Free techeXams Microsoft 70-297 exam questions

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Favorites, Groups & Events

    Free techeXams Microsoft 70-297 exam questions - Presentation Transcript

    1. 70-297 (Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure) Document version: 9.30.06
    2. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Important Note, Please Read Carefully techeXams’ 70-297 Exam is a comprehensive compilation of questions and answers that have been developed by our team of certified professionals. In order to prepare for the actual exam, all you need is to study the content of this exam questions. An average of approximately 10 to 15 hours should be spent to study these exam questions and you will surely pass your exam. It’s our guarantee. Latest Version We are constantly reviewing our products. New material is added and old material is revised. Free updates are available for 90 days after the purchase. You should check your member zone at techeXams and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1. Go to http://www.techeXams.ws/ 2. Log in the User Center 3. The latest versions of all purchased products are downloadable from here. Just click the links. Feedback If you find any possible improvement, then please do let us know. We are always interested in improving the quality of this product. Feedback can be send at: customer.service@techeXams.ws Explanations This product does not include explanations for all questions at the moment. If you are interested in providing explanations for this exam, please contact customer.service@techeXams.ws. Copyright techeXams holds the copyright of this material. techeXams grants you a limited license to view and study this material, either for personal or commercial use. Unauthorized reproduction or distribution of this material, or any portion thereof, may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under law. Disclaimer Neither this guide nor any material in this guide is sponsored, endorsed or affiliated with any of the respective vendor. All trademarks are properties of their respective owners. 1 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    3. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Question: 1 Which of the following represents the outermost boundary for a single schema? A. A domain tree B. A domain forest C. A domain D. A domain controller Answer: B Question: 2 You are planning to add global catalog servers to your site. What is the recommended placement? A. You should place at least one global catalog server in each domain tree. B. You should place at least one global catalog server in each domain. C. You should place at least one global catalog server in each site. D. You should make each domain controller a global catalog server. Answer: C Question: 3 Which of the following resource record types is used to establish an alias for an existing host name? A. An A Record B. An ALIAS Record C. A CNAME Record D. An HINFO Record. Answer: C Question: 4 You want to enable Dynamic DNS for a specific zone and configure the server to allow only secure updates. What is required for you to do this? A. The zone must be a root zone. B. The zone must be Active Directory???¡ì?C-integrated. C. The zone must have an SRV record. 2 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    4. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure D. You cannot enable DDNS for a specific zone??only for an entire server. Answer: B Question: 5 In which of the four layers of the Internet protocol is the routing of packets between source and destination hosts handled? A. Application B. Transport C. Internet D. Link Answer: C Question: 6 Which of the following default subnet masks would be used on a computer with the IP address 157.54.4.201? A. 255.0.0.0 B. 255.255.0.0 C. 255.255.255.0 D. 255.255.255.255 Answer: B Question: 7 You want to ensure that all user credentials passed between remote clients and an Routing And Remote Access server are encrypted. Which of the following authentication methods could you use? A. PAP B. CHAP C. SPAP D. MS-CHAP Answer: B, C, D Question: 8 3 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    5. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Which of the following remote access protocols is the most common used by Routing and Remote Access and allows both dial-in and dial-out access? A. PPP B. SLIP C. RAS D. NetBIOS Gateway Answer: A Question: 9 What are the advantages of using Virtual Private Networking over traditional dialup remote access? A. The first advantage is that users not in the local calling area need not make long distance calls to connect to the Routing And Remote Access server. Second, using VPN connections dramatically reduces cost by reducing both the hardware needed to provide many simultaneous connections and the need to maintain as many phone circuits. Finally, VPN solutions typically offer higher-speed connections (using broadband Internet connections) at lower prices than conventional dial-up methods. Answer: A Question: 10 Aside from network connection issues, what are three complicating factors exhibited by an international company? A. Difference in languages, laws, export regulations, and tariffs are just a few of the issues an international company must contend with. Answer: A Question: 11 What is the difference between a branch and a subsidiary office? A. The essential difference between a branch and a subsidiary office is that the branch office is controlled by the company, while the subsidiary office (while owned by the company) is more autonomous and may follow its own policies. Answer: A 4 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    6. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Question: 12 You are preparing a geographic map for a company that has three locations within the same state. The link between two of the locations is a dedicated T1 line. The third location links to only one of the first two locations and that link is a 64Kb line. What geographical model would this fall into? A. The slow 64Kb link would make network design considerably more complex and would make this company a national model. If all locations connected via high-speed links, this company would likely be a regional model. Answer: A Question: 13 What types of information should you gather when inventorying a server? A. You should first gather information about the servers hardware, including the brand of the computer and the types and capacities of components such as the motherboard, memory, disk subsystem,and peripherals. You should also gather information on the operating system, installed services, and applications. Answer: A Question: 14 You are gathering information about the current domain model of a network running Windows 2000 and Active Directory. You have created a domain map that shows every domain and the trust relationships between those domains. What other documents should you prepare for each domain when assessing the current model? A. You should create a document for each domain that shows how the OUs are structured within the domain. You should also gather information about the objects and permissions assigned to each OU. You will also need to create a document for each domain that shows how sites are structured within the domain and the domain controller placement in those sites. Answer: A Question: 15 5 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    7. