21certify.com Managing and Maintaining a Microsoft Windows

Server 2003 Environment for a W2K MCSA

070-292
Version 9.0


Important Note:

Please Read CarefullyThis 21certify Exam has been carefully written and compiled by 21certify Exams experts. It is
designed to help you learn the concepts behind the questions rather than be a strict memorization tool.
Repeated readings will increase your comprehension.

We continually add to and update our 21certify Exams with new questions, so check that you have the
latest version of this 21certify Exam right before you take your exam.

For security purposes, each PDF file is encrypted with a unique serial number associated with your
21certify Exams account information. In accordance with International Copyright Law, 21certify
Exams reserves the right to take legal action against you should we find copies of this PDF file has
been distributed to other parties.

Please tell us what you think of this 21certify Exam. We appreciate both positive and critical
comments as your feedback helps us improve future versions.

We thank you for buying our 21certify Exams and look forward to supplying you with all your
Certification training needs.

Good studying!

21certify Exams Technical and Support Team

070-292
3



Q. 2
070-292
421certify.com

You are a network administrator for Fabrikam, Inc. A company named 21certify GmBh., recently
acquired Fabrikam, Inc., and another company named Proseware, Inc. Your team is responsible for
establishing connectivity between the companies.

Each of the three companies has its own Active Directory forest. The relevant portion of the network is
shown in the exhibit.
***MISSING***

21certify1, 21certify3, and 21certify5 runs Windows Server 2003. Each of these servers is the DNS
server for its respective domain. All three servers can currently resolve Internet host names. 21certify3 is
configured as a secondary zone server for fabrikam.com and proseware.com.

You need to configure 21certify5 to resolve host names for 21certify.com and proseware.com as quickly
as
possible, without adding new zones to 21certify5.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two) A. Forward requests for 21certify.com to 131.107.1.2.
B. Forward requests for 21certify.com to 131.107.3.2.
C. Forward requests for 21certify.com to 131.107.10.2.

Answer: B

Q. 4 You are the network administrator for 21certify. The network contains Windows Server 2003
computers and Windows XP Professional computers. You are configuring Automatic Update on the
servers.
The written company network security policy states that all updates must be reviewed and approved
before they are installed. All updates are received from the Microsoft Windows Update servers.
You want to automate the updates as much as possible.
What should you do?
To answer, configure the appropriate option or options in the dialog box.

070-292
621certify.com
Answer: Check "Keep my computer...", and click "Download..."

Q. 5 You are the network administrator for 21certify. The network consists of a single Active Directory
domain 21certify.com. The domain contains 35 Windows Server 2003 computers; 3,000 Windows XP
Professional computers; 2,200 Windows 2000 Professional computers.
The written company security policy states that all computers in the domain must be examined, with the
following goals:
. • To find out whether all available security updates are present.
. • To find out whether shared folders are present.
. • To record the file system type on each hard disk.
You need to provide this security assessment of every computer and verify that the requirements of the

"Set the intranet stat.."

Q. 7 You are the regional network administrator for the Boston branch office of 21certify's network. The
company network consists of a single Active Directory domain 21certify.com. All computers in the
Boston office run Windows XP Professional.
The domain contains an organizational unit (OU) named BostonClientsOU, which contains all the
computer objects for the Boston office. A Group Policy object (GPO) named BClientsGPO is linked
to BostonClientsOU. You have been granted the right to modify the GPO.
BClientsGPO contains a software restriction policy that prevents the execution of any file that has
a .vbs file extension. All other applications are allowed to run.
You want to use a script file named maintenance.vbs, which you will schedule to run every night on
the computers in the Boston office. The maintenance.vbs file is located in the Scripts shared folder on
a server named 21certifySrvC. The contents of maintenance.vbs will frequently change based on the
maintenance tasks you want to perform.
You need to modify the software restriction policy to prevent unauthorized .vbs scripts from running on
the computers in the Boston office, while allowing maintenance.vbs to run. You want to ensure that no
other applications are affected by your solution. You want to implement a solution that you can
configure once, without requiring additional administration in the future, when maintenance.vbs changes.
What should you do?

070-292
821certify.com

A. Obtain a digital certificate.
Create a new certificate rule.
Set the security level of the rule to Unrestricted.
Digitally sign maintenance.vbs.

What should you do?

A. Synchronize the updates with an SUS server at another office.
B. Select only the locales that are needed.
C. Configure Background Intelligent Transfer Service (BITS) to limit file transfer size to 9 MB.
D. Configure Background Intelligent Transfer Service (BITS) to delete incomplete jobs after 20
minutes.

