70-210 Installing, Configuring, and Administering Microsoft Windows 2000 Professional

11. Your Windows 2000 Professional computer is configured to support two monitors. You install a DOSbased application on your computer. The application uses the Windows 2000 Professional default settings Autoexec.nt and Config.nt.

Your primary and secondary video adapters are both set to 16-bit color, 1024x 768 resolutions, and default refresh rates. You create a shortcut for the DOS-application on the secondary monitor and use the default PIF settings.

You attempt to run the DOS-based application on the primary monitor. The application opens, but the display area is scrambled. You then attempt to run the DOS-based application on the secondary monitor. The application does not open. Both monitors function correctly when you run Windows-based applications.

What should you do?

A. Change the color setting for both video adapters to 256 colors. Reconfigure the shortcut properties to run the DOS-based application in full-screen mode.
B. Change the refresh rate setting to optimal for both video adapters. Reconfigure the PIF settings for the DOS-based application to start in the window.
C. Change the drivers for the secondary video adapter from WDM-compliant drivers to DOS drivers. Reconfigure the PIF settings to run the DOS-based application in full-screen mode.
D. Update the drivers for the primary video adapter. Change the secondary video adapter to use 640 x 480 resolution and 256 colors.

Answer: A

Explanation: Some legacy DOS applications can only run in 256 color mode. We should therefore set the video adapter to 256 colors. Furthermore, if a DOS application fails to display on a secondary monitor, one possible solution would be to set the DOS application to run in full-screen mode.

Incorrect answers:
B: The video adapter’s refresh rate defines the number of times that the screen must be rewritten per second. This has no bearing on the DOS application because the display would be faulty for Windows based programs as well if the video adapter does not support the specified refresh rate. Changing the refresh rate will thus not solve the problem.
C: Windows 2000 works with WDM-compliant drivers. Replacing the WDM-compliant drivers with DOS drivers could affect the performance of the entire Windows 2000 operating system and could thus make matters worse.
D: The drivers on the primary video adapter are working since there is no display problem in Windows based programs. There is thus no need to replace the video adapter’s drivers.

12. You are the administrator of the corp.arborshoes.com domain. Users in the domain run Windows 2000 Professional on their desktop computers.

A user named Katrin in the Sales organizational unit reports that her mouse is not working correctly. You logon to the domain from Katrin’s computer by using a domain administrative account. You use Device Manager to display current information for the mouse drivers. You discover that Katrin’s computer is using an older version of the mouse driver. You have a current driver by the manufacturer of mouse. You install the current driver by the usage of Device Manager and restart the computer.

You test the mouse and it is still not functioning correctly. You check the problem and see that previous driver is still installed. You want to be able to install the correct mouse driver. What should you do?

A. Set the Sales OU policy for security to warn and allow the installation to override the local security defaults.
B. Set the domain policy for security to block but allow the installation to override local and Sales OU security defaults.
C. Set the local computer policy for security on Katrin’s computer to warn but allow the installation to override the domain and the Sales OU security defaults.
D. Disable, plug and play on Katrin’s computer. Restart the computer and manually setup the system resources for the mouse.

Answer: A

Explanation: Setting the OU security policy to warn will allow Katrin to install the mouse driver. The OU policy will override any security policy that has been set at local, site and domain level. The policy hierarchy from lowest is local, site, domain, OU. The OU policies override local, site and domain policies.

Incorrect answers:
B: Setting the security policy at the domain level to block will not solve the problem as there is an existing policy which blocks the installation of the drivers. This policy setting must be overridden. This can be done by setting the policy at the highest, i.e., OU, level. C: Local computer policies cannot override the domain or the Sales OU security defaults. Therefore the policy that is blocking the installation of the drivers will remain in effect. This will thus not solve the problem. D: The installation of the mouse drivers is being blocked by a security policy. Disabling plug and play will not change the security policy in Windows and will not permit the installation of the drivers. By disabling plug and play, we would be required to make available the system resources that the mouse would use, however, the policy that is blocking the installation of the mouse driver will still prevent the drivers from being installed.

13. You are administering a Windows 2000 Professional, single Pentium II 400Mhz processor computer. You need to install a new accounting software application. The software manufacturer recommends that you use a dual-processor configuration. First, you install a second identical processor in your computer. You need to ensure that you will be able to install the new software. What should you do next?

A. Update the HAL to support multiple processors.
B. In Device Manager, disable the direct memory access controller.
C. Use the Add/Remove Hardware Wizard to detect and install the driver for the new processor.
D. Reinstall Windows 2000 Professional to support a multi-processor configuration.

