70-291 Q & A / Study Guide / Testing Engine

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

---

QUESTION 1
You work as It Admin at Certkingdom.com. The Certkingdom.com network consists of a domain named Certkingdom.com.
The servers at the Certkingdom.com network run Windows Server 2003. The Certkingdom.com network has a file
server named Certkingdom-SR18. Certkingdom-SR18 hosts shared folders.
During your routine monitoring, you notice that Certkingdom-SR18 has a connectivity issue. To investigate
further you run Network Monitor, but notices that during capturing, network packets were dropped.
What actions must you take to minimize the dropping of packets while monitoring Certkingdom-SR18?

A. You should configure a persistent demand-dial connection.
B. You should configure a two-way initiated demand-dial connection.
C. You should use dedicated capture mode when utilizing the Network Monitor.
D. You should select the Do not overwrite events option in the Event Viewer.

Answer: C

Explanation: The CPU of Certkingdom-SR18 runs on 80%, which indicates that there are not enough
resources to the network Monitor. Running Network Monitor in dedicated capture mode frees
resources on the computer for capturing dat
A. This results in fewer frames being dropped. The
capture statistics are not displayed or refreshed because the frames are copied to the capture
buffer.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, Implementing,
Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training
System, Syngress Publishing Inc., Rockland, 2003, p. 841

---

QUESTION 2
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a single
Active Directory domain named Certkingdom.com. The servers at the Certkingdom.com network run Windows
Server 2003 and the workstations, Windows XP Professional.
The Certkingdom.com network has a DNS server named Certkingdom-SR03 that does name resolution for host on
the Internet. Certkingdom.com users complain that they do not get the correct site when trying to access
Web site known to them.
What actions must you take to stop this from happening without disrupting production?

A. You should restart the DNS Server service.
B. You should select the Secure cache against pollution setting.
C. You should run the ipconfig/flushdns on Certkingdom-SR03.
D. You should run the ipconfig/registerdns on Certkingdom-SR03.

Answer: B

Explanation: When the Secure cache against pollution setting is disabled, all records received in
response to DNS queries are cached. This is true even when the records do not match to a
queried domain name. Enabling the Secure cache against pollution setting disables the ability to
pollute the DNS cache with incorrect information, and spoof DNS queries. With Windows Server
2003 the default setting is that caches are secured against pollution. This will then prevent users
that browse the Internet from being directed to the wrong websites.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, MCSA/MCSE:
Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, Syngress Publishing Inc., Rockland, 2003, pp. 496-
497
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, Part 1, Chapter 3, pp. 285, 291

---

QUESTION 3
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the workstations,
Windows XP Professional.
The Certkingdom.com network has a server named Certkingdom-SR10 that runs Windows Server Update
Services (WSUS). During synchronization you notice that you cannot connect to the Windows
Update servers, however, you can access to other Web site not residing in the intranet.
What actions must you take to connect to the Windows Update servers?

A. You must run the ipconfig/registerdns.
B. You must configure the forwarders on Certkingdom-SR10.
C. You must set the authentication to the proxy server in the WSUS settings.
D. You must run the gpupdate /force command on Certkingdom-SR10.

Answer: C

Explanation: In the Software Update Services administration console, there is an option to
configure your internet connection settings. These settings include proxy server settings. If you
have a proxy server between the SUS server and the internet, you need to configure the proxy
server settings in the SUS options.

---

QUESTION 4
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003. Certkingdom.com has a
subsidiary named Test Labs, Inc. that has a domain named testlabs.com.
The Certkingdom.com network has a DNS server named Certkingdom-SR05. Certkingdom-SR05 acts as a secondary
zone for testlabs.com
What actions must you take to track when the DNS server at Test Labs, Inc. sends notifications of
modifications in the zone of testlabs.com to Certkingdom-SR05?

A. You must run the gpresult command in verbose mode.
B. You must select debug logging and set the log to store Notification events on Certkingdom- SR05.
C. You must run the secedit command in analysis mode.
D. You must configure a two-way initiated demand-dial connection.

Answer: B

Explanation: Debug logging is disabled by default and has to be enabled on Certkingdom-SR05. Select
the Log packets for debugging check box to configure Debug Logging. To receive useful debug
logging information, you should select a Packet direction, a Transport protocol, and at least one
more option. You can also specify the file path and name, and the maximum size for the log file.
Enabling Debug Logging slows DNS server performance.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, MCSA/MCSE:
Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, Syngress Publishing Inc., Rockland, 2003, p. 551

---

QUESTION 5
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a domain
named Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003.
The Certkingdom.com network has a Web server named Certkingdom-SR11. During a routine monitoring you
notice an increase in network traffic. Due to this you need to find out the MAC address of the
workstation that initiated the transfers and the command that was used. However, you action must
not effect Certkingdom-SR11.
What actions must you take?

A. You must run the ipconfig/registerdns.
B. You must use the Netmon utility.
C. You must capture the IP traffic to Certkingdom-SR11.
D. You must Enable Server Message Block (SMB) signing on all the workstations.

Answer: C

Explanation: Network Monitor tool allows you to capture dat
A. The tool also allows you to identify
its source from where it came from. The Network Monitor tool also allows you to analyze the
content of the message. Use a Network Monitor capture filter to capture IP traffic from any
computer to Certkingdom-SR11, and apply the capture filter before capturing the data.
Reference:
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, MCSA/MCSE:
Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network
Infrastructure Guide & DVD Training System, Syngress Publishing Inc., Rockland, 2003, pp. 198,
543
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, Part 1, Chapter 3, pp. 140, 144, 145.

---

QUESTION 6
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003.
The Certkingdom.com network has only one DNS server named Certkingdom-SR11 that only hosts the zone for
Certkingdom.com. During the course of the day you have received complaints that the response time of
the connections to other workstations is very poor.
What actions must you take to see if it is the DNS client traffic on Certkingdom-SR11?

A. You must set up a log of the Total queries/sec and the DNS counters Dynamic updates/sec.
B. You must configure a Network Monitor capture filter.
C. You must run the gpresult command.
D. You must set up the Performance Logs and Alerts to note down the Physical-Disk object.

Answer: A

Explanation: The System Monitor utility is used to collect and measure the real-time performance
data for a local or remote computer on the network. Through System Monitor, you can view
current data or data from a log file. When you view current data, you are monitoring real-time
activity. When you view data from a log file, you are importing a log file from a previous session.
Using the System Monitor, you can generate statistics on the following types of information
regarding DNS services:
AXFR requests (all-zone transfer requests), IXFR requests (incremental zone transfer requests),
DNS server memory usage, Dynamic updates, DNS Notify events, Recursive queries, TCP and
UDP statistics, WINS statistics and Zone transfer issues. Thus to find out where DNS client traffic
is responsible for the slow speed at which computers connect within the Certkingdom.com domain, then
you should create a log of the Dynamic Updated/sec and the Total queries/sec given the fact that
Certkingdom-SR05 is the only DNS server in the domain.
Reference:
James Chellis, Paul Robichaux and Matthew Sheltz, MCSA/MCSE: Windows Server 2003
Network Infrastructure Implementation, Management, and Maintenance Study Guide, Sybex Inc.
Alameda, 2003, pp. 70-73, 304

---

QUESTION 7
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the workstations,
Windows XP Professional.
The Certkingdom.com network has a Web server named Certkingdom-SR10 that has the Internet Information
Services (IIS) 6.0 installed. Certkingdom-SR10 hosts a Web site that can be reached from the internal
network and the Internet. The internal traffic at Certkingdom.com needs authentication without a secure
protocol to access the Web site; however Internet traffic needs to authenticate with a secure
protocol.
What actions must you take to ensure that the all accesses to Certkingdom-SR10 use a secure protocol?

A. You need to configure the log to capture Notification events.
B. You need to apply the hisecdc.inf predefined security template.
C. You need to monitor network traffic and IIS logs.
D. You need to apply a custom security template.

