of the following approaches do you take to do this?
a. Create a new user account. Then, in the General properties tab for that user account, select the Account Is Trusted For Delegation check box.
b. Create a new user account. Then, in the Account properties tab for that user, select the Account Is Trusted For Delegation check box.
c. Create a new user account. Then, in the Advanced properties tab for that user, select the Account Is Trusted For Delegation check box.
d. Use an existing user account. In the Account properties tab for that user, select the Account Is Trusted for Delegation check box.


____ 46. You have recently installed Microsoft Internet Information Services (IIS) on your Windows Server 2003, Enterprise Edition server so that you can create an intranet for your company. Anonymous access to the IIS server has been enabled. The intranet is intended solely as a source of publicly available corporate information. It will also contain a mirror of the company’s Internet Web site.
In addition to providing access to employees, you also want the public to be able to access the intranet from two terminals in the reception area of the building. The terminals will be configured with third-party software that will restrict access to any application other than Microsoft Internet Explorer. Because employees in the company already have user accounts for the network, you will not need to make any changes to their configuration in order to allow access to the intranet. What do you do with respect to user accounts to enable users in the reception area to access the intranet?
a. Create one user account in Active Directory. Restrict logon through station restrictions to the systems in the reception area.
b. Create two user accounts, one for each system in the reception area, in Active Directory. Restrict logon through station restrictions to the systems in the reception area.
c. Create two user accounts, one for each system in the reception area, in Active Directory. Restrict logon through station restrictions to the systems in the reception area. In the General Properties tab, grant the user accounts the Use IIS right.
d. Nothing.


____ 47. You are the network administrator for a footwear distributor in Georgia. After a recent break-in, your manager is concerned that the criminals might have been able to access the computer systems. She asks you to tighten up security of user accounts and passwords. She asks you to propose settings for an Account Lockout Policy. You propose the following values for the Account Lockout Policy:
Account Lockout Threshold = 3
Account Lockout Duration = 0
Reset Account Lockout Counter After = 15
What would the result of these policies be?
a. If a user enters the incorrect password more than three times, the account is disabled. The account is automatically enabled after 15 minutes.
b. If a user enters the incorrect password more than three times, the account is locked. The account is automatically unlocked after 15 minutes.
c. If a user enters the incorrect password more than three times, the account is locked. The administrator must manually clear the lock on the account.
d. The account is never locked, regardless of how many attempts are made to access the system using the incorrect password.


____ 48. You are the network administrator for a soft-toy manufacturer in Wisconsin. The network comprises three Windows Server 2003 systems operating at a Windows 2000 mixed mode domain functional level. There are 135 users, each of whom has a Windows XP Professional system.
The Sales department has been based solely in Green Bay, at the company headquarters, but management has decided to split it into two teams, one of which will telecommute. You are given the names of the users who will be part of the new remote sales team, and you are asked to configure the user accounts with some new information. Specifically, you must specify a new Manager and Department name. You must also provide each user with dial-in capability to the system, which they have never had. Which of the following approaches are you most likely to take?
a. Configure the properties on multiple objects. Edit the Manager and Department fields in the Organization Properties tab. Grant the dial-in permission on the Dial-In tab, and configure the dial-in permissions on a per-user basis.
b. Configure the properties on multiple objects. Edit the Manager and Department fields in the Organization Properties tab. Enable the Control Access Through Remote Access Policy.
c. Open each user’s account individually. Edit the Manager and Department fields in the Organization Properties tab. Grant the dial-in permission in the Dial-In tab, and configure the dial-in permissions on a per-user basis.
d. Using Dsadd.exe, configure a script to modify the parameters for the dial-in permission and the Manager and Department fields.


____ 49. You are the network administrator for a pottery distributor in Utah. You are in the process of upgrading the corporate network from another operating system to Windows Server 2003. You ask a junior administrator to design an effective Password Policy. He offers the following suggestion:
Enforce Password History = 10
Maximum Password Age = 30
Minimum Password Age = 15
Minimum Password Length = 6
Password Must Meet Complexity Requirements = Yes
What would the result of this policy be?
a. The user can use a password of 33$#54 but must change it every 30 days. She cannot change it any sooner than 15 days. She cannot reuse the same password until she has changed her password 10 times.
b. The user can use a password of 23%&678 but must change it every 30 days. She cannot change her password any sooner than 15 days. She cannot reuse the same password until she has changed her password 10 times.
c. The user can use a password of $$r763 but must change it every 30 days. She cannot change it any sooner than 15 days. She cannot reuse the same password until she has changed her password 10 times.
d. The user can use a password of $P%#TR but must change it every 15 days. She cannot change it any sooner than 30 days. She cannot reuse the same password until she has changed her password 10 times.


