You are a network administrator for your company. The network consists of a single Active Directory domain. All domain controllers and member servers run Windows Server 2003, Enterprise Edition. All client computers run Windows XP Professional.
The company has one main office and one branch office. The two offices are connected by a T1 WAN connection. There is a hardware router at each end of the connection. The main office contains 10,000 client computers, and the branch office contains 5,000 client computers.
You need to use DHCP to provide IP addresses to the Windows XP Professional computers in both offices. You need to minimize network configuration traffic on the WAN connection. Your solution needs to prevent any component involved in the DHCP architecture from becoming a single point of failure.
What should you do? ()
A. At the main office, configure two Windows Server 2003 computers as a DHCP server cluster. Configure the branch office router as a DHCP relay agent.
B. At the main office, configure two Windows Server 2003 computers as a DHCP server cluster. At the branch office, configure a Windows Server 2003 computer as a DHCP relay agent.
C. At the main office, configure two Windows Server 2003 computers as a DHCP server cluster. At the branch office, configure two Windows Server 2003 computers as a DHCP server cluster.
D. At the main office, configure two Windows Server 2003 computers as DHCP servers. Configure one DHCP server to handle 80 percent of the IP address scope and the other DHCP server to handle 20 percent. Configure the branch office router as a DHCP relay agent.
您可能感兴趣的试卷
你可能感兴趣的试题
You are a network administrator for your company. The network consists of a single Active Directory forest that contains three domains. The functional level of the forest and of all three domains is Window Server 2003. The company has a main office and 30 branch offices. Each branch office is connected to the main office by a 56-Kbps WAN connection.
You configure the main office and each branch office as a separate Active Directory site. You deploy a Windows Server 2003 domain controller at the main office and at each branch office. Each domain controller is configured as a DNS server.
You can log on to the network from client computers in the branch offices at any time. However, users in the branch offices report that they cannot log on to the network during peak hours.
You need to allow users to log on to the network from branch office computers. You do not want to affect the performance of the branch office domain controllers. You need to minimize Active Directory replication traffic across the WAN connections.
What should you do? ()
A. Use Active Directory Sites and Services to enable universal group membership caching for each branch office site.
B. Use the DNS console to configure the branch office DNS servers to forward requests to a DNS server in the main office.
C. Use Active Directory Sites and Services to configure each branch office domain controller as a global catalog server.
D. Use the DNS console to configure the branch office DNS servers to use an Active Directory-integrated zone.
You are the network administrator for Tailspin Toys. The company has a main office and two branch offices. The network in the main office contains 10 servers and 100 client computers. Each branch office contains 5 servers and 50 client computers. Each branch office is connected to the main office by a direct T1 line.
The network design requires that company IP addresses must be assigned from a single classful private IP address range. The network is assigned a class C private IP address range to allocate IP addresses for servers and client computers. Tailspin Toys acquires a company named Wingtip Toys. The acquisition will increase the number of servers to 20 and the number of client computers to 200 in the main office. The acquisition is expected to increase the number of servers to 20 and the number of client computers to 200 in the branch offices. The acquisition will also add 10 more branch offices. After the acquisition, all branch offices will be the same size. Each branch office will be connected to the main office by a direct T1 line. The new company will follow the Tailspin Toys network design requirements.
You need to plan the IP addressing for the new company. You need to comply with the network design requirement.
What should you do? ()
A. Assign the main office and each branch office a new class A private IP address range.
B. Assign the main office and each branch office a new class B private IP address range.
C. Assign the main office and each branch office a subnet from a new class B private IP address range.
D. Assign the main office and each branch office a subnet from the current class C private IP address range.
You are a network administrator for your company. You need to test a new application.
The application requires two processors and 2 GB of RAM. The application also requires shared folders on the application server and requires the installation of software on the client computers.
You create the test plan. You assemble a server in the test lab. You install Windows Server 2003, Web Edition on theserver. You install the application on the server. You install the client software components for the application on 20 client computers in the test lab.
You test the application. You discover that only some of the client computers can run the application. You turn off the client computers that ran the application successfully, and you test again. The client computers that failed in the first test now run the application successfully.
You need to identify the cause of the failure and update your test plan.
What should you do? ()
A. Increase the Maximum number of worker processes to 20 for the default application pool.
B. Use Add or Remove Programs to add the Application Server Windows component.
C. Change the Application pool identity to Local Service for the default application pool.
D. Change the test server operating system to Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition.
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers.
According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.
You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.
What should you do? ()
A. On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.
B. Replace all Windows 98 computers with new Windows XP Professional computers.
C. Install the Active Directory Client Extensions software on the Windows 98 computers.
D. Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
You are the network administrator for your company. The network consists of a single Active Directory domain. The company has an internal network and a perimeter network. The internal network is protected by a firewall. Application servers on the perimeter network are accessible from the Internet.