Answer: C

Explanation: To make sure that the users are using a secure protocol, you must use the Network
Monitor. The Network Monitor allows you to capture frames directly from the network. As soon as
the frames are captured it will display and filter captured frames. The Network Monitor also allows
you to edit captured frames and transmit them on the network.
Reference:
Diana Huggins, Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291),
Chapter 4
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, 1: 26, 3: 3.

---

QUESTION 8
You work as the network administrator at Certkingdom.com. The Certkingdom.com network has a domain named
Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the workstations,
Windows XP Professional.
The Certkingdom.com network has two servers, named Certkingdom-SR30 and Certkingdom-SR31, which contain file with
sensitive company information. You create a new OU named SenSrv and move Certkingdom-SR30 and
Certkingdom-SR31 to the new OU. You then create a new GPO that and configure it to encrypt all network
connections. You then link the GPO to the SenSrv OU.
How would you check to see if encrypted connections to Certkingdom-SR30 and Certkingdom-SR31 are taking
place?

A. By opening the Resultant Set of Policy console.
B. By running the Microsoft Baseline Security Analyzer (MBSA).
C. By applying the hisecdc.inf predefined security template.
D. By opening the IP Security Monitor console.

Answer: D

Explanation: Administrators can use the IP Security Monitor tool to confirm whether IP Security
(IPSec) communications are successfully secured. The tool can display the number of packets
that have been sent over the Authentication Header (AH) or Encapsulating Security Payload
(ESP) security protocols, and how many security associations and keys have been generated
since the computer was last started. The IP Security Monitor is implemented as a Microsoft
Management Console (MMC) snap-in on the Windows Server 2003 and Windows XP Professional
operating systems. It includes enhancements that allow you to view details about an active IPSec
policy, in addition to Quick Mode and Main Mode statistics, and active IPSec SAs. IP Security
Monitor also enables you to search for specific Main Mode or Quick Mode filters.
Reference:
Diana Huggins, Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291),
Chapter 5
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, p. 15: 20
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd and Laura Hunter, Implementing,
Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training
System, Syngress Publishing Inc., Rockland, 2003, p.795

---

QUESTION 9
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a domain
named Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the
workstations, Windows XP Professional. The Certkingdom.com network has a DNS server named
Certkiller -SR03.
Certkingdom.com changes ISPs. Now you receive complaints that Certkingdom.com users cannot connect to Web
sites on the Internet by using the URL of the Web site.
You configure your workstation with the DNS server address of the new ISP. You can now
connect to Web sites by entering their URL in the browser.
How would you configure Certkingdom-SR03 to allow all users to connect to Internet Web sites without
causing connectivity problems on the internal network?

A. You need run the Oclist.exe command and the Security Configuration and Analysis console on
Certkingdom-SR03.
B. You need to utilize the default root hints of Certkingdom-SR03 and set up a forwarder to the new ISP.
C. You need run the Dcgpofix on Certkingdom-SR03 and set up forwarding to the new ISP.
D. You need to disable recursion and run the Security Configuration and Analysis console on
Certkingdom-SR03.

Answer: B

Explanation: Forwarders are used to inform DNS where to look for name resolution when not in
the local DNS database. With Windows Server 2003 conditional forwarding, recursive query
requests can be subject to different DNS forwarder servers based on the domain name queried.
The root hints file (cache hints file) contains host information needed to resolve names external of
the authoritative DNS domains. It holds names and addresses of root DNS servers which are
normally located on the Internet. In this situation where your network is connected to the Internet,
the root hints file should contain the addresses of the root DNS servers on the Internet. With the
default installation of Windows Server 2003, DNS uses the root hints file. It is not necessary to
configure forwarders to access the Internet. Even though it is recommended to configure
forwarders to point to your external domain, root hints will function quite fine.
Reference:
Diana Huggins, Windows Server 2003 Network Infrastructure Exam Cram 2 (Exam 70-291),
Chapter 3
J. C. Mackin, Ian McLean, MCSA/MCSE Self-Paced Training Kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 network Infrastructure, Microsoft
Press, Redmond, 2003, Part 1, Chapters 4 & 5, pp. 193, pp. 194; and pp. 247.

---

QUESTION 10
You work as the network administrator at Certkingdom.com. The Certkingdom.com network consists of a domain
named Certkingdom.com. The servers at the Certkingdom.com network run Windows Server 2003 and the
workstations, Windows XP Professional.
Certkingdom.com has a Web server named Certkingdom-SR10 which is connected to the Internet. During the
course of the day you have received instructions from the CIO to use System Monitor to determine
how much bandwidth is used on Certkingdom-SR10's Internet connection. You decide to use the Bytes
Total/sec counter with a sample rate of 10 seconds. You also plan to archive the logs once a day.
Due to limited hard drive space, you need to prevent the logs from getting too big.
What actions must you take to?

A. You should disable recursion.
B. You should create a one-way initiated demand-dial connection.
C. You should configure an alert trigger when the Datagrams/sec counter is high.
D. You should keep Certkingdom-SR10 on the existing counter and set the sample rate to 60 seconds.

Answer: D

Explanation: The function of the Network Interface Bytes Total/Sec counter is to measures the
total number of bytes that are sent/ received from the network interface. You use less processor
cycles when you reduce the sampling frequency.
Reference:
Dan Holme and Orin Thomas, MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing
and Maintaining a Microsoft Windows Server 2003 Environment, Microsoft Press, Redmond, 2003,
Chapter 12, p. 479

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Free Microsoft 70-291 Q & A / Study Guide – part III

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

QUESTION 704:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkingdom.com consists of a file server named Certkingdom -SR40 that runs Windows
Server 2003. Certkingdom.com also contains crucial third-party applications, which
must be accessed by all the finance users of the main office and the branch offices.
You have received instruction to create a procedures document for Certkingdom.com
administrators. You need to define the recommended settings for each system
service that can be enables on a Windows Server2003 system. In a case of
emergency the service should be automatically restarted, if it fails more than three
times. You also setup the service to send a message to your computer if the service
failed. In the Property dialog box of a service has a number of Services consoles.
What could the services be?

A. The number of hours after which the fail account should be reset to zero.
B. Whether or not the Recovery attempt should be recorded in the System event log.
C. The number of minutes to wait before the service is restarted.
D. Whether or not the complete memory dump should be saved when the computer is
restarted.

Answer: C

Explaination: The Recovery tab of the Properties dialog box has the option to the
number of minutes to wait before the service is restarted.
Incorrect Answers:
A, B, D: You cannot configure the number of hours after which the fail account should
be reset to zero; or the whether or not the complete memory dump should be saved when
the computer is restarted, or whether or not the Recovery attempt should be recorded in
the System event log.

---

QUESTION 705:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkingdom.com consists of a Marketing department. This department handles all the
financing and sales deeds. A Certkingdom.com user named Mia Hammis a member of
the Marketing department. Mia Hamm works on a client computer named
Certkingdom -SR30. One morning Mia Hamm complains that her hard disk has
failed. During the maintenance you then replace the hard disk and perform an
Automatic System Recovery (ASR) from a backup of her client computer.
Mia Hamm informs you that she still cannot connect to the domain. However, she is
able to connect to the domain from a coworker’s client computer. You receive an
instruction from the CIO to make sure that Mia Hammis able to connect to the
domain with Certkingdom -SR30 in order for her to do her duties.
What should you do?

A. Your first step should be to remove Certkingdom -SR30 from the domain.
Thereafter Certkingdom -SR30 can be rejoined to the domain.
B. To ensure that the user can log on to the domain the user account needs to be added to
the Administrators group on Certkingdom -SR30.
C. You should reset the computer account of Mia Hamm in Active Directory and
Computers to ensure that she will be able to log on to the domain.
D. Your best option would be to add the user account of Mia Hamm to the Power Users
group on Certkingdom -SR30.

