1. Your company is deploying Windows2000 Professional on a network of 300 computers. The network has two Windows2000 server computers. You have just enough Windows 2000 Professional licenses. You need to restrict the department so that Windows 2000 Professional can be installed on the right client computers. You will need to minimize the user intervention during the deployment and centralize the installation files. What should you do? A. Create a shared folder on one of the servers. Copy the source files from the Windows 2000 Professional CD-ROM to the shared folder. Allow users to perform unattended installation from the shared folder on the licensed computers. B. Install RIS on one of the servers. Create user accounts for all licensed users. Configure the server to accept the connection from only known computers. Perform unattended installation for all connecting computers. C. Create a shared folder on one of the servers. Restrict access to the share so that only 250 users can connect. Copy the source files from the Windows 2000 Professional CD-ROM to the shared folder. Allow users to perform unattended installation from the shared folder on the licensed computers. D. Install RIS on one of the servers. Create computer accounts to the domain for only the licensed computers. Configure the RIS server to accept connections from only known computers. Allow users to perform unattended installation from the shared folder on the licensed computers. Ans: D 2. Your company's Windows 2000 network consists of a single domain. You are the enterprise administrator of the domain. Two administrators named Ann and Bill make changes to Active Directory at approximately the same time at two different domain controllers named ServerA and ServerB. Ann deletes an empty OU named Branch1 from ServerA. Before this deletion is replicated to ServerB, Bill move five existing users from the Brach2 OU to the Branch1 OU at ServerB. Ten minutes later, Bill discovers that the Branch1 OU is deleted from Active Directory. You want to reinstate the configuration that Bill attempted to accomplish. What should you do? A. Perform an authoritative restore of the Brach1 OU at ServerA. B. Perform a nonauthoritative restore of the Branch1 OU at ServerA. C. Perform an authoritative restore of the five users at ServerB D. At ServerB, move the Branch1 OU from the LostAndFound container to its original location. E. At ServerA, create a new Branch OU. Move the five users from the Branch2 OU to the new Branch1 OU. F. At ServerB, create a new Branch1 OU. Move the five users from the LostAndFound container to the new Branch1 OU. Ans: F 3. You are the enterprise administrator of a Windows 2000 domain tree that has five domains. All domains are in native mode. Each domain has one or more users who are help desk staff. Each domain has a global group named Help Desk Members that contains the help desk staff from each domain. There is an OU named Interns in the root domain. You want all help desk staff to be able to reset passwords of the users in the Interns OU. What should you do? A. Create a new global security group named Help Desk Staff in the root domain. Place the five Help Desk Members groups in the Help Desk staff group. Place the Help desk staff group in the Reset Interns group. On the reset Interns group, assign the Reset password permission to the Help Desk Staff group. B. Create a new global security group named Help Desk Staff in the root domain. Place the five help desk staff in the Help Desk Staff group. Create a new local security group named Reset Interns in the root domain. Place all users from the Interns OU in the Reset Interns group. On the Interns OU, assign the reset Password permission to the Reset Interns group. C. Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk Members groups in the Help Desk Staff universal group. Create a new local security group named Reset Interns in the root domain. Place the Help Desk Staff group in the Reset Interns group. On the Interns OU, assign the reset password permission to the Reset Interns group. D. Create a new universal security group named Help Desk Staff in the root domain. Place the five Help Desk Members groups in the Help Desk Staff group. Create a new local security group named reset Interns in the root domain. Place all users from the Interns OU in the Reset Interns group. On the reset Interns group, assign the Reset Password permission to the Help Desk staff group. Ans: C 4. You are the administrator of the company network for Arbor Shoes. Arbor Shoes has three domains: arborshoes.com, na.arborshoes.com, sa.arborshoes.com All the domains are in native mode. You are going to remove the na.arborshoes.com domain in an effort to consolidate domains. There are 300 users in na.arborshoes.com. You want to move all 300 users at the same time to arborshoes.com. What should you do? A. At the command prompt, type the following command: Cscript sidhist.vbs/srcdc:dc1 /srcdom:na.arborshoes.com /dstdc:dc1/dstdom:arborshoes.com. B. At the command prompt, type the following command: Movetree /start /sdc1.na.arborshoes.com /d dc1.arborshoes.com/sdn cn=users,dc=na,dc=arborshoes,dc=com /ddn cn=users, dc=arborshoes, dc=com. C. In MMC, use the copy command in Active Directory Users and Computers. D. In MMC, use the move command in Active Directory Users and Computers. Ans: B 5. You are the administrator of a Windows 2000 network. Your Windows 2000 domain controller has been in operation for one year. During that year, you have deleted numerous objects. However, the NTDS.DIT file is the same size it was before you deleted any objects. You want to reduce the size of the NTDS.DIT file. What should you do? (Choose two) A. Delete all the log files from the NTDS folder and restart the server. B. Use the Ntdsutil utility to perform an authoritive restore. C. Run the Esentutl utility by using the /d switch. D. Restart the server in Directory Services restore mode. E. Use the Ntdsutil utility to compress the database to another drive. Ans: D, E 6. You are the administrator for Trey Research and A. Datum Corporation. You manage a multi-domain Windows 2000 network of 5,000 users for the two companies. The network is configured as shown in an exhibit: The two companies have a total of six departments. Each department is an OU in AD. Each Domain and OU has specific Group Policy settings that must be applied to all of its members. Your company is reorganizing all six departments. Some, but not all, of the users in each OU have moved. Many users have changed departments, and some have changed domains. You want to accomplish the following goals in the least possible amount of time: - Place the users account in the appropriate domains. - Apply the existing policies for each domain or OU to the moved accounts. - Do not disrupt user access to shared resources. What should you do? A. For all users, create new user accounts in the appropriate OUs. Assign permissions to the accounts to apply the Group Policy settings and then delete the old accounts. B. For the users moving between domains create new user accounts in the appropriate OUs. Assign permissions to the accounts to apply the Group Policy settings and then delete the old accounts. For the users moving between Ous in the same domain, select the accounts. Then choose MOVE from the Action menu, targeting the new OU. C. For the users moving between domains, use the Movetree utility, specifying the source and target domains and OUs. For the users moving between OUs in the same domain, select the accounts. Then choose MOVE from the ACTION menu, targeting the new OU. D. For the users moving between domains, create new user accounts in the appropriate OUs. Assign permissions to the account to apply the Group Policy settings and then delete the old accounts. For the users moving between OUs in the same domain, select the accounts. Then choose Copy from the Action menu, entering the appropriate account information for the new users accounts. Then delete the old accounts. Ans: C 7. You are the LAN admin for Arbor Shoes. You hire Sophie to be a LAN administrator for the Dublin office. Arbor Shoes has one domain named arborshoes.com. Each office has its own OU. Sophie needs to be able to create child OUs under only ou=Dublin, dc=arborshoes, dc=com and verify the existence of the created OUs. Which permissions should you assign to Sophie on the Dublin OU? (Choose three) A. Full Control B. List Contents C. Create OU objects D. Create All Child Objects E. Write F. Read Ans: B, C, F 8. You are the administrator of the Arbor Shoes company network. There is one domain named arborshoes.com. The domain contains three sites named Geneva, Milwaukee, and Portland. Each site has two domain controllers from the arborshoes.com domain. Geneva and Portland each have 1,000 users. Milwaukee has 500 users. There are two IP site links: Geneva--Portland Milwaukee--Portland You want to add another domain controller in each site to handle all replication from each site. What should you do? A. Configure each new domain controller to be the IP preferred bridgehead server for its site. B. Create a connection object from each domain controller in each site to the new domain controller in each site. C. Create a new site link that has a lower cost that the existing site links. D. Delete the existing connection objects in each site and manually start the KCC. Ans: A 9.You add three new SCSI hard disk drives to your company's domain controller. The SCSI disks are configured in a hardware RAID-5 array. You have two other physical disks in this domain controller. You want to optimize the speed of the Active Directory database. What can you do? (Choose two) A. Move the NTDS.DIT file to the RAID-5 array. B. Move the log files to a separate physical disk from the OS. C. Move the log files and the NTDS.DIT file to the RAID-5 array. D. Move the NETLOGON share to the RAID-5 array. E. Create a mirror volume and place the log files on the mirror. Ans: A, B 10. You add a new domain controller named GC01 to your network to take the place of the existing global catalog server. You also enable GC01 as a global catalog. You want to use GC00, the original server, as a domain controller but not as a GC server for the domain. You want to increase disk space on GC00. What should you do? (Choose all that apply) A. Use the Active Directory Sites and Services. Select the NTDS settings object for the GC00 Server to clear the Global Catalog check box. B. On the GC00 server, run the Ntdsutil utility to defragment Active Directory. C. On the GC00 server, reinstall Windows 2000. D. On the GC01 server, run the Ntdsutil utility to enable the global catalog server option. Ans: A, B 11. You are the administrator of a Windows 2000 Network. Your network's organizational unit (OU) structure is shown in an exhibit. You grant Create Users Objects permission to Anita for the Executive OU, but she is unable to create users objects in the Users OU. Anita is able to create users objects in the Workstation OU. What should you do to enable Anita to create users objects in the Users OU? A. Clear the Allow inheritable permissions from parent to propagate to this object check box in the Executive OU properties. B. Select the Allow inheritable permissions from parent to propagate to this object check box in the Users OU properties. C. Add Anita to the Server Operators group. D. Move the Users OU to the same level as the Executive OU. Ans: B 12. You work as a Network Administrator of a Windows 2000 Active Directory based network. Your network is a single domain multiple site network. These sites are connected with high-speed T1 lines. A DNS server is used for host name resolution. Changes are frequent and you want that the name server should return the current domain namespace across the network. What should you do to ensure that the data about the domain namespace is more current across the network? A. Specify longer TTL values for each DNS name server in the domain. B. Remove all cache-only servers in the domain. C. Specify shorter TTL values for each DNS name server in the domain. D. Install a preferred bridgehead server in each site. Ans: C 13. You want to install Active Directory on your Windows 2000 system. You have already installed DNS and want to check it using the DNS console. Which options will be available? A. Run the loopback test. B. Use the Test Now button on the client computer's TCP/IP properties. C. Run the PING utility from the DNS console. D. Use the Test Now button on the Monitoring tab of the Properties dialog box for the server. Ans: D 14. All your domain controllers are configured for DHCP. Each time the system is booted, it gets a new IP address from the DHCP server. You have also configured Active Directory on the domain controller. You want to configure your DNS setting so that it will dynamically update the DNS data, only if the zone type is Active Directory integrated, whenever the IP address of the domain controller changes. How will you configure for dynamic updates? A. Update none, the zone for Active Directory integrated will always be updated. B. Allow Updates C. Allow Only Secure Updates D. Allow Only Active Directory Updates Ans: C 15. You work as athea Network Administrator of a Windows 2000 Active Directory based network. You are puzzled that although you have deleted so many objects from your Active Directory, thefile size of the NTDS.DIT file remains the same. What is the most likely cause for this? A. Deletion of the objects in the Active Directory make no change in the actual database file as active directory keeps object in separate database. B. The Active Directory keeps the database in the compressed mode hence deletion of objects, of Active Directory, makes no change in the file size of the database. C. The database is fragmented and requires defragmentation, to reduce the size of the database file. D. The database got corrupted. Ans: C 16. Rick works as a Network Administrator of a Windows 2000 Active Directory based network. One day he discovers that the volume that contains the Active Directory database file on ADServer is running out of disk space. What should Rick do to move NTDS.DIT database file to an empty volume on a different disk on the ADServer? (Choose all that apply) A. Restart the ADServer in the Directory Services Restore Mode. B. Demote the server from a domain controller to a member server. C. Use the NTDSUTIL utility to move the database file to an empty volume. D. Use the MOVEDATABASE utility to move the database file to an empty volume. Ans: A, C 17. You work as a Network Administrator for Subway Inc., which has multiple domain controllers in its network based on Windows 4.0. A few months ago, all the systems were upgraded to Windows 2000. No backup has been taken since the upgrade. Recently, one of the domain controllers crashed. How will you restore the Active Directory data of the crashed system? Required result: Repair Windows 2000 installation. Optional result 1: Restore the Active Directory to the current state. Suggested solution: First, use the Sites and Services snap-in on an existing domain controller to delete any references to the old domain controller. Then, restore a domain controller by reinstalling the Windows 2000 Server on the damaged system, making it a domain controller. Which results does the suggested solution produce? A. The suggested solution produces the required result and the optional result. B. The suggested solution produces only the optional result. C. The suggested solution produces only the required result. D. The suggested solution does not produce the required result. Ans: A 18. You work as a Network Administrator of a Windows 2000 Active Directory based network. Your company's network consists of two sites namely Miami and Los Angeles. These sites are connected with a high-speed T1 line. The Miami site is highly protected and a firewall has been configured for security reasons. You create a site link to replicate the Active Directory data between the two sites. You find that the replication is not working properly. You know that a firewall is preventing data from being replicated between the two sites. What will you do to troubleshoot the problem? A. Increase the cost of the site link. B. Make the proxy server of the Miami site a preferred bridgehead server. C. Schedulehbb a site link to replicate the Active Directory data for twenty four hours a day. D. Remove the firewall, as replication is not possible if the firewall is configured in a site. Ans: B 19. Rick works as a Network Administrator for a Windows 2000 Active Directory based network. His company's network consists of two sites namely New York and Seattle. Both sites are connected with high-speed T1 lines. Rick is configuring Active Directory replication between the sites. He creates a site link for the T1 line and one for dial-up connection. He wants the Active Directory to always choose the T1 site link first, to replicate the data. He wants the dial-up connection to be chosen only in case the T1 line is not available. How will Rick configure the site links to meet this requirement? A. He will configure a lower cost for the T1 line and a higher cost for the dial-up network. B. He will configure a higher cost for the T1 line and a lower cost for the dial-up network. C. He will set the replication frequency of the T1 line higher than that of the dial-up network. D. He will set the replication frequency of the T1 line lower than that of the dial-up network. Ans: A 20. What does the Global Catalog server store?