____ 50. Which of the following is not a domain functional level supported by Windows Server 2003?
a. Windows 2000 mixed
b. Windows Server 2003 interim
c. Windows Server 2003 mixed
d. Windows Server 2003


____ 51. Which of the following is not a built-in Active Directory group?
a. Backup Operators
b. Power Users
c. Account Operators
d. Network Configuration Operators


____ 52. What happens to the local Administrators group when a computer is added to the domain?
a. The Domain Admins global group is added to the local Administrators group.
b. The local Administrators group is added to the Domain Admins global group.
c. The Domain Admins global group is added to the Computers local group.
d. The Domain Admins global group is added to the Power Users group.


____ 53. Where do you change the group scope?
a. In the Scopes properties tab of the group in Active Directory Users and Computers
b. In the General properties tab of the group in Active Directory Users and Computers
c. In the Members properties tab of the group in Active Directory Users and Computers
d. In the Type properties tab of the group in Active Directory Users and Computers


____ 54. Which of the following statements is not true of universal groups?
a. Universal groups can be granted access permissions for resources in any domain in the forest, and in domains in other trusted forests.
b. Universal groups are available only in the Windows 2000 native and Windows Server 2003 functional levels.
c. Universal groups can be converted to domain local groups or to global groups, as long as they do not have other universal groups as members.
d. Universal groups can be granted access permissions only for resources in the domain in the forest in which they are created.


____ 55. Which of the following Active Directory built-in groups does not have the right to back up files and directories?
a. Account Operators
b. Server Operators
c. Administrators
d. Backup Operators


____ 56. Which of the following statements is true of global groups?
a. Global groups can include only users from within their domain.
b. Global groups can include users from any domain in the tree.
c. Global groups can include users from any domain in the forest.
d. Global groups can include users from any domain in Active Directory.


____ 57. Which of the following tools do you use to raise the domain functional level of Active Directory?
a. Active Directory Sites and Services
b. Active Directory Users and Computers
c. Active Directory Domains and Trusts
d. Security Configuration and Analysis


____ 58. You have installed a new Windows Server 2003 system on your test network. After completing the installation, you run the Manage Your Server Wizard and configure the system as a domain controller. There are no other servers on the network. What will the domain functional level of the system be?
a. Windows 2000 mixed
b. Windows 2000 native
c. Windows Server 2003 interim
d. Windows Server 2003 single server


____ 59. A user who is connected to the system via a Remote Desktop connection automatically becomes a member of what special identity?
a. Remote Users
b. Interactive
c. Dialup
d. Anonymous Logon


____ 60. You are creating a script to streamline the process of adding new groups to Active Directory. You add the following command to the file:
dsadd group
"CN=Sales,CN=Users,DC=contoso,DC=com"
–member "CN=Administrator,CN=Users,DC=contoso,DC=com"
-scope g
What is the result of this command?
a. The command produces an error.
b. A universal group called sales.users.constoso.com is created, with the user Administrator as a member.
c. A global group called sales.users.contoso.com is created, with the user Administrator as a member.
d. The user administrator is removed from the sales.users.contoso.com group, and the scope is changed to global.


____ 61. Under what circumstances can you convert a global group to a universal group?
a. Only when the global group contains users from only one domain.
b. Only when the global group is not a member of another global group.
c. There are no restrictions on converting a global group to a universal group.
d. You cannot convert a global group to a universal group under any circumstances.