Answer: A

Explaination: It is most probably the case that her password has expired. You need
to join the domain with Certkingdom -SR30. Doing this will allow the domain to
authenticate the computer. The password on the domain is regenerated
automatically when the computer rejoins the domain.
Incorrect Answers:
B, D: Mia Hamm does not belong either to the Administrators group or the Power Users
group. You cannot even access the computer with your user account as the administrator.
C: This method will not work properly. You should not reset computer accounts in the
Active Directory and Computers.

---

QUESTION 706:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkingdom.com consists of two departments, named Research and Development. Half
of the client computers are in the Research department and the other half are in the
Development department. The Research department is a priority for Certkingdom.com
The client computers in the Research department run critical third-party
applications.
Certkingdom.com contains a server named Certkingdom -SR12 which hosts shared
folders named TestResDev for the Research department and Development
department. The users in the Research department and Development department
save their projects in Certkingdom -SR12 in TestResDev. The users are also allowed
to change the files or to undo the changes. To safeguard the files you implement
Shadow Copies support. Some of the users in both department complains that they
cannot access pervious version of there files. You need to ensure that the previous
versions are available to the users.
What should you do?

A. On all the client computers, enable Shadow Copies.
B. On all the client computers, install the Previous Versions client software.
C. On Certkingdom -SR12 configure disk quotas for all users.
D. On all the client computers, enable disk quotas.

Answer: B

Explaination: Shadow Copies provides periodic snapshots of shared folders on
specific volumes on hard disks.
Incorrect Answers:
A: You cannot do this, because the server side of this feature is not supported by the
client computers.
C, D: Disk quotas are used to limit the amount of disk space. This this not needed in this
scenario.

---

QUESTION 707:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkingdom.com contains a Finance department. This department handles all the
marketing and sales deeds. It was requested of you to periodically perform
Automatic System Recovery (ASR) backups of all the servers in Certkingdom.com A
Certkingdom.com user named Andy Reid is a member of the Finance department.
Andy Reid works on a client computer named Certkingdom -SR10 which is
configured as a Certification Authority (CA). Certkingdom -SR10 contains two hard
drives, one hard drive named drive C consists of the operating system, and the other
hard drive named D consist of the CA database. The drive D of Certkingdom -SR10
failed and the CA database was lost.
During the maintenance you replaced the hard drive. You now need to replace the
lost data with the minimum of administrative effort. You receive an instruction
from the CIO to make sure that Certkingdom -SR10 continues to operate as a CA.
What should you do on Certkingdom -SR10?

A. To ensure that Certkingdom -SR10 continues to operate you need to boot from the
Windows Server 2003 installation CD.
Thereafter you can restore the ASR restore.
B. Your best option is to restart Certkingdom -SR10 in Directory Services Restore Mode.
Thereafter you can execute a non-authoritative restore of the CA database.
C. Your first step should be to restart Certkingdom -SR10 in Directory Services Restore
Mode.
Then you can execute an authoritative restore of the CA database.
D. Your best option would be to restore System State from the most recent ASR backup.

Answer: D

Explaination: This is a collection of files (System State) that contains the information
that is needed to rebuild an identical copy of the computer.
Incorrect Answers:
A: It is no need to ASR because the drive C which contains the operating system is not
damage.
B, C: You cannot start Certkingdom -SR10 in Directory Services Restore Mode, because it is
not a domain controller.

---

QUESTION 708:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all user
workstations run Windows XP Professional.
Certkingdom.com contains a Research department. The Research department is a
priority for Certkingdom.com The user workstations in the Research department run
critical third-party applications. The Research department is planning to open a
new technical line. The manager will use this line to alter any changes of the
complete product of the Research department. This will lead to frequent changes of
the related documents. The manager also needs the previous versions of the
products if it was changed.
Certkingdom.com contains a server named Certkingdom -SR21. Certkingdom -SR21
consists of three disks which host lots of shared folders. You are planning to host the
documentation of the technical lines share folder on this server. You receive an
instruction from the CIO to ensure that your answer does not entail the
maintenance the earlier versions of any other data only the documentation of the
new technical line.
What should you do?

A. To comply with the requirements of the CIO you need to allow shadow copies on the
user workstations.
B. Periodical backups need to be executed in order to comply with the requirements.
C. Your best option would be to create a share folder on a new volume on
Certkingdom -SR21 as well as enabling shadow copies.
D. The Previous Versions software needs to be deployed on Certkingdom -SR21 in order
to comply with the instruction of the CIO.

Answer: C

Explaination: Shadow Copies provides periodic snapshots of shared folders on
specific volumes on hard disks.
Incorrect Answers:
A: The user workstations run Windows XP Professional, shadow copies is new and
resides in Windows Server 2003.
B: You should perform periodic backups of all documentation. However these backup
would not be available immediately.
D: The Previous Versions software should be deployed on the user workstations not the
server.

---

QUESTION 709:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkingdom.com contains a server named Certkingdom -SR44 which runs Exchange
2003. Certkingdom -SR44 also consists of proprietary financing applications. All the
Certkingdom.com users access their mail from this server. Certkingdom -SR44 is
configured with a 2.6 MHz CPU, 512 MB of RAM and two 74.5 GB hard disks.
Certkingdom -SR44 is connected to a LAN at 100 Mbps with a network adapter.
Certkingdom -SR44 supports 4,000 user mailboxes. Certkingdom -SR44 is continuously
used as users access their mail. A Certkingdom.com manager named Andy Booth
complains that his users struggle to open large e-mail messages, due to the slow
response of the server. You make use of System Monitor to view the results.

You receive an instruction from the CIO to identify the reason for the new response.
Which component should you identify?

A. A possible reason for the slow response time is the Network Adapter
B. The Processor is the possible cause for the slow response time.
C. The component causing the slow response is the Hard disk
D. The slow response time of the server is caused by the Memory.

Answer: D

Explaination: The memory reports an average of only 20 MB available. The value
should remain 5 % of the total system memory.
Incorrect Answers:
A, B: These counters do not indicate a cause of a bottleneck.
C: The hard disks are very busy. It should remain below 50 %. You should first check the
memory before you identify the hard disk as the source of the bottleneck.

---

QUESTION 710:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkingdom.com has its headquarters in Chicago and a branch office in Miami.
Certkingdom.com contains a server named Certkingdom -SR33 which is configured as a
router. A new Certkingdom.com security policy restricts the use of streaming audio to
some of the users. Certkingdom.com consists of a Sales department in the branch office.
The managers in the branch office complain about the slow network response.
During an investigation you find that some users are controlling the available
bandwidth. You need to find out if the users are violating the Certkingdom.com security
policy. You also need to find out which users did receive those packets.
Which utility should you use?

A. You should make use of the Network Monitor utility to identify the users who violates
the security policy.
B. The IP Security Monitor should be used to identify the users who violaste the security
policy.
C. In order for you to determine which users violates the policy you need to make use of
the Replication Monitor utility.
D. You should consider making use of the System Monitor utility to determine which
users are at default.

Answer: A

Explaination: To capture network traffic, the System Monitor is used. You can filter
it so that it can meet the criteria that you are looking for.
Incorrect Answers:
B: The IP Security Monitor is used to monitor IPSec information. You cannot use it to
monitor network traffic.
C: This is used to monitor Active Directory replication.
D: The System Monitor is used to gather information about the CPU, Memory etc.