(Choose all that apply) A. A Global Catalog server is a domain controller that stores a writeable copy of the domain directory, the schema directory and the configuration directory partition. B. A Global Catalog server is a domain controller that stores a partial Read Only copy of all the other domain directory partitions in the forest. C. A Global Catalog server is a domain controller that stores a writeable copy of all the other domain directory partitions in the forest. D. A Global Catalog server is a domain controller that stores a partial Read Only copy of the domain directory, the schema directory and the configuration directory partition. Ans: A, B 21. Your network is divided into three sites: New York, Texas and Washington. You have created two site links: 1 Site link NT connects the New York site and the Texas site over IP with cost = 4. 2 Site link WT connects theWashington site and the Texas site over IP with cost = 3. There is no site link between the New York site and the Washington site. What will be the cost of NT-WT site link bridge, which connects site link NT and site link WT? A. Seven B. Four C. Three D. One E. Thirty-five Ans: A 22. An AD tree and an AD forest share many things. Which of the following do they NOT share? A. The same namespace B. The same schema C. The same global catalog D. Two-way transitive trust relationships Ans: A 23. Which of the following is true of AD replication? (Choose two) A. Replication messages between sites are uncompressed and replication messages within a site are compressed. B. Replication messages between sites are compressed and replication messages within a site are uncompressed. C. Replication between sites always uses RPC over IP. Replication within a site can use either RPC over IP or SMTP over IP. D. Replication within a site always uses RPC over IP. Replication between sites can use either RPC over IP or SMTP over IP. Ans: B, D 24. Which of the following partitions get replicated as part of AD replication? (Choose three) A. The DNS partition B. The domain partition C. The schema partition D. The Sysvol partition E. The configuration partition Ans: B, C, E 25. How do you change the registry key for all users? A. Use an Administrative Template B. Use a change to the Sysvol partition C. Use a Security Template D. Use a change to the Netlogon Ans: A 26. You are the administrator of a Windows 2000 domain. The domain has an organizational unit (OU) named Support. Users in the Support OU frequently use their portable computers when they are not connected to the network. The portable computers are Windows 2000 Professional computers in the Support OU. The domain also has a Windows 2000 Server computer named Data3. The \\Data3\SupFiles share contains files that are needed by the users in the Support OU. You want to accomplish the following goals: *Users in the Support OU will be able to access files at \\Data3\SupFiles if they use their portable computers while they are not connected to the network. *The total disk space used on the portable computers to automatically store files from the \\Data3\SupFiles share and other server locations will not exceed 5 percent of the hard disk space. What should you do? (Choose all that apply) A. Configure the SupFiles share on the Data3 server to cache documents automatically. B. Create a new Group Policy object (GPO) named Exfolder. Assign the Exfolder GPO to the Support OU. Configure the Exfolder GPO to exclude the \\Data3\SupFiles folder from roaming profiles. C. Create a new Group Policy object (GPO) named Maxdisk. Assign the Maxdisk GPO to the Support OU. Configure the Maxdisk GPO to limit the automatically cached off line files to 5 percent of the hard disk space. D. Create a new Group Policy object (GPO) named Maxsize. Assign the Maxsize GPO to the Support OU. Configure the Maxsize GPO to limit the size of each user profile to 5 percent of the hard disk space. Ans: A, C 27. You are the administrator of a Windows 2000 network. You create global groups and Domain Local groups for the accounts payable and accounts receivable departments. The Domain Local group named AP has Change permission for the Accounts Payable folder. The Accounts Payable folder is a subfolder of the Accounting folder. The Accounts Payable global group is a member of the AP Domain Local group. Fred's user account is a member of the Accounts Payable global group. Fred moves from the accounts payable department to the accounts receivable department. Fred now needs to access only accounts receivable information. You remove Fred's user account from the Accounts Payable global group, but Fred is still able to access documents in the Accounts Payable folder. What are two possible causes of this problem? (Choose two) A. Fred's user account has explicit permissions on the Accounting folder. B. Fred's user account belongs to another group that gives him permissions on the Accounts Payable folder. C. The Accounting folder is not published in Active Directory. D. The Accounts Payable folder is on a FAT32 partition. E. The AP Domain Local group is not a member of the Accounts Payable global group. Ans: A, B 28. You are the network administrator for Blue Sky Airlines. You are implementing a Windows 2000 network consisting of five sites in the blueskyaIrlines.com domain, which are shown below: 15,000 users in Chicago 5,000 users in Los Angeles 2,000 users in Miami 10,000 users in New York 2,000 users in Seattle You are designing the structure of the DNS servers. You want to allow secure dynamic updates to DNS in Chicago, Los Angeles, and New York. You want full DNS replication to occur in all the sites. You do not want the Miami site to have an editable copy of the DNS zone. What should you do? (choose all that apply) A. Drag "AD integrated" to Chicago, L.A. and New York since "Only Secure Updates" is a requirement. B. Drag "Secondary" to Miami since you don't want to have an editable copy of the DNS zone. C. Drag "Secondary" to Seattle. Ans: A, B, C 29. You are the admin of a W2k file server named ServerA, it is member of a W2k domain. A folder named I:\data\limitedpublic shared as limpub. share permissions: everyone read NTFS permissions: everyone full Control You want all users who have valid domain account to be able to create files, and update the files they created. You also want to prevent users from accessing other users' files, but want to allow the creator of a file to assign access other users. Users report: they can access limpub, but cannot create files. A. share permissions: everyone Allow change NTFS: Everyone Allow write; Creator-owner: Full Control B. share permissions: everyone Allow change NTFS: Everyone create files, write data; Creator-owner: Full Control C. share permissions: everyone Allow Full Control NTFS: Everyone create files, write data; Creator-owner: Full Control D. share permissions: everyone Allow Full Control NTFS: Everyone deny read; Creator-owner: Full Control Ans: C 30. You are a domain administrator, and install a new w2k server named ServerA which has IIS. The network looks like as follows: ServerA ------Exchange-------DNS--------------Proxy--------------------INTERNET 10.10.13.39 10.10.13.20 10.10.13.10 | 10.10.13.254 | |10.10.13.1 | | client1-------client3-------------------router-------------client2----------w2kserver 10.10.30.20 10.10.30.200 10.10.30.1 10.10.20.1 10.10.20.160 10.10.20.167 You create an intranet website configure enable access by everyone. when network users try to access it, they receive: Error 401.2 Unauthorized access: Logon failed due to server configuration IIS. A. Add ServerA to the list of trusted sites on client computers. B. Add ServerA to the local Internet zone on client computers. C. On client computer configure bypass proxy server for local addresses. D. On ServerA NTFS permission for everyone: Allow read, Allow Browse. Ans: C 31. Single W2k domain all client w2k professionals. Each department has its own OU structure. Each department has departmental admins who are responsible for the administrating of OU structure. Top level departmental OUs are created by the domain administrators and departmental administrators are delegated full Controlof these OUs child OUs are created by departmental admins, as necessary. The departmental admin of the Finance dep. is out. The manager of dep asks you to publish a shared folder named financedocs on a server named ServerA to active directory. When you attempt to create you receive: windows cannot create the object, because insufficient access rights to perform. A. Assign Domain administrators Full Controlshare permission for financedocs B. Assign Domain administrators read and execute share permission for financedocs C. Assign Domain administrators create child object permission for finance OU. D. Assign Domain administrators Modify owner permission for finance OU take the ownership. Ans: C 32. ServerA member of w2k domain. folder on ServerA is named: I:\webdata\public_information is shared as virtual directory. named public. You want users to be able to access it by URLs: http://servera/pi and http://servera/information A. In the web sharing property add aliases: PI, information B. create 2 new shares PI and information C. create 2 new folders PI, information. Copy the files from existing folder to news, share each with default settings. D. Create 2 new websites PI and information configure i:\webdata\public_information to be the root directory for both. Ans: A 33. You are the desktop administrator there are W95, W98 client computers. The network consists single w2k Active directory domain. The company implementing DFS. You need to ensure users on all of client computes can access to the resources of the DFS.(Choose 2) A. Install Active directory client on all W95 B. Install standard DFS client on all W95 C. Install w2k admin pack on all W95 D. Install Active directory client on all W98 E. Install standard DFS client on all W98 F. Install w2k admin pack on all W98 Ans: A, D 34. You are a network administrator for a company. Single w2k domain all clients w2k professional, and member of the domain. Peter a user in graphics department. He connects a printer device to his computer. He wants other users in the graphics dep. to find the prn device in the active directory, and to use it. Peter reports: neither he nor others can find prn and no remote users can submit print jobs. Peter can print locally. A. In the printer properties dialog box share the printer on Peter's computer. B. In the printer properties dialog box assign to everyone grp. allow print. C. In active directory users and computers add the printer as child to Peter's computer object. D. In active directory users and computers select trust computer for delegation checkbox on peter's computer E. In active directory users and computers assign users in graphics dep. the allow read public information for Peter's computer Ans: A 35. You are the admin of a w2k file srv. 200 users in your company. A srv. named ServerA is file and print server. Single partition, that stores home folders and other shared user data. You configure quotas for all users home folders. After you configure it users report, they are prevented from creationg files in their home, even their home folders not exceed quota limit. You need to enforce quota limits based only on home folder usage, accomplish this task with the least amount of administrative effort. A. Place all home folders to a single new partition, and configure quota on this new partition. B. Create unique partition for each users' home folder, and configure quota on each partition. C. Assign users alow take ownership permission for their home folder, and instruct them to take the ownership of their home folder. D. Create quota entry for each individual user. E. Share each home folder separately. Ans: A 36. You are the admin of porseware Inc. You administer a w2k prn server named ServerA. There is a Unix server on the net the name of it is unxprnt.porseware.com This srv. provides LPD printing service for 100 print devices. One of them is printer5.porseware.com in active directory. You want to avoid any connection for control of the print device between Server A and unxprnt.porseware.com. (choose 2) A. install print services for Unix on ServerA B. install w2k adv. server on serverA. C. Create and share a printer to serverA and configure printer5.porseware.com as the name of the device that provides LPD printing service for the print device. D. Create and share a printer to serverA and configure unxprnt.porseware.com as the name of the device that provides LPD printing service for the print device. E. Configure Standard TCP/IP port for printer5.porseware.com F. Configure Standard TCP/IP port for unxprnt.porseware.com Ans: C, E 37. You are the admin of your companys file srv. Peter is hired as an intern in the HR department. Peter needs to access some HR files. He also needs to be able to read the file named handbook.doc, but must not be able to change it. Handbook. doc is in the folder hrresources. Peter needs to have read and modify permissions for other files in this folder. Peter is the member of Domain users and HR grp. The permission of HRresources: share: domain users read; HR change NTFS : domain users read; HR modify A. Set the hidden and system attributes on handbook.doc. B. Disable permissions inheritance on handbook. doc. C. allow read for peter on handbook.doc D. NTFS permission deny write on handbook.doc for peter. Ans: D 38. You are the admin of a W2k file server named ServerA, it is member of a W2k domain. You create a folder: h:\employeehandbook on an NTFS volume. Share it as Employeehandbook$ You want users of w2k professional to be able to search the nw. for the share by name. You want the users to be able to find the share without needing to know the name of the server. A. Run net share employeehandbook$ command on a domain controller. B. Publish the share in active directory by using active directory users and computers. C. Run dcpromo on ServerA D. Create a virtual directory for the folder with an alias of employeehandbook. Ans: B 39. You are the admin of a W2k server named Server1, it stores mission critical application that sends confidental data through network on the port 2000. Server1 is dedicated to this application, not used for any other purpose. Client computers also need to communicate with other network servers, that do not require