____ 62. The technical support department has a new member who needs rights to perform system functions and Active Directory administration tasks such as creating new user accounts, shutting down and restarting the server, backing up files and directories, and loading and unloading device drivers. You want to make the user a member of only one group, but you also want to avoid assigning more rights than necessary. Which of the following groups should you make the new hire a member of?
a. Administrators
b. Server Operators
c. Backup Operators
d. Domain Admins


____ 63. You have a laser printer in the Sales department. The Sales group is assigned permissions to print to that printer. The members of the Sales department are all members of the Sales group. No other users or groups are assigned permissions to the printer. What happens if you delete the Sales group?
a. The Sales group is removed from the ACL for the printer, but members of the Sales group can still print to the printer.
b. The Sales group is removed from the ACL for the printer, but the individual user accounts that were members of the Sales group are added to the ACL of the printer, thereby allowing them to print.
c. The Sales group is removed from the ACL for the printer, and members of the Sales department can no longer print.
d. Any user account that is a member of the Sales group is deleted.


____ 64. To redistribute some of the administrative burden on your network, your manager suggests having a member of the customer help desk act as your assistant. To allow this person to perform account management tasks, you make him a member of the Account Operators built-in Active Directory group. Which of the following tasks will the user be allowed to perform?
a. Adding user accounts to the Administrators group
b. Changing the password for the Administrator account
c. Adding user accounts to the Domain Admins group
d. Creating new user accounts


____ 65. You want to implement group policy on your network to provide control over user accounts on the network. Which of the following entities cannot be assigned group policy?
a. Organizational units
b. Domains
c. Groups
d. Sites


____ 66. When you join a computer to the domain, what happens to the membership of the local Guests group?
a. The Domain Guests predefined global group is added to the local Guests group.
b. The special identity Guests is added to the local Guests group.
c. Any user accounts defined as members of the local Guests group are added to the Domain Guests group.
d. The local Guests group is deleted.


____ 67. You are the network administrator for a clothing manufacturer in Boise, Idaho. The network comprises three domains. Each domain is assigned to a specific division in the company. You have six Windows Server 2003 systems running Standard Edition. Active Directory is running at a Windows Server 2003 domain functional level. You have a group of auditors who move from department to department in the course of their work. Because they move around, they need access to the nearest printer at any given time. Which of the following do you do to accommodate this?
a. Create a global group, place the user accounts for the auditors in that group, and then assign the global group permissions to all of the printers in each of the domains.
b. Create a universal group, place the user accounts for the auditors in that group, and then assign the universal group permissions to all of the printers in each of the domains.
c. Create a universal group, place the user accounts for the auditors in that group, and then place the universal group into the local printer users group on the domain controllers that host a printer.
d. Create a universal group, and place the user accounts for the auditors in that group. Create a global group, and place the auditors universal group into that global group. Finally, assign the global group permissions to the printers in each domain.


____ 68. You are the network administrator for a real estate agency in Washington, D.C. The network comprises three Windows Server 2003 systems and 120 client systems running Windows XP Professional. You have two domains, one representing each of the two divisions of the company (residential and commercial). You receive a request to create a group called Marketing that will be assigned resource access to resources in both domains. However, when you go to create a new security group, in the Group Scope option the Universal option button is grayed out. Which of the following is the most likely cause of the problem?
a. You are running at a Windows 2000 mixed domain functional level.
b. You are running at a Windows 2000 native domain functional level.
c. You are running at a Windows Server 2003 domain functional level.
d. You have more than one domain.


____ 69. You are the network administrator for a company that sells computer books. The network comprises six Windows Server 2003 systems, three of which are domain controllers. The other servers are member servers. Active Directory is operating at a Windows Server 2003 functional level. One of the domain controllers hosts a database application, and you need to provide users in the Sales department with access to a folder on that server that contains the data files for the database. Which of the following is the best approach to take?
a. Assign each user in the Sales department access to the folder individually.
b. Create a global group called Database, and give that group the necessary permissions to the folder containing the data file. Create a domain local group called SalesData, and add the appropriate members of the Sales department to the SalesData domain local group. Add the SalesData domain local group to the Database global group.
c. Create a domain local group called Database, and give that group the necessary permissions to the folder containing the data file. Create a global group called SalesData, and add the appropriate members of the Sales department to the SalesData global group. Add the SalesData global group to the Database domain local group.
d. Create a local group called Database on the domain controller. Create a global group called SalesData, and add the appropriate members of the Sales department to the SalesData global group. Add the SalesData global group to the local group.