---

QUESTION 711:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com The
Certkingdom.com network contains ten Windows Server 2003 computers and 1,100
Windows 2000 Professional computers. Three of the Windows Server 2003
computers in configured as domain controllers.
Certkingdom.com has a Finance department in Chicago and a Marketing department in
Dallas. These departments are connected to the Internet. The users in these
departments use the network often to send and download important files and
Internet e-mail. The Certkingdom.com users also access the Internet to get the latest
information on the product. A new Certkingdom.com security policy requires that
network administrators should use their domain user account to log on. Whenever
the administrators need an administrative privilege, they should use the runas
command. The runas command will launch an application that will allow
permission to execute the required task.
One morning an administrator named Rory Allen complains that the name
resolution has failed on the network. During an investigation you try to run Rory
Allen administrative user account, RMAdmin1 and issue the following command:
runas/user:rmadmin1 replmon. When you use this command the following error
message was displayed:
RUNAS ERROR: Unable to run – replmon
1058: The service cannot be started, either because it is disabled or there are no
enabled devices associated with it. You receive an instruction from the CIO to
identify the service that stops the Replication Monitor from starting.
Which of the following services could it be?

A. Due to DNS Client failure you are unable to start Replication Monitor.
B. The Secondary Logon is the likely cause of you being unable to start Replication
Monitor.
C. The DNS Server is the cause of Replication Monitor not starting.
D. Net Logon is a possible cause of the Replication Monitor not starting.

Answer: B

Explaination: The Secondary Logon permits a user to make use of the runas
command.
Incorrect Answers:
A: The DNS Client allows you to locate Active Directory domain controllers. It also
resolves DNS names locally.
C: The DNS Server service is responsible name resolution queries from DNS clients.
D: This service is responsible for authentication remote users and services.

---

QUESTION 712:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com
Certkingdom.com consists of a few servers that run Windows Server 2003 and Windows
2000 Server. Some the client computers run Windows 2000 Professional, and the
others run Windows XP Professional.
Certkingdom.com contains 15 Domain controllers, 25 Windows Server 2003 servers, 15
Windows 2000 Server computers, 150 Windows XP Professional client computers
and 300 Windows 2000 Professional client computers. The Certkingdom.com domain
also contains 600 user accounts and 15 administrative accounts. The user and
computer accounts reside in an OU which is linked to a GPO as shown in the
following table:

Certkingdom.com’s user accounts resides in an OU named Certkingdom OU. This OU needs
an application named TKD_Tools which is in a Windows package named
TKD_Tools.msi. The hard disk space for TKD_Tools is 50MB. A Certkingdom.com policy
states that the TKD_Tools.msi should not be installed on a client computer that runs
Windows XP Professional or a server that runs Windows Server 2003 which has less
than 500 MB of hard disk space. Only users that are non administrative are allow to
install this TKD_Tools application. You have received an instruction from the CIO to
configure the domain to effectively install the application. You need to accomplish
this without the unnecessary installation of this application.
What should you do?

A. Your first step should be to add TKD_Tools.msi to the Computer
Configuration\Software Settings node of the MemberServers GPO.
Thereafter you will be able to create a WMI filter that will restrict the application of the
MemberServers GPO to computers with 500 MB and more hard disk space.
B. You can accomplish this by adding TKD_Tools.msi to the Computer
Configuration\Software Settings node of the WinClients GPO.
The subsequent step would be to create a WMI filter that will restrict the application of
the WinClients GPO to computers with 500 MB and more hard disk space.
C. This can bew accomplished by adding TKD_Tools.msi to the Computer
Configuration\Software Settings node of the AdminPolicy GPO.
Thereafter you can create a WMI filter that restricts the application of the
DomainControllers GPO to computers with 500 MB and more hard disk space.
D. Your best option would be to add TKD_Tools.msi to the Computer
Configuration\Software Settings node of the UserPolicy GPO.
Thereafter you can create a WMI filter that restricts the application of the UserPolicy
GPO to computers with 500 MB and more hard disk space.

Answer: D

Explaination: This is the more likely answer, because only the non-administrative
users can have this application installed. That’s way you should add the
TKD_Tools.msi to the UserPolicy GPO.
Incorrect Answers:
A: The MemberServers GPO will only apply to the Windows Server 2003 and Windows
2000 Server computers.
B: The WinClients GPO will only apply to the Windows 2000 Professional and the
Windows XP Professional client computers.
C: The AdminPolicy is users who are administrators. The scenario does not want the
administrator to have this application.

---

QUESTION 713:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
A Certkingdom.com client named Rory Allen installs a high-speed color printer named
Certkingdom -PR01 on a print server named Certkingdom -SR24 by using a built-in
Windows XP Professional driver. Rory Allen works in the Graphics department. He
shares the printer so that the other users can print to the new printer.
During the day the users of the Graphics department complain that they cannot
print from Certkingdom -PR01. You then make sure that Certkingdom -SR24 is
working properly and the printer is switched on. During the investigation you access
the shared folders on Certkingdom -SR24. However, it seems that Certkingdom -PR01
is unable to connect. You have to make sure that the users in the graphics
department can access Certkingdom -PR01 for there printing jobs.
What should you do?

A. Your best choice would be to configure Certkingdom -PR01 to be available.
B. You should consider restarting the Print Spooler on Certkingdom -SR24 to ensure that
the users can print.
C. To ensure that the users can print to Certkingdom -PR01 you have to update the driver.
D. This can be accomplished by uincreasing the priority of Certkingdom -PR01.

Answer: B

Explaination: The function of the Print Spooler is to manage the print queues on a
server. In this case it seems that the Print Spooler has stalled. That’s way you have
to restart the Print Spooler service.
Incorrect Answers:
A: Even if this were available, you cannot access it because you cannot connect to the
Print Spooler.
C: There is no need to update the driver, because the printer was working before.
D: To increase the priority of Certkingdom -PR01, you need to access the Property sheet.
At the moment it seems impossible, because the Print Spooler is not working.

---

QUESTION 714:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows 2000 Server and all client
computers run Windows XP Professional.
Certkingdom.com contains two departments, named Research and Marketing. Half of
the client computers are in the Research department and the other half are in the
Marketing department. The client computers in the Research department run
critical third-party applications.
Andy Reid is the manager of the Research department. He complains about the
poor performance of certain critical third-party applications on his client computer
named Certkingdom -WS211. You have been instructed to collect the performance
information that can be used to determine and analyze the technical problems on
the network.
Which tool can you use?

A. You should make use of Network Monitor in order to determine and analyze the
technical errors.
B. The technical errors can be determined and analysed by making use of System
Monitor.
C. You will be able to make use of Task Manager to collect the performance information.
D. You should consider making use of a counter log to determine and analyse the
technical errors.

Answer: D

Explaination: You should create a performance baseline and monitor the values of
the counters. The performance data should be recorded in a counter log.
Incorrect Answers:
A: This tool is used to parse network traffic.
B: The System Monitor can work, however it only presents current performance ion real time.
C: This is used to view information about the processors that are running on the system.

---

QUESTION 715:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows 2000 Server and all client
computers run Windows XP Professional.
Certkingdom.com contains two departments, named Research and Marketing. Half of
the client computers are in the Research department and the other half are in the
Marketing department. Due to the success of the two departments, Certkingdom.com
has decided to implement an e-commerce Web site, which will be used as a public
Web site for customers and a private Web site for the users.
Certkingdom.com then opens a new office for this new Web site. This office contains a
Windows Server 2003 server named Certkingdom -SR42. You intend to run a
third-party Web management application. You receive an instruction to make sure
that the suitable services are allowed on this server.
What should you do? (Select two)

A. You should consider enabling the World Wide Web Publishing Service.
B. Your best option would be to allow the DNS Server service.
C. To support the Web site you need enable the IIS Admin Service.
D. To make sure that the suitable services are allowed you need to permit the HTTP SSL
service.

Answer: A, D

Explaination: The HTTP SSL will provide the private part of the Web site and the
World Wide Web Publishing Service will provide for the public portion.
Incorrect Answers:
B: This option will offer name resolution. This will not ensure that the Web site is
available.
C: This is only needed if you use an IIS to manage the Web site. However you have a
third-party Web management application.