secure communication. You need to configure server1, so that only secure traffic is sent to and from Server1. (Choose 2) A. Configure Server1, to use the require security IPSec policy. B. Configure Server1, to use the request security IPSec policy. C. Configure cliet computers, to use the require security IPSec policy. D. Configure cliet computers, to use the reqest security IPSec policy. E. Configure IP filtering on Server1 to allow only port 2000. F. Configure IP filtering on Clients to allow only port 2000. Ans: A, D 40. You install a server named ServerA member of active directory domain. You install DHCP on ServerA restart it, The DHCP not started. A. Configure DHCP touse domain administrator account to log on to the domain. B. Configure DHCP touse Enterprise administrator account to log on to the domain. C. Ask a member of the Enterprise administrator group to authorize ServerA as DHCP server D. Ask a member of the local administrator group to authorize ServerA as DHCP server Ans: C 41. You are the admin at a branch office. The company modify its IP addressing structure: subnets: 1 Network number: 192.168.1.128 Subnet mask: 255.255.255.128 what is the valid ip range? A. 192.168.1.0....192.168.1.255 B. 192.168.1.129....192.168.1.254 C. 192.168.1.129....192.168.1.190 D. 192.168.1.128....192.168.1.191 Ans: B 42. You are the admin of a W2k print server named ServerA, it is member of a W2k domain. You install a high speed laser prn on the network, share it on serverA it with name FastLSR and with default settings. You want all of users in your company to be able to use FastLSR. Also you want the users in payroll domain Local grp. to have exclusive use of it between 10AM an 3PM and shared use of the prn. device all other times. What should you do? A. Configure FastLSR to be available from 3PM to 10PM For the prn. device create a second printer that default availability for the second printer assign everyone deny print, and assign to payroll grp. allow print rights. Instruct the users in the payroll grp. to use the second printer. B. Configure FastLSR to be available from 3PM to 10PM For the prn. device create a second printer that default availability for the second printer remove everyone allow print, and assign to payroll grp. allow print rights. Instruct the users in the payroll grp. to use the second printer. C. Create and share a second prn for the prn. device. Configure it to be available from 10AM to 3PM. For the second prn assign to everyone grp. deny print, to payroll grp. allow print rights. Instruct the users in the payroll grp. to use the second printer. D. Create and share a second prn for the prn. device. Configure it to be available from 10AM to 3PM. for the second printer remove everyone allow print, and assign to payroll grp. allow print rights. Instruct the users in the payroll grp. to use the second printer. Ans: B 43. You are the admin of an Internet Webserver. Several websites including conpany's public Internet site on it. You want to allow amployees to download documents, when they are away from office. All of them are using Internet Explorer. You want to ensure security of each user's username and password, and ensure only employees can access docs. A. Create an FTP site configure it to use only Anonymous user connections. B. Create an FTP site configure it to use only Basic authentication connections. C. Create a document website and configure it to use Basic authentication, and enable directory browsing. D. Create a document website and configure it to use Windows integrated authentication, and enable directory browsing. Ans: D 44. Company has 100 employees. ServerA is a w2k server, uses IIS to provide 5 web sites to public. The company is connected through a 1.544Mbs line the Internet. It is also used by employees. You notice that employees Internet is slow, when several hundred visitors are using ServerA. You want to ensure, employees have at least the half of 1.544Mbps at all times. Make as much of the remaining band width available for the web site as possible. A. Confiure ServerA to use IIS server connection limit to 50 B. Confiure each website to use IIS server connection limit to 50 C. Configure ServerA to have IIS band width throttle limit of 128 kbps D. Confiure each website to have IIS band width throttle limit of 128 kbps Ans: D 45. You are the admin of your companys Internet web server. The web server is located on a w2k srv named ServerA. You want to create an FTP site, to allow business partners to up and download docs. You want to assign user names and pwds to each user who will access FTP site. (Choose 2) A. Configure FTP server to use only anonymous access. B. Configure FTP server to use only Basic authentication C. Configure FTP server to grant read and write for the |User_FTP account D. Configure FTP server to grant read and write for each FTP users account. E. Configure default web site on ServerA to enable SSL for all connections. F. Configure ServerA to enable IPSec. Ans: B, D 46. You are a domain admin for your company. You are installing a new w2k srv named ServerA. it has IIS. You want to use ServerA to provide a corporate intranet site to your employees. You create a web site on ServerA. You want to enable users to access the intranet site by http://clinfo. You want to accomplish this task with the least work. (Choose 2) A. Create a DNS entry for clinfo that specifies the TCP/IP address of ServerA B. Create a WINS entry for clinfo that specifies the TCP/IP address of ServerA C. Create a hosts file entry for clinfo that specifies the TCP/IP address of ServerA, then copy this file to each computers. D. Create the clinfo web site as virtual directory. E. Configure host headers on ServerA to include Clinfo. Ans: A, E 47. You are the nw. administrator of contoso Ltd. Main office in Los Angeles. Subsidiary company: A.datum located in Dallas. The nw. consists of a single Active directory forest with four w2k domains. contoso.com----------------Adatum.com | | la.contoso.com dal.adatum.com users in LA office require access to a shared folder ,c ontains confidental docs. ou publish the folder in an OU named Contoso Resources. The contoso resources OU is in the la.contoso.com domain. You want to ensure users from the dal.adatum.com domain cannot view or access the content of the shared folder. You need to assign permissions to the users grp. from dal.adatum.com to accomplist this task. (Choose 2) A. Deny full control share permission for the shared folder. B. Deny list folder contents NTFS for the shared folder. C. Deny list contents for the contoso resources OU D. Deny read network path for the shared folder. E. Deny real all for the computer object for server contains the shared folder. Ans: A, B 48. You are the admin of a W2k file server named ServerA, it is member of a W2k domain. A folder named I:\data on ServerA. In I:\data you create a subfolder for each 200 departments. You want the users in each dep. to have full access to only their department's folder. You want to cofigure and maintenant this access with the least amount of work. A. share i:\data configure share: everyone full Control NTFS: each departments folder assign full control to the grp that contains the department's users B. share i:\data configure share: everyone read NTFS: each departments folder assign full control to the grp that contains the department's users C. Share each departments folder Share: Full Controlto group that contains that department's users NTFS: for each department's folder assign the full Controlto that deprtment's users D. Share each departments folder Share: Full Controlto group that contains that department's users NTFS: Full Controlto everyone. Ans: A 49. You are the admin of an intranet site the web site is hosted on a w2k server. You need to install a new web server component that will be used with a new web site that is in development. The new component is an ISAPI based application. You install the component in a virtual directory named common, and configure read, script, execute permissions. When the developpers tests their application by the new component they receive an error, component could not be started. A. Configure the intranet web site, to remove the default application. B. Configure common dir to run with low application protection C. Configure common dir to run with high application protection D. Execute permission on the intranet web site, to enable scripts only E. Execute permission on the intranet web site, to enable scripts and executives Ans: E 50. Users on a network are using EFS. An employee Marc leaves the company. Maria needs access some of Marc's files. These files are in a shared folder for which all sers have read permissions. However some of Marc's files are protected by AFS. A. move the files to a FAT or FAT32 partition. B. Use EFS recovery agent C. Take the ownership of the files, and assign Maria read permissions. D. Assign Maria allow take ownership. Ans: B 51. You are the administrator of a Windows 2000 domain. The domain is in native mode. The domain contains 15 Windows 2000 Server computers that are functioning as domain controllers and 1,500 Windows NT Workstation client computers. During a power outage, the first domain controller that you installed suffers a catastrophic hardware failure and will not restart. After the power outage, users report that password changes do not take effect for several hours. In addition, users are not able to log on or connect to resources by using their new passwords. What should you do to correct this problem? A. Using the Ntdsutil utility, connect to another domain controller and transfer the PDC emulator role. B. Using the Ntdsutil utility, connect to another domain controller and seize the PDC emulator role. C. Using the Ntdsutil utility, connect to another domain controller and transfer the domain naming master role. D. Using the Ntdsutil utility, connect to another domain controller and seize the domain naming master role. Ans: B 52. You are the network administrator of a Windows 2000 domain. The domain has a Windows 2000 Server computer named MainApps. The MainApps server is not a domain controller. Members of the Domain Users group have the right to logon locally at the MainApps server. When these members logs on locally, you want a script named Setperms.vbs to be executed. This script defines environment variables settings in the current user profile that are needed for the MainApps server. What should you do? A. Copy the Setperms.vbs script to the Netlogon share of the MainApps server. B. Place the Setperms.vbs script in the Sysvol share on the MainApps server. C. Add the Setperms.vbs script to the local group policies as a logon script. D. Add the Setperms.vbs script to the local group policies as a startup script. Ans: C 53. You are the network administrator of a Windows 2000 network. The network domain name is Litware.com. The distinguished name for the Sales OU is: ou=sales ou=north america dc=litware dc=com You want to assign Andrew the ability to manage all the objects in the Sales OU. What should you do? A. Add Andrew to the Domain Admins group. B. Grant Andrew Full Control permission to the North America OU and disable inheritance at the Sales OU. C. Grant Andrew Read and Write permissions to the Sales OU. D. Grant Andrew Full Control permissions to the Sales OU. E. Move Andrew's user account to the Sales OU. Ans: D 54. You are the administrator of a Windows 2000 network. The network is composed of four domains: arborshoes.com (the root of the forest), na.arborshoes.com, sa.arborshoes.com, fabrikam.com There are two Windows NT 4.0 BDCs in each domain. Graphic artists place finished artwork for Fabrikam, Inc. in a shared folder located on a domain controller named na01.fabrikam.com. Read and Write permissions are granted to the Artists Domain local group in the fabrikam.com domain. Sharon is a member of the Graphic Artists global distribution group in the na.arborshoes.com domain. She is unable to gain access to the shared folder. You want to allow Sharon access to the shared folder. What should you do? A. Change the Graphic Artists group type to "Security" and add it to the Artists Domain local group. B. Change the Artists Domain local group to a universal group and add it to the Graphic Artists group. C. Change the Graphic Artists group to a Domain local group and add it to the Artists Domain local group. D. Change the mode of the domain controller in na.arborshoes.com to native mode. Add the Graphic Artists group to the Artists Domain local group. Ans: A 55. You create a new Windows 2000 Active Directory network. Five months after deployment of the network, you receive a report that the Active Directory database file takes too much disk space on the ServerA domain controller. You want to reduce the size of the Active Directory database file. What should you do? (Choose three) A. Restart ServerA in Directory Services restore mode. B. Stop the Net Logon service on ServerA. C. Run Windows Backup to back up the System State data. Immediately run Windows Backup again to restore the System State data from the backup. D. Use the NTDSUTIL utility to compact the database to a folder. Move the compacted database file to the original location. E. Restart ServerA and boot normally. F. Start the Net Logon service on ServerA. Ans: A, D, E 56. You are the administrator of your company's network. The network consists of two Windows 2000 domains named contoso.com and mktg.contoso.com. You create separate zones for each domain on your DNS server. Later, you add a second DNS server to the network. This server also functions as a domain controller. You convert the contoso.com zone to an Active Directory integrated zone and set the zone to allow only secure updates to the zone database. You discover that unauthorized computers are registering themselves in the mktg.contoso.com domain. You check the zone's properties and discover that the zone is allowing unsecured dynamic updates. You also discover that the option to select Secure Dynamic Updates is not available. What should you do to correct this problem? A. Initiate a zone transfer between the mktg.contoso.com zone and the contoso.com zone. B. Reinstall mktg.contoso.com as a standard secondary zone. C. Reinstall contoso.com as a standard primary zone. D. Convert mktg.contoso.com to an Active Directory integrated zone. Ans: D 57. You are deploying Windows 2000 Professional on your network of 1,000 users. Part of your network is shown in an exhibit. You have recently installed a RIS server to assist in the deployment process. You confirm that the client computers meet the requirements for RIS deployment. However, you still cannot connect the RIS client computers to the RIS server. Existing client computers are able to connect to all servers for network resources. What can be causing the problem? (Choose all that apply) A. The RIS server has no client-side tools installed. B. The RIS server is not trusted for delegation. C. The RIS server is not authorized in Active Directory. D. The client computers are not configured to use DHCP. E. The RIS server is not configured to respond to client computers requesting service. Ans: C, E 58. You are the administrator of a Windows 2000 domain. The domain has a Windows 2000 Server computer named Toronto. Users in the domain frequently work on different Windows 2000 Professional computers. All Windows 2000 Professional computers are in the domain. You want to enable roaming profiles for all users. You want to accomplish the following goals: - All users in the domain will be able to work on all Windows 2000 Professional computers and have their own desktop settings available on all computers. - All users in the domain will be able to make changes to their desktop settings. All users in the domain will be able to access their documents in the My Documents folder from any Windows 2000 Professional computer. - The amount of data that is copied between the Toronto server and