You are deploying 10 Windows Server 2003 computers in application server roles. The servers will be located in theperimeter network and will not be members of the domain. The servers will host only publicly available Web pages. The network design requires that custom security settings must be applied to the application servers. These custom security settings must be automatically refreshed every day to ensure compliance with the design.
You create a custom security template named Baseline1.inf for the application servers. You need to comply with the design requirements.
What should you do? ()
A. Import Baseline1.inf into the Default Domain Policy Group Policy object (GPO).
B. Create a task on each application server that runs Security and Configuration Analysis with Baseline1.inf every day.
C. Create a task on each application server that runs the secedit command with Baseline1.inf every day.
D. Create a startup script in the Default Domain Policy Group Policy object (GPO) that runs the secedit command with Baseline1.inf.
You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003.
The network contains servers that have Terminal Server enabled. The terminal servers host legacy applications that currently require users to be members of the Power Users group.
A new requirement in the company’s written security policy states that the Power Users group must be empty on all resource servers.
You need to maintain the ability to run the legacy applications on the terminal servers when the new security requirement is implemented.
What should you do? ()
A. Add the Domain Users global group to the Remote Desktop Users built-in group in the domain.
B. Add the Domain Users global group to the Remote Desktop Users local group on each terminal server.
C. Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Import the security template into the Default Domain Controllers Policy Group Policy object (GPO).
D. Modify the Compatws.inf security template settings to allow members of the local Users group to run the applications. Apply the modified template to each terminal server.
You are a network administrator for your company. All domain controllers run Windows Server 2003. The network contains 50 Windows 98 client computers, 300 Windows 2000 Professional computers, and 150 Windows XP Professional computers.
According to the network design specification, the Kerberos version 5 authentication protocol must be used for all client computers on the internal network.
You need to ensure that Kerberos version 5 authentication is used for all client computers on the internal network.
What should you do? ()
A. On each domain controller, disable Server Message Block (SMB) signing and encryption of the secure channel traffic.
B. Replace all Windows 98 computers with new Windows XP Professional computers.
C. Install the Active Directory Client Extensions software on the Windows 98 computers.
D. Upgrade all Windows 98 computers to Windows NT Workstation 4.0.
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003.
The application servers are configured with custom security settings that are specific to their roles as application servers. Application servers are required to audit account logon events, object access events, and system events. Application servers are required to have passwords that meet complexity requirements, to enforce password history, and to enforce password aging. Application servers must also be protected against man-in-the-middle attacks during authentication. You need to deploy and refresh the custom security settings on a routine basis. You also need to be able to verify the custom security settings during audits.
What should you do? ()
A. Create a custom security template and apply it by using Group Policy.
B. Create a custom IPSec policy and assign it by using Group Policy.
C. Create and apply a custom Administrative Template.
D. Create a custom application server image and deploy it by using RIS.
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 50 application servers that run Windows Server 2003.
The security configuration of the application servers is not uniform. The application servers were deployed by local administrators who configured the settings for each of the application servers differently based on their knowledge and skills. The application servers are configured with different authentication methods, audit settings, and account policy settings.
The security team recently completed a new network security design. The design includes a baseline configuration for security settings on all servers. The baseline security settings use the Hisecws.inf predefined security template. The design also requires modified settings for servers in an application role. These settings include system service startup requirements, renaming the administrator account, and more stringent account lockout policies. The security team created a security template named Application.inf that contains the modified settings.
You need to plan the deployment of the new security design. You need to ensure that all security settings for the application servers are standardized, and that after the deployment, the security settings on all application servers meet the design requirements.
What should you do? ()
A. Apply the Setup security.inf template first, the Hisecws.inf template next, and then the Application.inf template.
B. Apply the Application.inf template and then the Hisecws.inf template.
C. Apply the Application.inf template first, the Setup security.inf template next, and then the Hisecws.inf template.
D. Apply the Setup security.inf template and then the Application.inf template.
You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional.
The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to query Active Directory for employee information.
The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and lockout settings. You want to minimize interference with the proper functioning of the legacy applications.
You decide to use the predefined security templates. You need to choose the appropriate predefined security template to apply to the domain controllers.