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Assuming that you were to restructure the current domain model when designing the new infrastructure (instead of upgrading everything in place), what additional challenges will you face because of the restructuring? A. You will have to recreate user profiles and passwords. You will most likely have to redesign system security policies. The implementation will take considerably longer and there will be more downtime for users. Answer: A Question: 16 A solution should be designed to meet the requirements of business and security. Meanwhile, a forest and domain structure should be designed to address the concerns of Contoso, Ltd., and to meet the business and technical requirements. You need to use the minimum number of domains and forests that are required. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. In the Certification Authority console, open the Revoked Certificates properties. Set the Delta Certificate Revocation List (CRL) publication interval to one hour. B. In the Certification Authority console, open the Revoked Certificates properties. Set the full Certificate Revocation List (CRL) publication interval to one hour. C. In the Certification Authority console, highlight Revoked Certificates, and then select the option to publish a full CRL after you revoke a certificate. D. Use two forests and four domains to meet the requirement. Answer: D Question: 17 A solution should be designed to meet the requirements of business and security. Meanwhile, you are designing the top-level organizational unit structure to meet the administrative requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Create a global distribution group in the forest root domain and name it Company Editors. B. Place all user and computer accounts that are assigned to the Coho Vineyard customer project in the Coho OU. C. Create a universal distribution group in the forest root domain and name it Company Editors. D. Create a top-level OU named Coho. E. Create a universal security group in the forest root domain and name it Company Editors. Answer: B, E 6 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    8. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Question: 18 A solution should be designed to meet the requirements of business and security. A security group strategy should also be designed to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Spend all day issuing certificates-and you would probably make a large number of mistakes. B. Creating global groups named G_Executives and one universal group named U_Executives. C. Making the two global groups members of U_Executives. D. Making the executive user accounts members of the appropriate global group. E. Use a software restriction policy to disable all unauthorized scripts. F. Define the permissions for each certificate template to ensure that only authorized users, computers, or group members can obtain certificates based on a certificate template. Answer: B, C, D Question: 19 A solution should be designed to The solution should meet the requirements of business and security.You are designing an Active Directory implementation strategy to present to executives from your company and from Contoso, Ltd. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Configure Automatic Updates on all computers to use the Microsoft Windows Update servers. B. Create a pristine forest. C. Upgrade the New York domain. D. Upgrade the Chicago domain. E. Create a pristine forest for Contoso, Ltd. Answer: B, C, D, E Question: 20 A solution should be designed to meet the requirements of business and security. You are designing the DNS infrastructure to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. support standardized command- line parameters to change the default installation behavior. B. Configure Automatic Updates on all computers to use SUS on Server1. 7 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    9. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure C. Before setting the replication scope to all DNS servers in the forest, create an Active Directory- integrated zone on DC5. D. Configure Server1 to maintain updates on the Microsoft Windows Update servers. E. Saves disk space by not backing up files that are replaced. F. Enables the user to define the path for the local log file. Answer: C Question: 21 A DNS implementation strategy should be designed for the network. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Run Microsoft Baseline Security Analyzer (MBSA) on one of the domain controllers and target all the domain controllers. B. Use reverse lookup zones or Active Directory-integrated zones to fulfill the requirements. C. Run Microsoft Baseline Security Analyzer (MBSA) on each domain controller with a copy of the MBSAScan.wsf file that you downloaded from the Microsoft Web site. D. Run Microsoft Baseline Security Analyzer (MBSA) on each domain controller with a copy of the Mssecure.cab file that you downloaded from the Microsoft Web site. Answer: B Question: 22 A solution should be designed to upgrade the DHCP servers after the new Active Directory structure is in place. Who can authorize the DHCP servers? Choose all that apply. A. IT support staff in Boston or Chief information officer B. IT support staff in New York or IT support staff in Boston C. Only Chief information officer D. Network administrator in Chicago E. Network administrator in New York Answer: C Question: 23 A solution should be designed for the placement of the global catalog servers. You??ve got an order to use the minimum number of global catalog servers that are required. What should you do to achieve the goal? Choose the correct answer or answers from the following. 8 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    10. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure A. Configure Server1 to redirect client computers to the Microsoft Windows Update servers. B. Place one global catalog server in Chicago, one global catalog server in New York, and one global catalog server in Boston. C. Configure Server to store only the locales that are needed. D. Download the updates, and then delete updates that are not approved for client computers. Answer: B Question: 24 An IP addressing strategy should be designed for your VPN solution. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Use 1 public IP address. B. Use 10 public IP addresses. C. Use 100 public IP addresses. D. Use 250 public IP addresses. Answer: A Question: 25 You are designing an Active Directory forest structure to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Create a single three domains?? forest. They are separately for finance, HR, and the remaining departments. B. Create a new file system security policy in the App1 Policy GPO that assigns default permissions to App1. C. Import the Setup security.inf security template into the App1 Policy GPO. D. Disable the App1 Policy GPO. Answer: A Question: 26 A WAN implementation strategy should be designed to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Apply a security template that enables the Microsoft network server: Digitally sign communications (always) setting. 9 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    11. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure B. Apply a security template that enables the Microsoft network server: Digitally sign communications (if client agrees) setting. C. The WAN implementation strategy should have the ability to configure a demand-dial router. D. Apply a security template that enables the Domain member: Digitally encrypt or sign secure channel data (always) setting. Answer: C Question: 27 A strategy should be designed to provide the required security for the Payroll server. Meanwhile, you need to identify the actions that you should perform to achieve this goal. What should you do to achieve the goal? Choose the correct answer or answers from the A. Create a universal group named Payroll. Add users from the movies department to this group. B. Create a universal group named Payroll. Add the Finance global group to this group. C. Create a global group named Finance. Add all Dallas users to this group. 10 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    12. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure D. Create a global group named Finance that contains only the appropriate Finance users. E. Create a domain local group and assign it permissions to the Payroll server. Add the Payroll universal group to this group. Answer: A, B, E Question: 28 A password management solution should be designed to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Apply security templates by using Group Policy setting. B. Configure the Default Domain Controller Policy to enforce password expiration settings. Delegate the password management controls to the Domain Users group. C. You can apply a security template to the file server computers that assigns the Deny access to this computer from the network right to the Contractors group. D. Apply the template to an individual system, or you can wait until the updated GPO is automatically applied. Answer: B Question: 29 A strategy should be designed to address the requirements of the advertising department. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Before linking it to the Advertising OU, create a Group Policy object. B. Configure an IPSec policy to require Authentication Headers (AHs) between the payroll client computers and Server. C. Configure an IPSec policy to require Encapsulating Security Payload (ESP) between the payroll client computers and Server. D. Configure Server to require Server Message Block (SMB) signing. Answer: A Question: 30 A NetBIOS name resolution strategy should be designed to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. 11 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    13. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure A. Assign the global group the Allow - Manage Documents permission for ColorPrinter1. Assign Melanie the Allow - Manage Printers permission for ColorPrinter1. B. Assign the global group the Allow - Print permission for ColorPrinter1. Create a local group on Server1. Add Melanie to the local group. Assign the local group the Allow - Manage Printers permission for ColorPrinter1. C. Configure the WINS servers to use push/pull replication with the WINS server in Los Angeles. Install one WINS server in each branch office. Configure all computers to have the IP address of the local WINS server. D. Add the global group to a local group on Server1. Assign the local group the Allow - Print permission for ColorPrinter1. Create another local group on Server1. Add Melanie to the second local group. Assign the second local group the Allow - Manage Documents permission for ColorPrinter1. Answer: C Question: 31 A DHCP strategy should be designed to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Install two DHCP servers in Los Angeles and two DHCP servers in each branch office. B. Use a Restricted Groups policy in a new Group Policy object (GPO) to ensure that the Power Users group on each client computer contains no members. C. Use a System Services policy in a new Group Policy object (GPO) to ensure that only Domain Admins can manage the Telnet service. D. Use an Administrative Template setting to prevent local users from starting the Services snap- in. Answer: A Question: 32 A DNS strategy should be designed to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Import the Messenger.inf security template into a Group Policy object (GPO), and link the GPO to the Servers OU. Configure Administrative Templates filtering in the GPO. B. Import the Messenger.inf security template into a Group Policy object (GPO), and link the GPO to the Servers OU. Configure a Windows Management Instrumentation (WMI) Filter for the GPO. 12 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    14. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure C. Configure a logon script in a Group Policy object (GPO), and link the GPO to the Servers OU. Configure the script to run the populate command if the Messenger service is started. D. Before creating Active Directory-integrated zones you should install the DNS Server service on all domain controllers. And then replicate the zones to all DNS servers in the domain. Answer: D Question: 33 The number of servers that will be used specifically for operations master roles should be identified by your solution. Which of the following could fulfill the solution? A. Recommend 5 servers. B. Recommend 11 servers. C. Recommend 14 servers. D. Recommend 17servers. E. Recommend 20 servers. Answer: B Question: 34 A strategy should be designed to provide Internet access to all users. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Apply a security template that disables the Network access: Allow anonymous SID/Name translation setting. B. Apply a security template that enables the Network access: Do not allow anonymous enumeration of SAM accounts setting. C. A routing and Remote Access NAT router could be configured. D. Apply a security template that sets the Domain controller: LDAP server signing requirements setting to require signing. Answer: C Question: 35 A strategy should be designed to migrate user accounts. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Create an external trust relationship and change the functional level. B. Use a universal security group in the litwareinc.com domain named Help Desk. C. Use a global security group in the litwareinc.com domain named Help Desk. 13 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    15. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure D. Use a global security group in the treyresearch.com domain named Help Desk. Answer: A Question: 36 A naming strategy should be designed for the new internal and external domains. Meanwhile, you need to identify the appropriate domain names for each domain. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Internal Windows Server 2003 domain: research.com B. Internal Windows Server 2003 domain: treyresearch.com C. External Windows Server 2003 domain: treyresearch.com D. External Windows Server 2003 domain: research.com Answer: A, B Question: 37 After the domain migration to the new environment is complete, you??Ve got an order to identify the features that will be available immediately. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Domain Computers OU: Disable the Allow users encrypt files using EFS option. B. Human Resources OU: Add Tom as the encrypted data recovery agent. C. Finance OU: Add Tom as the encrypted data recovery agent. D. Engineering OU: Add Andrew as the encrypted data recovery agent. E. Global, Universal, Domain local and Universal security group nesting. F. SID history attribute 14 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    16. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Answer: E, F Question: 38 A strategy should be designed for performing the migration of the internal network. Meanwhile, you need to identify the actions that should perform to achieve this goal. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Create a pristine forest B. Establish an external trust relationship C. Change the domain functional level D. Migrate computer accounts E. Migrate user accounts Answer: A, B, C, D, E Question: 39 You are designing the DNS name resolution strategy for the internal network. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Configure each wireless access point to forward RADIUS requests to a server running Internet Authentication Service (IAS). Configure the IAS server to use a connection request policy to forward the requests to the appropriate forest. 15 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    17. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure B. Configure each wireless access point to forward requests to an Internet Authentication Service (IAS) server in the contoso.com forest. Configure the IAS server in the contoso.com forest to use the Tunnel-Serve attribute. C. Use the Connection Manager Administration Kit (CMAK). Configure one connection profile for external users. Configure a second connection profile for employees. D. Disable root hints on the DNS server in Seattle. E. Configure the Seattle DNS server to use the Dallas DNS server as a forwarder. Answer: D, E Question: 40 A strategy should be designed to allow users to gain VPN access to the internal network. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Get the permission of all inbound VPN traffic to pass through the perimeter firewall only. B. Disable the default response rule in the Client (Respond Only) IPSec policy in the domain. C. Configure Server so that it uses the predefined IPSec policy named Server (Request Security). D. Configure the security options of the local computer policy on Server1 to always digitally sign communications. E. Configure the assigned IPSec policies on Server1 and in the domain to use certificate-based authentication. Answer: A Question: 41 A strategy should be designed to allow internal users in Dallas to resolve host names for servers in the external domain. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Configure the Dallas DNS server to forward all requests for the external namespace to the external DNS server. Create a stub zone for the external namespace on the Dallas DNS server. Configure the Dallas DNS server to use the default root hints. B. Customize security settings for infrastructure servers, such as DHCP servers, DNS servers, and domain controllers. C. Configure a Web server to serve content to the public Internet while minimizing the risk that the system will provide attackers with an entry point to the internal network. D. Configure the assigned IPSec policies on Server_One and in the domain to use certificate- based authentication. Answer: A 16 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    18. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Question: 42 An IP address assignment strategy should be designed for the VPN users. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Configure VPN1 to assign IP addresses by using a DHCP server. You can also configure VPN1 as a DHCP relay agent. B. On each server, run the secedit.exe /analyze command for the Verify.inf security template and save the results. C. On each server, run Microsoft Baseline Security Analyzer (MBSA) and save the results. D. On a domain controller, import the Verify.inf security template into Security Configuration and Analysis, and then start the Resultant Set of Policy Provider service. E. On a domain controller, import the Verify.inf security template into the Default Domain Policy Group Policy object (GPO), and then run the gpupdate command. Answer: A Question: 43 Now, the configuration of the external DNS server should be designed to meet the business and technical requirements. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Enable SSL on the external Web site by using a commercial digital certificate. B. Enable SSL on the intranet Web site by using an internal server certificate. C. On the external DNS server configure a root zone. D. Enable SSL on the external Web site by using an internal server certificate. Answer: C Question: 44 Currently, a strategy should be designed to ensure that VPN users are able to access all internal resources. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Make a strategy to implement Internet Authentication Service on VPN1. B. Use Encrypting File System (EFS) over Web Distributed Authoring and Versioning. C. Use PEAP-EAP-TLS. D. Use Encrypting File System (EFS) remote encryption. Answer: A 17 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    19. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Question: 45 Now, the DNS zones should be designed to support the Active Directory domain for Contoso, Ltd. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Add an enterprise root CA to the northwindtraders.com domain. Configure cross-certification between the northwindtraders.com domain and the boston.northwindtraders.com domain. B. Enable only authorized client computers to update DNS. Create ad.contoso.com as an Active Directory-integrated DNS zone. C. Add enterprise subordinate issuing CAs to the New York, Boston, and Seattle LANs. Configure qualified subordinations for each enterprise subordinate issuing CA. D. Add a stand-alone commercial issuing CA to only the northwindtraders.com domain. Configure cross-certification between the commercial CA and the boston.northwindtraders.com domain. Answer: B Question: 46 Currently, the Active Directory infrastructure should be designed for the new forest to meet the business and technical requirements. What should you do to achieve the goal? 18 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    20. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Answer: Question: 47 A client computer upgrade strategy should be designed for Contoso, Ltd. What should you do? A. Enable automatic certificate enrollment. B. Enforce smart card logons. C. Enable Encrypting File System (EFS) for offline files. D. Enable a screen saver password. E. Enabled a strategy to use the User State Migration Tool in order to migrate user settings. Answer: E Question: 48 ADNS name resolution strategy should be designed for the client computers in the customer service department. What should you do to achieve the goal? Choose the correct answer or answers from the following. A. Require the internal Web developers to use Telnet with Kerberos authentication. Require the consultants to use L2TP with IPSec. 19 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    21. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure B. Require the internal Web developers to use Encrypting File System (EFS) over Web Distributed Authoring and Versioning. Require the consultants to use Microsoft .NET Passport authentication with Security Level 0. C. Require the internal Web developers to use Web Distributed Authoring and Versioning over SSL. Require the consultants to use WebDAV over SSL. D. Require the internal Web developers to use L2TP with IPSec. Require the consultants to use Encrypting File System (EFS) over Web Distributed Authoring and Versioning. E. Install the Active Directory client on all computers in the customer service department and add a WINS lookup record to the DNS forward lookup zone. Answer: E Case Study #1, A. Datum Corporation Overview A. Datum Corporation is a company that provides technical classes at locations across North America. The company primarily offers instructor-led courses, on a Monday-through-Friday schedule. Physical Locations The company’s main office is located in Atlanta. The company has three branch offices in the following locations: o Chicago o Dallas o Seattle In Addition to the main office in Atlanta, there are also two satellite offices: Atlanta East and Atlanta West. There is no IT staff in the satellite offices Planned Changes The company has evolved into a single business unit from four separate technical schools in each of the cities where the company’s offices are currently located. The company recognizes that a cohesive administrative structure will better serve its employees and better secure critical resources. Recently, the company has begun to offer classes from Atlanta that are available online via the Internet. The company wants to begin offering online content from all offices, not just from Atlanta. Business Process Currently, the offices of A. Datum Corporation operate as four independent business units: Atlanta, Chicago, Dallas, and Seattle. The IT staff in each office functions independently. Network resource access is primarily localized to each office with the exception of the student records database and the current online courseware, which are hosted on servers in Atlanta only. 20 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    22. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure The student records database contains students’ personal data and their transcripts. Currently, the branch offices e-mail the students’ enrollment and transcript information to the Atlanta office for entry into the student records database. The admissions department enters personal student data and the registrar’s department enters grades. The student records database currently cannot be updated from any other location. The online course content is already developed and in use. Directory Services The servers are configured as shown in the Available Servers exhibit. The Atlanta office currently has a Windows 2000 Active Directory domain. The Chicago and Dallas branch offices are both running in workgroup configurations. Each office manages its own users and groups. Network Infrastructure The existing network is shown in the Existing Network Infrastructure exhibit. 21 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    23. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Wan connections between the Atlanta main office and Atlanta East can be unreliable. There are DHCP servers in Atlanta and the branch offices. All servers are Pentium III 550-MHz or greater processors with at least 512 MB of memory. All of the offices run various client operating systems, which include Windows 98, Windows NTWorkstation 4.0, Windows 2000 Professional, Windows XP Professional, and UNIX. The instructors run either Windows 2000 Professional or Windows XP Professional on their desktop computers at the office. UNIX instructors use a UNIX client computer to access thenetwork when working from home. Problem Statements The following business problems must be considered: The company recognizes that its biggest security vulnerability is the methodology that it uses to update the student records database in Atlanta. In the past, there have been problems with students gaining access to and altering their student records. There has been reason to suspect that courseware has been compromised because of weak passwords on instructors’ computers. Chief Executive Officer 22 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    24. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure I am pleased with the performance of our staff at A. Datum Corporation. However, I am concerned about protecting our intellectual property. Both our online curriculum and the student records database need protection. Our primary focus must be that no one outside of the organization can view or modify this information. Chief Information Officer We need to provide an adequate security structure for our network environment. It is important that we create a centralized network operations team. I am confident in the ability of our IT staff in Atlanta to take a load administrative role in our envisioned environment. The practice of sending student information through e-mail must stop. I think our strategy of a single, centralized student records database is valid. We need to make this database directory-aware so that users who have the responsibility for updating the student records will need only a single set of credentials to make the necessary changes. Additionally, instructors are not receiving updated teaching schedule information on a timely basis. The issue should be addressed by ensuring that our new scheduling program is installed on all instructor computers, including the computers that the instructors use when accessing our network remotely. Registrar, Atlanta Office I am concerned about the network changes. The good news is that they will tell me that I will need only one logon name. However, the other news I am hearing is not good. I am told that the password I use cannot be a word. How am I going to remember a password that is not a word? I have a hard time remembering passwords as it is. My other major concern is that I am being told that the instructors in each location will be able to enter grades. Recording grades should be my job exclusively. Business Drivers The following business requirements must be considered: For its Web site, A. Datum Corporation is using the registered domain name adatum.com. The company anticipates more focus on the online course offerings in the future. Organizational Goals The following organizational requirements must be considered: The student records database must be available to all offices from Atlanta during the hours of 9:00 A.M. to 8:00 P.M. Eastern Time, Monday through Friday. The online courseware must be available 24 hours a day, seven days a week. Security The following security requirements must be considered: 23 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    25. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure The student records database server must be secured to allow only those with the appropriate authorization to modify or add data. This authorized personnel includes both instructors and staff in each of the company’s offices. Instructors will require the necessary permissions to modify the content for the online courseware for which they are responsible. Instructors are required to make changes to the online courseware and post grades from the LAN only. Customer Requirements The following customer requirements must be considered: Remote access will be required for all instructors when they need to access their business offices from home. Some instructors will use UNIX client computers for remote access. Instructors will need the new scheduling application to be installed both on their office and home computers that are members of the domain, even is using a dial-up connection. Windows 98 is currently the operating system on the sales representatives’ computers. These computers will not be upgraded in the near future. However, the Active Directory client will be installed on these computers. There are sales representatives in all of the company’s offices. Web access to the online curriculum is required by the students enrolled in the online classes, and must be limited to enrolled students only. Active Directory The following Active Directory requirements must be considered: The goals of the new Active Directory structure are to provide a centralized method of service administration for supporting the administrative staff and provide secure access to student records. Administration of the Active Directory service will be in Atlanta. Resource administration will occur in Atlanta and the branch offices. Students must not have any permissions to any resource other than the online courses. Network Infrastructure The following infrastructure requirements must be considered: Because the company has a limited budget, it will need to continue working with the existing physical network. For updating student grades, authorized computers in the registrar’s office will require smart card support. The Atlanta, Chicago, Dallas, and Seattle offices will each host DNS sub domains to support the online courseware. The amount of DNS zone transfer or replication must be minimized. Unauthorized updates of DNS records must be prevented. All computers, including client computers, must have host (A) resource records in DNS. UNIX instructors require of pointer (PTR) several support resourcefor applications used from their home computers. 24 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    26. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Network traffic needs to be minimized across the WAN links. . Remote access policies for Atlanta, Chicago, Dallas, and Seattle should be centralized. Questions, Case Study #1 A. Datum Corporation Question: 1. You are designing the new forest structure and migration strategy to meet the business and technical requirements. What should you do? To answer, move the appropriate actions from the list of actions to the answer area, and arrange them in the appropriate order. (Use only actions that apply) Answer: 25 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    27. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Explanation: The correct order of operations would be to 1 Upgrade the Atlanta Domain, 2 Restructure the Atlanta Domain, 3 Use ADMT to migrate accounts. The Atlanta is currently a Windows 2000 domain, so it must be upgraded; this is a Server 2003 environment, after all. It must be restructured to include OUs for the branch offices including Seattle. Finally, since Seattle will not be a separate Domain, the objects must be migrated to the new domain using ADMT. Question: 2. You are designing a DNS strategy to meet the business and technical requirements. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two) A. Create a dynamic reverse lookup zone for each subnet. B. Create a dynamic forward lookup for each domain. C. Install caching-only DNS servers in the branch offices. D. Enable the BIND secondaries option for each DNS server. Answer: A, B Explanation: The scenario states: “UNIX instructors require support of pointer (PTR) resource records for several applications used from their home computers.” It also says: “The company anticipates more focus on the online course offerings in the future.” A reverse lookup zone is a database which stores a mapping of IP address to friendly DNS domain names. In DNS Manager, reverse lookup zones are based on the in-addr.arpa domain name and typically hold pointer (PTR) resource records.. A forward lookup zone is a name-to-address database that helps computers translate DNS names into IP addresses and provides information about available resources. Incorrect Options: C: Caching-only servers do not host any zones and are not authoritative for any particular domain. D: Windows DNS zone files can contain RRs that can cause problems for BIND secondaries. These records include those that use an underscore in the host or domain name and the WINS and WINS-R records. On some versions of BIND, notably BIND 8.0, the presence of these records can cause the zone to fail to load. Reference: James Chellis, Paul Robichaux, and Matthew Sheltz; MCSA/MCSE: Windows ® Server 2003 Network Infrastructure Implementation, Management, and Maintenance Study Guide, Sybex, Glossary, pp. 26 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    28. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure 470 and 477, J. C. Mackin, and Ian McLean; MCSA/MCSE self-paced training kit (exam 70-291): implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure, Chapter 4, pp. 4-31. Martin Grasdal, Laura E. Hunter, and Michael Cross; MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide & DVD Training System, Chapter 6, pp. 396. Question: 3. You are designing the Group Policy settings to meet the business and technical requirements. You are reviewing a possible logical structure for the company as shown in the diagram in the work area. The Domain Controllers OU and the Seattle OU are created at the domain level. The Instructor OU and Student OU are children of the Seattle OU. The diagram does not cover all organizational requirements. Based on this diagram, how should you design the Group Policy settings? To answer, drag the appropriate Group Policy object (GPO) option or options to the correct location or locations in the work area. Work Area Password Complexity Option Account Lockout Option Scheduling Program Option Student OU Instructor OU Password Complexity Option Password Complexity Option 27 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    29. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Select from these Account Lockout Option Scheduling Program Option Password Complexity Option Answer: Work Area Password Complexity Option Password Complexity Option Account Lockout Option Account Lockout Option Explanation: Account Lockout threshold and Password Requirements are both Account Policies and must be placed at the domain level. "The account policy must be defined in the Default Domain Policy or in a new policy that is linked to the root of the domain and given precedence over the Default Domain Policy, which is enforced by the domain controllers that make up the domain." http://www.microsoft.com/technet/security/guidance/secmod49.mspx#EQAA The case states: "Instructors will need the new scheduling application to be installed both on their office and home computers that are members of the domain." This tells us that the scheduling program must be assigned to "their" computers not all computers that they use or login into. "Their" computers would be members of the domain and would beplaced into "Instructor OU" within the domain. Question 6 also verifies this. 28 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    30. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Question: 4. You need to ensure that only authorized personnel are able to modify student grades. Which desktop environment or environments should you use? (Choose all that apply) A. Windows XP Professional B. Windows 2000 Professional C. Windows 98 with Active Directory client installed D. Windows NT Workstation 4.0 with the latest service pack and Active Directory client installed Answer: A, B Explanation: In order for authentication to occur from a centralized point, you need to apply group policies. The desktop environments that support these features are, Windows XP Professional and Windows 2000 Professional. Incorrect Options: C and D: These desktop environments do not support group policies. Reference: Walter Glenn, and Michael T. Simpson; MCSE 70-297 Training Kit - Designing a Windows server 2003 Active Directory and Network Infrastructure, Chapter 4, pp. 4-38 to 4-39. Question: 5. You need to ensure that the sales representatives are provided with adequate NetBIOS name resolution. What should you do? A. Install WINS on the PDC emulator. B. Install WINS on servers in Atlanta and Seattle. C. Enable WINS lookup on the DNS server in Atlanta. D. Enable WINS on one domain controller in each office. Answer: D Explanation: As the sales representatives are currently using Windows 98 computers, they need NetBIOS name resolution which is provided for by WINS. In the scenario they also say that there are sales 29 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    31. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure representatives in all offices, which means domain controllers in each office has to be WINS enabled, because they control all activities on the domain. Reference: J. C. Mackin, and Ian McLean; MCSA/MCSE self-paced training kit (exam 70-291): implementing,managing, and maintaining a Microsoft Windows Server 2003 network infrastructure, Chapter 4, pp. 4-7 to4-6.Elias N. Khnaser, Susan Snedak, Chris Peiris, and Rob Amini; MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapter 2. Question: 6. You are designing a strategy to install the new scheduling application. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two) A. Assign the scheduling application package to the Instructor OU. B. Publish the scheduling application package to the Instructor OU. C. Ensure that the scheduling application can install across slow WAN links. D. Prevent the scheduling application from installing across slow WAN links. Answer: A, C Explanation: The scenario states: “Additionally, instructors are not receiving updated teaching schedule information a timely basis. The issue should be addressed by ensuring that our new scheduling program is installed on all instructor computers, including the computers that the instructors use when accessing our network remotely.” All instructor computers form part of the Instructor OU, so by assigning the application to this OU ensures that the package will be installed with minimum administrative effort. The need for ensuring that the scheduling application can install across slow WAN linksis due to the network having connections with different speeds. Question: 7. You are designing a VPN authentication strategy to meet the business and technicalrequirements.What should you do? A. Implement the RADIUS service in Atlanta. B. Implement the RADIUS service in each branch office. C. Configure network address translation (NAT) on all VPN servers. D. Configure the Connection Manager Administration Kit (CMAK) on the PDC. 30 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    32. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Explanation: Answer: A Remote Authentication Dial-In User Service (RADIUS) is a widely used protocol that enables centralized accounting, authentication, and authorization for remote network access. With RADIUS, you can manage network access for VPN, dial-up, and wireless networks. Since the online course content is already developed and in use in the Atlanta office, which is also the main office, it is viable to implement RADIUS there. Incorrect Options: B: The online course content is already developed and in use in the Atlanta office. C: Network Address Translation (NAT) is a technology that enables a local-area net-work (LAN) to use one set of Internet Protocol (IP) addresses for internal traffic and a second set of addresses for external traffic. D: This is used to Automate VPN client installation. Reference: Elias N. Khnaser, Susan Snedak, Chris Peiris, and Rob Amini; MCSE Designing Security for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapter 10 Roberta Bragg; MCSE Self-Paced Training Kit (Exam 70-298): Designing Security for a Microsoft Windows Server 2003 Network, Chapter 7, pp. 7-62. Question: 8. You are designing a DHCP strategy for the new Active Directory environment. Which two groups have the necessary rights to authorize the DHCP servers? (Each correct answer presents part of the solution. Choose two) A. IT staff in Atlanta B. IT staff in Seattle C. DHCP administrators in all offices D. DHCP administrators in Atlanta only E. Members of the Enterprise Admins group Answer: A, E Explanation: This question is about DHCP Authorization. Only Enterprise Admins have the ability to authorize DHCP servers. An administrator in the Root Domain of the Forest would simultaneously be amember of the Enterprise Admins Group. The fact that they are going to have full administrativeprivilege for the domain, as well as being admins in the root domain, makes them EnterpriseAdmins. According 31 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    33. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure to the scenario, the Atlanta office will deal with the administration of activedirectory. Therefore the IT staff in Atlanta is the correct answer, and “B” is incorrect.. Incorrect Options: C and D: DHCP Administrator is a built-in group in AD that does not have the ability to authorize DHCP. Reference: Deborah Littlejohn Shinder, Dr. Thomas W. Shinder; Exam 70-290: MCSA/MCSE, Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training System, Syngress Publishing, Inc., Chapter 3, pp. 257. Question: 9. You are designing the placement of operations master roles in the new environment. In which location or locations should a PDC emulator be designated? (Choose all that apply) A. Atlanta B. Chicago C. Dallas D. Seattle Answer: A Explanation: Seeing that the Atlanta office is responsible for the administration of Active Directory, it must be where the Forrest Root domain is located. So if this is true, then the PDC Emulator should be designated to them. The Primary Domain Controller (PDC) is the first domian controller created in the domain, while all other domain controllers are considered backup domain controllers (BDCs). Therefore, B, C and D are incorrect. Reference: Deborah Littlejohn Shinder, Dr. Thomas W. Shinder; Exam 70-290: MCSA/MCSE, Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training System, Syngress Publishing, Inc, Chapter 1, pp. 19. 32 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    34. 70-297: Designing a MS Windows Server 2003 Active Directory and Network Infrastructure Question: 10. You are designing a DNS and DHCP implementation strategy to support the new environment. What should you do? A. Create a WINS resource record in the Active Directory DNS zone. 70-297 Demo Exam B. Create a WINS referral zone in the DNS zone that supports Active Directory. C. Configure a DNS domain name on the DHCP server. D. Configure the DHCP server to update DNS for DHCP clients that do not support dynamic updates. Answer: D Explanation: One of the dynamic update settings you can configure on the DNS tab of the DHCP server properties dialog box determines whether the DHCP server should provide dynamic DNS update service on behalf of DHCP clients not capable of performing dynamic updates, such as computers running Microsoft Windows NT 4. By default, Windows Server 2003 DHCP servers do not attempt to perform dynamic updates on behalf of these clients. Incorrect Options: A: The WINS resource record instructs the DNS service to use WINS to look up and forward queries for host names not found in the zone database. B: You should configure a WINS referral zone to provide a means of organizing and distinguishing between WINS and DNS records. C: An option that specifies the domain name that DHCP clients should use when resolving unqualified names during DNS domain name resolution. This option also allows clients to perform dynamic DNS updates. Reference: J. C. Mackin, and Ian McLean; MCSA/MCSE self-paced training kit (exam 70-291): implementing,managing, and maintaining a Microsoft Windows Server 2003 network infrastructure, Chapter 7, pp. 7-13 and 7-41. Walter Glenn, and Michael T. Simpson; MCSE 70-297 Training Kit - Designing a Windows server 2003 Active Directory and Network Infrastructure, Chapter 6, pp. 6-14. Martin Grasdal, Laura E. Hunter, and Michael Cross; MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide & DVD Training System, Chapter 6, pp. 403. Get complete 70-297 exam questions and answers by visiting URL “http://www.techexams.ws/exams/70-297.do” 33 © Copyright www.techeXams.ws 2008 Practice Exams, Printable, Audio Trainings, Study Guides
    SlideShare Zeitgeist 2009

    + techeXamstecheXams Nominate

    custom

    539 views, 0 favs, 0 embeds more stats

    Get free 70-297 exam questions and answers for 70-2 more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 539
      • 539 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 9
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.