Answer: C

Q. 9 You are the file server administrator for 21certify. The company network consists of a single
Active Directory domain named 21certify.com. The domain contains 12 Windows Server 2003
computers and 1,500 Windows XP Professional computers.
You manage three servers named 21certify1, 21certify2, and 21certify3. You need to update the driver
for the network adapater that is installed in Serve1.
You log on to 21certify1 by using a nonadministrative domain user account named King. You open the
Computer Management console. When you select Device Manager, you receive the following error
message: “You do not have sufficient security privileges to uninstall devices or to change device
properties or device drivers”.
You need to be able to run the Computer Management console by using the local administrator account.
The local administrator account on 21certify1, 21certify2, and 21certify3 has been renamed Tess. Tess’s
password is kY74X.
In Control Panel, you open Administrative Tools. You right-click the Computer Management shortcut
and click Run ass on the shortcut menu.
What should you do next? 070-292
10


What are two possible ways to accomplish this goal? (Each correct answer presents a complete
solution.
070-292
1121certify.com

Choose two) A. Enable offline files for the confidential files that are stored on 21certify1, and select the Encrypt
offline files to secure data check box on the client computers of the users who need to access the
files.
B. Use IPSec encryption between 21certify1 and the client computers of the users who need to
access the confidential files.
C. Use Server Message Block (SMB) signing between 21certify1 and the client computers of the
users who need to access the confidential files.
D. Disable all LM and NTLM authentication methods on 21certify1.
E. Use IIS to publish the confidential files.
Enable SSL on the IIS server.
Open the files as a Web folder. Answer: B, C

Q. 11 You are the network administrator in the New York office of 21certify. The company network
consists of a single Active Directory domain 21certify.com. The New York office currently contains one
Windows Server 2003 file server named 21certify
A.


Q. 12 You are the network administrator for 21certify. The network consists of a single Active Directory
domain named 21certify.com. The network contains Windows Server 2003 member servers, Windows
Server 2003 domain controllers, and Windows XP Professional computers. The relevant portion of the
Active Directory structure is in the work area below.
The written company security policy allows users to use Encryption File System (EFS) on only
portable computers. The network security administrator creates a separate domain account as the data
recover agent (DRA). The Default Domain Policy contains the Internet Explorer security settings that
are required on all computers in the domain.
Users are currently able to use EFS on any computer that will support EFS.
You need to configure Group Policy to ensure compliance with the company security policy. You want
to link the minimum number of GPOs to accomplish this goal. All other domain GPOs must remain.
How should you configure Group Policy to ensure that users can use EFS on only portable computers?
To answer, drag the appropriate Group Policy setting or settings to the correct organizational unit (OU)
or OUs. Answer:
070-292
1321certify.com
Q. 13 You are a network administrator for 21certify. The network consists of a single Active Directory
domain named 21certify.com. The domain contains Windows Server 2003 domain controllers, Windows
Server 2003 member servers, and Windows XP Professional computers.
All company network administrators need to have the remote administrative tools available on any


21certifySrvA and 21certifySrvB are registered in 21certify.com. All other computers are registered in
corp.21certify.com.
You create reverse lookup zones for all subnets.
The corp.21certify.com domain contains a Windows NT Server 4.0 file and print server named Server5.
You change the static IP address for 21certifySrvE.

You need to ensure that this change is reflected in DNS.
Which two resource records should you modify? (Each correct answer presents part of the solution.
Choose two) A. The pointer (PTR) record in the corp.21certify.com zone.
B. The host (A) record in the corp.21certify.com zone.
C. The alias (CNAME) record in the corp.21certify.com zone.
D. The pointer (PTR) record in the stub zone.
E. The host (A) record in the stub zone.
F. The alias (CNAME) record in the stub zone.

Answer: A, C

Q. 15 You are the network administrator for the Tokyo office of 21certify. The company network
consists of a single Active Directory domain 21certify.com. The network in your office contains 20
Windows XP Professional computers.
The domain contains an organizational unit (OU) named TokyoOU, which contains all the computer
objects for your office. You have been granted the right to create and link Group Policy objects (GPOs)
on the TokyoOU.
070-292
15



F. Create a new Internet zone rule.
Set the security level on the rule to Restricted.
Set the Internet zone to Local computer. Answer: B, D

Q. 16 You are the network administrator for Test King. The network consists of a single Active
Directory domain named 21certify.com. The domain contains Windows Server 2003 computers and
Windows XP Professional computers.
The Default Domain Policy has been modified by importing a security template file, which
contain several security settings.
A server named 21certify1 cannot run a program that us functioning on other similarly configured
servers. You need to find out whether additional security settings have been added to the local
security policy on 21certify1.
To troubleshoot, you want to use a tool to compare the current security settings on 21certify1 against the
security template file in order to automatically identify any settings that might have been added to the
local security policy.
070-292
1621certify.com

Which tool should you run on 21certify1?

A. Microsoft Baseline Security Analyzer (MBSA)
B. Security Configuration and Analysis console
C. gpresult.exe

in conjunction with removable backup medi
A. Data is backed up in a file named Backup1.bkf.
One Monday morning, you install a new application on a domain controller named
21CERTIFYDC1. When you restart 21CERTIFYDC1, you receive the following error:
“NTLDR is missing. Pres any key to restart.”
You need to bring 21CERTIFYDC1 back online as quickly as possible.
What should you do?

A. Restart 21CERTIFYDC1 by using the installation CD-ROM. Reinstall the operating system and
restore the contents of the latest full backup by using the Restore wizard. Restart
21CERTIFYDC1.