70-215 Installing, Configuring, and Administering Microsoft Windows 2000 Server

11. You are the network administrator at Island Hopper News. The domain and network configuration is a single-site Windows 2000 domain that is configured as shown in the exhibit. You must provide Terminal Services to the Pentium MMX client computers. You also need to able to manage user licenses and enable users to access term1.islandhoppernews.com First, you install terminal services in application server mode on term1.islandhoppernews.com. What should you do next?

Exhibit

A. Install terminal services licensing on term1.islandhoppernews.com. Select the Enterprise License server option.
B. Install terminal services licensing on term1.islandhoppernews.com. Select the Domain license server option.
C. Install terminal services licensing on file1.islandhoppernews.com. Select the Enterprise license server option.
D. Install terminal services licensing on file1.islandhoppernews.com. Select the Domain license server option.
E. Install terminal services licensing on uu2.islandhoppernews.com. Select the Enterprise license server option.
F. Install terminal services licensing on uu2.islandhoppernews.com. Select the Domain license server option.

Answer: A

Explanation: We need to configure Enterprise licensing since there are several domains in the network. When configuring licensing in Terminal Services Licensing Setup, we should click your entire enterprise, and then provide the database location in networks that includes several domains. An enterprise license server can serve Terminal servers on any domain, but the domain must be a Windows 2000 domain. If we want to maintain a separate license server for each domain, or if the network includes workgroups or Windows NT 4.0 domains, click your domain or workgroup, and then provide the database location.

12. You are a network administrator for Fabrikam Inc. Fabrikam Inc has three offices. The network consists of one native mode Windows 2000 domain. All servers are Windows 2000 Professional computers. The network is connected by a Frame Relay connection. You install a third-party network management suite of applications on a server named Mon1. You need to ensure that this new software will be able to interact with and manage the existing devices on your network. What should you do?

A. Install SNMP on Mon1.
B. Install SNMP on all computers except Mon1.
C. Configure the SNMP service option in the TCP/IP installation properties on Mon1.
D. Configure the SNMP server option in the TCP/IP installation properties on all computers except Mon1.

Answer: A

Explanation: To ensure that this new software will be able to interact with and manage the existing devices on your network we must install SNMP on the server.

Incorrect answers:
B: We need to install SNMP on one computer; this would preferably be on the server.
C: SNMP service is not a part of any TCP/IP configuration.
D: SNMP service is not a part of any TCP/IP configuration.

13. You are the administrator of a Windows NT 4.0 Terminal server edition computer. The server has one hard disk, which is divided into two partitions. The first partition contains the Windows NT 4.0 system files and is formatted as FAT. The second partition contains application data and user data. This second partition is formatted as NTFS. The server currently has Service Pack 3 installed.

You need to upgrade the server to Windows 2000 Server. You want to ensure that no application data or user data is lost during the upgrade. You also want to perform the minimum number of steps necessary to complete the upgrade.

What should you do? (Choose all that apply)

A. Convert the system partition to NTFS.
B. Install service pack4 or later on the server.
C. Use a Windows 2000 Server CD to start the server. In setup, select the option to upgrade.
D. Replace the Terminal Server installation with a standard Windows NT server 4.0 installation.

Answer: A, B, C

Explanation: To ensure that no application data or user data is lost during the upgrade the following three steps will be taken:
1. Install service pack4.
2. Start the installation process select to upgrade.
3. Select to upgrade the file system to NTFS (this step could be chosen earlier).

Incorrect answers:
D: It is not necessary to install a standard NT Server 4.0 server.

14. You are the network administrator at Contoso Ltd. You work at the main office in Seattle. The branch office in Denver is a call center. The network consists of a Windows 2000-only domain. The network is configured as shown in the exhibit.

Denver is a token ring network. Seattle is an ethernet network. None of your network adapters at Contoso Ltd support promiscuous mode. The router does not support multicast traffic. Wks1.contoso.com and mem1.contoso.com are available for use as network monitor clients. You want to be able to detect and identity rogue installations of network monitor on your network by using the fewest possible computers.