---

QUESTION 716:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com
Certkingdom.com contains 15 Windows Server 2003, 5 domain controllers and 2000
client computers which runs Windows XP Professional.
Certkingdom.com contains a Marketing department and a Finance department. A
Certkingdom.com server runs mission critical in-house applications which is used by the
users. The client computers and the domain controllers’ clock are incorrect. You
need the time to be correct other wise the Kerberos fails and you will find Kerberos
errors in the event log. You reset the clock of the client computer, but after a while
you find that the clock is again wrong. You receive an instruction from management
to make sure that the clock of the client computers displays the correct time.
What should you do?

A. To ensure that the clock displays the correct time you need to adjust the clock on the
infrastructure master.
B. To ensure that the correct time is displayed you need to select Automatically
synchronize with Internet time server on the Internet Time tab.
C. You can ensure the correct time by installing an exact time resource tool on the
network.
D. Your best option should be to adjust the clock on the PDC emulator.

Answer: D

Explaination: You should adjust the PDC emulator, because all the computers will
synchronize there clock.
Incorrect Answers:
A, B, C: In this scenario you should adjust the clock with the PDC emulator, for
authentication in an Active Directory environment.

---

QUESTION 717:

You work as the network administrator at Certkingdom.com The Certkingdom.com
network consists of a single Active Directory domain named Certkingdom.com All
servers on the Certkingdom.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkingdom.com contains two departments named Research and Development. Half of
the client computers are in the Research department and the other half are in the
Development department. The client computers in the Research department run
critical third-party applications.
Certkingdom.com contains a file server named Certkingdom -SR14. Shadow copies area
enabled on the volume named BillVol. During routine monitoring you discover
that BillVol has almost reached its capacity. You take action and add another disk
to the server and create a volume named TestVol. You now need to configure
shadow copies for BillVol to use the space in TestVol.
What should you do?

A. Your best choice would be to specify TestVol as the additional location on the
BillVol properties.
B. This can be accomplished by moving the shadow copies from BillVol to TestVol on
the Certkingdom -SR14.
C. You should consider sharing TestVol.
Thereafter you will be allowed to enable shadow copies on TestVol.
D. You should consider deleting the shadow copies of BillVol and specifying TestVol
as the location of shadow copies.

Answer: D

Explaination: This is the correct answer. You are unable to change the location of
the shadow copies unless you delete Vol1 of the exiting shadow copies.
Incorrect Answers:
A: You cannot share the shadow copies between BillVol and TestVol. You also cannot
move or copy files on BillVol.
B: You have to delete the shadow copies on BillVol. You cannot move the shadow
copies from BillVol to TestVol.
C: This will result in previous copies on BillVol to be periodically created. The exiting
copies on BillVol would not be affected.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Free 70-669 Exam Q & A / Study Guide

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

---

QUESTION 1
You work as a desktop technician at Certkingdom.com. The Certkingdom.com network consists of an Active
Directory Domain Services domain named Certkingdom.com. All servers on the network run Windows
Server 2008. The client computers run a mix of Windows XP Professional and Windows 7 Enterprise.
The company is planning to roll out Windows 7 Enterprise throughout the network. Users that
require legacy applications will be able to run them in Windows XP Mode virtual machines on their computers.
You are conducting some testing with Windows XP Mode virtual machines (VMs). You have two
Windows XP Mode VMs on your Windows 7 client computer.
You want to configure the networking options for the two VMs so that they have network
connectivity to each other but not to your host computer or the rest of the Certkingdom.com network.
How should you configure the VMs?

A. You should navigate to the Networking node in the VM Settings and configure the network
adapter to use the Internal Network option.
B. You should navigate to the Networking node in the VM Settings and configure the network
adapter to use the Shared Networking (NAT) option.
C. You should navigate to the Networking node in the VM Settings and configure the network
adapter to use the Bridge Mode option.
D. You should configure the Bridge Connections option in the Network Adapter properties in
Windows XP on each VM.

Answer: A

Explanation:

---

QUESTION 2
You work as a desktop technician at Certkingdom.com. The Certkingdom.com network consists of an Active
Directory Domain Services domain named Certkingdom.com. All servers on the network run Windows
Server 2008 R2 and all client computers run Windows 7 Enterprise.
The network includes a Windows Server 2008 R2 server named ABC-Deploy1. ABC-Deploy1 runs
the IIS Server role and is part of the company’s Microsoft Enterprise Desktop Virtualization (MEDV) environment.
Your Windows 7 client computer is named ABC-Tech1. The MED-V Management console is
installed on ABC-Tech1.
You are configuring the Microsoft Enterprise Desktop Virtualization (MED-V) environment to
deploy MED-V virtual machines to several client computers.
You have configured a MED-V image with the required applications. You run Sysprep on the
image and upload it to ABC-Deploy1.
Which two of the following steps will ensure that computer names following a specified naming
convention are generated when the VMs are first run after the deployment? Choose two.

A. In the Workspace settings, navigate to the VM Setup tab and configure the computer name pattern.
B. In the Workspace settings, navigate to the Deployment tab and configure the computer name pattern.
C. Add a Script Action to rename the computer.
D. Run the Setup Manager Wizard and configure the computer name pattern.
E. Add the computer names to Sysprep.inf.

Answer: A,C

Explanation:

---

QUESTION 3
You work as a desktop technician at Certkingdom.com. The Certkingdom.com network consists of an Active
Directory Domain Services domain named Certkingdom.com. All servers on the network run Windows
Server 2008 R2 and all client computers run Windows 7 Enterprise.
You are in the process of configuring a Microsoft Enterprise Desktop Virtualization (MED-V) environment.
You need to configure a central image repository for client computers to download images from.
You install a Windows Server 2008 R2 member server named ABC-Deploy1. You create a folder
named MEDVImages on ABC-Deploy1.
What should you do next on ABC-Deploy1?

A. You should share the MEDVImages folder.
B. You should install the IIS Server role and configure a virtual directory to point to the MEDVImages folder.
C. You should install the FTP Server component of IIS and configure an FTP site to point to the MEDVImages folder.
D. You should install an SSL Certificate.

Answer: B

Explanation:

---

QUESTION 4
You work as a network administrator at Certkingdom.com. The Certkingdom.com network consists of an Active
Directory Domain Services domain named Certkingdom.com. All servers on the network run Windows
Server 2008 R2 and all client computers run Windows 7 Enterprise.
Certkingdom.com runs a Microsoft Enterprise Desktop Virtualization (MED-V) environment. A Windows
Server 2008 R2 member server named ABC-Deploy1 is configured to run Microsoft Enterprise
Desktop Virtualization (MED-V) Server and hosts the central MED-V image repository.
You notice that the disk space on ABC-Deploy1 is running low due to the MEDVImages folder
taking up a large amount of disk space.
You open the MED-V Management Console and note that there are several versions of the MEDV
Workspace virtual machines (VMs).
How can you minimize the disk space used by the MEDVImages folder?

A. By deselecting the “Workspace is persistent” option.
B. By configuring the image update settings to keep a limited number of images.
C. By configuring the image update settings to select the “Clients should use the Download
manager when downloading the images” option.
D. By manually deleting old image files.

Answer: B

Explanation:

---

QUESTION 5
You work as a network administrator at Certkingdom.com. The Certkingdom.com network consists of an Active
Directory Domain Services domain named Certkingdom.com. All servers on the network run Windows
Server 2008. The client computers run a mix of Windows XP Professional and Windows 7 Enterprise.
You are in the process of migrating the Windows XP Professional client computers to Windows 7 Enterprise.
You need to design a solution to resolve application compatibility issues. You are planning a
desktop virtualization solution that will run legacy applications on virtual machines (VMs) running
Windows XP Professional.
You want to deploy Windows Virtual PC 2007 and a virtual machine image to the client computers
when they are migrated to Windows 7 Enterprise.
How can you create a single installation package that includes both Windows Virtual PC 2007 and
a virtual machine image?