Answer: A

Explanation: The Hardware Abstraction Layer (HAL) must be updated using the Device Manager to support multiple processors. To update the HAL open the System applet in the Control Panel, expand Computer, rightclick Advanced Configuration and Power Interface (ACPI) PC (or similar), select Properties, select Driver Tab, then select Update Driver. The Update Device Driver Wizard starts and can be used to update the HAL.

Incorrect answers:
B: Disabling the direct memory access controller will not help to support the second processor. It will likely make the computer run slower.
C: The HAL cannot be updated through the Add/Remove Hardware Wizard, as it already exists on the computer. The Add/Remove Hardware Wizard is used to add new hardware or to remove existing hardware. It is not used to update drivers. Device Manager is used to update the HAL.
D: It is not necessary to reinstall Windows 2000. Instead the Device Manager can be used to update the HAL.

14. Your Windows 2000 Professional computer has 50 MB of free disk space on drive C and 500 MB free disk space on drive D. Print jobs are failing because the available space on C is inadequate. You want printer to be able to use the space on drive D. What should you do?

A. From the print server properties dialog box, change the location of the spool folder to any existing file path on drive D.
B. From the printer properties dialogue box, use advanced settings to change the location of the spool folder to D:\WinNT\System32\spools\printers.
C. Copy the C:\WinNT\System32\spool\printers folder to the D:\WinNT\system32\spool\printers folder.
D. Mount drive C as a subdirectory on the drive D.

Answer: A

Explanation: The location of the spool folder can be specified on the Advanced tab of the Print Server properties dialog box. To change the spool folder location open the Printers folder, open File menu, select Server Properties, select Advanced tab, enter the path and the name of the new default spool folder for this print server, and then click Close.

Incorrect answers:
B: The Advanced tab of the Printer Properties dialog box does not contain the location of the spool folder. It is thus not possible to change the location of the spool folder in the Advanced tab of the Printer Properties dialog box.
C: Copying the Spool folder to another hard drive will not change the location of the Spool folder as the location of the spool folder is specified on the Print Server. To change the location of the spool folder we would have to specify a new location for the spool folder on the Advanced tab of the Print Server properties dialog box.
D: This is not the correct procedure for mounting a folder. The folder must be mounted to a disk and not a disk to a folder.

15. You are the administrator of your company’s network. Your network has 200 Windows 2000 Professional computers and 15 Windows 2000 Server computers. Users on the network save their work files in home folders on a network server. The NTFS partition that contains the home folders has Encrypting File System (EFS) enabled.

A user named John leaves the company. You move all of the files from John’s home folder to his manager’s folder. When the manager attempts to open any of the files, she receives the following error message; “Access denied.” You want the manager to be able to access the files. What should you do?

A. Grant the manager NTFS Full control permission to the files.
B. Grant the manager NTFS Take Ownership permission to the files.
C. Log on to the network as a Recovery Agent. Decrypt the files for the manager.
D. Log on to the network as a member of the Backup Operators Group. Decrypt the files for the manager.

Answer: C

Explanation: An encrypted file on an EFS partition can only be decrypted by the owner of file or by the Recovery agent.

Incorrect Answers:
A: Granting the manager NTFS Full control permission of the files will not enable the manager to decrypt the files, as an encrypted file can only be decrypted by the owner of file or by the Recovery agent.
B: Granting the manager NTFS Take Ownership permission of the files will not enable the manager to decrypt the files, as an encrypted file can only be decrypted by the owner of file or by the Recovery agent.
D: A member of the Backup Operators Group can only restore encrypted files from backup. They cannot decrypt encrypted files. Only the owner of file or a Recovery agent can decrypt an encrypted file.

16. Your Windows 2000 Professional computer contains a single hard disk configured as a single partition. You want to move a folder named Sales under a folder named CORP on your computer. You want the files in the Sales folder to remain compressed after moving the folder. You want the files in the CORP folder to remain uncompressed. You want to ensure that files are recoverable in case of any disk problems. You also want to move the files with the least amount of administrative effort. What should you do?

A. Copy the Sales folder to the Corp folder. Do nothing further.
B. Backup the Sales folder. Move the Sales folder to the CORP folder.
C. Compress the CORP folder then copy the Sales folder to the CORP folder.
D. Move the Sales folder to a second computer then move the Sales folder to the CORP folder.