the Windows 2000 Professional computers each time a user logs on or off will be minimized. What should you do? (Choose two) A. Configure a roaming profile for each user in the domain. Use\\Toronto\Profiles\%Username% as the profile path. B. Configure a roaming profile for each user in the domain. Use\\Toronto\Profiles\%Username%\Ntuser.man as the profile path. C. Create a new Group Policy object (GPO) named Profilescript. Assign the Profilescript GPO to the domain. Configure the Profilescript GPO to assign a logon script to all users. Include the runas/profile explorer.exe command in the logon script. D. Create a new Group Policy object (GPO) named Docs. Assign the Docs GPO to the domain. Configure the Docs GPO to redirect the My Documents folder to the \\Toronto\Docs\%Username% location. E. Create a new Group Policy object (GPO) named Profiledocs. Assign the Profiledocs GPO to the domain. Configure the Profiledocs GPO to exclude the My Documents folder from each user's roaming profile. Ans: A,D 59. You are the enterprise administrator of a Windows 2000 domain. The domain is in native mode. You want to implement a policy to disable the ShutDown command for all users in the domain except for the members of the Domain Admins security group. You create a new Group Policy object (GPO) named Shutdown. You configure the Shutdown GPO to disable the Shutdown option. You assign the Shutdown GPO to the domain. You want to ensure that the policy does not apply to the members of the Domain Admins group. What should you do? A. On the Shutdown GPO, deny the Apply Group Policy permission to the Domain Admins group. B. On the Shutdown GPO, remove the Apply Group Policy permission from the Authenticated Users group. Grant the Apply Group Policy permission to the Users group. C. Add the Domain Admins group to the Group Policy Owners group. D. Create a new OU named No Shutdown. Move the Domain Admins group to the No Shutdown OU. Configure the No Shutdown OU to block policy inheritance. E. On the computers that the members of the Domain Admins group use to log on, configure the local GPO to enable the Shutdown option. Ans: A 60. You are deploying Windows 2000 Professional on your network. You recently installed a RIS server to expedite the deployment process. Your network is now configured as shown in an exhibit. When you attempt to use the RIS server to deploy Windows 2000 on Julia's and Carlos's computers, you cannot establish the initial connection. Anita and Peter installed Windows 2000 from CD-ROM and did not have any problems with the installation. What should you do to correct the problem? A. Integrate the DNS server?s zones into Active Directory. B. Install a DHCP server and authorize it in Active Directory. C. Install a WINS server and configure the DNS server to use it for name resolution. D. Create computer accounts in Active Directory for Julia and Carlos, and specify the name of the RIS server on the Remote Install tab of the Computer Accounts property sheet. Ans: B 61. You are the administrator of your company's network. The company has two native-mode domains in six sites as shown in an exhibit. Each site has one or more domain controllers. Users report that at times of high network usage, authentication and directory searches are extremely slow. You want to improve network performance. What should you do? A. Move all domain controllers into one site. B. Promote more Windows 2000 Server computers in each site to be domain controllers. C. Install a DNS server in each site and configure it to use Active Directory integration. D. Designate a domain controller in only one site as a global catalog server (GC). E. Designate a domain controller in each site as a global catalog server (GC). Ans: E 62. You are installing a new Windows 2000 Server computer on your existing Windows NT network. You run DCPromo.exe to promote the server to a domain controller in a domain named domain.local. You receive the following error message: "The domain name specified is already in use on the network". There are no other Windows 2000 domains on your network. What should you do? A. Place an entry in your DNS server host table for the domain.local domain name. B. Place an entry in your WINS database for the domain.local domain name. C. Change the domain name to domain.com. D. Change the down level domain name to domain1. Ans: D 63. You are the administrator of a Windows 2000 domain named arborshoes.com. You install RIS on the server. You are using RIS to install 35 new client computers. When you start a test client computer, the Client Installation wizard does not appear. You are using network adapter cards that are not PXE compliant. You want to connect to the RIS server. What should you do? A. From a command prompt, run Rbfg.exe to create RIS a boot disk. B. Identify the GUID of each client computer. C. Set up a DHCP Relay Agent. D. Install Windows 2000 on the test client computer. Run RIPrep.exe from a network share on the RIS server. Ans: A 64. You are the administrator of a Windows 2000 domain. To control the desktop environment of users in the domain, you use a script file named Desktop.vbs to change settings in the current user profile. This script file is deployed as a login script for all users in the domain. The Desktop.vbs script usually takes 15 seconds to complete its work. You want to ensure that each user's desktop appears only after the Desktop.vbs script is completed. What should you do? A. For all users in the domain, set the logon script in the user profile to Desktop.vbs. B. Create a new GPO; Assign the GPO to the domain. Add Desktop.vbs to the GPO as a logon script. Configure the GPO to run logon scripts synchronously. C. Create a new GPO; Assign the GPO to the domain. Add Desktop.vbs to the GPO as a logon script. Configure the GPO to set a maximum wait time of 15 seconds for Group Policy scripts. D. Create a new GPO; Assign the GPO to the domain. Add Desktop.vbs to the GPO as a logon script. Configure the GPO to set a timeout of 15 seconds for logon dialog boxes. Ans: B 65. You are the network administrator for Just Togs. Your Windows 2000network consists of 15,000 users. Users have recently reported that documents are missing from the servers. You need to track the actions of the users to find out who has been deleting the files. You create a GPO on the justtogs.com domain and assign the appropriate permissions to the GPO. What actions should you audit? (Choose two) A. Directory Services access B. Object access C. Process tracking D. Privileged use E. Delete and Delete subfolders and files Ans: B, E 66. You are the administrator of a Windows 2000 domain. The domain has 20 users and a Windows 2000 Server computer named Glasgow. Users in the domain frequently work on different Windows 2000 Professional computers. All Windows 2000 Professional computers are in the domain. You want to accomplish the following goals: - All users in the domain will be able to work on all Windows 2000 Professional computers and have their own predefined desktop settings available on all computers. - Users will be allowed to make changes to the desktop settings while they are logged on. - Changes that users make to the desktop settings will not be saved when they log off. What should you do? A. On each Windows 2000 Professional computer, delete the Systemdrive\Documents and Settings\Default User folder. B. On each Windows 2000 Professional computer, rename the Sytemroot\System32\Config\Stem file to System.man. C. Configure a roaming profile for each user in the domain. Use \Glasgow\profiles\%username% as the profile path. On the Glasgow server, rename the ntuser.dat file to ntuser.man for each user. D. Create a GPO named Delprofile. Assign the Delprofile GPO to the domain. Configure the Delprofile GPO to delete the local copy of a user's profile when the user logs off. Ans: C 67. You are the administrator of a Windows 2000 network. You are deploying Windows 2000 Professional to 200 client computers. A custom configuration is required for each one of 50 of the client computers. You are using SMS Server to install various applications on all the client computers. You want to use RIS to install Windows 2000 on all of the client computers. What should you do? A. Create a CD-based RIS image and different answer files for each custom configuration. B. Create an RIPrep image for each configuration. Grant Read And Execute permission to users for the image folder. C. Install a test client computer for each custom configuration. Use the Setup Manager wizard to create an answer file for each configuration. D. Use the Setup Manager wizard to create a Sysprep answer file. Use third-party imaging software to create a separate image for each configuration. Ans: A 68. You are the administrator of a Windows 2000 domain. You want to deploy a new application named Finance that will be used by all users in the domain. The vendor of the Finance application supplied a MS install package for the application. You decide to deploy the Finance application in two phases. During Phase 1, only members of a security group named Finance Pilot will use the Finance application. During Phase 2, all users in the domain will be able to install the Finance Application. You want to accomplish the following goals: - During Phase 1, the Finance application will not be installed automatically when users log on. - During Phase 1, users who are members of the Finance Pilot group will be able to install the Finance application by using a Start menu shortcut. - During Phase 1, users who are not members of the Finance Pilot group will not be able to install the Finance application by using a Start menu shortcut. - The Finance application will be installed automatically the first time any user in the domain logs on after phase 2 has begun. You take the following actions: - Create a new GPO named Deploy Finance and link the deploy Finance GPO to the domain. - Configure the Deploy Finance GPO to assign the Finance application to users. - For Phase 1, create a software category named Finance Pilot. ASSIGN the Finance application to the Finance Pilot software category. - For Phase 2, remove the Finance application from the Finance Pilot software category. Which results do these actions produce? A. During Phase 1, the Finance application will not be installed automatically when users log on. B. During Phase 1, users who are members of the Finance Pilot group can install the Finance application by using a Start menu shortcut. C. During Phase 1, users who are not members of the Finance Pilot group cannot install the Finance application by using a Start menu shortcut. D. The Finance application is installed automatically the first time any user in the domain logs on after Phase 2 has begun. Ans: A, B 69. You are the administrator for Arbor Shoes. Part of your network configuration is shown in an exhibit. All the computers are running Windows 2000 Professional and are members of the arborshoes.com domain in the company LAN. All the users are members of the Power Users group on their computers. Andrew has dial-up access to the Internet for a special project he is working on. You do not want other users to share Andrew's Internet connection and to have unrestricted Internet Access. What should you do? A. Create a high security zone in MS IE. B. Create a Group Policy Object (GPO) that disables the configuration of connection sharing. Grant Andrew Read and Apply group Policy permissions to the GPO. C. Create a Group Policy Object (GPO) that disables the configuration of connection sharing. Grant Michel, Laura, and Anita Read and Apply Group Policy permissions to the GPO. D. Remove the Internet connection from the All Users profile on Andrew's computer and then recreate the connection in Andrew's personal profile. Ans: B 70. You are using RIS to deploy Windows 2000 Professional on 1,500 computers. Your network configuration is shown in an exhibit. You have four RIS servers. You have deployed 100 computers. RIS server1 and RIS server3 are overworked and respond too slowly for the timely deployment of your computers. You need more consistent performance results before you deploy the remaining computers. What should you do? A. Create computer accounts for all the computers. Complete the Managed By properties for each account. B. Create one OU for each segment. Add users accounts for all the users to the appropriate OUs. Specify the appropriate RIS server in the "Log on to" property for each user's account. C. Create prestaged computer accounts for all of the computers. Specify which RIS server will control each computer. D. Create one site for each segment. Move two RIS servers to each site. Ans: C 71. You are the administrator of your company's network, which consists of one Windows 2000 domain. There is a single top-level OU named Main and five child OUs. The child OUs are named after the company's five departments: Finance Marketing Sales HR IT The accounts for all users and computers in each department are defined in the OU for that department. All users and computers in the Finance, Marketing, Sales and HR OUs require the same desktop settings. Users and computers in the IT OU require less restrictive settings. You want to accomplish the following goals: - All the assigned Group Policy settings are defined by the administrator in the Main OU will be applied to all users and computers in the Finance, Marketing, Sales, and HR OUs. - Group Policy from the Main OU will not be applied to the IT OU. - Administrators in the IT OU will be able to change the Group Policy settings. - When new child OUs are added to the domain, the Group Policy will be applied to them automatically. - Users will not be able to change their Group Policy settings. You take the following actions: - Create the GPO, configure the appropriate settings, and link the GPO to the Main OU. - In the Group Policy Options dialog box for the Main OU, select the No Override check box. - In the Group Policy dialog box for the IT OU, select the Block Policy inheritance check box. - Assign the Authenticated Users group Full Control permission to the GPO. Which results do these actions produce? A. All the assigned Group Policy settings as defined by the administrator in the Main OU are applied to all users and computers in the Finance, Marketing, Sales, and HR OUs. B. Group Policy from the Main OU will not be applied to the IT OU. C. Administrators in the IT OU are able to change the Group Policy settings. D. When new child OUs are added to the domain, the Group Policy is applied to them automatically. E. Users cannot change their Group Policy settings. Ans: A, C, D 72. You are the administrator of a Windows 2000 network. Recently, your network security was compromised and confidential data was lost. You are now implementing a stricter network security policy. You want to require encrypted TCP/IP communication on your network. What should you do? A. Create a GPO for the domain, and configure it to assign the Secure Server IPSec Policy. B. Create a GPO for the domain, and configure it to assign the Server IPSec Policy and to enable Secure channel: Require strong session key. C. Implement TCP/IP packet filtering, and open only the ports required for your network services. D. Edit the local security policies on the servers and client computers and enable Digitally signed client and server communications. Ans: A 73. You are the security analyst for Duluth Mutual Life. You are assessing the security weaknesses of the company's Windows 2000 network. The network consists of three sites in one domain. The domain contains three OUs and 11,000 users. There are five domain controllers in the domain. You configure one of the domain controllers to meet the security requirements of the company. You need to duplicate those settings on the other four domain controllers. You want to use the least possible amount of administrative effort. What should you do? A. Create a GPO for the Domain Controllers OU. Configure the GPO settings to match the settings of the secured domain controller. B. Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration to a template file. Copy the template file to the Sysvol folder on each domain controller. C. Create a GPO for the domain. Assign Domain Users Read and Apply Group Policy permissions. Configure the GPO settings to match the settings of the secured domain controller. D. Open Security Configuration and Analysis on the secured domain controller. Export the secured domain controller's security configuration information to a template file. Open Security Configuration and Analysis on the other domain controllers, import the template file, and then select Analyze Computer Now. Ans: A 74. You are the Windows 2000 network administrator for your company. You are implementing the company's network security model. Your network has several servers that contain sensitive or confidential information. You want to configure security auditing on these servers to monitor access to specific folders. You also want to prevent users from gaining access to these servers when the security logs become full. What should you do? A. Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Set up the individual objects to be audited in Windows Explorer and then customize the Event Viewer logs to limit the size of the security log to 1,024 kb.. B. Create a GPO that applies to the servers. Configure the GPO to enable auditing for Directory Services access. Set up the individual objects to be audited in Windows Explorer and then customize the Event Viewer logs to limit the size of the security log to 1,024 KB. Configure the security event log so that it does not overwrite events. C. Create a GPO that applies to the servers. Configure the GPO to enable auditing for Directory Service access. Set up the individual objects to be audited in Windows Explorer. Configure the Security Event log so that it does not overwrite events. Then configure the GPO to enable the "Shut down the system immediately if unable to log security audits" setting. D. Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Setup the individual objects to be audited in Windows Explorer. Configure the security event log so that it does not overwrite events. Then configure the GPO to enable the "Shut down the system immediately if unable to log security audits" setting. Ans: D 75. You edit the default Domain Controllers Group Policy on the arborshoes.com domain to required passwords to be at least eight characters long. However, users are able to create passwords that do not comply with the implemented policy. What should you do? A. Initiate replication to make sure the Group Policy containers and the Group Policy template (GPT) are replicated. B. Configure each client computer to have a local Group Policy that requires password to be at least eight characters long. C. Edit the default Domain Group Policy to require password to be at least eight characters long. D. Edit the default Domain Controllers Group Policy to force the password to meet complexity requirements. Ans: C 76. You are the administrator of your company's network. The network consists of one Windows NT 4.0 domain. You create and implement a security policy that is applied to all Windows 2000 Professional client computers as they are staged and added to the network. You want this security policy to be in effect at all times on all client computers on the network. However, you find out that administrators periodically change security settings on computers when they are troubleshooting or doing maintenance. You want to automate the security analysis and configuration of client computers on the network so that you can track changes to security policy and reapply the original security policy when it has been changed. What should you do? A. Use Windows NT System Policy to globally configure the security policy settings on the client computers. B. Use Windows 2000 Group Policy to globally configure the security policy settings on the client computers. C. Use the Security and Configuration Analysis tool on the client computers to analyze and configure the security policy. D. Schedule the Secedit command to run on the client computer, analyze and configure the security policy. Ans: D 77. You are the administrator for a Windows 2000 network. Your network consists of one domain and two Organizational Units (OU). The OUs are named Corporate and Accounting. A user recently reported that she was not able to log on to the domain. You investigate and find out that the user's account has been deleted. You have been auditing all objects in Active Directory since the domain was created. However, you cannot find a record of the user account deletion. You want to find a record that identifies the person who deleted the account. What should you do? A. Search the security event logs on each domain controller for account management events. B. Search the security event logs on each domain controller for object access events. C. Search the Active Directory Users and Computers console on each domain controller for the user's previous account name. D. Search the Active Directory Users and Computers console on each domain controller for the user's computer account. Ans: A 78. You are hired by Fabrikam, Inc., to secure its Windows 2000 network. You use Security Templates to create a custom template and save it as Securefab.inf. You need to use this template on five domain controllers in the fabrikam.com domain. What should you do? (Choose two) A. Copy the Securefab.inf file to the Sysvol shared folder on one domain controller. B. Create a new security database. C. Import the Securefab.inf file. D. Rename Securefab.inf to Ntconfig.pol E. Create a Group Policy object on the Domain Controller Organizational Unit. Ans: C, E 79. You are the network administrator for LitWare, Inc. You are implementing Windows 2000 on your network. Part of your network configuration is shown in an exhibit. You have installed Server2 and Server4 as domain controllers for LitWare.com. You have installed Server1 and Server3 as DNS servers for the litware.com domain. Each server has a standard primary zone named litware.com. You configure the domain to run in native mode. When Server2 attempts to contact Server4 by name, it cannot establish a connection. However, you can ping both Server2 and Server4 from any computer in either site. You need to be able to resolve names of serves in both sites. You want the information to be updated regularly. What should you do? A. Configure Server1 and Server3 to allow dynamic updates in DNS. B. Configure Server1 and Server3 to allow zone transfers to any server. Then configure the DNS notification options to notify each server of updates. C. Reinstall Server4 as a member server in the same domain as Server2. Create a new site and promote Server4 to a domain controller within the new site. D. Re-create the litware.com zone on Server3 as a secondary zone. Configure Server3 to replicate DNS data from Server1. Ans: D 80. You are the network administrator for Arbor Shoes. Part of your multi-site Windows 2000 network configuration is show in an exhibit. Server1 is configured with the primary zone for arborshoes.com. Server3 and Server5 are configured with secondary zones for arborshoes.com. You discover an error in several host records that is preventing client computers in Atlanta from accessing some shared resources. You make the necessary corrections on Server1. You want these changes to be propagated to Atlanta immediately. What should you do? A. On the Action menu for the arborshoes.com zone, click "Update Server Data Files". B. At Server5, perform the Transfer from master action for the arborshoes.com zone. C. At Server1, stop and start the DNS server service. D. At Server5, select Allow zone transfers on the arborshoes.com zone. Ans: B 81. You are the administrator of your company's network. The network consists of one Windows 2000 domain that spans multiple subnets. You are configuring DNS for host name resolution throughout the network. You want to accomplish the following goals: - DNS zone transfer traffic will be minimized on the network. - Administrative overhead for maintaining DNS zone files will be minimized. - Unauthorized host computers will not have records created in the zone. - All zone updates will come only from authorized DNS servers. - All zone transfer information will be secured as it crosses the network. You take the following actions: 1 - Create an Active Directory integrated zone. 2 - In the Zone Properties dialog box, set the "Allow Dynamic Updates" option to Yes. 3 - On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network. Which results do these actions produce? (Choose all that apply) A. DNS zone transfer traffic will be minimized on the network. B. Administrative overhead for maintaining DNS zone files will be minimized. C. Unauthorized host computers will not have records created in the zone. D. All zone updates will be sent only to authorized DNS servers E. All zone transfer information will be secured as it crosses the network. Ans: A, B, E 82. You are the administrator of a Windows 2000 network for Miller Textiles. The network configuration is shown in an exhibit. The millertextiles.com domain is hosted on Server1 as an Active Directory integrated zone, and on Server3 as a secondary zone. All client computers on Segment B are running Windows 2000 Professional. All client computers on Segment A are down level client computers. All client computers are DHCP clients as well. You share some network resources on several of the client computers on Segment A. Several days later you attempt to connect to those shared resources from client computers running on segment B, but you are unable to resolve the host names of client computers on Segment A. How should you correct this problem? A. On the DHCP server, set the DNS Domain Name scope option to millertextiles.com. B. On Server1 for the millertextiles.com zone, change the value of "Allow Dynamic Updates" from the default settings to "Yes". C. Configure the millertextiles.com domain to allow zone transfers to all the computers on the network. D. On Server2, enable updates for DNS clients that do not support dynamic updates. Ans: D 83. You install a Windows 2000 Server computer on your network. You promote the computer to be a domain controller. This computer also functions as the DNS server for the domain. All client computers are running Windows 2000 Professional. When users attempt to log on they receive an error message sating that a domain controller cannot be located. You verify that Active Directory is installed and functional on the server. You want to ensure that the domain controller is available for user logons. What should you do next? A. Check DNS for the addition of an appropriate SRV record in the zone. B. Check DNS for the addition of an appropriate A record in the zone. C. Check for the presence of an NTDS folder on the domain controller. D. Check for the presence of a Sysvol folder on the domain controller. E. On the client computers, create a HOSTS file that contains the SRV records for the domain controller. F. On the client computers, create a HOSTS file that contains the A record for the DC. Ans: A 84. You are the administrator of your company's network. Your company has its main office in Seattle and branch offices in London, Paris, and Rio de Janeiro. The local administrator at each branch office must be able to control users and local resources. You want to prevent the local administrators from controlling resources in branch offices other than their own. You want to create an Active Directory structure to accomplish these goals. What should you do? A. Create a top-level OU. Delegate control of this OU to administrators at the main office. B. Create child OUs for each office. Delegate control of these OUs to administrators at the main office. C. Create child OUs for each office. Delegate control of each OU to the local administrators at each office. D. Add the local administrators to the Domain Admins group. E. Create users groups for each office. Grant the local administrators the appropriate permissions to administer these user groups. Ans: C 85. You are the network administrator for your company. Your company's main office is in Seattle. Branch offices are in New York, Rome, and Tokyo. The local administrators at each branch office need to be able to control local resources. You want to prevent the local administrators from controlling resources in the other branch offices. You want only the administrators from the main office to be allowed to create and manage user accounts. You want to create an active directory structure to accomplish these goals. What should you do? A. Create a domain tree that has a top-level domain for the main office and a child domain for each branch office. Grant the local administrators membership in the Domain Admins group in their child domains. B. Create a domain tree that has a top-level domain for the main office and a child domain for each branch office. Grant the local administrators membership in the Enterprise Admins group in the domain tree. C. Create a single domain. Create a group named Branch Admins. Grant the local administrators membership in this group. Assign permissions to the local resources to this group. D. Create a single domain. Create and OU for each branch office and an additional OU named CorpUsers. Delegate authority for resource administration to the local administrators for their own OUs. Delegate authority to the CorpUsers OU only to the Domain Admins group. Ans: D 86. You are the enterprise administrator of a Windows 2000 domain. The domain has three domain controllers named DC1, DC2, and DC3. Because of changed hardware requirements, you want to replace the domain controller named DC1 with a newer computer named DC4. You want DC4 to be a domain controller in the domain. You no longer want DC1 to function as a domain controller. What should you do? A. Install DC4 as a stand-alone server in a workgroup named WG. Restore a System State data backup of DC1 on DC4. On DC1, use the Active Directory Installation wizard to remove Active Directory from DC1. B. Install DC4 as a stand-alone server in a workgroup named WG. Disconnect DC1 from the network. Rename DC4 to DC1. On DC2, force replication of AD to all its replication partners. C. Install DC4 as a member server in the domain. On DC4, use the Active Directory Installation wizard to install Active Directory on DC4. On DC1, use the Active Directory Installation wizard to remove Active Directory from DC1. D. Install DC4 as a member server in the domain. On DC1, use the Ntdsutil to copy the Active Directory files to DC4. Use the Active Directory Installation wizard to remove Active Directory from DC1. Ans: C 87. You are the administrator of a Windows 2000 domain. The domain has two domain controllers named Server1 and Server2. The volume that contains the Active Directory database file on Server1 is running out of disk space. You decide to move the database file to an empty volume on a different disk on Server1. What should you do? A. Restart Server1 in Directory Services restore mode. Use the NTDSUTIL utility to move the database file to the empty volume. B. Use Windows Backup to create a backup of the System State data of Server1. Restart Server2 in Directory Services restore mode. Restore the system State data to the empty volume. C. Use the Logical Disk Manager console to mount the empty volume in the folder that contains the Active Directory database file. D. Stop the Netlogon service on Server1. Use Windows Explorer to move NTDS.DIT to the empty volume. Start the NetLogon service again. Force replication from Server2. Ans: A 88. You are the enterprise administrator of a Windows 2000 domain named fabrikam.com. The domain contains three domain controllers named DCA, DCB, and DCC. DCA does not hold any operations master roles. You backed up the System