What should you do? (Choose all that apply)

Exhibit

A. Install network monitor tools on wks1.contoso.com by using the Windows components wizard.
B. Install the SNMP protocol on wks1.contoso.com by using the Windows components wizard.
C. Install network monitor tools on mem1.contoso.com by using the Windows components wizard.
D. Install the SNMP protocol on mem1.contoso.com by using the Windows components wizard.
E. Install network monitor tools on wks1.contoso.com that supports promiscuous mode.
F. Install network monitor tools on mem1.contoso.com that supports promiscuous mode.

Answer: A, C

Explanation: The network monitor is used to detect rogue network monitor installations. Network monitor can only capture traffic on the local subnet. We need to install network monitor in both subnets.

Incorrect answers:
B: Network monitor, not the SNMP, is required to detect rogue installations of the network monitor.
D: Network monitor, not the SNMP, is required to detect rogue installations of the network monitor.
E: Promiscuous mode should be avoided. It would be very demanding since all packages would be checked.
F: Promiscuous mode should be avoided. It would be very demanding since all packages would be checked.

15. Your Windows 2000 domain contains a Windows 2000 member server named server1. Server1 has routing and remote access for Windows 2000 enabled. Server1 is also configured to use a modem bank to accept incoming dial-up attempts. You need to configure server1 so that users can connect to it from their home computers. You want to restrict access to the network to only users who can access the network at speeds faster than 64 Kbps. You also must ensure that the users connect by using mutual authentication. Which three actions should you take? (Choose Three)

A. Configure the authentication provider to be RADIUS server.
B. Configure the authentication provider to be Windows Authentication.
C. Specify IDSL as the dial-in media.
D. Specify Async as the dial-in media.
E. Configure support for EAP.
F. Configure support for MS-CHAP
G. Configure support for MS-CHAP version 2.

Answer: B, C, G

Explanation: An internet transfer speed of at least 64kbps implies an IDSL line while Async refers to a modem with a maximum speed of 56 Kbps. Windows Authentication Provider is chosen instead of the only other possibility RADIUS Authentication since there is no mention of a RADIUS server. Mutual authentication, in the context of RAS, is possible through either MS CHAP v2 or PPP with EAPTLS. Here there is only EAP, which is not sufficient.

Incorrect answers:
A: There is no RADIUS server in the network.
D: Minimum speed is 64Kbps. Analog modem (Async) cannot be used.
E: EAP requires TLS to support mutual authentication.
F: MS-CHAP does not support mutual authentication.

16. You enable disk quotas on volume D on the server. You configure a disk quota 10 GB for each user. You select the deny disk space to users exceeding quota limit check box. A user named Bruno reports that he cannot save a Microsoft Windows 2000 document to a shared folder used by his department. You need to ensure that users can always save more than 10 GB to their home directories. What should you do?

A. Clear the deny disk space to users exceeding quota limit check box in the quota configuration for volume D
B. Log on to the server as administrator, and take ownership of all files in the group-shared folders
C. Create a new volume on the server. Move the group-shared folders to the new volume
D. Increase the quota limit on volume D to permit extra space for shared files

Answer: A

Explanation: Instead of denying users disk space when they reach the disk quota limit they should be given a warning. This can be accomplished by clearing the deny disk space to users exceeding quota limit check box.

Incorrect answers:
B: Taking ownership of user’s files would temporarily solve the problem, but the users could have problems accessing these files since they no longer are the owner.
C: Creating a new volume would not enable the users to save more than 10 GB in their home directories.
D: Increasing the quota would only postpone the problem as the disk would eventually become full.

17. You are the network administrator of the Windows 2000 network at Island Hopper News. Your company does not have a Web presence. Your network consists of a Windows 2000 domain controller, a file server, and a member server named Server 1. Server 1 is connected to a modem bank. Many users want to log on to the network for home. These users have Windows 95, Windows 98 and Windows 2000 are professional computers.

You enable routing and remote access for Windows 2000 on server 1. You configure the server 1 properties as shown in the exhibit.

Users configure dial-up networking on their client computers to connect to server 1. Some users report that they are unable to connect to server 1. What should you do?

Exhibit A
Exhibit B

A. Change the authentication provider to RADIUS Authentication.
B. Disable EAP.
C. Disable MS-CHAP version2.
D. Enable SPAP.
E. Enable MS-CHAP.