Answer: B

Explanation: The contents of the Sales folder should be backed up so that files would be recoverable in case of disk problems. We could the move the Sales folder to the CORP folder, as the files will remain compressed since the folder is moved within a single partition. The general rules on copying and moving compressed files and folder are: files and folders copied within a NTFS volume and between NTFS volumes inherits the compression state of the target folder; files and folders moved between NTFS volumes inherits the compression state of the target folder; and files and folders moved within an NTFS volume retain the original compression state of the file or folder.

Incorrect Answers:
A: A folder copied within a NTFS partition will inherit the compression state of the target folder. This will result in the Sales folder inheriting the uncompressed state of the CORP folder since the target folder is uncompressed. Furthermore, we are also required to ensure that the folder contents are recoverable in the event of a system failure. This solution does not make provision for the recovery of the folder.
C: A folder copied within a NTFS partition will inherit the compression state of the target folder. This will result in the Sales folder losing its compressed state since the target folder is uncompressed. Compressing the CORP folder is also not a viable solution, as the scenario explicitly requires us to retain the uncompressed state of the files in the CORP folder. Furthermore, we are also required to ensure that the folder contents are recoverable in the event of a system failure. This solution does not make provision for the recovery of the folder.
D: Files and folders that are moved between NTFS partitions inherit the compression state of the target folder. Therefore the Sales folder might lose its compression state. Furthermore, moving the Sales folder twice is unnecessary as this will not ensure recoverability of the files in the Sales folder.

17. You are creating a dial-up connection on your Windows 2000 portable computer to connect to your customer’s dial-up server. You are not sure which type of server your customer is using for dial-up connections. You want to ensure that your dial-up connection authentication is secure and that your logon information is not sent in plain text. You view the Advanced Security Settings dialog box as shown in the exhibit.

Exhibit

Which option or options should you disable in the Advanced Security Settings dialog box? (Choose all that apply)

A. Unencrypted password (PAP)
B. Shiva Password Authentication Protocol (SPAP)
C. Challenge Handshake Authentication Protocol (CHAP)
D. Microsoft CHAP (MS-CHAP)
E. Microsoft CHAP Version 2 (MS-CHAP v2)
F. For Microsoft CHAP based protocols.

Answer: A

Explanation: PAP is the least complicated authentication protocol and sends passwords in plain text. Passwords are thus not encrypted passwords. This authentication protocol is used when a more secure means of authentication cannot be negotiated between two computers. We should therefore disable PAP to ensure that login information is not sent in plain text.

Incorrect answers:
B: SPAP does not support data encryption. Instead it uses a reversible encryption authentication mechanism.
C: CHAP was designed to overcome the problem of sending passwords in plain text and encrypts the authentication process by using a challenge-respond method of authentication known as Message Digest 5.
D: MS-CHAP is an improvement of CHAP and uses a similar challenge-response method of authentication.
E: MS-CHAP v2 provides more advanced and improved features than CHAP and MS-CHAP. It uses mutual authentication, stronger data encryption keys and different encryption keys for sending and receiving data.
F: All CHAP protocols use an encryption mechanism in the authentication process.

18. Your company upgrades its network to 100 Mbps. You remove the old network adapter and install a new 10/100 Mbps network adapter into a Windows 2000 Professional computer. You configure the TCP/IP protocol settings to be the same as they were for the previously installed network adapter.

When you restart the computer, however, you cannot access the network. You try to ping your network adapter’s TCP/IP address locally. You receive the following error message, “Request timed out ” Next, you try to ping 127.0.0.1 and receive the same error message. What must you do?

A. Configure a different TCP/IP address.
B. Enable DHCP in the TCP/IP properties.
C. Enable DNS in the TCP/IP properties.
D. Configure the network adapter to run at 100 Mbps only.
E. Replace the network adapter.

Answer: E

Explanation: The 127.0.0.1 IP address is a loop back address that creates a connection with the local computer via the network adapter. As the same error message was received when pinging the loop back address, a faulty network adapter card on the local computer is indicated. We therefore need to replace the network adapter card on the local computer.