state data of DCA two weeks ago. Without warning, the DCA domain controller's hard disk fails. You decide to replace DCA with a new computer. You install a new Windows 2000 server computer. What should you do next? A. Add the server to the domain. Do an authoritative restore of the original backup of the original DCA System State data that you made two weeks ago. B. Add the server to the domain. Use Windows Backup to create a backup of the DCB System state data, and restore this backup on the new DCA. C. Use the Active Directory installation wizard to make the new computer a replica in the domain. D. Use the NTDSUTIL utility to copy the active Directory database from DCB to the new DCA. Ans: C 89. You are the administrator of your company's network. Your company has two domains in six sites as shown in an exhibit. Each site has one or more domain controllers. For fault-tolerance and load-balancing purposes, one domain controller in each site is configured as a global catalog server (GC). Users report that, several times a day, network performance and data transfer for an application located in SiteA are extremely poor. You want to improve network performance. What should you do? A. Configure at least two domain controllers in each site as GC servers. B. Configure the domain controllers in only one site as GC servers. C. Create site links between all sites and use the default replication schedulers. D. Create site links between all sites and set the less frequent replication schedules. E. Create connection object between each domain controller. Use RPC as the transport protocol. F. Create connection objects between each domain controller. Use SMTP as the transport protocol. Ans: D 90. You are the administrator of a Windows 2000 domain. The domain has an organizational unit (OU) named Help Desk. All users in the Help Desk OU use an application named PhoneID. The PhoneID application is deployed by using a Group Policy object (GPO) named Phone App on the Help Desk OU. The Phone App GPO is configured to publish the PhoneID application to users by using a Microsoft Windows Installer package for the application. Currently, only the users in the Help Desk OU can start the PhoneID application. You want all users in the domain to be able to install the PhoneID application by using a Start menu shortcut. What should you do? A. Remove the Phone App GPO link to the Help Desk OU. Assign the Phone App GPO to the domain. Change the configuration of the Phone App GPO to assign the PhoneID application to users. B. Create a new GPO named Phone For All. Assign the Phone For All GPO to the domain. Configure the Phone For All GPO to assign the PhoneID application to computers. C. Configure the Phone App GPO to assign the PhoneID application to users. Configure the permissions on the Phone App GPO to assign Apply Group Policy permission to the Authenticated Users group. D. Configure the Phone App GPO to assign the PhoneID application to computers. Configure the PhoneID Windows Installer package to upgrade the installed PhoneID application. Set the Windows Installer policy to disable rollback. Ans: A 91. You are the administrator of a Windows 2000 network. The network's domain structure is shown a graph. The us.litware.com and the eur.litware.com domains are in mixed mode. The litware.com and the treyresearch.com domains are in native mode. The us.litware.com domain has two Windows NT 4.0 BDCs that support legacy applications. When users from the us.litware.com domain attempt to access a shared folder in the litware.com domain, they receive an error message stating that access is denied. There is a universal group that has Read permission to the Sales folder. Sales is assigned Read permission for the shared folder. When you log on as a member of the Sales group from the litware.com domain, you are able to access the shared folder. What should you do to correct this problem? A. Switch the us.litware.com domain to native mode. B. Add a global catalog server to the us.litware.com domain. C. Create a global group in the us.litware.com domain. Add the user accounts that need access to the shared folder to the global group. Add the global group to the universal group. D. Create a universal group in the us.litware.com domain. Add the user accounts that need access to the shared folder to the universal group. Grant Read permission to the universal group for the shared folder in the itware.com domain. E. Create a global group in the us.litware.com domain. Add the user accounts from the us.litware.com domain to the global group. Grant Read permission to the global group for the shared folder. Ans: E 92. You are the administrator for your company. You are deploying Windows 2000 on your network of 10,500 users. There are 15 departments in your company. Each department needs to use specific features of Windows 2000 and custom third party applications. You want to minimize the administrative time required to set up the client computers. You also want to provide customized software installations to the users. What should you do? A. Install and configure a RIS server on your network. Use RIPrep.exe to create multiple images for each department. connect the client computers to the RIS server and deploy the custom images. B. Install and configure a RIS server on your network. Create different installation script files for each department. Deploy the computers by using RIS. C. Create a shared folder on one of the servers. Copy the source files from the Windows 2000 Professional CD-ROM to the shared folder. Perform unattended installations from the shared folder by using script files, and then install the third-party applications. D. Create a shared folder on one of the servers. Copy the source files from the Windows 2000 Professional CD-ROM to the shared folder. Perform attended installations from the shared folder, and then select only the components you need for each department. Ans: A 93. You are the administrator of your company's network. The network consists of one Windows 2000 domain that spans multiple subnets. You are configuring DNS for host name resolution throughout the network. You want to accomplish the following goals: - DNS zone transfer traffic will be minimized on the network. - Administrative overhead for maintaining DNS zone files will be minimized. - Unauthorized host computers will not have records created in the zone. - All zone updates will come only from authorized DNS servers. - All zone transfer information will be secured as it crosses the network. You take the following actions: 1- Create an Active Directory integrated zone. 2- In the Zone Properties dialog box, set the Allow Dynamic Updates option to "Only Secure Updates". 3- On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network. 4- Select Allow zone transfers only to servers listed on the network in the Name Servers tab on the Zone Transfers tab of the Zone Properties dialog box. Which results do these actions produce? (Choose all that apply) A. DNS zone transfer traffic will be minimized on the network. B. Administrative overhead for maintaining DNS zone files will be minimized. C. Unauthorized host computers will not have records created in the zone. D. All zone updates will come only from authorized DNS servers. E. All zone transfer information will be secured as it crosses the network. Ans: A, B, C, D, E 94. You are backup operator of a Windows 2000 domain. The domain has 2 domain controllers. You want the Active Directory database file of both domain controllers to be automatically backed up once a week. What should you do? A. Schedule a backup job that will backup the System State data once a week. B. Schedule a backup job and select Schema.ini file in the System32 folder and all files in the NTDS folder to be backed up once a week. C. Schedule a task that will run the NTDUTIL once a week. D. Schedule a task that will copy the Ntds.dit file and the SYSVOL folder once a week. Ans: A 95. You are configuring a Windows 2000 DNS Server on your company network. DNS is installed on an NT 4.0 Server on your NT 4.0 domain. You want to use dynamic updates on a DNS database, but company management won't allow an upgrade or the decommissioning of its DNS server. All DNS information must be synchronized between these two DNS servers. What should you do? (Choose three) A. Create a primary zone on a Windows 2000 DNS Server and import the existing zone file. B. Create a secondary zone on a Windows 2000 DNS Server. C. Delete and recreate a primary zone on an NT DNS Server. D. Delete the existing zone and create a new secondary zone on the NT 4.0 DNS Server. E. Configure a primary zone on the NT DNS Server as the master zone for the secondary zone on the Windows 2000 DNS Server. F. Configure a secondary zone on the NT 4.0 DNS Server to use the Windows 2000 Standard primary zone as its master zone. Ans: A, D, F 96. You are the network administrator of a Windows 2000 domain. All of the domain resources are defined in two top levels OUs. The OUs are named West and East. William is the administrator of the West OU. Evert is the administrator of resources in the East OU. You move Printer1 from the West OU to the East OU. After you move the printer, Evert can administer it. However, William reports that he can still remove print jobs from Printer1. You want Evert to be the only one to administer Printer1. What should you do? A. Use the delegation of control wizard on the east OU to assign printer1 permission to Evert. B. Configure the security properties for printer1 to disallow inheritable permissions to propagate. C. Remove the permissions for William from Printer1. D. Configure the printer permission on the west OU to apply to only the west OU. Ans: C 97. You are the network administrator of a Windows 2000 domain. Your current domain controller's hard disk drive is failing. You want to set up a new server as a domain controller to replace the failing domain controller. You run DCPromo.exe on the failing domain controller in your omain to remove Active Directory. While you are running DCPromo.exe, the hard disk drive fails. The server will not reboot. However, the objects of the failed server are still appearing in Active Directory. You are sing the Ntdsutil utility. You want to remove the old server from Active Directory. What option should you use? A. Metadata cleanup B. Semantic database analysis C. Security account management D. Domain management E. Authoritative restore Ans: A 98. You are the administrator of a domain named contonso.com. The domain contains an OU named Sales that has 20 users. It is stored on a domain controller named DC1. You inadvertently delete the Sales OU. You want to reinstate the Sales OU. What should you do? A. Move the tombstoned sales OU from the LostAndFound containers to the original location. B. Copy the sales OU from another domain controller in the contoso.com domain to DC1. C. Perform authoritative restore of the Sales OU from the last backup. D. In Active Directory sites and service console. Force replication from another domain controller in the contsco.com domain. Ans: C 99. You are the network administrator of a Windows 2000 domain. The domain has an OU named Help Desk. A Group Policy (GPO) name Disable Regedit is assigned to the Help Desk OU. The only policy setting defined in the Disable Regedit GPO, which is the policy setting that disables use of registry editing tools. For performance reasons, your company wants to minimize the number of GPOs that are processed at logon. The company also decided that the restriction on the registry editing tools must no longer apply to the users of Help Desk OU. What should you do? A. Remove the Disable Regedit GPO from the Help Desk OU. B. Assign a new GPO in the Help Desk OU that enables the use of registry editing tools. C. On the computers used by users in the Help Desk OU, edit the registry to allow the use of registry editing tools. D. On the computers used by users in the Help Desk OU, configure the local GPO to allow the use of registry editing tools. E. On the computers used by users in the Help Desk OU, delete the registry POL file from \systemroot\System32GroupPolicy folder. Ans: A 100. Your company Windows 2000 domain controller contains an Organization Unit (OU) named Shipping. The domain is in the native mode. You want to delegate the control of the Group Policy setting for the Shipping OU to a global group named Help Desk. Members of the Help Desk group need to able to create and edit new GPOs and assign those GPOs to the Shipping OU. You do not want these members to assign GPOs to other OUs. What should you do? (Choose two) A. Add the Help Desk group to the Group Policy Creator Owners security group. B. Create a new security group named Group Policy administrator in the Shipping OU. Add the Help Desk group to this new group. C. On the existing GPO, assign Read and Write permission to the Help Desk group. D. On the Shipping OU, assign the apply group policy permission in the Help Desk group. E. On the Shipping OU, delegate the predefined task named "Manage Group policy" links to the Help Desk group. F. On all the OUs in the domain accept the Shipping OU, deny write permissions to the Help Desk group. Ans: A, E 101. Your company recently hired a Directory Services Administrator to oversee the different directory services running on your network. You have three domains, named weconsult.com, account.com, and sales.com. You need to give the Directory Services Administrator permissions to perform the following tasks in the weconsult.com domain only: -Delete sites, site links, subnets, and inter-site transports. -Create and manage user accounts and groups in the weconsult.com domain. -Back up and restore Active Directory. -Manage DNS and Active Directory integration. -Extend the schema. You created a user object for the Directory Engineer and granted membership in the Domain Admins global group, the Schema Admins group, and the Account Operators and Backup Operators domain local groups. Which tasks can the Directory Engineer perform? (Choose all that apply.) A. Extend the schema B. Back up and restore Active Directory C. Manage DNS and Active Directory integration D. Delete sites, site links, subnets, and inter-site transports E. Create and manage user accounts and groups in the weconsult.com domain Ans: A, C, E 102. You are the administrator for a Windows 2000 network that uses Active Directory. You are specifying deployment options for a software package that will deploy Microsoft Outlook 2000 to all Windows 2000 desktops in your company. You also created a transforms file that you want to use in the software package to customize the install. You select the Modifications tab in the Windows 2000 Administration Tools Properties dialog box. What should you do from this tab? A. Add the transforms file to the software package B. Edit installation options for the transforms file C. Set up application categories for the transforms file D. Set automatic installation options based on the transforms file Ans: A 103. You are the administrator for your company's Windows 2000 network. You have three domain controllers with Active Directory Services deployed. After one of the servers crashes, you decide that you must perform an authoritative restore on the system. You restore the entire directory and override the version increase. You then want to verify that the authoritative restore was successful by checking the version number increase on the directory. Which tool should you use? A. LDP B. Replmon C. Repadmin D. Ntdsutil Ans: C 104. You are the administrator of your company’s windows 2000 network. The network contains 10 windows 2000 server computers. You need to create a strict network security policy . You create a security template named Hisecsrvr.inf A. Schedule the secedit/analyze/DB config.sdb/CFG hisecsrvr.inf/quiet command and the secedit/configure /DB config.sdb /quiet command to run on each server. B. In the local security policy on each