What should you do?()
A. Apply the Setup security.inf template to the domain controllers.
B. Apply the DC security.inf template to the domain controllers.
C. Apply the Securedc.inf template to the domain controllers.
D. Apply the Rootsec.inf template to the domain controllers.
最新试题
You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain. Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA. You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? ()
You are a network administrator for your company. You install Windows Server 2003 on two servers named Server1 and Server2. You configure Server1 and Server2 as a two-node cluster. You configure a custom application on the cluster by using the Generic Application resource, and you put all resources in the Application group. You test the cluster and verify that it fails over properly and that you can move the Applications group from one node to the other and back again. The application and the cluster run successfully for several weeks. Users then report that they cannot access the application. You investigate and discover that Server1 and Server2 are running but the Application group is in a failed state. You restart the Cluster service and attempt to bring the Application group online on Server1. The Application group fails. You discover that Server1 fails, restarts automatically, and fails again soon after restarting. Server1 continues to fail and restart until the Application group reports that it is in a failed state and stops attempting to bring itself back online. You need to configure the Application group to remain on Server2 while you research the problem on Server1. What should you do? ()
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. You administer a four-node Network Load Balancing cluster. All nodes run Windows Server 2003. The cluster has converged successfully. You use Network Load Balancing Manager on the default host to configure all nodes of the cluster. The nodes have a single network adapter and are connected to the same switching hub device. Administrators of non-cluster servers that are connected to the same switching hub device report that their servers receive traffic that is destined for the cluster nodes. Receiving this additional network traffic impairs the network performance of the non-cluster servers. You need to ensure that traffic destined for only the cluster nodes is not sent to all ports of the switching hub device. You do not want to move the cluster to another switching hub device. What should you do? ()
You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years. The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template. However, the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files.What should you do? ()
You are a network administrator for your company. The network contains four Windows Server 2003 computers configured as a four-node server cluster. Each cluster node is the preferred owner of a clustered instance of Microsoft SQL Server 2000, and each cluster node is configured as a possible owner of all other instances of SQL Server. All nodes have identically configured hardware. All four nodes operate at a sustained 70 percent CPU average. You add a server that has identically configured hardware to the cluster as a fifth node. You want each SQL Server instance to continue operating at the same level of performance in the event of a single node failure. What should you do? ()
You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service. During testing, you notice the following intermittent problems: Name resolution queries sometimes take longer than one minute to resolve. Some valid name resolution queries receive the following error message in the Nslookup command-line tool: "Non-existent domain." You suspect that there is a problem with name resolution. You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem. What should you do? ()
You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The domain name is alpineskihouse.com. The network contains three Windows Server 2003 domain controllers. You are creating the recovery plan for the company. According to the existing backup plan, domain controllers are backed up by using normal backups each night. The normal backups of the domain controllers include the system state of each domain controller. Your recovery plan must incorporate the following organizational requirements: • Active Directory objects that are accidentally or maliciously deleted must be recoverable.• Active Directory must be restored to its most recent state as quickly as possible.• Active Directory database replication must be minimized. You need to create a plan to restore a deleted organizational unit (OU). Which two actions should you include in your plan?()
You are a network adminstrator for your company. You install an intranet application on three Windows Server 2003 computers. You configure the servers as a Network Load Balancing cluster. You configure each server with two network adapters. One network adapter provides client computers access to the servers. The second network adapter is for cluster communications. Cluster communications is on a separate network segment. The network team wants to reduce the cluster’s vulnerability to attack. These servers need to be highly available. The network team decides that the Network Load Balancing cluster needs to filter IP ports. The team wants the cluster to allow only the ports that are required for the intranet application. You need to implement filtering so that only the intranet application ports are available on the cluster. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? ()
You are a network administrator for your company. The design team provides you with the following list of requirements for server disaster recovery: No more than two sets of tapes can be used to restore to the previous day. A full backup of each server must be stored off-site. A full backup of each server that is no more than one week old must be available on-site. Backups must never run during business hours. Tapes may be recalled from off-site storage only if the on-site tapes are corrupted or damaged.A full backup of all servers requires approximately 24 hours. Backing up all files that change during one week requires approximately 4 hours. Business hours for the company are Monday through Friday, from 6:00 A.M. to 10:00 P.M. You need to provide a backup rotation plan that meets the design team’s requirements. Which two actions should you include in your plan?()
You are a network administrator for your company. The company has a main office and two branch offices. The branch offices are connected to the main office by T1 lines. The network consists of three Active Directory sites, one for each office. All client computers run either Windows 2000 Professional or Windows XP Professional. Each office has a small data center that contains domain controllers, WINS, DNS, and DHCP servers, all running Windows Server 2003. Users in all offices connect to a file server in the main office to retrieve critical files. The network team reports that the WAN connections are severely congested during peak business hours. Users report poor file server performance during peak business hours. The design team is concerned that the file server is a single point of failure. The design team requests a plan to alleviate the WAN congestion during business hours and to provide high availability for the file server. You need to provide a solution that improves file server performance during peak hours and that provides high availability for file services. You need to minimize bandwidth utilization. What should you do? ()