Incorrect answers:
A: The TCP/IP protocol settings have been configured to be the same as those held with the original network adapter card. Therefore the problem is not related to the IP address. Furthermore, the 127.0.0.1 IP address is a loop back address that creates a connection with the local computer via the network adapter. As the same error message was received when pinging the loop back address, a faulty network adapter card on the local computer is indicated. We therefore need to replace the network adapter card on the local computer.
B: The TCP/IP protocol settings have been configured to be the same as those held with the original network adapter card. Therefore the problem is not related to the TCP/IP properties specified in the network configuration. Furthermore, the 127.0.0.1 IP address is a loop back address that creates a connection with the local computer via the network adapter. As the same error message was received when pinging the loop back address, a faulty network adapter card on the local computer is indicated. We therefore need to replace the network adapter card on the local computer.
C: The TCP/IP protocol settings have been configured to be the same as those held with the original network adapter card. Therefore the problem is not related to the TCP/IP properties specified in the network configuration. Furthermore, the 127.0.0.1 IP address is a loop back address that creates a connection with the local computer via the network adapter. As the same error message was received when pinging the loop back address, a faulty network adapter card on the local computer is indicated. We therefore need to replace the network adapter card on the local computer.
D: 10/100 network adapters are designed to detect and adjust to the speed of the network. There is thus no need to configure a 10/100 network card to run at 100 Mbps. Furthermore, the 127.0.0.1 IP address is a loop back address that creates a connection with the local computer via the network adapter. As the same error message was received when pinging the loop back address, a faulty network adapter card on the local computer is indicated. We therefore need to replace the network adapter card on the local computer.

19. You install Windows 2000 Professional on your computer. Your computer has a built in 33.6 kbps modem. You install a 56-kbps ISA-based modem. When the installation is complete, you notice that the 56-Kbps modem is not functioning. You use computer management to view the modems for your computer.

Device Manager shows that the 33.6 Kbps modem and the 56Kbps modem are conflicting with each other. You want to configure Windows 2000 Professional to use only the 56Kbps modem. What should you do?

To answer, click the select and place button and then drag the designated actions to the appropriate action box for each modem in the diagram. (Note: Both boxes must be filled. If a box does not require a specified action, use No action required.)

Exhibit

Answer: Drag Disable Using Device Manager to PLACE2, Drag No Action Needed to PLACE1

Explanation: The two modems are having a system resource conflict. The 33.6 Kbps modem will not be used any longer and has been replaced by the 56 Kbps modem. We can therefore disable the 33.6 Kbps modem using the Device Manager setting on the Hardware tab of the System component of the Control Panel. By disabling the built-in 33.6 Kbps modem, it will no longer compete for system resources. The system resources would thus be available for the 56 Kbps modem and it will then work correctly. No action thus needs be taken on the 56 Kbps modem.

Incorrect answers:
Installing the 56 Kbps into another slot will not solve the problem as the 33.6 Kbps modem will still compete for system resources. The 33.6 Kbps modem also cannot be moved to another slot nor can it be removed as it is built-in on the motherboard. We can therefore only disable the 33.6 Kbps modem.

20. You are configuring five computers for Windows NT Workstation 4.0 and Windows 2000 Professional. Each computer has an 8 GB hard disk. You configure the hard disk on each computer to have two 4 GB partitions. Windows NT Workstation is installed on drive C, Windows 2000 Professional on drive D. In Windows 2000 Professional, you configure a disk quota on drive D to prevent users from saving work files on the disk. You restart your computer and load Windows NT Workstation. You notice that users can save files to drive D.

You want to prevent users from saving the files to drive D in either operating system. You also want to ensure that users can access both drives while using either operating system. What should you do?

A. Use Windows 2000 Professional to configure drive D as a dynamic partition.
B. Use Windows 2000 Professional to enable encrypting file system on drive D.
C. Use Windows NT workstation to configure NTFS permissions on drive D to deny the users write permission.
D. Reinstall Windows NT Workstation after configuring disk quotas.

Answer: C

Explanation: We can use NTFS permissions to prevent users from saving files to a specific drive, partition or folder. NTFS permissions can be set on Windows NT computers that use the NTFS file system. Setting the NTFS permissions to deny users write permissions will prevent the users from saving work files on the disk.

Incorrect answers:
A: Windows NT users cannot use dynamic partitions, as dynamic partitions are a storage feature that has been introduced with Window 2000. Thus, configuring drive D as a dynamic partition will prevent the Windows NT Workstation users from using the disk. However, the Windows 2000 Professional users will still be able to make use of the drive and to store files on the drive.
B: The Encrypting File System (EFS) is a file and folder security mechanism used to prevent unauthorized users from accessing encrypted files. This does not prevent users from saving files on the disk. It only prevents them from opening and reading encrypted files.
D: Reinstalling Windows NT will not prevent users in Windows 2000 to save files on disk D. As the installation process does not have an option to prevent users from saving files to specified locations.