A. By using the Packaging Wizard from Microsoft Enterprise Desktop Virtualization (MED-V).
B. By using Package Manager (pkrmgr.exe) from the Windows Automated Installation Kit (WAIK) tools.
C. By using a template created using Microsoft System Center Virtual Machine Manager (VMM) 2008 R2.
D. By using Windows System Image Manager from the Windows Automated Installation Kit (WAIK) tools.

Answer: A

Explanation:

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Free Microsoft 70-536 Q & A / Study Guide

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

---

---

QUESTION 1
You work as the application developer at CertKingdom.com. CertKingdom.com uses Visual Studio.NET
2005 as its application development platform.
You are in the process of storing numerical values up to 2,100,000,000 into a variable and may
require storing negative values using a .NET Framework 2.0 application. You are required to
optimize memory usage
What should you do?

A. Int32
B. UInt16
C. UInt32
D. Int16

Answer: A

Explanation:
The Int32 type should be used in the scenario as it can be used to store positive and negative
numerical values from -2,147,483,648 to +2,147,483,647.
Incorrect Answers:
B: The UINT32 and UInt16 type should not be used in the scenario because they are used to store
only unsigned positive numbers.
Reference types
C: The UINT32 and UInt16 type should not be used in the scenario because they are used to store
only unsigned positive numbers.
Attributes
D: The Int16 type should not be used as you will only be allowed to store values from -32768 to
+32768.

---

QUESTION 2
You work as an application developer at CertKingdom.com. You are currently in the process of
creating a class that stores data about CertKingdom.com’s customers.
CertKingdom.com customers are assigned unique identifiers and various characteristics that may
include aliases, shipping instructions, and sales comments. These characteristics can change in
both size and data type.
You start by defining the Customer class as shown below:
public class Customer
{
private int custID;
private ArrayList attributes;
public int CustomerID
{
get {return custID;}
}
public Customer (int CustomerID)
{
this.custID = CustomerID;
this.attributes = new ArrayList ();
}
public void AddAttribute (object att)
{
attributes.Add (att);
}
}
You have to create the FindAttribute method for locating attributes in Customer objects no matter
what the data type is.
You need to ensure that the FindAttribute method returns the attribute if found, and you also need
to ensure type-safety when returning the attribute.
What should you do?

A. Use the following code to declare the FindAttribute method:
public T FindAttribute (T att)
{
//Find attribute and return the value
}
B. Use the following code to declare the FindAttribute method:
public object FindAttribute (object att)
{
//Find attribute and return the value
}
C. Use the following code to declare the FindAttribute method:
public T FindAttribute (T att)
{
//Find attribute and return the value
}
D. Use the following code to declare the FindAttribute method:
public string FindAttribute (string att)
{
//Find attribute and return the value
}

Answer: C

Explanation:
This code declares the method FindAttribute and specifies an argument named att using the T
placeholder as the argument and return data type. To ensure the FindAttribute method accepts
arguments of different types, you should specify an argument using a generic placeholder. The
argument att in this generic method will accept any valid data type and ensures type-safety by
returning that same data type.
Incorrect Answers:
A: You should not use this code because it does not declare the placeholder T. when declaring a
generic method, you have to use the < > bracketsto declare the place holder before using it.
B: You should not use this code because it does not guarantee type-safery.
D: You should not use this code because it will only accept a string argument and return a string
argument.
Generic types

---

QUESTION 3
You work as an application developer at CertKingdom.com. You are creating a custom exception
class named ProductDoesNotExistException so that custom exception messages are displayed in
a new application when the product specified by users is unavailable.
This custom exception class will take the ProductID as an argument to its constructor and expose
this value through the ProductID. You are now in the process of creating a method named
UpdateProduct. This method will be used to generate and manage the
ProductDoesNotExistException exception if the ProductID variable contains the value 0.
You need to ensure that use the appropriate code for the UpdateProduct method.
What should you do?

A. Make use of the following code:
public void UpdateProduct ()
{
try
{
if (ProductID == 0)
throw new ProductDoesNotExistException (ProductID);
}
catch (ProductDoesNotExistException ex)
{
MessageBox.Show (“There is no Product” + ex. ProductID);
}
}
B. Make use of the following code:
public void UpdateProduct ()
{
try
{
if (ProductID = = 0)
throw new Exception (“Invalid ProductID”);
}
catch (ProductDoesNotExistException ex)
{
MessageBox.Show (ex.Message);
}
}
C. Make use of the following code:
public void UpdateProduct ()
{
if (ProductID = = 0)
throw new ProductDoesNotExistException (ProductID);
}
D. Make use of the following code:
public void UpdateProduct ()
{
if (ProductID = = 0)
throw new Exception (“Invalid ProductID”);
}

Answer: A

Explanation:
This code verifies the value of the ProductID variable by using the if statement. If the ProductID
variable contains a value of 0, this code generates an exception of type
ProductDoesNotExistException . To explicitly generate an exception, you are required to use the
throw statement. The exception generated by using the throw statement can be handled by the
try…catch block. This code generates the custom exception by calling the constructor of the
custom exception class named ProductDoesNotExistException . The constructor argument is the
ProductID attached to the ProductDoesNotExistException object. This code then handles the
custom exception named ProductDoesNotExistException by using a catch block, which handles
exceptions by using a variable named ex of the type ProductDoesNotExistException . This code
displays the ” There is no Product ” error message by using the MessageBox.Show method and
concatenating the ex. ProductID to it.
Incorrect Answers:
B: You should not use the code that generates an exception of the type Exception and handles the
exception of the type ProductDoesNotExistException in the catch block. This code is incorrect
because you are required to generate a custom exception named ProductDoesNotExistException.
C: You should not use the codes that do not use a try…catch block because the application an
unhandled exception.
D: You should not use the codes that do not use a try…catch block because the application an
unhandled exception.

---

QUESTION 4
You work as the application developer at CertKingdom.com. CertKingdom.com uses Visual Studio.NET
2005 as its application development platform.
You have recently finished development of a class named TestReward and package the class in a
.NET 2.0 assembly named TestObj.dll. After you ship the assembly and it is used by client
applications, you decide to move the TestReward class from TestObj.dll assembly to the
TestRewardObj.dll Assembly. You are to ensure when you ship the updated TestObj.dll and
TestRewardObj.dll assemblies that the client applications continue to work and do not require
recompiling.
What should you do?

A. The TypeForwardedTo attribute should be used
B. The TypeConvertor.ConvertTo method should be used
C. The InternalsVisibleTo attribute should be used
D. The Type Convertor.ConvertFrom method should be used

Answer: A

Explanation:
The statement used for you to add a type from one assembly into another assembly is the
TypeForwardTo attribute which enables you not to have the application recompiled.
Incorrect Answers:
B: The TypeConverter class provides a unified way of converting different types of values to other
types and can not be used to move a type.
C: The method in question here specifies all nonpublic types in an assembly are visible to other
assemblies but can not be used to move types.Part 2: Manage a group of associated data in a
.NET Framework application by using collections. (Refer System.Collections namespace)
D: The TypeConverter class provides a unified way of converting different types of values to other
types and can not be used to move a type.

---

QUESTION 5
You work as an application developer at CertKingdom.com. You have recently created a custom
collection class named ShoppingList for a local supermarket. This custom class will include
ShoppinItem objects that have the public properties listed below.
* Name
* AisleNumber
* OnDiscount
You are required to enable users of your class to iterate through the ShoppingList collection, and
to list each product name and aisle number using the foreach statement.
You need to achieve this by declaring the appropriate code.
What code should you use?