server, export the local policy settings to the Hisecsrvr.inf file. And then move the template to the %systemroot%\system32\secunty folder on each server. C. Schedule the poledit/analyze /DB config.sdb /CFG hisecsrvr.inf/quiet command and the poledit/configure /DB config.sdb /quiet command to run on each server. D. In the Local security Policy on each server,export the effective policy settings to the Hisecsrvr.inf file, and then move the template to the %systemroot%”\system32\security folder on each serve. Ans: A 105. You are the administrator of your company’s network. The network consists of a single DNS domain. A windows NT server 4.0 computer named server1 hosts the primary DNS zone for the domain. You install a new wndows 2000 server computer named server2 to function as the first domain controller in the network. Server2 contains a secondary zone for the domain. During the installation of active directory, you choose to manually update DNS so that it contains the Active directory resource records. You need to import these records from server2 into DNS. What should you do? A. Import the contents of the Netlogon.dns file to the standard primary zone file on server1, and then restart the DNS server service on both servers. B. Import the contents of the Netlogon.dns file to the standard secondary zone file on server2, and then restart the DNS server service on both servers. C. Import the contents of the root.dns file to the standard primary zone.file on Server1,and then restart the Net Logon service on Both servers. D. Import the contents of the Root dns file to the standard secondary zone file on Server2,and then restart the Net logon service on both servers. Ans: A 106. You are the administrator of your company’s windows 2000 network. The network consists of a single domain,which contains all company user and computer accounts. A new corporate policy states that no employees can have access to the network by means of connections. You discover that some employees have configured their windows 2000 computes as remote access servers. You want to ensure that employees cannot configure their computers to use Rouing and Remote Access. What should you do first? A. Configure the Default Domain Group Policy object (GPO) to disable the Routing and Remote access service. B. Create a remote access policy that allows only approved routing and remote access servers to establish connections. C. Configure the Default Domain Group Policy object (GPO) to proibit the configuration of connection sharing. D. Configure the default domain group policy object (GPO) to prohibit the connecting and disconnecting of a remote access connection. Ans: A 107. Your company’s network consists of two windows 2000 domains:contoso.com and newyork.contoso.com. The newyork.contoso.com domain contains three organizational units(Ous):Sales,Marketing,and Finance. You are a member of the Domain Admins group in newyork.contoso.com. An employee named Maria can reset passwords for the Finance OU. Maria will be moving to the Sales OU and no longer needs access to the Finance OU. A. In the Delegation of Control wizard. Specify that Maria cannot reset passwords for the domain controller to which Maria’s user account authenticates. B. Clear the Trust computer for delegation check box in the properties for the domain controller to which Maria’s user account authenticates. C. In the security properties of the Finance OU, remove Maria’s right to reset passwords. D. Copy Maria’s user account to sales OU.and then delete the account. Answer: C 108. You are the network administrator for Enchantment Lakes Corporation. Enchantment Lakes Corporation and Five Lakes Publishing are planning a merger. The planned Windows 2000 network configuration is shown in the exhibit below. You want to connect the fivelakespublishing.com domain to the enchantmentlakes.com DNS server. The fivelakespublishing.com domain uses an Active Directory integrated zone on its DNS server. Five Lakes Publishing will retain its domain structure after the merger is complete. You want to set up the enchantmentlakes.com DNS server to host the fivelakespublishing.com domain. What should you do? A. On Server1, create an Active Directory integrated zone named fivelakespubliching.com. Enable WINS lookup, and specify Server7 as the IP address for the WINS server B. On Server5, create a secondary zone named fivelakespublishing.com. Configure DNS zone transfers to allow Server1 to replicate data C. On Server5, configure DNS zone transfers to allow Server1 to replicate data. On Server1, create a secondary zone named fivelakespublishing.com. D. On Server1, create an Active Directory integrated zone named fivelakespublishing.com. Configure DNS zone transfers to allow Server5 to replicate data Ans: C 109. You are the network administrator for your company. You are deploying Windows 2000 Professional on your network by RIS. Your company has several departments. To expedite the deployment of Windows 2000 and other third party applications, you have created a group named Department Managers. You want to allow members of the Department Managers group access to create custom images and post them to the RIS servers for deployment. In addition, you want to allow members of the group to install client computers from the RIS server. What should you do? A. Grant the department managers group Read and Write permissions to the Remoteinstall folder. B. Grant the department managers group Read and Write permissions to the Oschooser folder. C. Grant the department managers group Full Control permissions to the RIPrep.exe. D. Grant the department managers group Full Control permissions to the SysPrep utility. E. Grant the department managers group Read and Write permissions to the admin folder. Ans: A 110. You are the network administrator of a Windows 2000 network. Your company has 3 locations in North America and 3 locations in Europe. Your network includes 6 sites as shown below: - The root of the forest is bluesskyairlines.com. - England, France and Italy sites are in the eur.blueskyairlines.com domain - NorthWestUS, CentralUS, and NorthEastUS sites are in the na.blueskyairlines.com domain The connection between the NorthEastUS site and the England site is unreliable. You want to configure replication between the NorthEastUS site and the England site. What should you do? A. Create an SMTP site link between the NorthEastUS site and the England site. B. Create an IP site link between the NorthEastUS site and the England site. C. Create an SMTP site link bridge between the NorthEastUS site and the England site. D. Create an IP site like bridge between the NorthEastUS site and the England site. Ans: A 111. You are the network administrator of a Windows 2000 network. Users in an Organizational Unit (OU) named PROCS need to have a drive mapped to a network location. These users log on from Windows 2000 Professional computers. You want to use a logon script named USERLOG.CMD to implement this drive mapping for all current and future users in the PROCS OU. What should you do? A. Copy USERLOG.CMD to the NETLOGON share on each domain controller in the domain. Select each user in the PROCS OU and set the logon script to USERLOG.CMD. B. Copy USERLOG.CMD to the SYSVOL share on each domain controller. Assign read permission to the file for all users in the PROCS OU. C. Create a Group Policy object (GPO) that enforces USERLOG.CMD as a logon script. Assign the GPO to the PROCS OU. D. Create a Group Policy object (GPO) that enforces USERLOG.CMD as a startup script. Assign the GPO to the PROCS OU. Ans: C 112. You are the administrator of a Windows 2000 network that has only one domain. You are configuring the network security settings for the domain's Windows 2000 Professional users. Your Sales team uses portable computers and Routing and Remote Access to connect to the company's network. Sales users need local Administrator rights to their computers so that they can run a third party application. You want to configure the computers to prevent the users from modifying their existing network connections. What should you do? A. On each portable computer, create only the permitted LAN and Remote and Routing Access connection. At the server, configure the Sales user accounts to permit connect to only the specific computers. B. Create a system policy to hide Network Neightborhood and disable registry editing tools. Apply this policty to all the Sales users. C. Create a Group Policy object (GPO) for the domain. Filter the GPO for the Sales users. Configure the GPO to deny the Sales users access to the properties of the LAN or Remote and Routing Access connection. D. Create a Group Policy object (GPO) for the domain controllers container. Filter the GPO for the Sales users. Configure the GPO to deny the sales users access to the Network Connection Wizard. Ans: C 113. Your are the network administrator of a Windows 2000 network. The network consists of 500 Windows 2000 Professional computers. You recently discovered that users of these computers have been using the same passwords since their accounts were created. You need to correct this problem to maintain security in the network. You create a Group Policy object (GPO) and filter it to the users. You want to configure the GPO to require users to create a different password periodically. Which two should you enable? A. Minimum password length B. User must log on to change the password C. Enforcement of password history D. Minimum password age E. Maximum password age Ans: C, E 114. You are the network administrator of a Windows 2000 domain. The domain has an Organizational Unit (OU) named Sales. All users in the Sales OU use an application named Planning. The Planning application is deployed by using a Group Policy object (GPO) named Planning App on the Sales OU. The Planning App GPO is configured to assign the Planning application to users by using a Microsoft Windows Installer Package for the application. The Planning application will be replaced by another application in the next month. You want to accomplish the following goals: - Users who have not yet installed the Planning application will be prevented from installing the application. - Users who have already installed the Planning application will be able to continue to use it. - If key application files are missing when the Planning application starts, the missing files will be reinstalled automatically. - If the vendor of the Planning App releases a software patch by using a Windows Installer package, you will be able to assign the patch to only the users who have already installed the application. You take the following actions: - Create a new software category named Optional Apps. - Configure the Planning App GPO to add the Planning application to the Optional Apps software category. - Configure the Planning App GPO to remove the Planning application, but select the option to allow users to continue to use the software. Which results do these actions produce? (Choose all that apply) A. Users who have not yet installed the Planning application will be prevented from installing the application. B. Users who have already installed the Planning application will be able to continue to use it. C. If key application files are missing when the Planning application starts, the missing files will be reinstalled automatically. D. If the vendor of the Planning App releases a software patch by using a Windows Installer package, you will be able to assign the patch to only the users who have already installed the application. Ans: A, B 115. You want to use RIS to deploy Windows 2000 Professional to your computers. You need to find out the GUIDs of the computers in your network. What should you do? A. Use Network Monitor to capture and view the DHCPDiscover packets. Then search for GUID. B. Use Network Monitor to capture and view the DHCPOffer packets. Then search for GUID. C. Use Network Monitor to capture and view the DNS query packets. Then search for GUID. Ans: A 116. You are administrator of a Windows 2000 network. You are configuring RIS to deploy Windows 2000 Professional on new client computers. New users report that when they attempt to install their computers, they are unable to get an IP address. What should you do? A. Authorize the DHCP server in the DHCP console. B. Configure each computer to boot from a remote installation boot disk. C. Create a reservation in DHCP for each client. D. Start the Boot Information Negotiation Layer (BINL) service on the RIS server. Ans: A 117. You are administrator of a Windows 2000 domain. The domain has an OU named North. You want to standardize the start menu for the users in the North OU. Some members of the Domain Admins group are in the North OU. Folders and shortcuts that form the standardized start menu are on the network at \\server2\menu. The Everyone group has Change permission on the menu share. You want to accomplish the following goals: - Each member of the domain admin group will have a separate start menu that the member can change. - All users in the North OU, except members of the Domain Admins Group, will use the \\server2\menu start menu. - Users who use \\server2\menu start menu will not be able to change the contents of the start menu. - Each user who is not a member in the North OU will have a separate start menu that the user can change. You take the following actions: - Create a new GPO named Menu. - Assign the Menu GPO to the NORTH OU. - Configure the Menu GPO to redirect the start menu folder for the Domain Users Group to \\server2\menu. - Change the permissions on the Menu GPO to deny Apply Group policy permission to the Domain Admins. Which results do these actions produce? (Choose all that apply) A. Each member of the Domain Admin Group will have a separate start menu that the member can change. B. All users in the North OU, except members of the Domain Admins Group, will use the \\server2\menu start menu. C. Users who use \\server2\menu start menu will not be able to change the contents of the start menu. D. Each user who is not an member in the North OU will have a seperate start menu that the user can change. Ans: A, B, D 118. You are administrator of a Windows 2000 domain. The domain has an OU named Trading. You define a logon script for all the users in the Trading OU. The logon script is located at \\server2\docs\tradescript.vbs. You want to use a GPO to assign the logon to the users in the Trading OU. What should you do? (Choose three) A. Create a new GPO named script and assign the script GPO to the Trading OU. B. Create a new GPO named script and assign the script GPO to the domain. Configure the permissions on the script GPO to grant READ permissions to all users in the Trading OU. C. Copy the tradescript.vbs file to the appropriate folder in Group Policy Template (GPT) of the script GPO. D. Copy the tradescript.vbs file to the folder that shared as netlogon script on the PDC emulator. E. For each user in the trading OU, set the logon script in the user profile to tradescript.vbs. F. Add tradescript.vbs as a logon script to the script GPO. A, C, F 119. You create an organizational unit (OU) structure for the blueskyairlines.com domain. You want to delegate administrative control of user objects on your Windows 2000 network. The User OU is a child of the Research OU. You create a group named Research User Admin that includes users who have permissions to create and manage the workstations in the Workstation OU. The Research User Admin group has Full Control permission on the Research OU. You want user accounts to be created only in the User OU. Which three actions should you take? (Choose three) A. Grant Full Control permission to the Research User Admin group on the User OU for computer objects. B. Remove the Research User Admin group from the Research OU ACL. C. Grant Create Contact objects permission on the User OU. D. Disable inheritance of permissions from the Research OU to the User OU. E. Deny Create User objects