____ 70. You are the network administrator for a tire wholesaler with seven offices across the continental United States. Each site has a single Windows Server 2003 server operating at a Windows Server 2003 domain functional level. Each site is linked to the head office in Buffalo, New York, by a PRI-ISDN line. Each site has its own domain. The WAN links are used by a number of applications, including a sales order-processing system. The company is experiencing huge growth, and over the next three months the number of staff members is set to increase from 160 to 310.
You are in the process of reorganizing the group structure on the network. Many of the users require access to data and applications in more than one site, and up to this point many of the assignments have been made with a user account rather than a group. One of your fellow administrators suggests creating a number of universal groups and adding the users to the universal groups. Permissions to resources can then be granted via the universal groups. What issues, if any, do you see with this solution?
a. None. The suggestion is practical and valid.
b. Universal groups are not available on a Windows Server 2003 domain functional level.
c. It might create additional traffic on the already heavily used WAN links.
d. You can place global or domain local groups only in a universal group, not user accounts.


____ 71. If you are using a Windows 2000 native domain functional level, which of the following Active Directory objects can be a member of a domain local group?
a. User and computer accounts from the same domain
b. User and computer accounts and other global groups from the same domain
c. User and computer accounts, universal groups, and global groups from any domain; other domain local groups from the same domain
d. User and computer accounts and global groups from any domain


____ 72. You are the network administrator for a music publishing company in Los Angeles. The network comprises four Windows Server 2003 systems, two of which are domain controllers. The network is operating at a Windows Server 2003 domain functional level. You have a number of distribution groups in Active Directory that were created for contacts in an external public relations (PR) firm. However, the PR firm has been bought out by the firm you work for, and the entire PR operation has been moved in-house. A new department has been created for the PR function. Users in the new PR department need access to resources such as folders and printers. Which of the following do you do to provide them access?
a. Create user accounts to match the users listed in the distribution group, and then convert the distribution group to a global group. Assign the new global group to domain local groups as needed to provide access.
b. Convert the distribution group to a global group. Assign the new PR global group to the appropriate domain local group.
c. Create new user accounts for users from the PR department. Add the users to domain local groups as needed to provide access.
d. Create new user accounts for users from the PR department. Create a global group, and add the users to that group. Add the global group to domain local groups as needed to provide access.


____ 73. On a network operating at a Windows 2000 mixed domain functional level, which of the following are limitations on converting groups?
a. You cannot convert groups in Active Directory operating at a Windows 2000 mixed domain functional level.
b. You can convert a domain local group to a universal group, but only when the domain local group does not have other domain local groups as members.
c. You can convert from a global group to a universal group only when the global group is not a member of another global group.
d. You can convert from a universal group to a global group only when the universal group does not have other universal groups as members.


____ 74. You have recently been hired as the network administrator for a trading card manufacturing company in New York. The network comprises four Windows Server 2003 systems, two of which are domain controllers. Active Directory is configured at a Windows Server 2003 domain functional level. Twelve groups have been created for each of the departments in the organization. You will soon be implementing a new Active Directory–aware e-mail system, and your manager wants to be able to send messages to all users in a department at one time. How do you accommodate this?
a. Copy each of the departmental groups, and then convert the new group to a distribution group.
b. Create a distribution group for each department, and manually duplicate the membership of the security group for each department.
c. Convert the security group for each department to a distribution group.
d. Special group configuration is not necessary.


____ 75. You are the network administrator for a data storage device manufacturer in Yakima, Washington. The network comprises three domains. Each domain is assigned to a specific department in the company (Development, Sales, Administration). You have three Windows Server 2003 systems running Standard Edition. Active Directory is running at a Windows Server 2003 domain functional level.
You have recently acquired a new plotter, which is to be used by the 14 electronics designers, all of whom are in the Development department and are members of the Development global group. The manager informs you that he is expecting to recruit two more designers in the near future. Which of the following do you do to provide the electronics designers with access to the new plotter?
a. Create a domain local group called Plotter, create a global group called Plotter Users, and make the Development global group a member of the Plotter Users group.
b. Create a domain local group called Plotter. Place the Development global group into the Plotter group.
c. Create a domain local group called Plotter. Place the user accounts for the users in the Development department into that group.
d. Assign the users from the Development department access to the plotter by assigning permissions to their user accounts.