Answer: E

Explanation: Windows 95 and a clean installation, with no windows updates, of Windows 98 does not support MS-CHAP V2. Both operating systems support MS-CHAP though.

Incorrect answers:
A: There are no Radius servers in this scenario.
B: Disabling an authentication protocol would not enable remote access for any clients.
C: Disabling an authentication protocol would not enable remote access for any clients.
D: SPAP is propriety protocol. It would enable remote access for the Windows clients.

18. Your company network includes Windows 98, Windows 2000 Professional, and Macintosh client computers. All of the client computers currently use TCP/IP as their only network protocol. You create several shared folders on a Windows 2000 Server computer. You plan to store the company's financial data in these shared folders. During testing, you discover that the Macintosh client computers cannot access the shared folders.

You want the shared folders to be accessible from all of the client computers on the network. What should you do first?

A. Install the SAP protocol on the Windows 2000 Server computer.
B. Install the Apple Talk network protocol on the Macintosh computers and on the Windows 2000 Server computer
C. Install Apple Talk network integration on the Windows 2000 Server computer
D. Install RIP on the Windows 2000 Server computer

Answer: B

Explanation: Macintosh clients require Apple Talk, or other third party solutions, to be integrated in a Windows network. AppleTalk must be configured both on the client side and on a Windows 2000 Server.

Incorrect answers:
A: Macintosh clients require Apple Talk, not SAP, to be integrated in a Windows network.
C: AppleTalk must be configured on both the clients and on the Windows 2000 Server.
D: RIP is a routing protocol and would not help Macintosh computers to gain network access.

19. You are the administrator of a Windows 2000 Server computer. You add a new hard disk to the computer and configure it as a basic disk. You create a single NTFS partition that uses all of the space on the disk. You assign the drive letter G to the new partition You share drive G as DataFiles and assign the default share permissions to the drive. You want to create several folders in the root of drive G. You plan to use these folders to store network users’ files. You want to prevent users from creating additional folders in the root of drive G. You also want to allow users to create subfolders under the folders that you have already created. You want to configure the NTFS security permissions for the drive G folders in the minimum amount of time. What should you do?

A. Create your folders in the root of drive G. Configure the permissions on these folders to block permission inheritance.
B. Create your folders in the root of drive G. Modify the permissions on the folders to allow users to create subfolders. Configure the permissions on these folders to block permission inheritance.
C. Create your folders in the root of drive G. Configure the permissions on these folders to block permission inheritance. Modify the permissions on the root of drive G to prevent users from creating folders on the root.
D. Modify the permissions on the root of drive G to prevent users from creating folders on the root. Create your folders in the root of drive G. Configure the permissions on these folders to block permission inheritance.

Answer: C

Explanation: When sharing a drive the NTFS permissions allow full access to everyone. We need to restrict the right to create subfolders on the drive, and then we have to block this on the subfolders.

Incorrect answers:
A: We do not want to allow the creation of folders under the root folder therefore this must be explicitly denied.
B: We do not want to allow the creation of folders under the root folder therefore this must be explicitly denied.
D: We must block the inheritance of the subfolders before we prevent users from creating folders on the root.

20. A Windows 2000 Server computer at your company is connected to two print devices. Company executives use one print device, which is shared as Executive. The office staff use the other print device, which is shared as Office. Occasionally, a company executive directs a member of the office staff to print a report to the Executive printer. However, the executives report that some members of the office staff are printing to the Executive printer without authorization. You need to find out which users are printing to the Executives printer without authorization. What should you do?

A. Monitor the printer’s spool directory for files printed by unauthorized users.
B. Use system monitor to monitor the print jobs being set to the executive printer.
C. Enable audit logging for object access. Configure auditing on the executive printer.
D. Use the event viewer to review the security log for messages from the printer subsystem.

Answer: C

Explanation: To audit access and use of printers auditing for object access must be enabled. We must then specify which printer should be configured for auditing.

Incorrect answers:
A: The printer’s spool directory holds print jobs. It cannot be used for auditing printer access.
B: System monitor is used to monitor system performance. It cannot be used for auditing printer access.
D: Printer access or use is not logged in the security log.