permission on the Research OU. F. Grant Read and Write permissions to the blueskyairlines.com domain. Ans: A, D, E 120. You are the administrator of a large Windows 2000 network. You have three domains named: adatum.com, us.adatum.com, eur.adatum.com Eric has recently been hired to assist you with network administration. You want him to be able to manage user accounts, back up servers, and configure services on all workstations and servers only in the eur.adatum.com. What should you do? A. Add Eric to the Enterprise Admins group and delegate control only at the adatum.com domain. B. Move Eric's user account to the Domain Controllers organizational unit (OU) in eur.adatum.com. C. Add Eric's user account to the Domain Admins group in eur.adatum.com D. Add Eric's user account to the Server Operators and Account Operators group in eur.adatum.com. Ans: C 121. You are the administrator of a Windows 2000 network named contoso.com. Your network is configured as shown in an exhibit. Your company plans to open a new office in Dallas. Members of your IT staff will be on-site in Dallas next week to install the new 10.1.3.0/24 network. You want to prepare the network in advance so that when the IT staff installs a new domain controller, it will automatically join the appropriate site. What should you do? A. Delete the Default-First-Site-Name object in Active Directory Sites and Services. B. Create a new subnet for the Dallas network. Create a new site and associate the new subnet with the new site. C. In the Domain Controller OU, create a computer account that has the name of the new domain controller. D. Use RIS to prestage the new domain controller. E. Copy the installation source files to the new domain controller. Create an unattended install file with an automated DCPromo.bat file. Ans: B 122. You are the administrator of a Windows 2000 network. Your network has one domain named parnellaerospace.com. The parnellaerospace.com domain supports 8,000 users at three locations. The network has three sites connected by T1 lines, as shown below: The West site has 2,500 users The East site has 3,000 users The Central site has 2,500 users Each site contains a global catalog server. The global catalog server in the West site is named LAX01-GC. The global catalog server in the Central site is named TUL01-GC. The global catalog server in the East site is named NYC01-GC. You want users located in the West site to query TUL01-GC if the West site global catalog server is offline. What should you do? A. Create a new subnet, assign it to the West site, and move TULO 1-GC to the West site. B. Configure the site link between the Central site and the West site to have a lower cost than the site link between the West site and the East site. C. Add a global catalog server to the Central site that has an IP address in the West site subnet. D. Configure TUL01-GC as a preferred bridgehead server. E. Set the query policy on LAXO 1-GC to the default query policy. Ans: B 123. You are the administrator of your company's network. The network consists of one Windows 2000 domain that has organizational units (OUs) as shown below: OU1 - all domain controllers OU2 and OU3 - resources for two separate office buildings OU4 and OU5 - Non-administrative users, groups, and computers OU6 - Administrative users, computers, and resources You are designing a domain-wide security policy. You want to accomplish the following goals: - The same password and account lockout policies will be applied to all users. - Different security settings will be applied to administrative and nonadministrative computers. - Strict audit policies will be enforced for only domain controllers and servers. - The number of Group Policy object (GPO) links will be minimized. You take the following actions: - Create a single GPO - Create one security template that has all required settings. - Import the security template into the GPO. - Link the GPO to the domain. Which results do these actions produce? (Choose all that apply) A. The same password and account lockout policies are applied to all users. B. Different security settings are applied to administrative and non-administrative computers. C. Strict audit policies are enforced for only domain controllers and servers. D. The number of GPO links is minimized. Ans: A, D 124. You are the administrator of a Windows 2000 domain. The domain has a Windows 2000 server computer named Central. Users in the domain frequently work on different Windows 2000 Professional desktop and portable computers. They use the Windows 2000 Professional portable computers to dial in to the network when they are traveling. All Windows 2000 Professional computers are in the domain. You want to accomplish the following goals: - All users in the domain will be able to work on all Windows 2000 Professional desktop and portable computers and have their own desktop settings available on all computers. - All users in the domain will be able to access their documents in the My Documents folder from any computer, including the portable computers when users dial in to the network. - When users dial in to the network, the logon and logoff times will not be delayed because of the transfer of the contents of the My Documents folder. What should you do? (Choose two) A. Configure a roaming profile for each user in the domain. Use \\Central\Profiles\%Username% as the profile path. B. Configure a home folder for each user in the domain. Use \\Central\Home\%Username% as the home folder path. C. Create a new Group Policy object (GPO) named Offdocs. Assign the Offdocs GPO to the domain. Configure the Offdocs GPO to prevent the use of the Offline Files folder. D. Create a new Group Policy object (GPO) named Redocs. Assign the Redocs GPO to the domain. Configure the Redocs GPO to redirect the My Documents folder to the \\Central\Docs\%Username% location. E. Create a new Group Policy object (GPO) named Async. Assign the Async GPO to the domain. Configure the Async GPO to apply Group Policy settings for users asynchronously when they log on. Ans: A, D 125. You are the administrator of a Windows 2000 network for Lucerne Real Estate. The network has 1,200 users. You are delegating part of the administration of the domain to three users. You delegate the authority to create and delete computer accounts to Carlos. You delegate the authority to change user account information to Julia. You delegate the ability to add client computers to the domain to Peter. You want to track the changes made to the directory by these three users. What should you do? A. Create a Group Policy object (GPO) for the domain controllers. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit directory services access and account management. B. Create a Group Policy object (GPO) for the domain. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit directory services access and audit object access. C. Create a Group Policy object (GPO) for the domain controllers. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit directory services access and audit object access. D. Create a Group Policy object (GPO) for the domain. Assign Read and Apply Group Policy permissions to only Carlos, Julia, and Peter. Configure the GPO to audit object access and process tracking. Ans: A 126. You want to implement a password policy for all users in an organizational unit (OU) named Sales in a Windows 2000 network. All the users in the Sales OU are in a group named Sales Users. You create a Group Policy object (GPO) named PassB to enforce a minimum password length of six characters. You assign the PassB GPO to the Sales OU. There are no other GPOs assigned that specify a minimum password length. However, the week after you assign the PassB GPO to the Sales OU, users from the Sales OU report that they can still change their passwords to consist of fewer than six characters. How should you correct this problem? A. Ensure that the Sales Users group has Read and Apply Group Policy permissions on the PassB GPO. B. Apply the PassB GPO to the domain instead of to the Sales OU. Filter the policy for the Sales Users group. C. For the Sales OU, block policy inheritance. D. For the Sales OU, enforce policy inheritance on the PassB GPO. 127. There are two domains named Treyresearch.com and na.Treyresearch.com. Blake's user account is in Treyresearch.com. Blake needs to use support documents located in na.Treyresearch.com. You create a global group named NASupport in na.Treyresearch.com. NASupport is a member of the domain local group named Support. Support has Read permission to the Support shared folder in the na.Treyresearch.com. Your network contains only Windows 2000 domain controllers. Domains are in native mode. You want to grant Blake Read permission to the Support shared folder. What should you do? A. Create a universal group in Treyresearch.com. Make Blake a member of this universal group. Add the universal group to NASupport. B. Create a new user account in na.Treyresearch.com. Use the same name and password that Blake uses for his user account in Treyresearch.com. C. Create a global group in Treyresearch.com. Make Blake a member of this global group. Add the global group to NASupport. D. Create a universal group in na.Treyresearch.com. Make Blake a member of this universal group. Add the universal group to the Support group. E. Create a new global group named Global Support in Treyresearch.com. Add Blake to the new global group. Add the Global Support group to the Support group. Ans: E 128. You are the network administrator of your company's Windows 2000 domain. Your company wants to deploy a custom application named Drawing. To configure the Drawing application, you need to get a custom policy setting in the HKCU\Software\Policies location in the registry for every user in the domain. What should you do? A. Create a GPO named Draw Settings. Assign the Draw Settings GPO to the domain. Configure the Draw Settings GPO to run a startup script that changes the application HKCU\Software\Policies in the registry. B. Create a GPO named Draw Settings. Assign the Draw Settings GPO to the domain. Configure the Draw Settings GPO to run a logon script that changes the application HKCU\Software\Policies in the registry. C. Create a GPO named Draw Settings. Assign the Draw Settings GPO to the domain. Create a new Administrative template that defines the custom policy setting. Add the new Administrative template to the Draw Settings GPO. Configure the Draw Settings GPO to set the appropriate policy. D. Create a registry file that has the .REG filename extension. Edit the registry file to change the appropriate HKCU\Software\Policies location in the registry. Ans: C 129. You are the administrator for Arbor Shoes. Administrative control of Active Directory has been delegated to several people in the company. You need to track changes made to the arborshoescom domain. To ensure accountability of the other administrators' actions, you want to monitor user and computer account creation and deletion. What should you do? A. Modify the default Group Policy object (GPO) on the arborshoes.com domain. Configure the local audit policy to audit account management and directory services access for success and failure. Monitor the security logs for activity on the domain controllers. B. Modify the default Group Policy object (GPO) on the Domain Controllers organizational unit (OU). Configure the local audit policy to audit account management and directory services access for success and failure. Monitor the security logs for activity on the domain controllers. C. Modify the default Group Policy object (GPO) on the Domain Controllers organizational unit (OU). Configure the local audit policy to audit account logon events and object access for success and failure. Monitor the security logs for activity on the domain controllers. D. Modify the default Group Policy object (GPO) on the arborshoes.com domain. Configure the local audit policy to audit account logon events and object access for success and failure. Monitor the security logs for activity on the domain controllers. Ans: B 130. You are the administrator of your company's network. Your event log shows that hackers are using brute force attacks to attempt to gain access to your network. You do not want user accounts to be easily accessible. You want to strengthen security to protect against brute force attacks. What should you do? (Choose two) A. Enable the "Users must log on to change the password" setting. B. Enable the "Store password using reversible encryption for all users in the domain" setting. C. Enable the "Password must meet complexity requirements" setting. D. Increase minimum password length. E. Increase minimum password age. Ans: C, D 131. You are the administrator of your company's network. The network is configured in a Windows 2000 domain as shown in an exhibit. You want to strengthen the security of communications between client computers andservers in the Reps organizational unit (OU). You do not want to decrease overall productivity of the domain. What should you do? A. Create one Group Policy object (GPO) in the Sales OU. Increase maximum service ticket lifetime in the GPO, and decrease maximum lifetime that a user ticket can be renewed in the GPO. B. Create one Group Policy object (GPO) in the Sales OU. Decrease maximum service ticket lifetime in the GPO, and decrease maximum lifetime that a user ticket can be renewed in the GPO. C. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum service ticket lifetime in the GPO, and increase maximum lifetime that a user ticket can be renewed in the GPO. D. Create one Group Policy object (GPO) in the Reps OU. Decrease maximum service ticket lifetime in the GPO, and decrease maximum lifetime that a user ticket can be renewed in the GPO. Ans: C 132. You are the administrator for a Windows 2000 network. Your network consists of one domain and two organizational units (OUs). The OUs are named Corporate and Accounting. A user recently reported that she was not able to log on to the domain. You investigate and find out that the user's account has been deleted. You have been auditing all objects in Active Directory since the domain was created, but you cannot find a record of the user account deletion. You want to find a record that identifies the person who deleted the account. What should you do? A. Search the security event logs on each domain controller for account management events. B. Search the security event logs on each domain controller for object access events. C. Search the Active Directory Users and Computers console on each domain controller for the user's previous account name. D. Search the Active Directory Users and Computers console on each domain controller for the user's computer account. Ans: A 133. You are the administrator of your company's network. You have been auditing security events on the network since it was installed. A user on your network named JOHN THORSON recently reported that he was no longer able to change his password. Because there have been no recent changes to account policies, you suspect that someone has been modifying the properties of user accounts in Active Directory. There are thousands of entries in the event logs, and you need to isolate and review the events pertaining to this problem in the least possible amount of time. What should you do? A. In the security log, create a filter for events matching the following criteria: Event source: Security Category: Account Management User: JTHORSON. B. In the directory service log, create a filter for events matching the following criteria: Event source: NTDS Security Category: Security. Search the remaining items for events referencing John Thorson's account. C. In the directory service log, create a filter for events matching the following criteria: Event source: NTDS Security Category: Global Catalog User: JTHORSON. D. In the security log, create a filter for events matching the following criteria: Event sourc