____ 76. You are the network administrator for an insurance company with its head office in San Francisco. The company has four other offices—in Detroit, New York, Vancouver, and Dallas. The network comprises six Windows Server 2003 systems, two in San Francisco and one at each of the other sites. Active Directory is operating at a Windows 2000 mixed domain functional level.
The company has a sales order-processing system with a local database in each location. The local databases are synchronized hourly with the central database in San Francisco. Users at every site have been experiencing problems with the database, so your manager has contracted two SQL database administrators (DBAs) for three months to determine the problem and make recommendations for optimizing the database. These DBAs, who will be based in San Francisco, need direct access to the database folders in each location. Which of the following do you do to achieve this?
a. Create a global group called DBA in the San Francisco domain. Create a domain local group in each of the other domains, and grant permissions to the folders containing the database data files to the respective domain local group. Assign the DBA global group to the domain local groups.
b. Create a universal group called SQL, and assign it to the folders containing the database data files. Create a global group in each domain called DBAs, and add the user accounts for the DBAs to the DBA group. Add the DBA group to the SQL universal group.
c. Create a global group in each location, and assign the global group permissions to folders containing the database data files. Add the DBAs from San Francisco to the global group in each location.
d. Create a universal group called SQLDBA, and assign it permissions to the folders containing the database data files. Make the DBAs’ user accounts members of the universal group.


____ 77. On a system running Active Directory at a Windows 2000 mixed domain functional level, what objects can be a member of a universal group?
a. User and computer accounts, universal groups, and global groups from any domain; other domain local groups from the same domain.
b. User and computer accounts, other universal groups, and global groups from any domain.
c. User and computer accounts and other global groups from the same domain.
d. None. Universal groups are not supported at the Windows 2000 mixed domain functional level.


____ 78. You are the network administrator for a frozen foods wholesaler. The network comprises 3 Windows 2000 Server systems and 165 workstations that run Windows XP Professional or Windows 2000 Professional. You are planning to install a new Windows Server 2003 system and want to configure the domain functional level for the highest level supported by both servers. You also want to use universal security and distribution groups, and group nesting. What domain functional level do you use after you have installed the Windows Server 2003 system?
a. Windows 2000 native
b. Windows Server 2003
c. Windows Server 2003 interim
d. Windows 2000 mixed


Short Answer

79. Explain the purpose and function of group policies.

80. Explain the functions of objects and attributes in Active Directory. Provide examples.

81. Explain the function of a taskpad in MMC and how you would create one.

82. Explain the purpose of the Minimum Password Age policy setting in the Password Policy.

83. Explain the purpose of the Apply Static Routes check box in the Dial-In Properties page of a user account.

84. Describe the elements of a domain user account, and explain what happens when a user logs on to the system with a user account.

85. Describe two ways to disable an existing domain user account in Active Directory Users And Computers.

86. You are the administrator for a law firm with more than 400 employees. The firm has a single office in New York. The network comprises three Windows Server 2003 systems and two Windows 2000 Server systems. Active Directory is configured at a mixed mode functional level. The servers provide DHCP, DNS, ICS, and file and print services. All workstation PCs are running Windows 2000 Professional. Employees almost always use the same PC, so you are using local profiles.
Your manager has asked you to create a user account for a student who will work at the firm during the summer. The student will spend a few days in each department to gain a wide range of experience in the firm. Your manager asks you to create a user account for the student but to restrict the account as much as possible so technical staff don’t have to spend time troubleshooting account problems. You inform the manager that among other restrictions, you will create a mandatory roaming profile for the user. He is unfamiliar with how profiles work and asks you to describe how to configure such a profile. Describe the process of configuring a mandatory roaming profile for a user account.

87. A new user has just joined the Sales department. His job is to prepare monthly sales figures, which up to this point has been the sole responsibility of the department manager. To simplify account creation for the new user, you copy the manager’s user account. The user can log on and access most of the resources that are available to the Sales department, but there are a number of files and directories that the manager has access to that the new user can’t see. What is the likely cause of this problem? How do you resolve the issue?

88. Describe the function of a security group.

89. Describe when and where the Enterprise Admins group is created. Also explain the powers that are assigned to the Enterprise Admins group, and describe the default group memberships for the Enterprise Admins group.

90. Describe the purpose and function of a distribution group.