A. public class ShoppingList : ICollection
{
// Class implementation
}
B. public class ShoppingList : IEnumerator, IEnumerable
{
// Class implementation
}
C. public class ShoppingList : Ilist
{
// Class implementation
}
D. public class ShoppingList : Enum
{
// Class implementation
}

Answer: B

Explanation:
You should implement the IEnumerable and IEnumerator interfaces of the System.Collections
namespace to ensure that your collection class supports foreach iteration. The IEnumerable
interface defines only one method named GetEnumerator that returns an object of type
IEnumerator of the System.Collections namespace and is used to support iteration over a
collection. The IEnumerator interface supports methods, such as Current , MoveNext , and Reset
to iterate through a collection. The Current method returns the current element of the collection.
The Move method positions the enumerator to the next available element of the collection. The
Reset method positions the enumerator before the first element of the collection.
Incorrect Answers:
A: You should not use the code that implements the ICollection interface because this interface is
used to define properties in a collection. Implementing this interface will not ensure that your
collection class supports foreach iteration because it does not inherit the IEnumerator interface.
C: You should not use the code that implements the Ilist interface because this interface is used to
define properties of a non-generic list of items accessed by index. Implementing this interface will
not ensure that your collection class supports foreach iteration because it does not inherit the
IEnumerator interface.
D: You should not use the code that inherits the Enum because this structure is used as a base
class for those classes that provide enumeration values. Inheriting the Enum structure will not
ensure that your collection class supports foreach iteration.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Free Microsoft 70-293 Q & A / Study Guide

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

QUESTION 1
You work as a network administrator for Certkingdom.com. The Certkingdom.com network consists of a single
Active Directory domain named Certkingdom.com. There are currently 120 Web servers running Windows
2000 Server and are contained in an Organizational Unit (OU) named ABC_WebServers
Certkingdom.com management took a decision to uABCrade all Web servers to Windows Server 2003.
You disable all services on the Web servers that are not required. After running the IIS Lockdown
Wizard on a recently deployed web server, you discover that services such as NNTP that are not
required are still enabled on the Web server.
How can you ensure that the services that are not required are forever disabled on the Web
servers without affecting the other servers on the network? Choose two.

A. Set up a GPO that will change the startup type for the services to Automatic.
B. By linking the GPO to the ABC_WebServers OU.
C. Set up a GPO with the Hisecws.inf security template imported into the GPO.
D. By linking the GPO to the domain.
E. Set up a GPO in order to set the startup type of the redundant services to Disabled.
F. By linking the GPO to the Domain Controllers OU.
G. Set up a GPO in order to apply a startup script to stop the redundant services.

Answer: B,E

Explanation: Windows Server 2003 installs a great many services with the operating system, and
configures a number of with the Automatic startup type, so that these services load automatically
when the system starts. Many of these services are not needed in a typical member server
configuration, and it is a good idea to disable the ones that the computer does not need. Services
are programs that run continuously in the background, waiting for another application to call on
them. Instead of controlling the services manually, using the Services console, you can configure
service parameters as part of a GPO. Applying the GPO to a container object causes the services
on all the computers in that container to be reconfigured. To configure service parameters in the
Group Policy Object Editor console, you browse to the Computer Configuration\Windows
Settings\Security Settings\System Services container and select the policies corresponding to the
services you want to control.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 13:1-6

---

QUESTION 2
You are working as the administrator at Certkingdom.com. Certkingdom.com has headquarters in London and
branch offices in Berlin, Minsk, and Athens. The Berlin, Minsk and Athens branch offices each
have a Windows Server 2003 domain controller named ABC-DC01, ABC-DC02 and ABC-DC03
respectively. All client computers on the Certkingdom.com network run Windows XP Professional.
One morning users at the Minsk branch office complain that they are experiencing intermittent
problems authenticating to the domain. You believe that a specific client computer is the cause of
this issue and so need to discover the IP address client computer.
How would you capture authentication event details on ABC-DC02 in the Minsk branch office?

A. By monitoring the logon events using the SysMon utility.
B. By recording the connections to the NETLOGON share using the SysMon utility.
C. By recording the authentication events with the NetMon utility.
D. By monitoring the authentication events using the Performance and Reliability Monitor.

Answer: C

Explanation: The question states that you need to find out the IP address of the client computer
that is the source of the problem. Using Network Monitor to capture traffic is the only way to do
this.
Reference:

http://support.microsoft.com/default.aspx?scid=kb;en-us;175062

Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr.
Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructure:
Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA,
Chapter 11, p. 826

---

QUESTION 3
You are working as the administrator at Certkingdom.com. Part of you job description includes the
deployment of applications on the Certkingdom.com network. To this end you operate by testing new
application deployment in a test environment prior to deployment on the production network.
The new application that should be tested requires 2 processors and 3 GB of RAM to run
successfully. Further requirements of this application also include shared folders and installation of
software on client computers. You install the application on a Windows Server 2003 Web Edition
computer and install the application on 30 test client computers.
During routine monitoring you discover that only a small amount of client computers are able to
connect and run the application. You decide to turn off the computers that are able to make a
connection and discover that the computers that failed to open the application can now run the
application.
How would you ensure that all client computers can connect to the server and run the application?

A. By running a second instance of the application on the server.
B. By increasing the Request Queue Limit on the Default Application Pool.
C. By modifying the test server operating system to Window Server 2003 Standard Edition.
D. By increasing the amount of RAM in the server to 4GB.

Answer: C

Explanation: Although Windows Server 2003 Web Edition supports up to 2GB of RAM, it
reserves 1GB of it for the operating system; only 1GB of RAM is available for the application.
Therefore, we need to install Window Server 2003 Standard Edition or Enterprise Edition to
support enough RAM.

---

QUESTION 4
You are an Enterprise administrator for Certkingdom.com. All servers on the corporate network run
Windows Server 2003 and all client computers run Windows XP.
The network contains a server named ABC-SR01 that has Routing and Remote Access service
and a modem installed which connects to an external phone line.
A partner company uses a dial-up connection to connect to ABC-SR01 to upload product and
inventory information. This connection happens between the hours of 1:00am and 2:00am every
morning and uses a domain user account to log on to ABC-SR01.
You have been asked by the security officer to secure the connection.
How can you ensure that the dial-up connection is initiated only from the partner company and that
access is restricted to just ABC-SR01? Choose three.

A. Set up the log on hours restriction for the domain user account to restrict the log on to between
the hours of 1:00am and 2:00am.
B. Set up a local user account on ABC-SR01. Have the dial-up connection configured to log on
with this account.
C. Set up the remote access policy on ABC-SR01 to allow the connection for the specified user
account between the hours of 1:00am and 2:00am.
D. Set up the remote access policy with the Verify Caller ID option to only allow calling from the
phone number of the partner company modem.
E. Set up the remote access policy to allow access to the domain user account only.

Answer: B,C,D

Explanation: To allow only the minimum amount of access to the network, ensure that only the
partner’s application can connect to your network over the dial-up connection, you need to first
create a local account named on ABC-SR01. You need to then add this account to the local Users
group and direct the partner company to use this account for remote access.
You can use a local account to provide remote access to users. The user account for a standalone
server or server running Active Directory contains a set of dial-in properties that are used
when allowing or denying a connection attempt made by a user. You can use the Remote Access
Permission (Dial-in or VPN) property to set remote access permission to be explicitly allowed,
denied, or determined through remote access policies.
Next, you need to configure a remote access policy on ABC-SR01 to allow the connection for only
the specified user account between 1 AM and 2 AM.
In all cases, remote access policies are used to authorize the connection attempt. If access is
explicitly allowed, remote access policy conditions, user account properties, or profile properties
can still deny the connection attempt.
You need to then configure the policy to allow only the specific calling station identifier of the
partner company’s computer. When the Verify Caller ID property is enabled, the server verifies the
caller’s phone number. If the caller’s phone number does not match the configured phone number,
the connection attempt is denied.
Reference: Dial-in properties of a user account

http://technet.microsoft.com/en-us/library/cc738142.aspx

---

QUESTION 5
You are an Enterprise administrator for Certkingdom.com. The company consists of an Active Directory
domain called ad.Certkingdom.com. All servers on the corporate network run Windows Server 2003. At
present there is no provision was made for Internet connectivity.
A server named ABC2 has the DNS server service role installed. The DNS zones on ABC2 are
shown below:

The corporate network also contains a UNIX-based DNS A server named ABC-SR25 hosts a
separate DNS zone on a separate network called Certkingdom.com. ABC-SR25 provides DNS services to
the UNIX-based computers and is configured to run the latest version of BIND and the Certkingdom.com
contains publicly accessible Web and mail servers.
The company has a security policy set, according to which, the resources located on the internal
network and the internal network’s DNS namespace should never be exposed to the Internet.
Besides this, according to the current network design, ABC-SR25 must attempt to resolve any
name resolution requests before sending them to name servers on the Internet.
The company plans to allow users of the internal network to access Internet-based resources. To
implement the security policy of the company, you decided to send all name resolution requests
for Internet-based resources from internal network computers through ABC2. You thus need to
devise a name resolution strategy for Internet access as well as configuring ABC2 so that it will
comply with the set criteria and restrictions.
Which two of the following options should you perform?

A. Have the Cache.dns file copied from ABC2 to ABC-SR25.
B. Have the root zone removed from ABC2.
C. ABC2 should be set up to forward requests to ABC-SR25.
D. Install Services for Unix on ABC2.
E. The root zone should be configured on ABC-SR25.
F. Disable recursion on ABC-SR25.

Answer: B,C

Explanation: To plan a name resolution strategy for Internet access and configure ABC2 so that it
sends all name resolution requests for Internet-based resources from internal network computers
through ABC2, you need to delete the root zone from ABC2. Configure ABC2 to forward requests
to ABC-SR25
A DNS server running Windows Server 2003 follows specific steps in its name-resolution process.
A DNS server first queries its cache, it checks its zone records, it sends requests to forwarders,
and then it tries resolution by using root servers.
The root zone indicates to your DNS server that it is a root Internet server. Therefore, your DNS
server does not use forwarders or root hints in the name-resolution process. Deleting the root
zone from ABC2 will allow you to first send requests to ABC2 and then forward requests to ABCSR25
by configuring forward lookup zone. If the root zone is configured, you will not be able to use
the DNS server to resolve queries for hosts in zones for which the server is not authoritative and
will not be able to use this DNS Server to resolve queries on the Internet.
Reference: How to configure DNS for Internet access in Windows Server 2003

http://support.microsoft.com/kb/323380

Reference: DNS Root Hints in Windows 2003

http://www.computerperformance.co.uk/w2k3/services/DNS_root_hints.htm

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Free Microsoft 70-162 Exam Q & A/ Study Guide

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

---

QUESTION 1
You work as a Security Administrator at Certkingdom.com. The network consists of a single Active
Directory Domain Services (AD DS) domain with servers running Windows Server 2008 and client
computers running Windows 7 Professional.
A pool of Windows 2008 Servers hosts the Microsoft Exchange Server 2007 environment.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
You discover that some mailboxes have been infected by malware. However there are no
malware infection notifications in the Forefront Protection for Exchange Server Console.
You need to immediately check specific mailboxes to see if they are infected by the malware.
What should you do?

A. You should run a Forefront Client Security scan on the client computers.
B. You should use Forefront Protection for Exchange to perform a real-time scan of the mailboxes.
C. You should use Forefront Protection for Exchange to perform an on-demand scan of the
mailboxes.
D. You should install Microsoft Security Essentials on client computers.

Answer: C

Explanation:

---

QUESTION 2
You work as a Network Administrator at Certkingdom.com. Your responsibilities include the security of the
computers in the network. The network consists of a single Active Directory Domain Services (AD
DS) domain with servers running Windows Server 2008 and client computers running Windows 7
Professional.
A pool of Windows 2008 Servers hosts the Microsoft Exchange Server 2007 environment.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
How would you configure FPE to enable spam filtering?

A. By using the Forefront Management Shell to run the Set-FSEScheduledScan cmdlet.
B. By using the Forefront Management Shell to run Set-FseSpamFiltering the cmdlet.
C. By using the Forefront Management Shell to run the Set-FseSpamContentCheck cmdlet.
D. By using the Forefront Management Shell to run the Set-FSERealtimeScan cmdlet.

Answer: B

Explanation:

---

QUESTION 3
You are responsible for the security of the Certkingdom.com network. The network consists of a single
Active Directory Domain Services (AD DS) domain with servers running Windows Server 2008
and client computers running Windows 7 Professional.
The company uses Forefront Protection for Exchange Server (FPE) 2010 to protect the Microsoft
Exchange Server 2007 environment.
While monitoring the logs in the FPE console, you discover that users in the company have
received spam emails.
The subject line in each of the emails is: “Free access to our new online tournament!” You note
that the sender email address is spoofed to appear to be from a different domain for each email.
How can you block this spam attack in future?

A. You should configure an allowed sender custom filter in FPE.
B. You should configure a file filtering custom filter in FPE.
C. You should configure a keyword filtering custom filter in FPE.
D. You should configure a sender-domain custom filter in FPE.
E. You should configure a subject line filtering custom filter in FPE.

Answer: E

Explanation:

---

QUESTION 4
You work as a Network Administrator at Certkingdom.com. Your responsibilities include the security of the
computers in the network. The network consists of a single Active Directory Domain Services (AD
DS) domain named Certkingdom.com and includes servers running Windows Server 2008 and client
computers running Windows 7 Professional.
Four servers running Windows 2008 Server host the Microsoft Exchange Server 2007
environment.
Two servers named ABC-Edge1 and ABC-Edge2 are configured as Microsoft Exchange Edge
Transport servers.
Two servers named ABC-Mbox1 and ABC-Mbox2 are configured as Microsoft Exchange Mailbox
Servers and also run the Microsoft Exchange Hub Transport server roles.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
You need to configure email scanning in Forefront Protection for Exchange Server (FPE) 2010.
How should you configure FPE to scan all emails sent from within the Certkingdom.com domain to email
recipients in the Certkingdom.com domain?

A. You should configure FPE to perform Internal scanning on ABC-Mbox1 and ABC-Mbox2.
B. You should configure FPE to perform Internal scanning on ABC-Edge1 and ABC-Edge2.
C. You should configure FPE to perform Inbound scanning on ABC-Mbox1 and ABC-Mbox2.
D. You should configure FPE to perform Inbound scanning on ABC-Edge1 and ABC-Edge2.
E. You should configure FPE to perform Outbound scanning on ABC-Edge1 and ABC-Edge2.

Answer: A

Explanation:

---

QUESTION 5
You are responsible for the security of the Certkingdom.com network. The network consists of a single
Active Directory Domain Services (AD DS) domain named Certkingdom.com and includes servers running
Windows Server 2008 and client computers running Windows 7 Professional.
The network environment is secured using Microsoft Forefront.
A server named ABC-ShPoint1 runs Microsoft Office SharePoint Server 2010. The SharePoint
system is protected by Forefront Protection 2010 for SharePoint (FPSP).
How can you configure the environment to ensure that scanning is performed on all documents
that pass through the SharePoint Portal?

A. By logging into the SharePoint portal and configuring the scanning for uploaded and
downloaded documents.
B. By logging into the SharePoint Central Administration website and configuring the scanning for
uploaded and downloaded documents.
C. By logging into the Forefront Protection for SharePoint console and configuring the scanning for
uploaded and downloaded documents.
D. By logging into IIS Manager on the SharePoint Web Server and configuring the scanning for
uploaded and downloaded documents.
E. By logging into the Security Centre on the SharePoint Database Server and configuring the
scanning for uploaded and downloaded documents.

Answer: B

Explanation:

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com